search

google / deps.dev

Resources for the deps.dev API
https://deps.dev
Apache License 2.0
258 stars 20 forks source link

Surface deprecation warnings that appear in the UI #92

Closed jamietanna closed 4 months ago

jamietanna commented 5 months ago

I recently pushed a deprecation of a Go module (https://github.com/deepmap/oapi-codegen/blob/v1.16.3/go.mod#L1-L2) and I can see that the deprecation is shown on i.e. https://deps.dev/go/github.com%2Fdeepmap%2Foapi-codegen/v1.16.2 correctly:

2024-06-04-101145_1421x308_scrot

However, this doesn't appear to be possible to interrogate via the API.

I.e.

curl 'https://api.deps.dev/v3/systems/go/packages/github.com%2Fdeepmap%2Foapi-codegen/versions/v1.16.2'
{
  "advisoryKeys": [

  ],
  "isDefault": false,
  "licenses": [
    "Apache-2.0"
  ],
  "links": [
    {
      "label": "SOURCE_REPO",
      "url": "https://github.com/deepmap/oapi-codegen"
    }
  ],
  "registries": [

  ],
  "relatedProjects": [
    {
      "projectKey": {
        "id": "github.com/deepmap/oapi-codegen"
      },
      "relationProvenance": "GO_ORIGIN",
      "relationType": "SOURCE_REPO"
    }
  ],
  "slsaProvenances": [

  ],
  "versionKey": {
    "name": "github.com/deepmap/oapi-codegen",
    "system": "GO",
    "version": "v1.16.2"
  }
}

I couldn't see this on v3alpha nor on v3 APIs.

sarnesjo-google commented 4 months ago

Hi @jamietanna! The v3alpha API now reports versions marked as deprecated upstream using the same ecosystem-specific logic as the deps.dev website. This applies to the following endpoints: GetPackage, GetVersion, GetVersionBatch, Query, PurlLookup, and PurlLookupBatch. Thanks for reporting this issue! Please let us know if you have any questions or find any further issues.

jamietanna commented 4 months ago

Thank you :purple_heart: