From dc4fe144243be208e34b00d3e4b130bd316a9cc5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 Mar 2025 08:54:05 +0000 Subject: [PATCH 1/5] build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.11 to 3.28.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.11...v3.28.12) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index afef900..6481635 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.11 + uses: github/codeql-action/init@v3.28.12 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.11 + uses: github/codeql-action/autobuild@v3.28.12 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.11 + uses: github/codeql-action/analyze@v3.28.12 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 413547d..964cb31 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b2e6519679e446e7bb7c3466d70f13a6b5461fcd # tag=v1.1.39 + uses: github/codeql-action/upload-sarif@c50c157cc388ea631f085f4e95e948f51cdc742a # tag=v1.1.39 with: sarif_file: results.sarif From 56ebb2b2c920f1e1fccbf00d3840ab1036cf851b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Mar 2025 20:59:26 +0000 Subject: [PATCH 2/5] build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 964cb31..aa52040 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -49,7 +49,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # tag=v4.6.1 + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # tag=v4.6.2 with: name: SARIF file path: results.sarif From 130b5c504682ae70831d87e3b4ea3977f40c68f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Mar 2025 08:27:58 +0000 Subject: [PATCH 3/5] build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.12 to 3.28.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.12...v3.28.13) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6481635..4826e05 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.12 + uses: github/codeql-action/init@v3.28.13 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.12 + uses: github/codeql-action/autobuild@v3.28.13 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.12 + uses: github/codeql-action/analyze@v3.28.13 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index aa52040..30b1e44 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c50c157cc388ea631f085f4e95e948f51cdc742a # tag=v1.1.39 + uses: github/codeql-action/upload-sarif@486ab5a2922b634015408a83e10f6867efb5922c # tag=v1.1.39 with: sarif_file: results.sarif From cbe4a5aa314bdfabf665f5ec330ca228360d84d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 09:01:58 +0000 Subject: [PATCH 4/5] build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.13 to 3.28.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v3.28.13...v3.28.15) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.15 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4826e05..9b67867 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -39,7 +39,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3.28.13 + uses: github/codeql-action/init@v3.28.15 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -50,7 +50,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@v3.28.13 + uses: github/codeql-action/autobuild@v3.28.15 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -64,4 +64,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3.28.13 + uses: github/codeql-action/analyze@v3.28.15 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 30b1e44..43e6f02 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@486ab5a2922b634015408a83e10f6867efb5922c # tag=v1.1.39 + uses: github/codeql-action/upload-sarif@d26c46acea4065b13fc57703621e0a7c8b9e836b # tag=v1.1.39 with: sarif_file: results.sarif From c620a9b794c4160421e95054bd35f8e057d76270 Mon Sep 17 00:00:00 2001 From: David Sharnoff Date: Thu, 10 Apr 2025 11:51:43 -0700 Subject: [PATCH 5/5] detect multiple versions of nject and fail --- nject.go | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/nject.go b/nject.go index 5cf2bc3..37116d2 100644 --- a/nject.go +++ b/nject.go @@ -16,6 +16,7 @@ type provider struct { index int fn any id int32 + fatal error // set for delayed errors // user annotations (match these in debug.go) nonFinal bool @@ -143,7 +144,13 @@ func newProvider(fn any, index int, origin string) *provider { if len(c.contents) == 1 { return newProvider(c.contents[0], index, origin) } - panic("Cannot turn Collection into a function") + return &provider{ + origin: origin, + index: index, + fn: nil, + id: atomic.AddInt32(&idCounter, 1), + fatal: fmt.Errorf("cannot turn Collection into a function"), + } } return &provider{ origin: origin, @@ -200,10 +207,14 @@ func (c Collection) characterizeAndFlatten(nonStaticTypes map[typeCode]bool) ([] var mutated bool for i := 0; i < len(c.contents); i++ { fm := c.contents[i] + if fm.fatal != nil { + return nil, nil, fm.fatal + } g, ok := fm.fn.(generatedFromInjectionChain) if !ok { continue } + mutated = true replacement, err := g.ReplaceSelf( Collection{ name: "before", @@ -295,7 +306,12 @@ func newCollection(name string, funcs ...any) *Collection { case provider: contents = append(contents, v.renameIfEmpty(i, name)) default: - contents = append(contents, newProvider(fn, i, name)) + p := newProvider(fn, i, name) + switch fmt.Sprintf("%T", fn) { + case "nject.Collection", "*nject.Collection", "nject.provider", "*nject.provider": + p.fatal = fmt.Errorf("multiple versions of nject detected -- not supported") + } + contents = append(contents, p) } } return &Collection{