cmd/vulnreport: remove option to pull GHSAs from the GraphQL api

This was a backup option in case osv.dev did not have the GHSA yet;
this is no longer needed now that we're pulling directly from Github.

Change-Id: Ib5a1b9752eac1efe2a91ef0403771d5575180402
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/597755
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Damien Neil <[email protected]>

Author: tatianab

cmd/vulnreport/create.go

@@ -13,7 +13,6 @@ import (
 
 var (
 	preferCVE       = flag.Bool("cve", false, "for create, prefer CVEs over GHSAs as canonical source")
-	graphQL         = flag.Bool("graphql", false, "for create, fetch GHSAs from the Github GraphQL API instead of the OSV database")
 	useAI           = flag.Bool("ai", false, "for create, use AI to write draft summary and description when creating report")
 	populateSymbols = flag.Bool("symbols", false, "for create, attempt to auto-populate symbols")
 	user            = flag.String("user", "", "for create & create-excluded, only consider issues assigned to the given user")

cmd/vulnreport/find_aliases.go

@@ -155,12 +155,7 @@ func (a *aliasFinder) fetch(ctx context.Context, alias string) (report.Source, e
 	var f report.Fetcher
 	switch {
 	case idstr.IsGHSA(alias):
-		if *graphQL {
-			// Doesn't work for test environment yet.
-			f = a.gc.(*ghsa.Client)
-		} else {
-			f = genericosv.NewGHSAFetcher()
-		}
+		f = genericosv.NewGHSAFetcher()
 	case idstr.IsCVE(alias):
 		f = cve5.NewFetcher()
 	default: