gopherbot
commented
1 year ago Change https://go.dev/cl/454436 mentions this issue: gopls/internal/lsp/mod: disable the diagnostics on stdlib vulns
Open hyangah opened 1 year ago
gopherbot
commented
1 year ago Change https://go.dev/cl/454436 mentions this issue: gopls/internal/lsp/mod: disable the diagnostics on stdlib vulns
We are not currently surfacing vulnerabilities in standard library as diagnostics.
We tried to attach the diagnostic to the
moduleorgostatement in go.mod. But without a clear path to address the issue from source level, we think this needs more investigation.If https://go.dev/issue/57001 is accepted and implemented, we can place the diagnostics and quickfix to go.mod on the go directive and the toolchain. Otherwise, we can go with more vscode-go specific solution.