| commit | 680e4a313e30bf7e64efc52b24d4e5c0a0756ac0 | [log] [tgz] |
|---|---|---|
| author | Russ Cox <rsc@golang.org> | Thu Oct 27 16:52:51 2022 -0400 |
| committer | Russ Cox <rsc@golang.org> | Fri Oct 28 17:25:09 2022 +0000 |
| tree | 1ee504d3b4b1d7d3eff3123effef5af2ec32bddf | |
| parent | 1dedb030b7d7506f84955b3a88debb18fbf1f8aa [diff] |
vgo: add spurious dependency on github.com/miekg/dns v1.0.0 This dependency is vulnerable to GO-2020-0006. The point of this commit is to serve as a test case for automated vulnerability scanning of the Go repos. Using the vgo repo because it contains nothing important and is not imported by any of our other repos, which means any report should be limited to x/vgo and not affect other users. Even if people did depend on x/vgo, govulncheck would correctly identify that no code here calls the vulnerable symbols in github.com/miekg/dns. Only less precise scanners would suggest that there is a problem. Change-Id: I97dca1c146b84764e867128710cf262ea6b68276 Reviewed-on: https://go-review.googlesource.com/c/vgo/+/446055 Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Russ Cox <rsc@golang.org>
This repository holds a standalone implementation of a version-aware go command, allowing users with a Go 1.10 toolchain to use the new Go 1.11 module support.
The code in this repo is auto-generated from and should behave exactly like the Go 1.11 go command, with two changes:
GO111MODULE variable defaults to on.go vet during go test is disabled.Use go get -u golang.org/x/vgo.
You can also manually git clone the repository to $GOPATH/src/golang.org/x/vgo.
See CONTRIBUTING.md.
Please file bugs in the main Go issue tracker, golang.org/issue, and put the prefix x/vgo: in the issue title, or cmd/go: if you have confirmed that the same bug is present in the Go 1.11 module support.
Thank you.