Skip to content

Do not search for main module versions within binary contents by default #3874

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 9, 2025
Merged

Do not search for main module versions within binary contents by default #3874

merged 1 commit into from
May 9, 2025

Conversation

wagoodman
Copy link
Contributor

Today if no version can be found for a go module within a binary (searching buildinfo or ldflags) then a semver regex is applied to the full contents of the binary. This is costly resource-wise and often raises incorrect versions. For this reason this PR makes this behavior opt-in only.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

PR Stack

Base automatically changed from go-main-mod-changes to main May 9, 2025 17:36
@wagoodman
do not search binary contents for version for go package
4276d25 
Signed-off-by: Alex Goodman <wagoodman@users.noreply.github.com>
@wagoodman wagoodman enabled auto-merge (squash) May 9, 2025 17:37
@wagoodman wagoodman merged commit f9d0fa8 into main May 9, 2025
13 checks passed
@wagoodman wagoodman deleted the go-contents-off branch May 9, 2025 17:49
@wagoodman wagoodman mentioned this pull request May 9, 2025
Closed
spiffcs added a commit that referenced this pull request May 13, 2025
@spiffcs
Merge branch 'main' into 3088-new-license-ctx-scaner
a1a046b 
* main:
  Translate Portage license strings to SPDX expressions (#1763)
  fix: stop emitting redis redis CPE for PHP PECL redis (#3881)
  feat: Add PURL list input/output format (#3853)
  chore(deps): update CPE dictionary index (#3877)
  chore(deps): update tools to latest versions (#3878)
  do not search binary contents for version for go package (#3874)
  fix: remove race when writing errors in generic cataloger (#3875)
  clear devel version for go packages (#3873)

Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@wagoodman wagoodman added the bug Something isn't working label May 14, 2025
@BrewTestBot BrewTestBot mentioned this pull request May 14, 2025
Merged
@goatwu1993 goatwu1993 mentioned this pull request Jul 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow kzantow approved these changes

Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wagoodman @kzantow