Hi,
I’ve just installed go 1.24.0 into our build toolchain and anchore is now throwing up all sorts of old vulnerabilities on the following file: /usr/local/go/src/debug/buildinfo/testdata/go117
I note that the buildinfo/testdata sub-directory does not exist in the 1.23.6 release (or prior).
In fact the testdata subdirectory now appears everywhere, but it is go117 that is causing the problem.
Can I assume the inclusion of the */testdata sub directory is a packaging error and remove the folder?
Can I assume the inclusion of the */testdata sub directory is a packaging error and remove the folder?
It was added 7 months ago in 28aed40. From a quick glance it looks like the whole of the src tree ends up in the release archives.
I can’t find any issue at issues, either open or closed, relating to the directory. If it was causing problems for multiple people I would have expected there to be an issue by now.