vulndb/go.mod

92 строки
4.1 KiB
Modula-2
Исходник Обычный вид История

2021-03-16 22:02:37 +03:00
module golang.org/x/vulndb
go 1.21
require (
cloud.google.com/go/errorreporting v0.3.0
cloud.google.com/go/firestore v1.14.0
cloud.google.com/go/secretmanager v1.11.4
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.45.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.21.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/propagator v0.45.0
github.com/client9/misspell v0.3.4
github.com/go-git/go-billy/v5 v5.4.1
github.com/go-git/go-git/v5 v5.7.0
github.com/google/generative-ai-go v0.5.0
github.com/google/go-cmp v0.6.0
github.com/google/go-github/v41 v41.0.0
github.com/google/osv-scanner v1.3.5
github.com/google/safehtml v0.1.0
github.com/jba/metrics v0.1.1
github.com/jba/metrics/otel v0.1.1
github.com/jba/templatecheck v0.7.0
github.com/lib/pq v1.10.9
github.com/shurcooL/githubv4 v0.0.0-20231126234147-1cffa1f02456
go.opentelemetry.io/otel v1.21.0
go.opentelemetry.io/otel/sdk v1.21.0
go.opentelemetry.io/otel/trace v1.21.0
golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
golang.org/x/mod v0.14.0
golang.org/x/oauth2 v0.16.0
golang.org/x/sync v0.6.0
golang.org/x/time v0.5.0
golang.org/x/tools v0.17.0
google.golang.org/api v0.154.0
google.golang.org/grpc v1.60.1
gopkg.in/yaml.v3 v3.0.1
honnef.co/go/tools v0.4.6
mvdan.cc/unparam v0.0.0-20230917202934-3ee2d22f45fb
)
require (
cloud.google.com/go v0.111.0 // indirect
cloud.google.com/go/ai v0.3.0 // indirect
cloud.google.com/go/compute v1.23.3 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.5 // indirect
cloud.google.com/go/longrunning v0.5.4 // indirect
cloud.google.com/go/monitoring v1.16.3 // indirect
cloud.google.com/go/trace v1.10.4 // indirect
github.com/BurntSushi/toml v1.3.2 // indirect
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.45.0 // indirect
github.com/Microsoft/go-winio v0.5.2 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230518184743-7afd39499903 // indirect
github.com/acomagu/bufpipe v1.0.4 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/emirpasic/gods v1.18.1 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
cmd,internal: add tools and worker code golang.org/x/vuln/srv is moved to this repository. Originally, the motivation for creating x/vuln was to split the YAML reports and Go code into two separate repositories. However, this resulted in a few issues: 1. The structure of the YAML reports is tightly coupled with the structs in internal/report, and changing one without the other would result in errors when linting the reports. 2. The vlint package itself needed to be exported, even though the only consumer was the test in x/vulndb. 3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating that command could easily break the script (for example, submitting CL 373004 without changing the reference in deploy/build.yaml). Additionally, the original location of this code was x/vuln, which contained two types of packages. (1) Packages meant for consumption by other clients (for example, x/vuln/client), and (2) Internal packages that were only meant for use to spin up the worker. The internal packages resulted in many dependencies since they pulled in GCP, which we don't want clients of the vulncheck library to have to pull in. This problem was originally solved by creating a nested module inside x/vuln, but nicer separation that would also solve the issues above is the following: * x/vuln: contains Go code meant to be imported by others * x/vulndb: contains internal code only used to maintain the vulndb For golang/go#50247 Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495 Trust: Julie Qiu <julie@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/imdario/mergo v0.3.15 // indirect
cmd,internal: add tools and worker code golang.org/x/vuln/srv is moved to this repository. Originally, the motivation for creating x/vuln was to split the YAML reports and Go code into two separate repositories. However, this resulted in a few issues: 1. The structure of the YAML reports is tightly coupled with the structs in internal/report, and changing one without the other would result in errors when linting the reports. 2. The vlint package itself needed to be exported, even though the only consumer was the test in x/vulndb. 3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating that command could easily break the script (for example, submitting CL 373004 without changing the reference in deploy/build.yaml). Additionally, the original location of this code was x/vuln, which contained two types of packages. (1) Packages meant for consumption by other clients (for example, x/vuln/client), and (2) Internal packages that were only meant for use to spin up the worker. The internal packages resulted in many dependencies since they pulled in GCP, which we don't want clients of the vulncheck library to have to pull in. This problem was originally solved by creating a nested module inside x/vuln, but nicer separation that would also solve the issues above is the following: * x/vuln: contains Go code meant to be imported by others * x/vulndb: contains internal code only used to maintain the vulndb For golang/go#50247 Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495 Trust: Julie Qiu <julie@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
cmd,internal: add tools and worker code golang.org/x/vuln/srv is moved to this repository. Originally, the motivation for creating x/vuln was to split the YAML reports and Go code into two separate repositories. However, this resulted in a few issues: 1. The structure of the YAML reports is tightly coupled with the structs in internal/report, and changing one without the other would result in errors when linting the reports. 2. The vlint package itself needed to be exported, even though the only consumer was the test in x/vulndb. 3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating that command could easily break the script (for example, submitting CL 373004 without changing the reference in deploy/build.yaml). Additionally, the original location of this code was x/vuln, which contained two types of packages. (1) Packages meant for consumption by other clients (for example, x/vuln/client), and (2) Internal packages that were only meant for use to spin up the worker. The internal packages resulted in many dependencies since they pulled in GCP, which we don't want clients of the vulncheck library to have to pull in. This problem was originally solved by creating a nested module inside x/vuln, but nicer separation that would also solve the issues above is the following: * x/vuln: contains Go code meant to be imported by others * x/vulndb: contains internal code only used to maintain the vulndb For golang/go#50247 Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495 Trust: Julie Qiu <julie@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
github.com/sergi/go-diff v1.1.0 // indirect
github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect
github.com/skeema/knownhosts v1.1.1 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/sdk/metric v1.21.0 // indirect
golang.org/x/crypto v0.18.0 // indirect
golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/sys v0.16.0 // indirect
golang.org/x/text v0.14.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3 // indirect
google.golang.org/protobuf v1.31.0 // indirect
cmd,internal: add tools and worker code golang.org/x/vuln/srv is moved to this repository. Originally, the motivation for creating x/vuln was to split the YAML reports and Go code into two separate repositories. However, this resulted in a few issues: 1. The structure of the YAML reports is tightly coupled with the structs in internal/report, and changing one without the other would result in errors when linting the reports. 2. The vlint package itself needed to be exported, even though the only consumer was the test in x/vulndb. 3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating that command could easily break the script (for example, submitting CL 373004 without changing the reference in deploy/build.yaml). Additionally, the original location of this code was x/vuln, which contained two types of packages. (1) Packages meant for consumption by other clients (for example, x/vuln/client), and (2) Internal packages that were only meant for use to spin up the worker. The internal packages resulted in many dependencies since they pulled in GCP, which we don't want clients of the vulncheck library to have to pull in. This problem was originally solved by creating a nested module inside x/vuln, but nicer separation that would also solve the issues above is the following: * x/vuln: contains Go code meant to be imported by others * x/vulndb: contains internal code only used to maintain the vulndb For golang/go#50247 Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495 Trust: Julie Qiu <julie@golang.org> Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
gopkg.in/warnings.v0 v0.1.2 // indirect
)