Verbose output of govulncheck on same Dropserver project showing that it is not affected by the vulnerability because we don't appear to call affect methods. Full text: "DropServer git:(tailscale-1) ✗ govulncheck -show verbose ./... Scanning your code and 643 packages across 83 dependent modules for known vulnerabilities... Fetching vulnerabilities from the database... Checking the code against the vulnerabilities... === Symbol Results === No vulnerabilities found. === Package Results === No other vulnerabilities found. === Module Results === Vulnerability #1: GO-2024-3321 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto More info: https://pkg.go.dev/vuln/GO-2024-3321 Module: golang.org/x/crypto Found in: golang.org/x/crypto@v0.29.0 Fixed in: golang.org/x/crypto@v0.31.0 Your code is affected by 0 vulnerabilities. This scan also found 0 vulnerabilities in packages you import and 1 vulnerability in modules you require, but your code doesn't appear to call these vulnerabilities.
https://f2.tchncs.de/media_attachments/files/113/642/153/239/018/211/original/f6b311c4e4b6ed37.png
Olivier Forget
All GNU social JP content and data are available under the 