Resolved by setting the correct `GOTOOLCHAIN` value. Sorry for the noise. Benjamin
On Friday, January 30, 2026 at 11:49:28 AM UTC Benjamin Wang wrote: > I bumped go version from 1.24.11 to 1.24.12 (see > https://github.com/etcd-io/etcd/pull/21218), and in one of the workflow > checks runs commands below, > > $ go install golang.org/x/vuln/cmd/govulncheck@latest > $ govulncheck -show verbose ./... > > But it scanned go1.25.5's standard library (see message blow). (I guess > it's because the workflow environment has go version 1.25.5 by default; but > not sure about this, since the environment is out of my control). > Accordingly it successfully identified the known CVEs. I expect it scans > the go1.24.12's standard library and no CVE detected. > > "Govulncheck scanned the following 55 modules and the go1.25.5 standard > library:" > > Interestingly, I also bumped go from 1.24.11 to 1.24.12 for other etcd > branches (see example https://github.com/etcd-io/etcd/pull/21217), > and govulncheck scanned the expected go version (1.24.12)'s standard lib. > > "Govulncheck scanned the following 13 modules and the go1.24.12 standard > library:" > > > Any help is apprecated. > > > Benjamin > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/d211975b-d3ea-4c00-9e83-773686331418n%40googlegroups.com.
