Ensure no duplicates in relationships when shortcut fields are used. #218
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
kzantow
reviewed
May 24, 2023
kzantow
previously approved these changes
May 26, 2023
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
another-rex
referenced
this pull request
in google/osv-scanner
Jun 6, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) | require | minor | `v1.2.1` -> `v1.3.0` | | [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) | require | minor | `v5.6.1` -> `v5.7.0` | | [github.com/spdx/tools-golang](https://github.com/spdx/tools-golang) | require | patch | `v0.5.0` -> `v0.5.1` | | [github.com/urfave/cli/v2](https://github.com/urfave/cli) | require | patch | `v2.25.3` -> `v2.25.5` | | golang.org/x/exp | require | digest | `dd950f8` -> `2e198f4` | | golang.org/x/tools | require | patch | `v0.9.1` -> `v0.9.3` | --- ### Release Notes <details> <summary>BurntSushi/toml</summary> ### [`v1.3.0`](https://github.com/BurntSushi/toml/releases/tag/v1.3.0) [Compare Source](https://github.com/BurntSushi/toml/compare/v1.2.1...v1.3.0) New features: - Support upcoming TOML 1.1 While it looks like TOML 1.1 is mostly stable and I don't expect any further major changes, there are *NO* compatibility guarantees as it is *NOT* yet released and *anything can still change*. To use it, set the `BURNTSUSHI_TOML_110` environment variable to any value, which can be done either with `os.SetEnv()` or by the user running a program. A full list is changes is available in the [TOML ChangeLog]; the two most notable ones are that newlines and trailing commas are now allowed in inline tables, and Unicode in bare keys can now be used – this is now a valid document: lëttërs = { ä = "a with diaeresis", è = "e with accent grave", } [TOML ChangeLog]: https://github.com/toml-lang/toml/blob/main/CHANGELOG.md - Allow MarshalTOML and MarshalText to be used on the document type itself, instead of only fields ([#​383](https://github.com/BurntSushi/toml/issues/383)). Bufixes: - `\` escapes at the end of line weren't processed correctly in multiline strings ([#​372](https://github.com/BurntSushi/toml/issues/372)). - Read over UTF-8 BOM ([#​381](https://github.com/BurntSushi/toml/issues/381)). - `omitempty` struct tag did not work for pointer values ([#​371](https://github.com/BurntSushi/toml/issues/371)). - Fix encoding anonymous structs on 32bit systems ([#​374](https://github.com/BurntSushi/toml/issues/374)). </details> <details> <summary>go-git/go-git</summary> ### [`v5.7.0`](https://github.com/go-git/go-git/releases/tag/v5.7.0) [Compare Source](https://github.com/go-git/go-git/compare/v5.6.1...v5.7.0) #### What's Changed - \*: Add support for initializing SHA256 repositories by [@​pjbgf](https://github.com/pjbgf) in [https://github.com/go-git/go-git/pull/707](https://github.com/go-git/go-git/pull/707) - git: add mirror clone option by [@​aymanbagabas](https://github.com/aymanbagabas) in [https://github.com/go-git/go-git/pull/735](https://github.com/go-git/go-git/pull/735) - git: Add support to ls-remote with peeled references. Fixes [#​749](https://github.com/go-git/go-git/issues/749) by [@​pjbgf](https://github.com/pjbgf) in [https://github.com/go-git/go-git/pull/750](https://github.com/go-git/go-git/pull/750) - git: fix cloning with branch name by [@​AriehSchneier](https://github.com/AriehSchneier) in [https://github.com/go-git/go-git/pull/755](https://github.com/go-git/go-git/pull/755) - git: Worktree, add check to see if file already checked in. Fixes [#​718](https://github.com/go-git/go-git/issues/718) by [@​cbbm142](https://github.com/cbbm142) in [https://github.com/go-git/go-git/pull/719](https://github.com/go-git/go-git/pull/719) - git: Worktree, git grep bare repositories by [@​aymanbagabas](https://github.com/aymanbagabas) in [https://github.com/go-git/go-git/pull/728](https://github.com/go-git/go-git/pull/728) - git: Add Depth to SubmoduleUpdateOptions by [@​matejrisek](https://github.com/matejrisek) in [https://github.com/go-git/go-git/pull/754](https://github.com/go-git/go-git/pull/754) - git: Testing, Fix tests not cleaning temp folders by [@​AriehSchneier](https://github.com/AriehSchneier) in [https://github.com/go-git/go-git/pull/769](https://github.com/go-git/go-git/pull/769) - git: remote, add support for a configurable timeout. by [@​andrewpollock](https://github.com/andrewpollock) in [https://github.com/go-git/go-git/pull/753](https://github.com/go-git/go-git/pull/753) - git: Allow Initial Branch to be configurable by [@​techknowlogick](https://github.com/techknowlogick) in [https://github.com/go-git/go-git/pull/764](https://github.com/go-git/go-git/pull/764) - storage: filesystem/dotgit, Improve load packed-refs by [@​fcharlie](https://github.com/fcharlie) in [https://github.com/go-git/go-git/pull/743](https://github.com/go-git/go-git/pull/743) - storage: filesystem, Populate index before use. Fixes [#​148](https://github.com/go-git/go-git/issues/148) by [@​AriehSchneier](https://github.com/AriehSchneier) in [https://github.com/go-git/go-git/pull/722](https://github.com/go-git/go-git/pull/722) - plumbing: resolve non-external delta references by [@​ZauberNerd](https://github.com/ZauberNerd) in [https://github.com/go-git/go-git/pull/485](https://github.com/go-git/go-git/pull/485) - plumbing/transport: fix regression in scp-like match by [@​jotadrilo](https://github.com/jotadrilo) in [https://github.com/go-git/go-git/pull/715](https://github.com/go-git/go-git/pull/715) - plumbing/transport: Add support for custom proxy settings by [@​aryan9600](https://github.com/aryan9600) in [https://github.com/go-git/go-git/pull/744](https://github.com/go-git/go-git/pull/744) - \*: small fixes across the codebase by [@​pjbgf](https://github.com/pjbgf) in [https://github.com/go-git/go-git/pull/770](https://github.com/go-git/go-git/pull/770) - \*: bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by [@​dependabot](https://github.com/dependabot) in [https://github.com/go-git/go-git/pull/776](https://github.com/go-git/go-git/pull/776) - \*: bump dependencies by [@​pjbgf](https://github.com/pjbgf) in [https://github.com/go-git/go-git/pull/748](https://github.com/go-git/go-git/pull/748) - \*: bump Go version to 1.18 on go.mod by [@​pjbgf](https://github.com/pjbgf) in [https://github.com/go-git/go-git/pull/774](https://github.com/go-git/go-git/pull/774) - \*: add Codeql workflow and bump dependencies by [@​pjbgf](https://github.com/pjbgf) in [https://github.com/go-git/go-git/pull/775](https://github.com/go-git/go-git/pull/775) - ci: fix upstream git build for master branch by [@​pjbgf](https://github.com/pjbgf) in [https://github.com/go-git/go-git/pull/739](https://github.com/go-git/go-git/pull/739) #### New Contributors - [@​ZauberNerd](https://github.com/ZauberNerd) made their first contribution in [https://github.com/go-git/go-git/pull/485](https://github.com/go-git/go-git/pull/485) - [@​jotadrilo](https://github.com/jotadrilo) made their first contribution in [https://github.com/go-git/go-git/pull/715](https://github.com/go-git/go-git/pull/715) - [@​fcharlie](https://github.com/fcharlie) made their first contribution in [https://github.com/go-git/go-git/pull/743](https://github.com/go-git/go-git/pull/743) - [@​AriehSchneier](https://github.com/AriehSchneier) made their first contribution in [https://github.com/go-git/go-git/pull/755](https://github.com/go-git/go-git/pull/755) - [@​cbbm142](https://github.com/cbbm142) made their first contribution in [https://github.com/go-git/go-git/pull/719](https://github.com/go-git/go-git/pull/719) - [@​aryan9600](https://github.com/aryan9600) made their first contribution in [https://github.com/go-git/go-git/pull/744](https://github.com/go-git/go-git/pull/744) - [@​matejrisek](https://github.com/matejrisek) made their first contribution in [https://github.com/go-git/go-git/pull/754](https://github.com/go-git/go-git/pull/754) - [@​andrewpollock](https://github.com/andrewpollock) made their first contribution in [https://github.com/go-git/go-git/pull/753](https://github.com/go-git/go-git/pull/753) - [@​techknowlogick](https://github.com/techknowlogick) made their first contribution in [https://github.com/go-git/go-git/pull/764](https://github.com/go-git/go-git/pull/764) **Full Changelog**: go-git/go-git@v5.6.1...v5.7.0 </details> <details> <summary>spdx/tools-golang</summary> ### [`v0.5.1`](https://github.com/spdx/tools-golang/releases/tag/v0.5.1) [Compare Source](https://github.com/spdx/tools-golang/compare/v0.5.0...v0.5.1) #### What's Changed - Add ability to specify JSON output options by [@​DmitriyLewen](https://github.com/DmitriyLewen) in [https://github.com/spdx/tools-golang/pull/213](https://github.com/spdx/tools-golang/pull/213) - Fix some optional params: `copyrightText`, `licenseListVersion`, `packageVerificationCode` by [@​lumjjb](https://github.com/lumjjb) in [https://github.com/spdx/tools-golang/pull/215](https://github.com/spdx/tools-golang/pull/215) - Properly output and read the `filesAnalyzed` field in JSON/YAML by [@​kzantow](https://github.com/kzantow) in [https://github.com/spdx/tools-golang/pull/210](https://github.com/spdx/tools-golang/pull/210) - Ensure no duplicates in relationships when shortcut fields are used. by [@​lumjjb](https://github.com/lumjjb) in [https://github.com/spdx/tools-golang/pull/218](https://github.com/spdx/tools-golang/pull/218) #### New Contributors - [@​testwill](https://github.com/testwill) made their first contribution in [https://github.com/spdx/tools-golang/pull/212](https://github.com/spdx/tools-golang/pull/212) - [@​DmitriyLewen](https://github.com/DmitriyLewen) made their first contribution in [https://github.com/spdx/tools-golang/pull/213](https://github.com/spdx/tools-golang/pull/213) **Full Changelog**: spdx/tools-golang@v0.5.0...v0.5.1 </details> <details> <summary>urfave/cli</summary> ### [`v2.25.5`](https://github.com/urfave/cli/releases/tag/v2.25.5) [Compare Source](https://github.com/urfave/cli/compare/v2.25.4...v2.25.5) #### What's Changed - Fix:(issue\_1737) Set bool count by taking care of num of aliases by [@​dearchap](https://github.com/dearchap) in [https://github.com/urfave/cli/pull/1740](https://github.com/urfave/cli/pull/1740) **Full Changelog**: urfave/cli@v2.25.4...v2.25.5 ### [`v2.25.4`](https://github.com/urfave/cli/releases/tag/v2.25.4) [Compare Source](https://github.com/urfave/cli/compare/v2.25.3...v2.25.4) #### What's Changed - Bug/fix issue 1703 by [@​jojje](https://github.com/jojje) in [https://github.com/urfave/cli/pull/1728](https://github.com/urfave/cli/pull/1728) - Fix:(issue\_1734) Show categories for subcommands by [@​dearchap](https://github.com/dearchap) in [https://github.com/urfave/cli/pull/1735](https://github.com/urfave/cli/pull/1735) - Fix:(issue\_1610). Keep RunAsSubcommand behaviour as before by [@​dearchap](https://github.com/dearchap) in [https://github.com/urfave/cli/pull/1736](https://github.com/urfave/cli/pull/1736) - Fix:(issue\_1731) Add fix for checking if aliases are set by [@​dearchap](https://github.com/dearchap) in [https://github.com/urfave/cli/pull/1732](https://github.com/urfave/cli/pull/1732) - Fix func name referenced in doc comment by [@​meatballhat](https://github.com/meatballhat) in [https://github.com/urfave/cli/pull/1738](https://github.com/urfave/cli/pull/1738) #### New Contributors - [@​jojje](https://github.com/jojje) made their first contribution in [https://github.com/urfave/cli/pull/1728](https://github.com/urfave/cli/pull/1728) **Full Changelog**: urfave/cli@v2.25.3...v2.25.4 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/google/osv-scanner). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS40OC4yIiwidXBkYXRlZEluVmVyIjoiMzUuMTAyLjEwIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the unmarshaling of shorthand fields, checks if relationships exists before adding them.
Fixes #208