You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A module may contain multiple packages. When browsing the module's version history,
the versions tab provides vulnerability info. However, it's hard to figure out whether
a vulnerability affects the entire module, or only a certain package.
For example, GO-2022-1059 affects golang.org/x/text/language, but visible from
pkg.go.dev/golang.org/x/text?tab=versions and it's not obvious that this vulnerability
affects only golang.org/x/text/language.
OTOH, if other packages in the module "transitively" depend on golang.org/x/text/language,
I wonder if they are included in the osv entry.
The text was updated successfully, but these errors were encountered:
A module may contain multiple packages. When browsing the module's version history, the versions tab provides vulnerability info. However, it's hard to figure out whether a vulnerability affects the entire module, or only a certain package.
For example, GO-2022-1059 affects golang.org/x/text/language, but visible from pkg.go.dev/golang.org/x/text?tab=versions and it's not obvious that this vulnerability affects only golang.org/x/text/language.
OTOH, if other packages in the module "transitively" depend on golang.org/x/text/language, I wonder if they are included in the osv entry. #60579 (comment)
https://pkg.go.dev/golang.org/x/text?tab=versions
A module may contain multiple packages. When browsing the module's version history,
the versions tab provides vulnerability info. However, it's hard to figure out whether
a vulnerability affects the entire module, or only a certain package.
For example, GO-2022-1059 affects golang.org/x/text/language, but visible from

pkg.go.dev/golang.org/x/text?tab=versions and it's not obvious that this vulnerability
affects only golang.org/x/text/language.
OTOH, if other packages in the module "transitively" depend on golang.org/x/text/language,
I wonder if they are included in the osv entry.
The text was updated successfully, but these errors were encountered: