GODRIVER-2540 Run govulncheck in CI builds.#2136
Merged
matthewdale merged 1 commit intomongodb:masterfrom Jul 25, 2025
Merged
Conversation
matthewdale
force-pushed
the
godriver2540-govulncheck
branch
from
6b552c7 to
72bb4c4
Compare
mongodb-drivers-pr-bot
bot
added
the
review-priority-low
Contributor
API Change ReportNo changes found! |
qingyang-hu
approved these changes
Jul 25, 2025
prestonvasquez
pushed a commit
to prestonvasquez/mongo-go-driver
that referenced
this pull request
Jul 31, 2025
alcaeus
added a commit
that referenced
this pull request
Aug 5, 2025
* master: (65 commits)
Replace all uses of 'interface{}' with 'any' in the bson package. (#2138)
GODRIVER-3473 Short-cicruit cursor.next() on invalid timeouts (#2135)
GODRIVER-3622 Automatically retry some test tasks. (#2147)
Replace all uses of 'interface{}' with 'any' in the repo docs. (#2142)
GODRIVER-3102: Perf comparison (#2134)
GODRIVER-3587 Use raw bytes in valueReader (#2120)
Replace all uses of 'interface{}' with 'any' in the internal/ packages. (#2140)
Replace all uses of 'interface{}' with 'any' in the x/ packages. (#2137)
GODRIVER-2016 Unskip all Transactions unified spec tests. (#2132)
GODRIVER-2540 Run govulncheck in CI builds. (#2136)
GODRIVER-3549 Update Client BulkWrite prose tests. (#2131)
Add guidelines for contributing features to the Go Driver (#2125)
Bump alcaeus/automatic-merge-up-action from 1.0.0 to 1.0.1 in the actions group (#2126)
Add wrappedMsgOnly to mongo.MarshalError and mongo.MongocryptError.
Bump testdata/specifications from `db69351` to `6689929`
fix wiremessage oob in case of intmin (#2076)
GODRIVER-3399: PoolClearedError should have TransientTransactionError label appended to it (#2114)
PR feedback.
Prevent integration tests from running when testing with -short
Skip AWS Test if no URI (#2102)
...
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
GODRIVER-2540
Summary
Run
govulncheckusing Go 1.24.5 in CI builds.Background & Motivation
govulncheckis a dependency vulnerability checker that can check if a Go project actually imports the vulnerable package from an impacted module. If a dependency has a CVE filed against it, but only a subset of packages in the module are vulnerable and the scanned Go project doesn't import the vulnerable package,govulncheckwill report no vulnerability.