From c2fc6f3698f7096e5e677b8cd452a429dcfa3bb7 Mon Sep 17 00:00:00 2001
From: Pedro Pombeiro <pombeirp@users.noreply.github.com>
Date: Thu, 24 Jan 2019 14:28:58 +0100
Subject: [PATCH] Make Go errors visible

---
 src/dependency-check-gopkg.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/dependency-check-gopkg.ts b/src/dependency-check-gopkg.ts
index d9ae641..00400ec 100644
--- a/src/dependency-check-gopkg.ts
+++ b/src/dependency-check-gopkg.ts
@@ -179,14 +179,14 @@ export async function checkGoDependenciesAsync(
       line,
     }
     const newAnnotation = (level: 'notice' | 'warning' | 'failure', message: string) => {
-      const title = `Dependency '${name}' is locked with ${dependency.rawRefType} '${dependency.refName}'.`
+      const title = `Dependency "${name}" is locked with ${dependency.rawRefType} '${dependency.refName}'.`
       result.annotations.push(createAnnotation(annotation, level, title, message))
     }
     switch (refType) {
       case 'tag':
         continue
       case 'commit':
-        newAnnotation('notice',
+        newAnnotation(name.startsWith('github.com/status-im/') ? 'warning' : 'notice',
                       `A commit SHA is not a deterministic dependency locator.
 If the commit is overwritten by a force-push, it will be impossible to rebuild the same output in the future.
 
@@ -194,7 +194,7 @@ Please lock the dependency with a tag/release.`,
         )
         break
       case 'branch':
-        newAnnotation('notice', // TODO: change this to 'failure' once we've fixed issues in the codebase
+        newAnnotation('failure',
                       `A branch is not a deterministic dependency locator.
 If the branch advances, it will be impossible to rebuild the same output in the future.