-
* Update CHANGELOG and fix typo * Render severity based on exit code * Explicitly specify the default GOPROXY * Default to -mod=readonly and allow override * Do not modify `vendor` directory if it exists. * Skip `go mod tidy` to prevent modifying projects files. * Include dependencies that appear in go.mod but are not present in the vendor directory. * Remove severity from log output * Wipe golang module cache before each spec ```plaintext The -mod build flag provides additional control over updating and use of go.mod. If invoked with -mod=readonly, the go command is disallowed from the implicit automatic updating of go.mod described above. Instead, it fails when any changes to go.mod are needed. This setting is most useful to check that go.mod does not need updates, such as in a continuous integration and testing system. The "go get" command remains permitted to update go.mod even with -mod=readonly, and the "go mod" commands do not take the -mod flag (or any other build flags). If invoked with -mod=vendor, the go command loads packages from the main module's vendor directory instead of downloading modules to and loading packages from the module cache. The go command assumes the vendor directory holds correct copies of dependencies, and it does not compute the set of required module versions from go.mod files. However, the go command does check that vendor/modules.txt (generated by 'go mod vendor') contains metadata consistent with go.mod. If invoked with -mod=mod, the go command loads modules from the module cache even if there is a vendor directory present. If the go command is not invoked with a -mod flag and the vendor directory is present and the "go" version in go.mod is 1.14 or higher, the go command will act as if it were invoked with -mod=vendor. ``` - https://golang.org/cmd/go/#hdr-Maintaining_module_requirements
cd9cd852
Analyzing file…