I bumped go version from 1.24.11 to 1.24.12 (see https://github.com/etcd-io/etcd/pull/21218), and in one of the workflow checks runs commands below,
$ go install golang.org/x/vuln/cmd/govulncheck@latest $ govulncheck -show verbose ./... But it scanned go1.25.5's standard library (see message blow). (I guess it's because the workflow environment has go version 1.25.5 by default; but not sure about this, since the environment is out of my control). Accordingly it successfully identified the known CVEs. I expect it scans the go1.24.12's standard library and no CVE detected. "Govulncheck scanned the following 55 modules and the go1.25.5 standard library:" Interestingly, I also bumped go from 1.24.11 to 1.24.12 for other etcd branches (see example https://github.com/etcd-io/etcd/pull/21217), and govulncheck scanned the expected go version (1.24.12)'s standard lib. "Govulncheck scanned the following 13 modules and the go1.24.12 standard library:" Any help is apprecated. Benjamin -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/890b3fc0-5ac1-4635-a75f-f5d0a7755710n%40googlegroups.com.
