Skip to content

feat: fall back to offline extractor if the transitive one fails #2079

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Jul 18, 2025
Merged

feat: fall back to offline extractor if the transitive one fails #2079

merged 10 commits into from
Jul 18, 2025

Conversation

@cuixq
Copy link
Contributor

@cuixq cuixq commented Jul 16, 2025
edited
Loading

#2077

Currently, if the extractor is enhanced but the extraction failed, no result will be returned. A better user experience is to fall back to the offline extractor so at least the direct dependencies are returned.

@codecov-commenter
Copy link

codecov-commenter commented Jul 16, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 55.81395% with 19 lines in your changes missing coverage. Please review.

Project coverage is 67.46%. Comparing base (9284ae6) to head (a7617a1).

Files with missing lines Patch % Lines
...nguage/java/pomxmlenhanceable/pomxmlenhanceable.go 45.45% 12 Missing ⚠️
.../requirementsenhancable/requirementsenhanceable.go 66.66% 5 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2079      +/-   ##
==========================================
- Coverage   67.49%   67.46%   -0.04%     
==========================================
  Files         172      172              
  Lines       16240    16273      +33     
==========================================
+ Hits        10961    10978      +17     
- Misses       4603     4618      +15     
- Partials      676      677       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@cuixq cuixq marked this pull request as ready for review July 16, 2025 06:26
@cuixq
Copy link
Contributor Author

cuixq commented Jul 16, 2025

@another-rex @G-Rath can you take a look on this PR see if this looks reasonable to you? thanks.

@cuixq cuixq requested review from G-Rath and another-rex and removed request for another-rex July 16, 2025 06:26
G-Rath
G-Rath approved these changes Jul 17, 2025
View reviewed changes
Copy link
Collaborator

@G-Rath G-Rath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this looks fine, though I think it speaks to how useful it'd be to have enrichers supported 😅

@cuixq cuixq merged commit 88e4249 into google:main Jul 18, 2025
31 of 33 checks passed
@cuixq cuixq deleted the transitive branch July 18, 2025 01:47
@BrewTestBot BrewTestBot mentioned this pull request Aug 7, 2025
Merged
@moritzschmitz-oviva
Copy link

moritzschmitz-oviva commented Aug 9, 2025

@cuixq is it possible this introduced a bug?

Please see my question here: #2163.

In the discussion attached there is the quarkus-vertx dependency explicitly mentioned. It cannot be found on deps.dev.

As a result in V2.1 the run fails. In v2.2 it doesn't fail no more, but it also doesn't list the other vulnerabilities any more.

@cuixq
Copy link
Contributor Author

cuixq commented Aug 11, 2025

@moritzschmitz-oviva I replied to that question before seeing the comment here so I copied the information there. I will post my replies in that thread!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@G-Rath G-Rath G-Rath approved these changes

@another-rex another-rex another-rex approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cuixq @codecov-commenter @moritzschmitz-oviva @G-Rath @another-rex