From b151f53d0207ea6a4f123304cf6998c657555c3b Mon Sep 17 00:00:00 2001
From: Kynan Ware <47394200+BagToad@users.noreply.github.com>
Date: Mon, 3 Nov 2025 13:05:33 -0700
Subject: [PATCH] Add note on govulncheck source mode for Go 1.25

---
 .github/workflows/lint.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index ab7ea4663..027d00738 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -60,6 +60,9 @@ jobs:
 
       # `govulncheck` exits unsuccessfully if vulnerabilities are found, providing results in stdout.
       # See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck#hdr-Exit_codes for more information on exit codes.
+      #
+      # On go1.25, To make `-mode binary` work we need to make sure the binary is built with `go build -builtvsc=false`
+      # Since our builds do not use `-builtvsc=false`, we run in source mode here instead.
       - name: Check Go vulnerabilities
         run: |
           go run golang.org/x/vuln/cmd/govulncheck@d1f380186385b4f64e00313f31743df8e4b89a77 ./...