From 86f62a8703f3f6e38344a140b8f69804d711714c Mon Sep 17 00:00:00 2001
From: Phill MV <phillmv@github.com>
Date: Wed, 13 Aug 2025 16:58:01 -0400
Subject: [PATCH 1/5] the go_modules FileParser now attaches dependencies to
 the go_mod DependencyFile

---
 .../lib/dependabot/go_modules/file_parser.rb  | 16 +++++++++---
 .../dependabot/go_modules/file_parser_spec.rb | 25 +++++++++++++++++++
 2 files changed, 37 insertions(+), 4 deletions(-)

diff --git a/go_modules/lib/dependabot/go_modules/file_parser.rb b/go_modules/lib/dependabot/go_modules/file_parser.rb
index 5e684fec8ff..c9e61ee937d 100644
--- a/go_modules/lib/dependabot/go_modules/file_parser.rb
+++ b/go_modules/lib/dependabot/go_modules/file_parser.rb
@@ -24,8 +24,13 @@ class FileParser < Dependabot::FileParsers::Base
       def parse
         dependency_set = Dependabot::FileParsers::Base::DependencySet.new
 
-        required_packages.each do |dep|
-          dependency_set << dependency_from_details(dep) unless skip_dependency?(dep)
+        required_packages.each do |hsh|
+          if !skip_dependency?(hsh)
+            dep = dependency_from_details(hsh)
+
+            T.must(go_mod).dependencies << dep
+            dependency_set << dep
+          end
         end
 
         dependency_set.dependencies
@@ -96,11 +101,14 @@ def dependency_from_details(details)
           groups: []
         }]
 
+        is_indirect = details["Indirect"]
+
         Dependency.new(
           name: details["Path"],
           version: version,
-          requirements: details["Indirect"] ? [] : reqs,
-          package_manager: "go_modules"
+          requirements: is_indirect ? [] : reqs,
+          package_manager: "go_modules",
+          direct_relationship: !is_indirect,
         )
       end
 
diff --git a/go_modules/spec/dependabot/go_modules/file_parser_spec.rb b/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
index aed2c03de28..0d7c5efdaff 100644
--- a/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
+++ b/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
@@ -305,6 +305,31 @@
       its(:length) { is_expected.to eq(0) }
     end
 
+    context "features needed to support DependencySubmission" do
+      it "attaches the list of dependencies to the go_mod DependencyFile" do
+        expect(parser.dependency_files.length).to eq(1)
+        dep_file = parser.dependency_files.first
+        expect(dep_file).to equal(go_mod)
+
+        # assert that the dependencies got correctly attached to the dep file
+        dep_set = dependencies.to_set
+        expect(dep_file.dependencies).to eq(dep_set)
+      end
+
+      it "marks indirect dependencies accordingly" do
+        # there are only 2 top-level dependencies
+        expect(dependencies.select(&:direct?).length).to eq(2)
+
+        # and 2 indirect dependencies
+        indirect_deps = dependencies.reject(&:direct?)
+        expect(indirect_deps.length).to eq(2)
+
+        indirect_deps_names = indirect_deps.map(&:name)
+        expect(indirect_deps_names).to include("github.com/mattn/go-isatty")
+        expect(indirect_deps_names).to include("github.com/mattn/go-colorable")
+      end
+    end
+
     context "when using a monorepo" do
       let(:project_name) { "monorepo" }
       let(:repo_contents_path) { build_tmp_repo(project_name) }

From ef45620552fa799ca93b2208c3e0bb0f19f68363 Mon Sep 17 00:00:00 2001
From: Phill MV <phillmv@github.com>
Date: Wed, 13 Aug 2025 17:03:56 -0400
Subject: [PATCH 2/5] linting

---
 go_modules/lib/dependabot/go_modules/file_parser.rb       | 4 ++--
 go_modules/spec/dependabot/go_modules/file_parser_spec.rb | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/go_modules/lib/dependabot/go_modules/file_parser.rb b/go_modules/lib/dependabot/go_modules/file_parser.rb
index c9e61ee937d..6179bfd76d2 100644
--- a/go_modules/lib/dependabot/go_modules/file_parser.rb
+++ b/go_modules/lib/dependabot/go_modules/file_parser.rb
@@ -25,7 +25,7 @@ def parse
         dependency_set = Dependabot::FileParsers::Base::DependencySet.new
 
         required_packages.each do |hsh|
-          if !skip_dependency?(hsh)
+          unless skip_dependency?(hsh)
             dep = dependency_from_details(hsh)
 
             T.must(go_mod).dependencies << dep
@@ -108,7 +108,7 @@ def dependency_from_details(details)
           version: version,
           requirements: is_indirect ? [] : reqs,
           package_manager: "go_modules",
-          direct_relationship: !is_indirect,
+          direct_relationship: !is_indirect
         )
       end
 
diff --git a/go_modules/spec/dependabot/go_modules/file_parser_spec.rb b/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
index 0d7c5efdaff..2beddef7826 100644
--- a/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
+++ b/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
@@ -307,7 +307,7 @@
 
     context "features needed to support DependencySubmission" do
       it "attaches the list of dependencies to the go_mod DependencyFile" do
-        expect(parser.dependency_files.length).to eq(1)
+        expect(parser.dependency_files.count).to eq(1)
         dep_file = parser.dependency_files.first
         expect(dep_file).to equal(go_mod)
 
@@ -318,11 +318,11 @@
 
       it "marks indirect dependencies accordingly" do
         # there are only 2 top-level dependencies
-        expect(dependencies.select(&:direct?).length).to eq(2)
+        expect(dependencies.select(&:direct?).count).to eq(2)
 
         # and 2 indirect dependencies
         indirect_deps = dependencies.reject(&:direct?)
-        expect(indirect_deps.length).to eq(2)
+        expect(indirect_deps.count).to eq(2)
 
         indirect_deps_names = indirect_deps.map(&:name)
         expect(indirect_deps_names).to include("github.com/mattn/go-isatty")

From b5641962b3c09bf205b3ae8d14e71ca98c58fd1f Mon Sep 17 00:00:00 2001
From: Phill MV <phillmv@github.com>
Date: Wed, 13 Aug 2025 17:08:30 -0400
Subject: [PATCH 3/5] linting

---
 go_modules/spec/dependabot/go_modules/file_parser_spec.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/go_modules/spec/dependabot/go_modules/file_parser_spec.rb b/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
index 2beddef7826..49453ef0fad 100644
--- a/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
+++ b/go_modules/spec/dependabot/go_modules/file_parser_spec.rb
@@ -305,7 +305,7 @@
       its(:length) { is_expected.to eq(0) }
     end
 
-    context "features needed to support DependencySubmission" do
+    context "with features needed to support DependencySubmission" do
       it "attaches the list of dependencies to the go_mod DependencyFile" do
         expect(parser.dependency_files.count).to eq(1)
         dep_file = parser.dependency_files.first
@@ -318,7 +318,7 @@
 
       it "marks indirect dependencies accordingly" do
         # there are only 2 top-level dependencies
-        expect(dependencies.select(&:direct?).count).to eq(2)
+        expect(dependencies.count(&:direct?)).to eq(2)
 
         # and 2 indirect dependencies
         indirect_deps = dependencies.reject(&:direct?)

From 02f9c7018b61d5becc04b6d9a5ba167dab83faed Mon Sep 17 00:00:00 2001
From: Phill MV <phillmv@github.com>
Date: Thu, 14 Aug 2025 12:25:12 -0400
Subject: [PATCH 4/5] linting, though i think this change is kind of worse tbh

---
 go_modules/lib/dependabot/go_modules/file_parser.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/go_modules/lib/dependabot/go_modules/file_parser.rb b/go_modules/lib/dependabot/go_modules/file_parser.rb
index 6179bfd76d2..4f1ffa3eaf4 100644
--- a/go_modules/lib/dependabot/go_modules/file_parser.rb
+++ b/go_modules/lib/dependabot/go_modules/file_parser.rb
@@ -25,12 +25,12 @@ def parse
         dependency_set = Dependabot::FileParsers::Base::DependencySet.new
 
         required_packages.each do |hsh|
-          unless skip_dependency?(hsh)
-            dep = dependency_from_details(hsh)
+          next unless skip_dependency?(hsh)
 
-            T.must(go_mod).dependencies << dep
-            dependency_set << dep
-          end
+          dep = dependency_from_details(hsh)
+
+          T.must(go_mod).dependencies << dep
+          dependency_set << dep
         end
 
         dependency_set.dependencies

From c2c0b6537fa104284971820800792a73a9d0f7b5 Mon Sep 17 00:00:00 2001
From: Phill MV <phillmv@github.com>
Date: Thu, 14 Aug 2025 15:55:51 -0400
Subject: [PATCH 5/5] CI is failing, so quite possibly these are not
 semantically equivalent statements. let's try undoing it.

---
 go_modules/lib/dependabot/go_modules/file_parser.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/go_modules/lib/dependabot/go_modules/file_parser.rb b/go_modules/lib/dependabot/go_modules/file_parser.rb
index 4f1ffa3eaf4..9c743f65356 100644
--- a/go_modules/lib/dependabot/go_modules/file_parser.rb
+++ b/go_modules/lib/dependabot/go_modules/file_parser.rb
@@ -25,12 +25,13 @@ def parse
         dependency_set = Dependabot::FileParsers::Base::DependencySet.new
 
         required_packages.each do |hsh|
-          next unless skip_dependency?(hsh)
+          unless skip_dependency?(hsh) # rubocop:disable Style/Next
 
-          dep = dependency_from_details(hsh)
+            dep = dependency_from_details(hsh)
 
-          T.must(go_mod).dependencies << dep
-          dependency_set << dep
+            T.must(go_mod).dependencies << dep
+            dependency_set << dep
+          end
         end
 
         dependency_set.dependencies