mirror of https://github.com/golang/go.git
eb8352e307
VulnDB OSV schema was changed recently https://go-review.googlesource.com/c/vulndb/+/424895 to fix the misinterpretation of 'affected.package.name', and the database entries were repopulated with the new schema. We need to update the client library to pick up the change. We also need to update the fake vulndb entries used in tests. gopls/regtest/misc/testdata/vulndb was copied from golang.org/x/vuln/cmd/govulncheck/testdata/vulndb @ 62b0186 (the version updated in cl/424895) Also reverse golang.org/cl/425183 which includes the position information in the SummarizeCallStack result. Like in govulncheck -v, the position info is already available in the callstack, thus this is unnecessary for us. Since x/vuln is currently frozen until the preview release, revert it from gopls/internal/vulncheck. Ran go mod tidy -compat=1.16; otherwise, the transitive dependency on github.com/client9/misspell from golang.org/x/vuln breaks go1.16 build. Updated copy.sh script to copy x/vuln/internal/semver package (golang/go#54401) and add the build tags back to all go files. Gopls's builder builds&tests packages with old go versions, so we still need go1.18 build tag. Fixes golang/go#54818 Change-Id: I37770d698082378656a7988d3412a4ca2196ca7b Reviewed-on: https://go-review.googlesource.com/c/tools/+/427542 gopls-CI: kokoro <noreply+kokoro@google.com> Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com> |
||
|---|---|---|
| .. | ||
| coverage | ||
| govulncheck | ||
| hooks | ||
| regtest | ||
| vulncheck | ||