| ▲ | saturn_vk an hour ago | |
IIRC, go cannot run arbitrary code at build time, so that should not make it vulnerable | ||
| ▲ | matheusmoreira an hour ago | parent [-] | |
That changes nothing. If you're downloading packages pushed by randoms, then it's vulnerable. There is no escaping it. Go's module index is filled with people's GitHub repositories. You have no idea what's inside those things unless you review the source yourself. | ||