{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":423907006,"defaultBranch":"master","name":"vuln","ownerLogin":"golang","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2021-11-02T15:53:16.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/4314092?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1721156794.0","currentOid":""},"activityList":{"items":[{"before":"6a6005b5785ccb41a363c0da9f72bd262df567d3","after":"39173892081a8614f56d165c34e7058db5a4c8e1","ref":"refs/heads/master","pushedAt":"2024-09-19T16:28:13.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/scan: reorganize trace text layout in trace mode\n\nAs paths are relative, it is not immediately evident to what module\nsymbols belong to in traces mode. We hence reorganize things to make\nthat explicit while avoiding clutter.\n\nFixes golang/go#69490\n\nChange-Id: Ic43e22954cbe3ff0ac458f75ee3a07706295fb5d\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/614135\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"internal/scan: reorganize trace text layout in trace mode"}},{"before":"1e9d87e82f26c1f04a3291c39b02914837e232c0","after":"6a6005b5785ccb41a363c0da9f72bd262df567d3","ref":"refs/heads/master","pushedAt":"2024-09-09T16:15:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I483375b05b35cb8231c5b2250319efcf37b562af\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/611935\nLUCI-TryBot-Result: Go LUCI \nAuto-Submit: Gopher Robot \nReviewed-by: Dmitri Shuralyov \nReviewed-by: David Chase ","shortMessageHtmlLink":"go.mod: update golang.org/x dependencies"}},{"before":"ff56115f39f3c4f2fcb8b9218456dcb5383ac8bf","after":"1e9d87e82f26c1f04a3291c39b02914837e232c0","ref":"refs/heads/master","pushedAt":"2024-09-05T18:53:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: remove use of ssautil.AllFunctions\n\nThis function was used to prune out the forward slice of functions\nstarting from roots. There weren't a lot of functions being pruned.\nMeasured on a few large projects, at most 0.08% of functions were\npruned. Keeping those functions is not expected to affect precision\nor performance. Calling VTA two times will very likely get rid of\nthese functions anyhow.\n\nUpdates golang/go#69231\n\nChange-Id: Id57f9697c5a5550b4d15fbeb88de30b8bee220da\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/611216\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Alan Donovan ","shortMessageHtmlLink":"internal/vulncheck: remove use of ssautil.AllFunctions"}},{"before":"ffdef74cc44d7eb71931d8d414c478b966812488","after":"ff56115f39f3c4f2fcb8b9218456dcb5383ac8bf","ref":"refs/heads/master","pushedAt":"2024-08-22T13:44:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/govulncheck: update test file for main module vulnerabilities\n\nAs of https://go-review.git.corp.google.com/c/go/+/596035, go command\nadds a version for a Go binary, not always defaulting to devel. That\ncauses a devel test to fail at go tip builders. This CL adds an explicit\nbinary with devel version rather than the test building its own binary.\nOnce the new Go version with the above fix is released, we'll add\nanother test.\n\nChange-Id: I409d18c85a0fad9b424771bd330067ac987d4830\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/605855\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Ian Cottrell ","shortMessageHtmlLink":"cmd/govulncheck: update test file for main module vulnerabilities"}},{"before":"902ccc792c5a2bb2eba38fd71e1b02334c645f47","after":"ffdef74cc44d7eb71931d8d414c478b966812488","ref":"refs/heads/master","pushedAt":"2024-08-07T17:29:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/govulncheck: add docs on detecting main module vulns\n\nThis only applies to binaries.\n\nChange-Id: Ia499e823a08a1b039cba72d5c06b5f3b2cd2f942\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/603575\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"cmd/govulncheck: add docs on detecting main module vulns"}},{"before":"8579d869f8890e79cd4578c003badc724a440488","after":"902ccc792c5a2bb2eba38fd71e1b02334c645f47","ref":"refs/heads/master","pushedAt":"2024-08-06T21:18:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: If3475f07a842219f225392d2d2985f07e69cee08\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/603595\nReviewed-by: David Chase \nAuto-Submit: Gopher Robot \nReviewed-by: Dmitri Shuralyov \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"go.mod: update golang.org/x dependencies"}},{"before":"03865b626d843bb4e34286addf7cf01d952743e4","after":"8579d869f8890e79cd4578c003badc724a440488","ref":"refs/heads/master","pushedAt":"2024-07-22T20:18:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/govulncheck: update unit tests\n\nPreviously, unit tests using the \"vuln\" module did not have a\nvulnerability that was imported but not called (a \"package-level\"\nvulnerability). This change modifies main.go in the vuln module to\ndirectly call a vulnerable function instead of using a function that\neventually was affected by multiple vulns.\n\nChange-Id: Ic77a9c8efe3fd6dd2a2e76c230b3c4f67421e2fc\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/599476\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Zvonimir Pavlinovic ","shortMessageHtmlLink":"cmd/govulncheck: update unit tests"}},{"before":"079fa4db505e978cb155e6e6a09f9f5e48a3021f","after":"03865b626d843bb4e34286addf7cf01d952743e4","ref":"refs/heads/master","pushedAt":"2024-07-18T20:23:58.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: properly check for main package vulns\n\nAnd add unit tests.\n\nChange-Id: I311af8467a97c70677955aef7c9bee5edacdde09\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/599195\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"internal/vulncheck: properly check for main package vulns"}},{"before":"201ff88d636722e395930fe60d29469fddf3eb9c","after":"079fa4db505e978cb155e6e6a09f9f5e48a3021f","ref":"refs/heads/master","pushedAt":"2024-07-18T20:19:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: explicitly exclude devel from affected ranges\n\nFor now, \"(devel)\" should never be matched.\n\nChange-Id: Ia6b001caef1a1faf093b6757f3fb89d27e160bb2\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/598715\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"internal/vulncheck: explicitly exclude devel from affected ranges"}},{"before":"0a7cb137c8980e6edc432a2ec017c9b74f996488","after":"201ff88d636722e395930fe60d29469fddf3eb9c","ref":"refs/heads/master","pushedAt":"2024-07-18T20:18:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: consider main module when checking bin vulns\n\nTests will come later.\n\nChange-Id: I82b478dc2f7613b65308807475a7f0cd43681937\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/598675\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Maceo Thompson ","shortMessageHtmlLink":"internal/vulncheck: consider main module when checking bin vulns"}},{"before":"4ea4418106cea3bb2c9aa098527c924e9e1fbbb4","after":"0a7cb137c8980e6edc432a2ec017c9b74f996488","ref":"refs/heads/master","pushedAt":"2024-07-17T16:42:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: exclude dev go versions from ancient check\n\nWhen checking if a go version is ancient, exclude invalid go versions\nsuch as \"devel 12343....\" This are considered earlier than go1.18.\n\nChange-Id: Ifbd7bd2834284b8e7fd109ec34fa4a2b9c297e24\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/598716\nLUCI-TryBot-Result: Go LUCI \nAuto-Submit: Zvonimir Pavlinovic \nReviewed-by: Maceo Thompson ","shortMessageHtmlLink":"internal/vulncheck: exclude dev go versions from ancient check"}},{"before":"de0a0adbc1d357501a7f291978a9f8b87d15eb5a","after":"4ea4418106cea3bb2c9aa098527c924e9e1fbbb4","ref":"refs/heads/master","pushedAt":"2024-07-16T17:36:51.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/openvex: update handler test\n\nUpdates handler tests to have more accurate package paths.\nThis doesn't affect anything right now, but will be relevant for\nfuture features/testing.\n\nChange-Id: Ia72c749cdaf263d2a425f349f72630cda576b5f0\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/598593\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Zvonimir Pavlinovic ","shortMessageHtmlLink":"internal/openvex: update handler test"}},{"before":"1884dfae5d94f200377663e5be082dbe1d96b979","after":"de0a0adbc1d357501a7f291978a9f8b87d15eb5a","ref":"refs/heads/master","pushedAt":"2024-07-16T16:15:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"LICENSE: update per Google Legal\n\nVery minor tweaks:\n - Remove (c) pseudosymbol.\n - Remove \"All Rights Reserved.\"\n - Change \"Google Inc.\" (no longer exists) to \"Google LLC\".\n\n[git-generate]\necho '\n,s/\\(c\\) //\n,s/ All rights reserved.//\n,s/Google Inc./Google LLC/\nw\nq\n' | sam -d LICENSE\n\nChange-Id: Ie92bd7efd420f65bea524a6998c3d4c4e81a7274\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/598615\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Ian Lance Taylor \nAuto-Submit: Russ Cox ","shortMessageHtmlLink":"LICENSE: update per Google Legal"}},{"before":"d9ad5223849a23e412d4a6ac1f61ecfc94cab0d8","after":"1884dfae5d94f200377663e5be082dbe1d96b979","ref":"refs/heads/master","pushedAt":"2024-07-15T19:37:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: add warning message for ancient binaries\n\nWe emit a warning message for Go binaries built with an ancient Go\nversion.\n\nChange-Id: I9c7037cb1710181786a7c063ae2a253f880dc6ad\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/597516\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Maceo Thompson ","shortMessageHtmlLink":"internal/vulncheck: add warning message for ancient binaries"}},{"before":"44e45eaefb4e945ace34bc19e9a29cdb1b143966","after":"d9ad5223849a23e412d4a6ac1f61ecfc94cab0d8","ref":"refs/heads/master","pushedAt":"2024-07-10T19:47:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"all: remove build restrictions requiring go1.18\n\ngovulncheck's go.mod file explicitly requires go1.21 and it can analyze\nbinaries built before go1.18. There is no need to have these build\nrestrictions.\n\nChange-Id: I50a80da2490fd4bd8fb3d5b7a68f8796ff3ffe18\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/597575\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Maceo Thompson ","shortMessageHtmlLink":"all: remove build restrictions requiring go1.18"}},{"before":"0f7005f3db72ac2c67d870609932dd49954db764","after":"44e45eaefb4e945ace34bc19e9a29cdb1b143966","ref":"refs/heads/master","pushedAt":"2024-07-10T17:48:12.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/govulncheck: clarify unsafe/reflection limitations\n\nThey only apply to source mode.\n\nChange-Id: I288adf8eac2075bb32b301b4ffe668f453352a77\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/597515\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"cmd/govulncheck: clarify unsafe/reflection limitations"}},{"before":"f94421b20479af8851aa9ecc80a1142ad6f63c93","after":"0f7005f3db72ac2c67d870609932dd49954db764","ref":"refs/heads/master","pushedAt":"2024-07-09T20:20:20.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/openvex: omit vulns with no findings\n\nThis change modifies govulncheck's VEX output to no longer include\nvulnerabilities that are not imported at a vulnerable version.\nThis matches the text output of govulncheck, and is in line with most\nother vulnerability scanners.\n\nupdates golang/go#68338\n\nChange-Id: If7041fd4624d023f623db8daf35a2e76f41d1d29\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/597396\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Mauri de Souza Meneguzzo \nReviewed-by: Zvonimir Pavlinovic ","shortMessageHtmlLink":"internal/openvex: omit vulns with no findings"}},{"before":"684f5c9fa70708a9f79c33c09e16ce0bd25446d5","after":"f94421b20479af8851aa9ecc80a1142ad6f63c93","ref":"refs/heads/master","pushedAt":"2024-07-09T18:29:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/govulncheck/integration: adjust k8s expectations\n\nDue to a withdrawn containerd vuln.\n\nChange-Id: I5734ea3a4336be6550d557753b980953a7ece49b\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/597315\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI \nAuto-Submit: Zvonimir Pavlinovic ","shortMessageHtmlLink":"cmd/govulncheck/integration: adjust k8s expectations"}},{"before":"d52dedc621a782b20cbbf420a6e0358e80322300","after":"684f5c9fa70708a9f79c33c09e16ce0bd25446d5","ref":"refs/heads/master","pushedAt":"2024-07-09T15:22:28.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"all: remove skipIfShort\n\nWe don't have any tests using it.\n\nChange-Id: I72b24d505c0d9ec5cf9fce883bc04ed10f6bfd4f\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/595455\nAuto-Submit: Zvonimir Pavlinovic \nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Maceo Thompson ","shortMessageHtmlLink":"all: remove skipIfShort"}},{"before":"afa91f17c86b932508d1e74a7ebcb6b11a5fa6f8","after":"d52dedc621a782b20cbbf420a6e0358e80322300","ref":"refs/heads/master","pushedAt":"2024-07-09T15:22:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"all: remove unnecessary test lines for staticcheck\n\nChange-Id: I42cb6ac7a4bb9b50ad2e6bff2e89b93f1e382d4b\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/595258\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Maceo Thompson \nAuto-Submit: Zvonimir Pavlinovic ","shortMessageHtmlLink":"all: remove unnecessary test lines for staticcheck"}},{"before":"03a0c2f3be68ff4777928f4f81909596c806ad08","after":"afa91f17c86b932508d1e74a7ebcb6b11a5fa6f8","ref":"refs/heads/master","pushedAt":"2024-07-09T15:22:16.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: avoid recomputing if module is known\n\nThis also makes the code cleaner.\n\nChange-Id: Ia59ed7dbf6487ee1ddcb67ffb05bd57668268e62\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/594217\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"internal/vulncheck: avoid recomputing if module is known"}},{"before":"675d16bf930e7ce7388d6e145d6b068907154562","after":"03a0c2f3be68ff4777928f4f81909596c806ad08","ref":"refs/heads/master","pushedAt":"2024-07-07T23:37:02.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"go.mod: update golang.org/x dependencies\n\nUpdate golang.org/x dependencies to their latest tagged versions.\n\nChange-Id: I9e76767f7dac4395908959032383f81e6f534a0a\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/596995\nReviewed-by: Than McIntosh \nReviewed-by: Dmitri Shuralyov \nAuto-Submit: Gopher Robot \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"go.mod: update golang.org/x dependencies"}},{"before":"cfe93e3f19114e66a1d6a0cac29dc712f329b7d7","after":"675d16bf930e7ce7388d6e145d6b068907154562","ref":"refs/heads/master","pushedAt":"2024-07-01T18:56:05.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/buildinfo: add support for ancient Go binaries\n\nAs a result, govulncheck will report only stdlib vulnerabilities.\n\nChange-Id: Ib9dd2445de41690b3e3122ad3789871b5d632441\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/595615\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Ian Cottrell ","shortMessageHtmlLink":"internal/buildinfo: add support for ancient Go binaries"}},{"before":"d6cadf9010e6ec98244044e9e2c4c75beaba5432","after":"cfe93e3f19114e66a1d6a0cac29dc712f329b7d7","ref":"refs/heads/master","pushedAt":"2024-07-01T18:55:44.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/goversion: comment out a printing line\n\nChange-Id: I09e59759e8843d0a5150cf6a0df5e9d6afefe8e0\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/595016\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Ian Cottrell ","shortMessageHtmlLink":"internal/goversion: comment out a printing line"}},{"before":"deda8bb439f9ae831819a48242ee4401e6642451","after":"d6cadf9010e6ec98244044e9e2c4c75beaba5432","ref":"refs/heads/master","pushedAt":"2024-07-01T18:55:31.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/goversion: add package as copy of rsc.io/goversion/version\n\nThis package will be mainly used to check ancient Go binaries.\n\nChange-Id: Ie0bd6b2c4fc0610941905c93cdb63ed7260b66ba\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/595015\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Ian Cottrell ","shortMessageHtmlLink":"internal/goversion: add package as copy of rsc.io/goversion/version"}},{"before":"055425f86a5358f2235f7d4952ce069cf8c184e6","after":"deda8bb439f9ae831819a48242ee4401e6642451","ref":"refs/heads/master","pushedAt":"2024-07-01T13:23:00.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/govulncheck: remove line about go version requirements\n\nUse the go directive in go.mod as the single source of truth\nfor the required Go version for installing golvulncheck.\n\nUpdates golang/go#68034\nFixes golang/go#68256\n\nChange-Id: Ief445ffa40282feff6a97419b48dc6290071d971\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/595935\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Than McIntosh \nReviewed-by: Zvonimir Pavlinovic ","shortMessageHtmlLink":"cmd/govulncheck: remove line about go version requirements"}},{"before":"d44b651a2e0f43966413e20b65cb619bdb621e7e","after":"055425f86a5358f2235f7d4952ce069cf8c184e6","ref":"refs/heads/master","pushedAt":"2024-06-25T14:24:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: improve documentation\n\nAnd refactor some code.\n\nChange-Id: I658954d8670861cc36413c78c763cc2225716f15\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/594218\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Ian Cottrell ","shortMessageHtmlLink":"internal/vulncheck: improve documentation"}},{"before":"dd23607213ac8e1730f735d4d2afe42ccaac519c","after":"d44b651a2e0f43966413e20b65cb619bdb621e7e","ref":"refs/heads/master","pushedAt":"2024-06-24T19:52:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: use module info when looking for symbols\n\nWhen searching if (a symbol of a) package is vulnerable, we would try to\nidentify the module from package path. (The module information is needed\nbecause we save vulns per module.) This can cause problems when module\npaths are prefixes of each other. In all cases except binary mode, we\nknow the exact module of a symbol or a package, so we simply use that.\n\nChange-Id: I21c220e485522dda1bc1fe0a9025e73846b6fd6f\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/592135\nLUCI-TryBot-Result: Go LUCI \nReviewed-by: Maceo Thompson ","shortMessageHtmlLink":"internal/vulncheck: use module info when looking for symbols"}},{"before":"dfbdf8164ca607b3fa7be562bb1205f59bc2a731","after":"dd23607213ac8e1730f735d4d2afe42ccaac519c","ref":"refs/heads/master","pushedAt":"2024-06-24T15:53:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"internal/vulncheck: handle symbols ending with .\n\nFor some binaries, a symbol can end in \".\", so this CL handles that\ncase.\n\nChange-Id: I7c3634eb9cc13ee4cd18d6787460e645dbbfdfae\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/594355\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"internal/vulncheck: handle symbols ending with ."}},{"before":"f35edf848bf0f2b9cf411833c60f72cc49915487","after":"dfbdf8164ca607b3fa7be562bb1205f59bc2a731","ref":"refs/heads/master","pushedAt":"2024-06-24T15:52:57.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"gopherbot","name":"GopherBot","path":"/gopherbot","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/8566911?s=80&v=4"},"commit":{"message":"cmd/govulncheck/integration: make expectation check more robust\n\nWhen checking test expectations (packages of called vulnerabilities), we\nwould use equality. Given that a requirement of integration checking is\nto query the Go vulnerability database, the expectations need to change\nfrom time to time. With the new support for UNREVIEWED, this is\nhappening more and more.\n\nTo address this, the CL here checks that the expected packages are a\nsubset of what is detected with govulncheck. This will make the test\nmore robust. The list of expected packages is anyhow long, so the\ncoverage is good and we are still testing against the same live db.\n\nChange-Id: I49f73dc2094686253ae222bbe92144f87b2637a5\nReviewed-on: https://go-review.googlesource.com/c/vuln/+/593155\nReviewed-by: Maceo Thompson \nLUCI-TryBot-Result: Go LUCI ","shortMessageHtmlLink":"cmd/govulncheck/integration: make expectation check more robust"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEuxf0YwA","startCursor":null,"endCursor":null}},"title":"Activity ยท golang/vuln"}