nancy-fixer

command module
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 17, 2025 License: Apache-2.0 Imports: 1 Imported by: 0

README

nancy-fixer

nancy-fixer is a CLI tool that scans and automatically fixes nancy vulnerabilities.

Installation

Make sure that you have nancy.

go install github.com/giantswarm/nancy-fixer@latest

Usage

To fix vulnerabilities in the repository in the current directory use:

nancy-fixer fix

To specify a different directory use:

nancy-fixer fix --dir PATH

Steps

For each vulnerability, nancy-fixer will try three steps:

  1. Update all dependencies that require the vulnerable package (in the case of a direct dependency this could be simply the vulnerable package itself)
  2. Update the vulnerable package by adding a replace in the go.mod file.
  3. Ignore the vulnerable package.

Limitations

Major Versions

Currently, nancy-fixer is not aware of different module names for different major versions. For example, say you have the dependency github.com/my/mod/v4 with version v4.1.0, but there is a version v5.0.0 available. This would require you to change the imported module to github.com/my/mod/v5. However, nancy-fixer will never try that.

Because of how major versions worked without changing this vN postfix before go modules, nancy-fixer will do major version bumps for packages that did not yet introduce modules. This stackoverflow question might explain more in that regard.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis
pkg
fix
gocli
logging
modules
modules/revisions
nancy
project

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.