Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Go Analyzer stucks since v6.0.2

See original GitHub issue

Describe the bug

The scanner gets stuck when analyzing Go modules with large number of indirect dependencies.

Version of dependency-check used The problem occurs using version 6.0.2 of the cli, either on windows and on linux. It does not happen when using 6.0.1.

Log file

https://gist.github.com/qmuntal/3f7ff07957d8b3f020b46d7c0842624f

To Reproduce

// go.mod

module test

go 1.12

require (
    github.com/goreleaser/goreleaser v0.146.0
    golang.org/x/tools v0.0.0-20200818005847-188abfa75333 // indirect
)

// main.go

package main

import (
    "fmt"
    _ "github.com/goreleaser/goreleaser"
)

func main() {
    fmt.Println("Failed")
}

Running dependency-check.bat" --scan . --enableExperimental on the previous program makes dependency-check to stuck for 30min, and then it just fails.

Expected behavior The Scan finishes in a reasonable amount of time (10sec)

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:2
  • Comments:7 (2 by maintainers)

github_iconTop GitHub Comments

3reactions
qmuntalcommented, Nov 3, 2020

It can also be reproduced with v6.0.3

0reactions
relyt0925commented, Apr 26, 2021

I also checked and it works thank you!!!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Developers - Go Analyzer stucks since v6.0.2 - - Bountysource
Describe the bug. The scanner gets stuck when analyzing Go modules with large number of indirect dependencies. Version of dependency-check used
Read more >
Help with embedded ambiguity, upgrading from v6.0.2 to v9.0.0
There's a two things going wrong here on our side: First, plate_id as a column hint is only shown for the o2m relationship...
Read more >
npm install gets stuck at fetchMetadata - node.js - Stack Overflow
The solution was to replace a dependency from github link (no tagging / commit lock) to a package link. After that, it was...
Read more >
When Things Go Wrong — PyArmor 6.7.0 documentation
Please upgrade pyarmor to v6.7.3+, and obfuscate the scripts again, and make sure new runtime package is generated. If the scripts is obfuscated...
Read more >
IBM WebSphere Business Monitor V6.0.2 adds productivity ...
Multidimensional analysis and reports supported through the dashboards, with embedded business intelligence. Creates customized analytic components that ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Composer packages with hyphen not resolved to correct CPE

Next page

False Positive on Tomcat 9.0.38 and upper reporting CVE-2020-13943