[Bug 285627] [NEW PORT] security/govulncheck: Reports known vulnerabilities that affect Go code
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 08 May 2025 19:30:39 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=285627 --- Comment #21 from Einar Bjarni Halldórsson <einar@isnic.is> --- (In reply to Nuno Teixeira from comment #20) I've got go124 as the default in my env, so I didn't notice. What I did notice after building govulncheck with go122 is: $ govulncheck ./... govulncheck: loading packages: There are errors with the provided package patterns: /home/einar/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.23.9.freebsd-amd64/src/slices/iter.go:50:17: cannot range over seq (variable of type iter.Seq[E]) /home/einar/go/pkg/mod/golang.org/x/text@v0.25.0/internal/tag/tag.go:6:1: package requires newer Go version go1.23 /home/einar/go/pkg/mod/golang.org/x/text@v0.25.0/internal/language/common.go:3:1: package requires newer Go version go1.23 /home/einar/go/pkg/mod/golang.org/x/text@v0.25.0/internal/language/compact/compact.go:14:1: package requires newer Go version go1.23 /home/einar/go/pkg/mod/golang.org/x/text@v0.25.0/language/coverage.go:5:1: package requires newer Go version go1.23 /home/einar/workspace/vuln-tutorial/main.go:1:1: package requires newer Go version go1.23 For details on package patterns, see https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns. If we build with go122, we can't scan projects that use newer versions of Go, including imported modules. Therefor I want to set the dependency on go124 and to try to maintain it always on the latest go version. -- You are receiving this mail because: You are on the CC list for the bug.