Dependabot opened a bump PR for:
I wanted to take a look at the diff and realised the repo does not have a v1.0.0
tag or pkg/apis/v1.0.0
.
Taking a look at how go resolves this:
for v1.0.0:
❯ go mod download -json github.com/vmware-tanzu/nsx-operator/pkg/[email protected]
{
"Path": "github.com/vmware-tanzu/nsx-operator/pkg/apis",
"Version": "v1.0.0",
"Info": "/Users/schlotterc/go/pkg/mod/cache/download/github.com/vmware-tanzu/nsx-operator/pkg/apis/@v/v1.0.0.info",
"GoMod": "/Users/schlotterc/go/pkg/mod/cache/download/github.com/vmware-tanzu/nsx-operator/pkg/apis/@v/v1.0.0.mod",
"Zip": "/Users/schlotterc/go/pkg/mod/cache/download/github.com/vmware-tanzu/nsx-operator/pkg/apis/@v/v1.0.0.zip",
"Dir": "/Users/schlotterc/go/pkg/mod/github.com/vmware-tanzu/nsx-operator/pkg/[email protected]",
"Sum": "h1:jmHI88hySjGqkpc/QUmSY5G5SsDvoXxmKFEK/GmcHWs=",
"GoModSum": "h1:ZR/7rewflpAhnswQ6NVkFN0JmaqHgmvDyFVsJLmZ+pw=",
"Origin": {
"VCS": "git",
"URL": "https://github.com/vmware-tanzu/nsx-operator",
"Subdir": "pkg/apis",
"Hash": "553261d24be7d22d76251fae0cd85bb51be9bb9d",
"Ref": "refs/tags/pkg/apis/v1.0.0"
}
}
for v0.1.0
❯ go mod download -json github.com/vmware-tanzu/nsx-operator/pkg/[email protected]
{
"Path": "github.com/vmware-tanzu/nsx-operator/pkg/apis",
"Version": "v0.1.0",
"Info": "/Users/schlotterc/go/pkg/mod/cache/download/github.com/vmware-tanzu/nsx-operator/pkg/apis/@v/v0.1.0.info",
"GoMod": "/Users/schlotterc/go/pkg/mod/cache/download/github.com/vmware-tanzu/nsx-operator/pkg/apis/@v/v0.1.0.mod",
"Zip": "/Users/schlotterc/go/pkg/mod/cache/download/github.com/vmware-tanzu/nsx-operator/pkg/apis/@v/v0.1.0.zip",
"Dir": "/Users/schlotterc/go/pkg/mod/github.com/vmware-tanzu/nsx-operator/pkg/[email protected]",
"Sum": "h1:HdnQb/X9vJ8a5WQ03g/0nDr9igIIK1fF6wO5wOtkJT4=",
"GoModSum": "h1:Q4JzNkNMvjo7pXtlB5/R3oME4Nhah7fAObWgghVmtxk=",
"Origin": {
"VCS": "git",
"URL": "https://github.com/vmware-tanzu/nsx-operator",
"Subdir": "pkg/apis",
"Hash": "1269a61ff22c969923f260553d7961803e53f63e",
"Ref": "refs/tags/pkg/apis/v0.1.0"
}
}
If we now take a look at the Hash
, which is the commit hash referenced:
We can see v1.0.0
is actually older. Also that commit only exists on the vpc_dev
branch, not on main.
I wanted to know where this came from, if there maybe was a push of a v1.0.0 tag by accident?