Hi all,
I maintain two components written in Go, so time to time the components
get CVE reports where vulnerable code comes from another component via
static linking during build.
I was trying to figure out how to make this better, and together with
Jason (in CC) got an idea about automatic
Hi Florian!
Thank you for the idea!
I knew about 'go version', which would give me go version as whole, but
not about the possibility to use this to see versions of used modules -
great to know!
On 3/21/25 10:53, Florian Weimer wrote:
A different way to do this would involve a dependency ge
Hi Alejandro!
On 3/21/25 13:55, Alejandro Saez Morollon wrote:
I'm not really sure if I understand the problem, but hope these two
things help:
First, this is not exactly what you want to do, but we have a script
in the rpms/golang package to generate the provides, maybe you can
draw inspi
On 3/26/25 16:10, Florian Weimer wrote:
How did you get such output from 'go version -m'? Or is it a
theoretical output? Because if I call this on my ipp-usb binary, I get
this output:
$ go version -m /usr/sbin/ipp-usb
/usr/sbin/ipp-usb: go1.23.7
path github.com/OpenPrinting/ipp-usb
