Skip to content

Commit 375ebe0

Browse files
michael-gomichael-go
committed
fix: instead of 0.0.0 set root version to ''
currently the backend compares the root to the vulndb too, and 0.0.0 may trigger a vuln, altough we don't know the actual version
1 parent fd57bb8 commit 375ebe0

File tree

2 files changed

+30
-30
lines changed

2 files changed

+30
-30
lines changed

lib/index.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,7 @@ function recursivelyBuildPkgTree(
166166
}
167167

168168
if (isRoot || isProjSubpkg) {
169-
pkg.version = '0.0.0';
169+
pkg.version = '';
170170
} else if (!lockedVersions[pkg.name]) {
171171
pkg.version = '';
172172
// TODO: warn or set to "?" ?

test/inspect.test.js

+29-29
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,8 @@ test('happy inspect', function (t) {
2323
t.test('root pkg', function (t) {
2424
t.match(pkg, {
2525
name: 'path/to/pkg',
26-
version: '0.0.0',
27-
from: ['path/to/pkg@0.0.0'],
26+
version: '',
27+
from: ['path/to/pkg@'],
2828
packageFormatVersion: 'golang:0.0.1',
2929
}, 'root pkg')
3030
t.end();
@@ -44,7 +44,7 @@ test('happy inspect', function (t) {
4444
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
4545
},
4646
},
47-
from: ['path/to/pkg@0.0.0', 'gitpub.com/food/salad@v1.3.7'],
47+
from: ['path/to/pkg@', 'gitpub.com/food/salad@v1.3.7'],
4848
}, 'salad depends on tomato and cucamba');
4949

5050
t.match(deps['gitpub.com/meal/dinner'], {
@@ -56,7 +56,7 @@ test('happy inspect', function (t) {
5656
'gitpub.com/nature/vegetables/tomato': {
5757
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
5858
from: [
59-
'path/to/pkg@0.0.0',
59+
'path/to/pkg@',
6060
'gitpub.com/meal/dinner@v0.0.7',
6161
'gitpub.com/food/salad@v1.3.7',
6262
'gitpub.com/nature/vegetables/tomato@#b6ffb7d62206806b573348160795ea16a00940a6', // jscs:ignore maximumLineLength
@@ -89,7 +89,7 @@ test('pkg with local import', function (t) {
8989

9090
t.test('dependencies', function (t) {
9191
t.match(pkg, {
92-
version: '0.0.0',
92+
version: '',
9393
dependencies: {
9494
'gitpub.com/meal/dinner': {
9595
version: 'v0.0.7',
@@ -100,7 +100,7 @@ test('pkg with local import', function (t) {
100100
'gitpub.com/nature/vegetables/tomato': {
101101
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
102102
from: [
103-
'path/to/pkg-with-local-import@0.0.0',
103+
'path/to/pkg-with-local-import@',
104104
'gitpub.com/meal/dinner@v0.0.7',
105105
'gitpub.com/food/salad@v1.3.7',
106106
'gitpub.com/nature/vegetables/tomato@#b6ffb7d62206806b573348160795ea16a00940a6', // jscs:ignore maximumLineLength
@@ -135,7 +135,7 @@ test('pkg with internal subpkg', function (t) {
135135

136136
t.test('dependencies', function (t) {
137137
t.match(pkg, {
138-
version: '0.0.0',
138+
version: '',
139139
dependencies: {
140140
'gitpub.com/meal/dinner': {
141141
version: 'v0.0.7',
@@ -146,7 +146,7 @@ test('pkg with internal subpkg', function (t) {
146146
'gitpub.com/nature/vegetables/tomato': {
147147
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
148148
from: [
149-
'path/to/pkg-with-internal-subpkg@0.0.0',
149+
'path/to/pkg-with-internal-subpkg@',
150150
'gitpub.com/meal/dinner@v0.0.7',
151151
'gitpub.com/food/salad@v1.3.7',
152152
'gitpub.com/nature/vegetables/tomato@#b6ffb7d62206806b573348160795ea16a00940a6', // jscs:ignore maximumLineLength
@@ -183,8 +183,8 @@ test('multi-root project', function (t) {
183183
t.test('root pkg', function (t) {
184184
t.match(pkg, {
185185
name: 'path/to/multiroot-pkg',
186-
version: '0.0.0',
187-
from: ['path/to/multiroot-pkg@0.0.0'],
186+
version: '',
187+
from: ['path/to/multiroot-pkg@'],
188188
packageFormatVersion: 'golang:0.0.1',
189189
}, 'root pkg')
190190
t.end();
@@ -204,7 +204,7 @@ test('multi-root project', function (t) {
204204
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
205205
},
206206
},
207-
from: ['path/to/multiroot-pkg@0.0.0', 'gitpub.com/food/salad@v1.3.7'],
207+
from: ['path/to/multiroot-pkg@', 'gitpub.com/food/salad@v1.3.7'],
208208
}, 'salad depends on tomato and cucamba');
209209

210210
t.match(deps['gitpub.com/meal/dinner'], {
@@ -216,7 +216,7 @@ test('multi-root project', function (t) {
216216
'gitpub.com/nature/vegetables/tomato': {
217217
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
218218
from: [
219-
'path/to/multiroot-pkg@0.0.0',
219+
'path/to/multiroot-pkg@',
220220
'gitpub.com/meal/dinner@v0.0.7',
221221
'gitpub.com/food/salad@v1.3.7',
222222
'gitpub.com/nature/vegetables/tomato@#b6ffb7d62206806b573348160795ea16a00940a6', // jscs:ignore maximumLineLength
@@ -276,8 +276,8 @@ test('multi-root project without code at root', function (t) {
276276
t.test('root pkg', function (t) {
277277
t.match(pkg, {
278278
name: 'path/to/multiroot-pkg-without-root',
279-
version: '0.0.0',
280-
from: ['path/to/multiroot-pkg-without-root@0.0.0'],
279+
version: '',
280+
from: ['path/to/multiroot-pkg-without-root@'],
281281
packageFormatVersion: 'golang:0.0.1',
282282
}, 'root pkg')
283283
t.end();
@@ -298,7 +298,7 @@ test('multi-root project without code at root', function (t) {
298298
},
299299
},
300300
from: [
301-
'path/to/multiroot-pkg-without-root@0.0.0',
301+
'path/to/multiroot-pkg-without-root@',
302302
'gitpub.com/food/salad@v1.3.7',
303303
],
304304
}, 'salad depends on tomato and cucamba');
@@ -312,7 +312,7 @@ test('multi-root project without code at root', function (t) {
312312
'gitpub.com/nature/vegetables/tomato': {
313313
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
314314
from: [
315-
'path/to/multiroot-pkg-without-root@0.0.0',
315+
'path/to/multiroot-pkg-without-root@',
316316
'gitpub.com/meal/dinner@v0.0.7',
317317
'gitpub.com/food/salad@v1.3.7',
318318
'gitpub.com/nature/vegetables/tomato@#b6ffb7d62206806b573348160795ea16a00940a6', // jscs:ignore maximumLineLength
@@ -327,7 +327,7 @@ test('multi-root project without code at root', function (t) {
327327
version: 'v0.0.7',
328328
dependencies: {},
329329
from: [
330-
'path/to/multiroot-pkg-without-root@0.0.0',
330+
'path/to/multiroot-pkg-without-root@',
331331
'gitpub.com/meal/dinner/desert@v0.0.7',
332332
],
333333
}, 'dinner/desert is a direct dependency');
@@ -381,8 +381,8 @@ test('no Go code', function (t) {
381381
t.same(pkg, {
382382
name: 'path/to/empty',
383383
dependencies: {},
384-
version: '0.0.0',
385-
from: ['path/to/empty@0.0.0'],
384+
version: '',
385+
from: ['path/to/empty@'],
386386
packageFormatVersion: 'golang:0.0.1',
387387
}, 'root pkg')
388388
t.end();
@@ -515,8 +515,8 @@ test('pkg without external deps', function (t) {
515515
t.test('pkg', function (t) {
516516
t.same(pkg, {
517517
name: 'path/to/pkg-without-deps',
518-
version: '0.0.0',
519-
from: ['path/to/pkg-without-deps@0.0.0'],
518+
version: '',
519+
from: ['path/to/pkg-without-deps@'],
520520
packageFormatVersion: 'golang:0.0.1',
521521
dependencies: {},
522522
});
@@ -544,8 +544,8 @@ test('happy inspect govendor', function (t) {
544544
t.test('root pkg', function (t) {
545545
t.match(pkg, {
546546
name: 'path/to/pkg',
547-
version: '0.0.0',
548-
from: ['path/to/pkg@0.0.0'],
547+
version: '',
548+
from: ['path/to/pkg@'],
549549
packageFormatVersion: 'golang:0.0.1',
550550
}, 'root pkg');
551551
t.end();
@@ -565,7 +565,7 @@ test('happy inspect govendor', function (t) {
565565
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
566566
},
567567
},
568-
from: ['path/to/pkg@0.0.0', 'gitpub.com/food/salad@v1.3.7'],
568+
from: ['path/to/pkg@', 'gitpub.com/food/salad@v1.3.7'],
569569
}, 'salad depends on tomato and cucamba');
570570

571571
t.match(deps['gitpub.com/meal/dinner'], {
@@ -577,7 +577,7 @@ test('happy inspect govendor', function (t) {
577577
'gitpub.com/nature/vegetables/tomato': {
578578
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
579579
from: [
580-
'path/to/pkg@0.0.0',
580+
'path/to/pkg@',
581581
'gitpub.com/meal/dinner@v0.0.7',
582582
'gitpub.com/food/salad@v1.3.7',
583583
'gitpub.com/nature/vegetables/tomato@#b6ffb7d62206806b573348160795ea16a00940a6', // jscs:ignore maximumLineLength
@@ -612,8 +612,8 @@ test('inspect govendor with alternate case', function (t) {
612612
t.test('root pkg', function (t) {
613613
t.match(pkg, {
614614
name: 'path/to/pkg-with-alternate-govendor',
615-
version: '0.0.0',
616-
from: ['path/to/pkg-with-alternate-govendor@0.0.0'],
615+
version: '',
616+
from: ['path/to/pkg-with-alternate-govendor@'],
617617
packageFormatVersion: 'golang:0.0.1',
618618
dependencies: {
619619
'gitpub.com/drink/juice': {
@@ -639,7 +639,7 @@ test('inspect govendor with alternate case', function (t) {
639639
},
640640
},
641641
from: [
642-
'path/to/pkg-with-alternate-govendor@0.0.0',
642+
'path/to/pkg-with-alternate-govendor@',
643643
'gitpub.com/food/salad@v1.3.7',],
644644
}, 'salad depends on tomato and cucamba');
645645

@@ -652,7 +652,7 @@ test('inspect govendor with alternate case', function (t) {
652652
'gitpub.com/nature/vegetables/tomato': {
653653
version: '#b6ffb7d62206806b573348160795ea16a00940a6',
654654
from: [
655-
'path/to/pkg-with-alternate-govendor@0.0.0',
655+
'path/to/pkg-with-alternate-govendor@',
656656
'gitpub.com/meal/dinner@v0.0.7',
657657
'gitpub.com/food/salad@v1.3.7',
658658
'gitpub.com/nature/vegetables/tomato@#b6ffb7d62206806b573348160795ea16a00940a6', // jscs:ignore maximumLineLength

0 commit comments

Comments
 (0)