Respect go mod replace directive

sonatype-nexus-community / nancy

A tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index

Apache License 2.0

549 stars 76 forks source link

Respect go mod replace directive #255

Closed danieljmt closed 2 years ago

danieljmt commented 2 years ago

Respect the go mod replace directive for go list -deps -json

This pull request makes the following changes:

Respects go mod replace directive for go list -deps -json

It relates to the following issue #s:

Fixes #254

cc @bhamail / @DarthHater

sonatypecla[bot] commented 2 years ago

Thanks for the contribution! Before we can merge this, we need @danieljmt to sign the Sonatype Contributor License Agreement.

bhamail commented 2 years ago

@danieljmt Nice catch! I think we missed this after we cleaned up the replace directives from nancy's own go.mod file.

Would you consider adding a unit test for this case?

bhamail commented 2 years ago

@danieljmt So I took a stab at adding a unit test here: 2db60e2 Please feel free to alter as you see fit. If you approve, I'm happy to merge this puppy.

danieljmt commented 2 years ago

That test looks good to me, thanks!