flowmade-one/tea
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: validate order of / and # in cross-repo dependency parsing
Some checks failed
check-and-test / Run govulncheck (pull_request) Successful in 29s
Details
check-and-test / check-and-test (pull_request) Failing after 2m4s
Details

Browse Source 
The previous parsing logic for cross-repo dependencies (owner/repo#123)
only checked if both "/" and "#" were present, but didn't verify that
"/" came before "#". This could cause inputs like "#123/owner/repo" to
incorrectly match the cross-repo pattern.

Now explicitly check that slashIdx < hashIdx before treating as cross-repo.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Hugo Nijhuis
2026-01-06 13:55:34 +01:00
parent 02be763e29
commit 02893135ad
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/issues/dependencies.go
View File

@@ -192,7 +192,10 @@ func runDependenciesRemove(ctx stdctx.Context, cmd *cli.Command) error {
// - "owner/repo#123" (cross-repo)
func parseDependencyArg(arg, defaultOwner, defaultRepo string) (owner, repo string, index int64, err error) {
// Check for cross-repo format: owner/repo#123
if strings.Contains(arg, "/") && strings.Contains(arg, "#") {
// Ensure "/" comes before "#" to distinguish from same-repo "#123"
slashIdx := strings.Index(arg, "/")
hashIdx := strings.Index(arg, "#")
if slashIdx != -1 && hashIdx != -1 && slashIdx < hashIdx {
parts := strings.SplitN(arg, "#", 2)
if len(parts) != 2 {
return "", "", 0, fmt.Errorf("invalid dependency format: %s (expected owner/repo#index)", arg)