Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

govulncheck-action: Add support for check-latest when using setup-go #60704

Closed
gaby opened this issue Jun 9, 2023 · 7 comments
Closed

govulncheck-action: Add support for check-latest when using setup-go #60704

gaby opened this issue Jun 9, 2023 · 7 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
vuln/unplanned

Comments

@gaby
Copy link

gaby commented Jun 9, 2023

The new govulncheck-action doesnt now allow to specify "check-latest" for the "setup-go" action. This causes the CI to use cache versions and fail when there's a security release like 1.20.5

Add a field for "check-latest" that gets passed setup-go here: https://github.com/golang/govulncheck-action/blob/master/action.yml

Related to: actions/setup-go#384
@gaby gaby mentioned this issue Jun 9, 2023
Merged
@gaby
Copy link
Author

gaby commented Jun 9, 2023

Ping @julieqiu @cagedmantis @bkessler-go

@gaby
Copy link
Author

gaby commented Jun 9, 2023

I was going to do a PR but for some reason this repo is not hosted on Github, instead its a mirror 😁

@dr2chase
Copy link
Contributor

dr2chase commented Jun 9, 2023

@golang/vulndb

@dr2chase dr2chase added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jun 9, 2023
@seankhliao seankhliao added this to the vuln/unplanned milestone Jun 10, 2023
@seankhliao seankhliao added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Jun 10, 2023
@gaby
Copy link
Author

gaby commented Jun 12, 2023

The cache key also needs to be configurable. Ideally set to false by default.

https://github.com/actions/setup-go/blob/main/action.yml#LL15C5-L15C5

@macrombilux
Copy link

#44734

@gaby
Copy link
Author

gaby commented Jun 16, 2023

Any news on this?

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/502538 mentions this issue: govulncheck-action: add check-latest and cache options

@golang golang locked and limited conversation to collaborators Jun 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
vuln/unplanned
Development

No branches or pull requests
5 participants
@gaby @dr2chase @gopherbot @seankhliao @macrombilux