commit | 8c280c88aa00d817f585572a8477b99c6830f628 | [log] [tgz] |
---|---|---|
author | Roland Shoemaker <roland@golang.org> | Mon Aug 02 13:01:11 2021 -0700 |
committer | Roland Shoemaker <roland@golang.org> | Thu Aug 12 20:39:43 2021 +0000 |
tree | 639580b83a8765d3522956fa375eb8b3811f30f8 | |
parent | 737cce5152fce0b64b653aaa72f9a2d60bdf0313 [diff] |
vulndb: move from package structured vulnerabilities to module Adapts govulncheck to work with a database structured around per-module vulnerabilities, rather than per-package vulnerabilities. This requires a significant refactor of various aspects of the main package and the internal/audit packages which, while large, I think makes the overall program flow somewhat simpler to understand. Some changes to tests are also required, although similarly I believe they end up with easier to understand/modify tests. This also paves the way for more comprehensive details around which vulnerabilities are unreachable. Change-Id: I3dd402db344849db6f1a118feee65734daf924cf Reviewed-on: https://go-review.googlesource.com/c/exp/+/339191 Trust: Roland Shoemaker <roland@golang.org> Run-TryBot: Roland Shoemaker <roland@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
This subrepository holds experimental and deprecated (in the old
directory) packages.
The idea for this subrepository originated as the pkg/exp
directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get
these packages.
Warning: Packages here are experimental and unreliable. Some may one day be promoted to the main repository or other subrepository, or they may be modified arbitrarily or even disappear altogether.
In short, code in this subrepository is not subject to the Go 1 compatibility promise. (No subrepo is, but the promise is even more likely to be violated by go.exp than the others.)
Caveat emptor.