Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
snapshotter: Fixes go.sum false positive alert for protobuf def (#931)
The previous PR which fixes this did not actually remove the bad version from the go.sum file. Funny story, go.sum is not really a list of deps included in the actually binary, its more of a manifest that go used to walk the dep tree. Dependabot will sometimes improperly use this as the source of truth which is not 100% correct. I am not 100% sure if that is what is happening here, but it def could be because the final binary is only including 1.3.2 of protobuf. The reason this wasnt cleaned up is that go 1.15's `go mod tidy` does not do as good of job of cleaning up the go.sum as 1.16. I have modified my patching scripts to delete the go.sum along with the vendor dir and regenerate it instead. ref: dependabot/dependabot-core#4740
- Loading branch information
Showing
1 changed file
with
44 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters