commit | 0bb80722635d7a79e06599513afda196b46ba536 | [log] [tgz] |
---|---|---|
author | Zvonimir Pavlinovic <zpavlinovic@google.com> | Mon Aug 16 16:17:46 2021 -0700 |
committer | Zvonimir Pavlinovic <zpavlinovic@google.com> | Tue Aug 17 17:37:59 2021 +0000 |
tree | 2df7c1fcbb26620f373abda442cb3dfd881379fe | |
parent | 8c280c88aa00d817f585572a8477b99c6830f628 [diff] |
exp/vulndb/internal/audit: fix range var escape bug In vulnerability querying logic, when iterating over a list of modules with vulnerabilities for a match, the matched module is saved via &... This can cause bugs as that will make the match evaluate to the last element in the range. The fix is to use a temporary variable. Change-Id: Ibfbdf4f489c193c57e536bebd9aeb3c387114a77 Reviewed-on: https://go-review.googlesource.com/c/exp/+/342689 Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Trust: Roland Shoemaker <roland@golang.org> Trust: Zvonimir Pavlinovic <zpavlinovic@google.com>
This subrepository holds experimental and deprecated (in the old
directory) packages.
The idea for this subrepository originated as the pkg/exp
directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get
these packages.
Warning: Packages here are experimental and unreliable. Some may one day be promoted to the main repository or other subrepository, or they may be modified arbitrarily or even disappear altogether.
In short, code in this subrepository is not subject to the Go 1 compatibility promise. (No subrepo is, but the promise is even more likely to be violated by go.exp than the others.)
Caveat emptor.