| 13 Jul 2023 |
 @qbit:tapenet.org | https://go.dev/blog/govulncheck - it would be neat if we had some sorta integration with this.. like a checkphase or something | 15:49:51 |
| @qbit:tapenet.org | probably would be tough though.. because the db is remote | 15:50:25 |
| @qbit:tapenet.org | oh
An experimental tool to generate your own vulnerability database index is provided at golang.org/x/vulndb/cmd/indexdb.
maybe not :D
| 15:50:43 |
 j-k | oh, 1.0.0, time to update | 15:51:21 |
| @qbit:tapenet.org | j-k i created a pr already :D | 15:51:34 |
| j-k | ty | 15:51:42 |
| @qbit:tapenet.org | https://github.com/NixOS/nixpkgs/pull/243297 | 15:52:14 |
 @eyjhb:eyjhb.dk | In reply to @qbit:tapenet.org
https://go.dev/blog/govulncheck - it would be neat if we had some sorta integration with this.. like a checkphase or something Thanks for sharing, didn't even know about this | 15:55:08 |
| j-k | I was very excited when it was announced. I was fed up of explaining no this critical k8s vuln doesn't affect my linter that transitively imports k8s stuff. pretty much every single week. | 15:57:42 |
| @qbit:tapenet.org | heh | 15:58:30 |
| @qbit:tapenet.org | i have been using it for a bit now, it seems to do a really good job | 15:58:48 |
| @qbit:tapenet.org | really low false positive rate (not sure i have seen one.. ) | 15:59:07 |
| j-k | I'm surprised they didn't bump the modules for 1.0.0, I doubt none of these have updated since | 15:59:52 |
| @qbit:tapenet.org | oh, hah - i didn't even notice the vendorHash didn't change | 16:02:47 |
| @qbit:tapenet.org | https://github.com/golang/vuln/compare/v0.2.0...v1.0.0.patch i had to double check (make sure i didn't mess up :D) | 16:05:48 |
| @qbit:tapenet.org | (also ... and .diff/.patch are one of my fav features of gh) | 16:06:39 |
| @eyjhb:eyjhb.dk | Whops https://pkg.go.dev/vuln/GO-2023-1878 | 18:09:03 |
| @eyjhb:eyjhb.dk | Found in my code | 18:09:06 |
| 15 Jul 2023 |
|  @jarkad:tchncs.de joined the room. | 19:27:28 |
| 18 Jul 2023 |
|  kirillrdy set a profile picture. | 12:22:39 |
| 22 Jul 2023 |
| @jarkad:tchncs.de left the room. | 02:13:30 |
| 23 Jul 2023 |
|  vcunat joined the room. | 11:52:46 |
 Artturin | https://github.com/NixOS/nixpkgs/pull/242905#issuecomment-1646877937 | 16:17:05 |
| Artturin | the last message from go mod vendor is
k2tf> go: replacement path ./vendor/k8s.io/cli-runtime/pkg/kustomize/k8sdeps/transformer inside vendor directory
| 16:19:10 |
| Artturin | tinygo.goModules
error: illegal path references in fixed-output derivation '/nix/store/06v7rn03bgsnzvv89dn8i2a6kap1fijl-tinygo-0.26.0-goModules.drv'
| 16:28:47 |
| Artturin | These modules built correctly on older go versions but not on newer go versions | 16:29:11 |
| Artturin | How can vendoring break version to version, Go damn | 16:29:49 |
| Artturin | * How can vendoring break in multiple ways version to version, Go damn | 16:30:43 |
| @qbit:tapenet.org | Is there a rewrite in the go.mod? | 17:17:55 |
|  @atalii:matrix.org joined the room. | 17:58:44 |
