Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified #70036

Open
sbp-bvanb opened this issue Oct 25, 2024 · 3 comments
Open

govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified #70036

sbp-bvanb opened this issue Oct 25, 2024 · 3 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
Unreleased

Comments

@sbp-bvanb
Copy link

sbp-bvanb commented Oct 25, 2024
edited
Loading

govulncheck version

golang/govulncheck-action@v1.0.4

Does this issue reproduce at the latest version of golang.org/x/vuln?

  • Yes.

Output of go env in your module/workspace:

-

What did you do?

- uses: golang/govulncheck-action@v1.0.4
  with:
    go-version-file: go.mod
    go-package: ./...

What did you see happen?

Warning: Both go-version and go-version-file inputs are specified, only go-version will be used

What did you expect to see?

No warning as go-version-file: go.mod has been defined. If this is the case, then the code should omit go-version and only use the version that is defined in the go.mod file. Now it is using another Golang version, while another version is defined in the go.mod file.
@sbp-bvanb sbp-bvanb added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Oct 25, 2024
@gabyhelp
Copy link

Related Issues and Documentation

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

@cagedmantis cagedmantis added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 29, 2024
@cagedmantis cagedmantis added this to the Unreleased milestone Oct 29, 2024
@cagedmantis
Copy link
Contributor

cc @golang/vulndb

@waliseddiqi
Copy link

I am having same issue

reproduction:
I wanted to pass go-version-file which is 1.23.2 in my go.mod project but the action assigned the go version as 1.23.3

Warning: Both go-version and go-version-file inputs are specified, only go-version will be used

@gabyhelp gabyhelp mentioned this issue Dec 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@cagedmantis @waliseddiqi @sbp-bvanb @gabyhelp