)]}'
{
  "commit": "0d8d4a79d87ebd9e2b8da7c1f9eb89786e75e33e",
  "tree": "213fe73528770f9ef7fe152a36be1dabb25b9047",
  "parents": [
    "bd4e8a33fc32d17070e0402b7186d2fde8ca0c1f"
  ],
  "author": {
    "name": "Zvonimir Pavlinovic",
    "email": "zpavlinovic@google.com",
    "time": "Tue Aug 31 16:22:37 2021 -0700"
  },
  "committer": {
    "name": "Zvonimir Pavlinovic",
    "email": "zpavlinovic@google.com",
    "time": "Thu Sep 02 22:59:53 2021 +0000"
  },
  "message": "vulndb/internal/audit: filter out vulns for modules with \"\" version\n\nWhen a module version is unknown (\"\"), the current implementation assumes\nthat any vulnerability version range applies to it. This can lead to\nfalse alarms, the most prominent example being when audit is run on a\ntop-level module (which will have \"\" version) that has known\nvulnerabilities. This CL makes sure no vulnerabilities apply for a\nmodule with an unavailable version.\n\nFixes golang/go#48079\n\nChange-Id: Idd9f080f9037d105d86311b62de77f29ef4664a2\nReviewed-on: https://go-review.googlesource.com/c/exp/+/346609\nRun-TryBot: Zvonimir Pavlinovic \u003czpavlinovic@google.com\u003e\nTryBot-Result: Go Bot \u003cgobot@golang.org\u003e\nReviewed-by: Roland Shoemaker \u003croland@golang.org\u003e\nTrust: Zvonimir Pavlinovic \u003czpavlinovic@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "b542c00d5ec98780c7074b29d34c76d0b7d9539b",
      "old_mode": 33188,
      "old_path": "vulndb/internal/audit/detect.go",
      "new_id": "4a166c5ab7ff5839ceb62d7b227bed89d3d57163",
      "new_mode": 33188,
      "new_path": "vulndb/internal/audit/detect.go"
    },
    {
      "type": "modify",
      "old_id": "32cccba43bc2e19b018eca7cd05b1e6e387e262e",
      "old_mode": 33188,
      "old_path": "vulndb/internal/audit/detect_test.go",
      "new_id": "dd2f16d1739ce0346ae72a091d2f3174f981f63f",
      "new_mode": 33188,
      "new_path": "vulndb/internal/audit/detect_test.go"
    }
  ]
}
