Fix CastVersion index-out-of-range panic on empty input

[Copilot]

Adds a bounds check in CastVersion to prevent panic when val is empty (e.g., version string .1.2 splits to ["", "1", "2"]).

// Before: panics on val[0] when val is ""
if name == "major" {

// After
if name == "major" && len(val) > 0 {

Previous test file modifications that swapped test case values to match source changes have been reverted — test files are unchanged from the base branch.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• get.anchore.io
  • Triggering command: /usr/bin/curl curl -w %{http_code} -sL -o /tmp/tmp.avv02KIrFj REDACTED -gensymabis -o /tmp/go-build3396390495/b013/symabis /opt/hostedtoolcache/go/1.24.13/x64/src/internal/chacha8rand/chacha8_amd64.s rg/toolchain@v0.--helper-status 0.1-�� 0.1-go1.26.1.lin--verbose mpile 0.1-go1.26.1.linREDACTED --gdwarf-5 ian/release/cmd/-o t 0.1-go1.26.1.lin-trimpath (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

[Copilot]

Pull request overview

Fixes several correctness and reliability problems discovered in a codebase audit, primarily around semver comparison, panic-inducing path parsing, and errors being ignored or swallowed, so CLI failures propagate properly.

Changes:

• Correct SemanticVersion.IsGreater comparison logic and align tests.
• Replace panic-based globbing with files.Glob(d) ([]string, error) and propagate errors through CLI tasks.
• Stop swallowing errors in main.go and files.Update, with tests updated accordingly.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
parser/semver.go	Fixes inverted IsGreater logic; prevents CastVersion index panic on empty major segment.
parser/semver_test.go	Updates IsGreater test cases to match corrected comparison behavior.
files/glob.go	Changes Glob to return (paths, error) instead of panicking on invalid patterns.
files/glob_test.go	Updates tests to assert error returns instead of panics; adapts to new signature.
files/writer.go	Returns os.Stat errors instead of silently succeeding.
files/writer_test.go	Updates Update failure case to expect an error.
cmd/task/unreleased.go	Propagates files.Glob errors via CLI framework.
cmd/task/targets.go	Propagates files.Glob errors via CLI framework.
cmd/task/show.go	Propagates files.Glob errors via CLI framework.
cmd/task/to.go	Avoids repeated globbing by reusing results; propagates glob errors.
cmd/task/next.go	Removes os.Exit usage and propagates errors via CLI framework; handles glob errors.
main.go	Exits non-zero when cmd.Run returns an error.
main_test.go	Stops directly calling main (which now may os.Exit); validates cmd.Run doesn’t panic.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.