Skip to content

govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified #70036

New issue
New issue
Open
Open
govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified#70036
Assignees
zpavlinovic
Labels
NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.vulncheck or vulndbIssues for the x/vuln or x/vulndb repo
Milestone
 
Unreleased
@sbp-bvanb

Description

@sbp-bvanb
sbp-bvanb
opened on Oct 25, 2024 · edited by sbp-bvanb

govulncheck version

golang/govulncheck-action@v1.0.4

Does this issue reproduce at the latest version of golang.org/x/vuln?

  • Yes.

Output of go env in your module/workspace:

-

What did you do?

- uses: golang/govulncheck-action@v1.0.4
  with:
    go-version-file: go.mod
    go-package: ./...

What did you see happen?

Warning: Both go-version and go-version-file inputs are specified, only go-version will be used

What did you expect to see?

No warning as go-version-file: go.mod has been defined. If this is the case, then the code should omit go-version and only use the version that is defined in the go.mod file. Now it is using another Golang version, while another version is defined in the go.mod file.

Activity

sbp-bvanb
added
vulncheck or vulndbIssues for the x/vuln or x/vulndb repo
on Oct 25, 2024
gabyhelp

gabyhelp commented on Oct 25, 2024

@gabyhelp
gabyhelp
on Oct 25, 2024

Related Issues and Documentation

(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)

cagedmantis
added
NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.
on Oct 29, 2024
cagedmantis
added this to the Unreleased milestone on Oct 29, 2024
cagedmantis

cagedmantis commented on Oct 29, 2024

@cagedmantis
cagedmantis
on Oct 29, 2024
Contributor

cc @golang/vulndb

waliseddiqi

waliseddiqi commented on Nov 8, 2024

@waliseddiqi
waliseddiqi
on Nov 8, 2024

I am having same issue

reproduction:
I wanted to pass go-version-file which is 1.23.2 in my go.mod project but the action assigned the go version as 1.23.3

Warning: Both go-version and go-version-file inputs are specified, only go-version will be used

gabyhelp
mentioned this on Dec 15, 2024
zpavlinovic
self-assigned this
on Jan 20, 2025
rsoaresd
mentioned this in 6 pull requests on Mar 14, 2025
jasonwashburn

jasonwashburn commented on May 2, 2025

@jasonwashburn
jasonwashburn
on May 2, 2025

Looks like the issue was likely introduced here. By giving go-version-input a default value, it guarantees that the setup-go action will be provided a 'go-version' input even when the user does not specify one and the a user-specified go-version-file will be ignored by setup-go

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

Labels

NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.vulncheck or vulndbIssues for the x/vuln or x/vulndb repo

Type

No type

Projects

No projects

Milestone

Relationships

None yet

    Development

    No branches or pull requests

      Participants

      @cagedmantis@zpavlinovic@jasonwashburn@waliseddiqi@sbp-bvanb

      Issue actions
        govulncheck-action: Warning: Both go-version and go-version-file inputs are specified, only go-version will be used while only 'go-version-file: go.mod' is specified · Issue #70036 · golang/go