[vulndb] internal/report: require packages for reports with cve_metadata
1 view
Skip to first unread message
Gopher Robot (Gerrit)
Jan 21, 2026, 9:22:32 AM (yesterday) Jan 21
to Ethan Lee, goph...@pubsubhelper.golang.org, golang-...@googlegroups.com, Nicholas Husin, Nicholas Husin, Go LUCI, golang-co...@googlegroups.com
Gopher Robot submitted the change![]( "Open in Gerrit")
Change information
Commit message:
internal/report: require packages for reports with cve_metadata
Reports that include Go-issued CVE metadata (cve_metadata) must have
at least one package defined for each module. This ensures that the
generated CVE record contains the required affected version data,
preventing publication failures.
Previously, this requirement was only enforced for first-party reports.
This change extends the rule to any report where the Go security team
has issued a CVE.
Fixes golang/go#77098
Change-Id: I45c985989712c2747f257a47e6dc8cf83dd4b3d1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/736161
Auto-Submit: Ethan Lee <etha...@google.com>
LUCI-TryBot-Result: Go LUCI <golang...@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Nicholas Husin <n...@golang.org>
Reviewed-by: Nicholas Husin <hu...@google.com>
Files:
- M internal/cve4/testdata/cve/TestToReport/CVE-2023-29407.txtar
- M internal/cve4/testdata/cve/TestToReport/CVE-2023-45286.txtar
- M internal/cve5/testdata/cve/TestToReport/CVE-2023-29407.txtar
- M internal/cve5/testdata/cve/TestToReport/CVE-2023-45286.txtar
- M internal/report/lint.go
Change size: XS
Delta: 5 files changed, 7 insertions(+), 1 deletion(-)
Branch: refs/heads/master
Submit Requirements:
Code-Review: +1 by Nicholas Husin, +2 by Nicholas Husin
TryBots-Pass: LUCI-TryBot-Result+1 by Go LUCI
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages