Is it possible to introduce a go mod command/feature that can look at data from deps.dev and automatically use the minimum version that does NOT have a known CVE. With the prevalence of code scanners, we keep getting alerts regarding CVEs. Currently the process to fix such alerts require a lot of manual work. If go mod can automate some of this, that will be much appreciated. As an example, npm has a npm audit fix command that similar things for js projects. Thanks!
The text was updated successfully, but these errors were encountered: