2021-03-16 22:02:37 +03:00
module golang.org/x/vulndb
2023-12-19 21:10:31 +03:00
go 1.21
2021-11-09 23:29:42 +03:00
2021-12-18 02:11:51 +03:00
require (
2023-07-27 00:24:52 +03:00
cloud.google.com/go/errorreporting v0.3.0
2023-12-19 20:52:32 +03:00
cloud.google.com/go/firestore v1.14.0
cloud.google.com/go/secretmanager v1.11.4
2023-12-19 21:10:31 +03:00
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.45.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/trace v1.21.0
github.com/GoogleCloudPlatform/opentelemetry-operations-go/propagator v0.45.0
2021-12-18 02:11:51 +03:00
github.com/client9/misspell v0.3.4
2024-02-01 19:31:22 +03:00
github.com/go-git/go-billy/v5 v5.5.0
github.com/go-git/go-git/v5 v5.11.0
2023-12-19 21:10:31 +03:00
github.com/google/generative-ai-go v0.5.0
2023-12-19 20:52:32 +03:00
github.com/google/go-cmp v0.6.0
2022-01-07 19:17:54 +03:00
github.com/google/go-github/v41 v41.0.0
2023-12-20 01:12:53 +03:00
github.com/google/osv-scanner v1.3.5
2023-07-27 00:24:52 +03:00
github.com/google/safehtml v0.1.0
2023-12-24 17:53:25 +03:00
github.com/jba/metrics v0.1.1
github.com/jba/metrics/otel v0.1.1
2023-12-20 00:24:55 +03:00
github.com/jba/templatecheck v0.7.0
2023-07-27 00:24:52 +03:00
github.com/lib/pq v1.10.9
2023-12-20 00:24:55 +03:00
github.com/shurcooL/githubv4 v0.0.0-20231126234147-1cffa1f02456
2023-12-19 21:10:31 +03:00
go.opentelemetry.io/otel v1.21.0
go.opentelemetry.io/otel/sdk v1.21.0
2023-12-24 18:37:44 +03:00
go.opentelemetry.io/otel/trace v1.21.0
2023-12-24 21:34:14 +03:00
golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
2024-06-04 21:46:46 +03:00
golang.org/x/mod v0.18.0
golang.org/x/oauth2 v0.21.0
2024-04-05 01:17:46 +03:00
golang.org/x/sync v0.7.0
2023-11-27 21:31:14 +03:00
golang.org/x/time v0.5.0
2024-06-04 21:46:46 +03:00
golang.org/x/tools v0.22.0
2023-12-20 00:24:55 +03:00
google.golang.org/api v0.154.0
google.golang.org/grpc v1.60.1
2023-05-31 19:46:54 +03:00
gopkg.in/yaml.v3 v3.0.1
2023-12-20 00:24:55 +03:00
honnef.co/go/tools v0.4.6
mvdan.cc/unparam v0.0.0-20230917202934-3ee2d22f45fb
2021-12-18 02:11:51 +03:00
2021-11-09 23:29:42 +03:00
require (
2023-12-19 21:10:31 +03:00
cloud.google.com/go v0.111.0 // indirect
cloud.google.com/go/ai v0.3.0 // indirect
2024-05-06 20:52:31 +03:00
cloud.google.com/go/compute/metadata v0.3.0 // indirect
2023-12-19 21:10:31 +03:00
cloud.google.com/go/iam v1.1.5 // indirect
cloud.google.com/go/longrunning v0.5.4 // indirect
cloud.google.com/go/monitoring v1.16.3 // indirect
cloud.google.com/go/trace v1.10.4 // indirect
2024-02-01 19:31:22 +03:00
dario.cat/mergo v1.0.0 // indirect
2023-12-20 01:12:53 +03:00
github.com/BurntSushi/toml v1.3.2 // indirect
2023-12-19 21:10:31 +03:00
github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.45.0 // indirect
2024-02-01 19:31:22 +03:00
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/ProtonMail/go-crypto v1.0.0 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
2023-06-13 21:51:51 +03:00
github.com/emirpasic/gods v1.18.1 // indirect
2023-12-20 00:24:55 +03:00
github.com/felixge/httpsnoop v1.0.4 // indirect
2023-06-13 21:51:51 +03:00
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
2023-12-19 21:10:31 +03:00
github.com/go-logr/logr v1.3.0 // indirect
2022-02-18 19:33:30 +03:00
github.com/go-logr/stdr v1.2.2 // indirect
2022-01-08 23:53:43 +03:00
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
2023-07-27 00:24:52 +03:00
github.com/golang/protobuf v1.5.3 // indirect
cmd,internal: add tools and worker code
golang.org/x/vuln/srv is moved to this repository. Originally, the
motivation for creating x/vuln was to split the YAML reports and Go code
into two separate repositories. However, this resulted in a few
1. The structure of the YAML reports is tightly coupled with the structs
in internal/report, and changing one without the other would result
in errors when linting the reports.
2. The vlint package itself needed to be exported, even though the only
consumer was the test in x/vulndb.
3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating
that command could easily break the script (for example, submitting
CL 373004 without changing the reference in deploy/build.yaml).
Additionally, the original location of this code was x/vuln, which
contained two types of packages.
(1) Packages meant for consumption by other clients (for example,
x/vuln/client), and
(2) Internal packages that were only meant for use to spin up the
The internal packages resulted in many dependencies since they pulled in
GCP, which we don't want clients of the vulncheck library to
have to pull in. This problem was originally solved by creating a nested
module inside x/vuln, but nicer separation that would also solve the
issues above is the following:
* x/vuln: contains Go code meant to be imported by others
* x/vulndb: contains internal code only used to maintain the vulndb
For golang/go#50247
Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
github.com/google/go-querystring v1.1.0 // indirect
2023-12-19 20:52:32 +03:00
github.com/google/s2a-go v0.1.7 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
cmd,internal: add tools and worker code
golang.org/x/vuln/srv is moved to this repository. Originally, the
motivation for creating x/vuln was to split the YAML reports and Go code
into two separate repositories. However, this resulted in a few
1. The structure of the YAML reports is tightly coupled with the structs
in internal/report, and changing one without the other would result
in errors when linting the reports.
2. The vlint package itself needed to be exported, even though the only
consumer was the test in x/vulndb.
3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating
that command could easily break the script (for example, submitting
CL 373004 without changing the reference in deploy/build.yaml).
Additionally, the original location of this code was x/vuln, which
contained two types of packages.
(1) Packages meant for consumption by other clients (for example,
x/vuln/client), and
(2) Internal packages that were only meant for use to spin up the
The internal packages resulted in many dependencies since they pulled in
GCP, which we don't want clients of the vulncheck library to
have to pull in. This problem was originally solved by creating a nested
module inside x/vuln, but nicer separation that would also solve the
issues above is the following:
* x/vuln: contains Go code meant to be imported by others
* x/vulndb: contains internal code only used to maintain the vulndb
For golang/go#50247
Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
2023-06-13 21:51:51 +03:00
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/pjbgf/sha1cd v0.3.0 // indirect
2024-02-01 19:31:22 +03:00
github.com/sergi/go-diff v1.3.1 // indirect
2022-02-08 01:51:23 +03:00
github.com/shurcooL/graphql v0.0.0-20200928012149-18c5c3165e3a // indirect
2024-02-01 19:31:22 +03:00
github.com/skeema/knownhosts v1.2.1 // indirect
2023-06-13 21:51:51 +03:00
github.com/xanzy/ssh-agent v0.3.3 // indirect
2023-07-27 00:24:52 +03:00
go.opencensus.io v0.24.0 // indirect
2023-12-20 00:24:55 +03:00
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 // indirect
2023-12-19 21:10:31 +03:00
go.opentelemetry.io/otel/metric v1.21.0 // indirect
2023-12-24 17:53:25 +03:00
go.opentelemetry.io/otel/sdk/metric v1.21.0 // indirect
2024-06-04 21:46:46 +03:00
golang.org/x/crypto v0.24.0 // indirect
2023-07-27 00:24:52 +03:00
golang.org/x/exp/typeparams v0.0.0-20221208152030-732eee02a75a // indirect
2024-06-04 21:46:46 +03:00
golang.org/x/net v0.26.0 // indirect
golang.org/x/sys v0.21.0 // indirect
golang.org/x/text v0.16.0 // indirect
2023-12-19 21:10:31 +03:00
google.golang.org/genproto v0.0.0-20231120223509-83a465c0220f // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20231211222908-989df2bf70f3 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231211222908-989df2bf70f3 // indirect
2023-09-06 01:27:45 +03:00
google.golang.org/protobuf v1.31.0 // indirect
cmd,internal: add tools and worker code
golang.org/x/vuln/srv is moved to this repository. Originally, the
motivation for creating x/vuln was to split the YAML reports and Go code
into two separate repositories. However, this resulted in a few
1. The structure of the YAML reports is tightly coupled with the structs
in internal/report, and changing one without the other would result
in errors when linting the reports.
2. The vlint package itself needed to be exported, even though the only
consumer was the test in x/vulndb.
3. The deploy/build.yaml script depends on cmd/gendb@latest, so updating
that command could easily break the script (for example, submitting
CL 373004 without changing the reference in deploy/build.yaml).
Additionally, the original location of this code was x/vuln, which
contained two types of packages.
(1) Packages meant for consumption by other clients (for example,
x/vuln/client), and
(2) Internal packages that were only meant for use to spin up the
The internal packages resulted in many dependencies since they pulled in
GCP, which we don't want clients of the vulncheck library to
have to pull in. This problem was originally solved by creating a nested
module inside x/vuln, but nicer separation that would also solve the
issues above is the following:
* x/vuln: contains Go code meant to be imported by others
* x/vulndb: contains internal code only used to maintain the vulndb
For golang/go#50247
Change-Id: I74a7b7f9b8fc5b0ad48a45fc3156f93c08aa9955
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/373495
Trust: Julie Qiu <julie@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
2021-12-21 00:26:47 +03:00
gopkg.in/warnings.v0 v0.1.2 // indirect
2021-11-09 23:29:42 +03:00