vulndb/internal/audit: allow "" as a valid module version to check

Top level packages can have module "" version. We want to consider them
as valid versions for which all vulns should be applicable. Using just
semver checking does not work, so this CL addresses that.

Change-Id: I07479909d4c663416d6e91f0e10bb9fe87e413b5
Reviewed-on: https://go-review.googlesource.com/c/exp/+/342552
Run-TryBot: Zvonimir Pavlinovic <zpavlinovic@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Zvonimir Pavlinovic <zpavlinovic@google.com>
4 files changed
tree: f248ea70d1851c67fad29efae2557eeb3a678f03
  1. .gitattributes
  2. .gitignore
  3. AUTHORS
  4. CONTRIBUTING.md
  5. CONTRIBUTORS
  6. LICENSE
  7. PATENTS
  8. README.md
  9. apidiff/
  10. cmd/
  11. codereview.cfg
  12. ebnf/
  13. ebnflint/
  14. errors/
  15. event/
  16. fsnotify/
  17. go.mod
  18. go.sum
  19. inotify/
  20. internal/
  21. io/
  22. jsonrpc2/
  23. mmap/
  24. rand/
  25. shiny/
  26. shootout/
  27. sumdb/
  28. utf8string/
  29. vulndb/
  30. winfsnotify/
README.md

exp

PkgGoDev

This subrepository holds experimental and deprecated (in the old directory) packages.

The idea for this subrepository originated as the pkg/exp directory of the main repository, but its presence there made it unavailable to users of the binary downloads of the Go installation. The subrepository has therefore been created to make it possible to go get these packages.

Warning: Packages here are experimental and unreliable. Some may one day be promoted to the main repository or other subrepository, or they may be modified arbitrarily or even disappear altogether.

In short, code in this subrepository is not subject to the Go 1 compatibility promise. (No subrepo is, but the promise is even more likely to be violated by go.exp than the others.)

Caveat emptor.