gabyhelp
commented
1 month ago Related Issues and Documentation
- govulncheck-action: support go-version-file: 'go.mod' #61343 (closed)
- x/vuln/cmd/govulncheck: check against toolchain/go directive version #62050
- x/vuln: outdated govulncheck documentation #61152 (closed)
- x/vuln/cmd/govulncheck: v1.1.0: Fatal error when used in a workspace #66863 (closed)
- x/vuln: golang/govulncheck-action@v1 too hard to use #69597 (closed)
- govulncheck-action: allow users to use specific version of govulncheck #67782
- Go Vulnerability Database > Note on Versions
- x/vuln: -v flag is not recognized in v0.2.0 #61144 (closed)
- govulncheck-action: semver tag 'v1' not updated for release v1.0.1 #63281 (closed)
- x/vuln: Binary mode not compatible with golang 1.21.0 #61936 (closed)
(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)
cagedmantis
waliseddiqi
govulncheck version
golang/govulncheck-action@v1.0.4
Does this issue reproduce at the latest version of golang.org/x/vuln?
Output of
go envin your module/workspace:What did you do?
What did you see happen?
Warning: Both go-version and go-version-file inputs are specified, only go-version will be used
What did you expect to see?
No warning as
go-version-file: go.modhas been defined. If this is the case, then the code should omit go-version and only use the version that is defined in the go.mod file. Now it is using another Golang version, while another version is defined in the go.mod file.