2021-03-16 22:02:37 +03:00
|
|
|
module golang.org/x/vulndb
|
|
|
|
|
2023-12-19 21:10:31 +03:00
|
|
|
go 1.21
|
2021-11-09 23:29:42 +03:00
|
|
|
|
2021-12-18 02:11:51 +03:00
|
|
|
require (
|
2023-07-27 00:24:52 +03:00
|
|
|
cloud.google.com/go/errorreporting v0.3.0
|
2023-12-19 20:52:32 +03:00
|
|
|
cloud.google.com/go/firestore v1.14.0
|
|
|
|
cloud.google.com/go/secretmanager v1.11.4
|
2023-12-19 21:10:31 +03:00
|
|
|
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.45.0
|
|
|
|
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.21.0
|
|
|
|
github.com/GoogleCloudPlatform/opentelemetry-operations-go/propagator v0.45.0
|
2021-12-18 02:11:51 +03:00
|
|
|
github.com/client9/misspell v0.3.4
|
2023-06-13 21:51:51 +03:00
|
|
|
github.com/go-git/go-billy/v5 v5.4.1
|
|
|
|
github.com/go-git/go-git/v5 v5.7.0
|
2023-12-19 21:10:31 +03:00
|
|
|
github.com/google/generative-ai-go v0.5.0
|
2023-12-19 20:52:32 +03:00
|
|
|
github.com/google/go-cmp v0.6.0
|
2022-01-07 19:17:54 +03:00
|
|
|
github.com/google/go-github/v41 v41.0.0
|
2023-12-20 01:12:53 +03:00
|
|
|
github.com/google/osv-scanner v1.3.5
|
2023-07-27 00:24:52 +03:00
|
|
|
github.com/google/safehtml v0.1.0
|
2023-12-24 17:53:25 +03:00
|
|
|
github.com/jba/metrics v0.1.1
|
|
|
|
github.com/jba/metrics/otel v0.1.1
|
2023-12-20 00:24:55 +03:00
|
|
|
github.com/jba/templatecheck v0.7.0
|
2023-07-27 00:24:52 +03:00
|
|
|
github.com/lib/pq v1.10.9
|
2023-12-20 00:24:55 +03:00
|
|
|
github.com/shurcooL/githubv4 v0.0.0-20231126234147-1cffa1f02456
|
2023-12-19 21:10:31 +03:00
|
|
|
go.opentelemetry.io/otel v1.21.0
|
|
|
|
go.opentelemetry.io/otel/sdk v1.21.0
|
2023-12-24 18:37:44 +03:00
|
|
|
go.opentelemetry.io/otel/trace v1.21.0
|
2023-12-24 21:34:14 +03:00
|
|
|
golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
|
2023-11-09 01:59:07 +03:00
|
|
|
golang.org/x/mod v0.14.0
|
2024-01-12 01:58:07 +03:00
|
|
|
golang.org/x/oauth2 v0.16.0
|
|
|
|
golang.org/x/sync v0.6.0
|
2023-11-27 21:31:14 +03:00
|
|
|
golang.org/x/time v0.5.0
|
2024-01-12 01:58:07 +03:00
|
|
|
golang.org/x/tools v0.17.0
|
2023-12-20 00:24:55 +03:00
|
|
|
google.golang.org/api v0.154.0
|
|
|
|
google.golang.org/grpc v1.60.1
|
2023-05-31 19:46:54 +03:00
|
|
|
gopkg.in/yaml.v3 v3.0.1
|
2023-12-20 00:24:55 +03:00
|
|
|
honnef.co/go/tools v0.4.6
|
|
|
|
mvdan.cc/unparam v0.0.0-20230917202934-3ee2d22f45fb
|
2021-12-18 02:11:51 +03:00
|
|
|
)
|
|
|
|
|
2021-11-09 23:29:42 +03:00
|
|
|
require (
|
2023-12-19 21:10:31 +03:00
|
|
|
cloud.google.com/go v0.111.0 // indirect
|
|
|
|
cloud.google.com/go/ai v0.3.0 // indirect
|
|
|
|
cloud.google.com/go/compute v1.23.3 // indirect
|
2023-07-27 00:24:52 +03:00
|
|
|
cloud.google.com/go/compute/metadata v0.2.3 // indirect
|
2023-12-19 21:10:31 +03:00
|
|
|
cloud.google.com/go/iam v1.1.5 // indirect
|
|
|
|
cloud.google.com/go/longrunning v0.5.4 // indirect
|
|
|
|
cloud.google.com/go/monitoring v1.16.3 // indirect
|
|
|
|
cloud.google.com/go/trace v1.10.4 // indirect
|
2023-12-20 01:12:53 +03:00
|
|
|
github.com/BurntSushi/toml v1.3.2 // indirect
|
2023-12-19 21:10:31 +03:00
|
|
|
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.45.0 // indirect
|
2023-06-13 21:51:51 +03:00
|
|
|
github.com/Microsoft/go-winio v0.5.2 // indirect
|
|
|
|
github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
|
|
|
|
github.com/acomagu/bufpipe v1.0.4 // indirect
|
|
|
|
github.com/cloudflare/circl v1.3.3 // indirect
|
|
|
|
github.com/emirpasic/gods v1.18.1 // indirect
|
2023-12-20 00:24:55 +03:00
|
|
|
github.com/felixge/httpsnoop v1.0.4 // indirect
|
2023-06-13 21:51:51 +03:00
|
|
|
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
|
2023-12-19 21:10:31 +03:00
|
|
|
github.com/go-logr/logr v1.3.0 // indirect
|
2022-02-18 19:33:30 +03:00
|
|
|
github.com/go-logr/stdr v1.2.2 // indirect
|
2022-01-08 23:53:43 +03:00
|
|
|
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
|
2023-07-27 00:24:52 +03:00
|
|
|
github.com/golang/protobuf v1.5.3 // indirect
|
cmd,internal: add tools and worker code
golang.org/x/vuln/srv is moved to this repository. Originally, the
motivation for creating x/vuln was to split the YAML reports and Go code
into two separate repositories. However, this resulted in a few
issues:
1. The structure of the YAML reports is tightly coupled with the structs
in internal/report, and changing one without the other would result
in errors when linting the reports.
2. The vlint package itself needed to be exported, even though the only
consumer was the test in x/vulndb.
3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating
that command could easily break the script (for example, submitting
CL 373004 without changing the reference in deploy/build.yaml).
Additionally, the original location of this code was x/vuln, which
contained two types of packages.
(1) Packages meant for consumption by other clients (for example,
x/vuln/client), and
(2) Internal packages that were only meant for use to spin up the
worker.
The internal packages resulted in many dependencies since they pulled in
GCP, which we don't want clients of the vulncheck library to
have to pull in. This problem was originally solved by creating a nested
module inside x/vuln, but nicer separation that would also solve the
issues above is the following:
* x/vuln: contains Go code meant to be imported by others
* x/vulndb: contains internal code only used to maintain the vulndb
For golang/go#50247
Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
|
|
|
github.com/google/go-querystring v1.1.0 // indirect
|
2023-12-19 20:52:32 +03:00
|
|
|
github.com/google/s2a-go v0.1.7 // indirect
|
|
|
|
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
|
|
|
|
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
|
2023-06-13 21:51:51 +03:00
|
|
|
github.com/imdario/mergo v0.3.15 // indirect
|
cmd,internal: add tools and worker code
golang.org/x/vuln/srv is moved to this repository. Originally, the
motivation for creating x/vuln was to split the YAML reports and Go code
into two separate repositories. However, this resulted in a few
issues:
1. The structure of the YAML reports is tightly coupled with the structs
in internal/report, and changing one without the other would result
in errors when linting the reports.
2. The vlint package itself needed to be exported, even though the only
consumer was the test in x/vulndb.
3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating
that command could easily break the script (for example, submitting
CL 373004 without changing the reference in deploy/build.yaml).
Additionally, the original location of this code was x/vuln, which
contained two types of packages.
(1) Packages meant for consumption by other clients (for example,
x/vuln/client), and
(2) Internal packages that were only meant for use to spin up the
worker.
The internal packages resulted in many dependencies since they pulled in
GCP, which we don't want clients of the vulncheck library to
have to pull in. This problem was originally solved by creating a nested
module inside x/vuln, but nicer separation that would also solve the
issues above is the following:
* x/vuln: contains Go code meant to be imported by others
* x/vulndb: contains internal code only used to maintain the vulndb
For golang/go#50247
Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
|
|
|
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
|
2023-06-13 21:51:51 +03:00
|
|
|
github.com/kevinburke/ssh_config v1.2.0 // indirect
|
|
|
|
github.com/pjbgf/sha1cd v0.3.0 // indirect
|
cmd,internal: add tools and worker code
golang.org/x/vuln/srv is moved to this repository. Originally, the
motivation for creating x/vuln was to split the YAML reports and Go code
into two separate repositories. However, this resulted in a few
issues:
1. The structure of the YAML reports is tightly coupled with the structs
in internal/report, and changing one without the other would result
in errors when linting the reports.
2. The vlint package itself needed to be exported, even though the only
consumer was the test in x/vulndb.
3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating
that command could easily break the script (for example, submitting
CL 373004 without changing the reference in deploy/build.yaml).
Additionally, the original location of this code was x/vuln, which
contained two types of packages.
(1) Packages meant for consumption by other clients (for example,
x/vuln/client), and
(2) Internal packages that were only meant for use to spin up the
worker.
The internal packages resulted in many dependencies since they pulled in
GCP, which we don't want clients of the vulncheck library to
have to pull in. This problem was originally solved by creating a nested
module inside x/vuln, but nicer separation that would also solve the
issues above is the following:
* x/vuln: contains Go code meant to be imported by others
* x/vulndb: contains internal code only used to maintain the vulndb
For golang/go#50247
Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
|
|
|
github.com/sergi/go-diff v1.1.0 // indirect
|
2022-02-08 01:51:23 +03:00
|
|
|
github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect
|
2023-06-13 21:51:51 +03:00
|
|
|
github.com/skeema/knownhosts v1.1.1 // indirect
|
|
|
|
github.com/xanzy/ssh-agent v0.3.3 // indirect
|
2023-07-27 00:24:52 +03:00
|
|
|
go.opencensus.io v0.24.0 // indirect
|
2023-12-20 00:24:55 +03:00
|
|
|
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
|
|
|
|
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
|
2023-12-19 21:10:31 +03:00
|
|
|
go.opentelemetry.io/otel/metric v1.21.0 // indirect
|
2023-12-24 17:53:25 +03:00
|
|
|
go.opentelemetry.io/otel/sdk/metric v1.21.0 // indirect
|
2024-01-12 01:58:07 +03:00
|
|
|
golang.org/x/crypto v0.18.0 // indirect
|
2023-07-27 00:24:52 +03:00
|
|
|
golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
|
2024-01-12 01:58:07 +03:00
|
|
|
golang.org/x/net v0.20.0 // indirect
|
|
|
|
golang.org/x/sys v0.16.0 // indirect
|
2023-11-09 01:59:07 +03:00
|
|
|
golang.org/x/text v0.14.0 // indirect
|
2023-12-19 20:52:32 +03:00
|
|
|
google.golang.org/appengine v1.6.8 // indirect
|
2023-12-19 21:10:31 +03:00
|
|
|
google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f // indirect
|
|
|
|
google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 // indirect
|
|
|
|
google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3 // indirect
|
2023-09-06 01:27:45 +03:00
|
|
|
google.golang.org/protobuf v1.31.0 // indirect
|
cmd,internal: add tools and worker code
golang.org/x/vuln/srv is moved to this repository. Originally, the
motivation for creating x/vuln was to split the YAML reports and Go code
into two separate repositories. However, this resulted in a few
issues:
1. The structure of the YAML reports is tightly coupled with the structs
in internal/report, and changing one without the other would result
in errors when linting the reports.
2. The vlint package itself needed to be exported, even though the only
consumer was the test in x/vulndb.
3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating
that command could easily break the script (for example, submitting
CL 373004 without changing the reference in deploy/build.yaml).
Additionally, the original location of this code was x/vuln, which
contained two types of packages.
(1) Packages meant for consumption by other clients (for example,
x/vuln/client), and
(2) Internal packages that were only meant for use to spin up the
worker.
The internal packages resulted in many dependencies since they pulled in
GCP, which we don't want clients of the vulncheck library to
have to pull in. This problem was originally solved by creating a nested
module inside x/vuln, but nicer separation that would also solve the
issues above is the following:
* x/vuln: contains Go code meant to be imported by others
* x/vulndb: contains internal code only used to maintain the vulndb
For golang/go#50247
Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
|
|
|
gopkg.in/warnings.v0 v0.1.2 // indirect
|
2021-11-09 23:29:42 +03:00
|
|
|
)
|