mirror of
https://github.com/imjasonh/govulncheck-action
synced 2026-07-07 00:12:55 +00:00
Previously, if go.sum was out of date or missing, govulncheck would fail to analyze the code but the action would report "no vulnerabilities found" which is misleading and dangerous. This change: - Detects specific error patterns in govulncheck stderr that indicate missing dependencies (missing go.sum entry, could not import, invalid package name) - Throws a clear error message telling users to run 'go mod tidy' - Prevents false "no vulnerabilities" reports when govulncheck can't analyze the code Added tests to verify the behavior for both missing go.sum and import errors. Fixes the issue where vulnerabilities could be missed due to dependency problems. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| annotator.test.js | ||
| govulncheck.test.js | ||
| index-main.test.js | ||
| index.test.js | ||
| parser.test.js | ||
| summary.test.js | ||