component-detection icon indicating copy to clipboard operation
component-detection copied to clipboard
verified publisher icon microsoft

Go CLI detector should take into account `replace` go.mod overrides

Open cobya opened this issue 3 years ago • 0 comments

When running go list -m, the Go CLI detector does not currently take into account any replace values specified within the corresponding go.mod file.

Example: go.mod

replace (
    github.com/miekg/dns => github.com/miekg/dns v1.1.42
)

If a version <1.1.42 is requested as a dependency in go.sum, the override is not taken into consideration and the version returned by Component Detection will be whatever is requested from go.sum

cobya avatar Jun 08 '22 23:06 cobya