Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[OSV] detect better version scheme #900

Open
ctron opened this issue Oct 7, 2024 · 0 comments
Open

[OSV] detect better version scheme #900

ctron opened this issue Oct 7, 2024 · 0 comments
Labels
Advisories

Comments

@ctron
Copy link
Contributor

ctron commented Oct 7, 2024

No description provided.

ctron added a commit to ctron/trustify that referenced this issue Oct 8, 2024
@ctron
chore: implement other version schemes using an exact match
51526fc 
According to OSV:

> ECOSYSTEM: The versions introduced and fixed are arbitrary,
> uninterpreted strings specific to the package ecosystem, which does
> not conform to SemVer 2.0’s version ordering.
>
> It is recommended that you provide an explicitly enumerated versions
> list when specifying one or more ECOSYSTEM ranges, […]

The same is true for the git type. We might consider adding an "exact"
scheme in the database.

Closes: trustification#900
ctron added a commit to ctron/trustify that referenced this issue Oct 8, 2024
@ctron
chore: implement other version schemes using an exact match
0bff50c 
According to OSV:

> ECOSYSTEM: The versions introduced and fixed are arbitrary,
> uninterpreted strings specific to the package ecosystem, which does
> not conform to SemVer 2.0’s version ordering.
>
> It is recommended that you provide an explicitly enumerated versions
> list when specifying one or more ECOSYSTEM ranges, […]

The same is true for the git type. We might consider adding an "exact"
scheme in the database.

Closes: trustification#900
@ctron ctron mentioned this issue Oct 9, 2024
Closed
github-merge-queue bot pushed a commit that referenced this issue Oct 15, 2024
@ctron
chore: implement other version schemes using an exact match
071d579 
According to OSV:

> ECOSYSTEM: The versions introduced and fixed are arbitrary,
> uninterpreted strings specific to the package ecosystem, which does
> not conform to SemVer 2.0’s version ordering.
>
> It is recommended that you provide an explicitly enumerated versions
> list when specifying one or more ECOSYSTEM ranges, […]

The same is true for the git type. We might consider adding an "exact"
scheme in the database.

Closes: #900
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Advisories
Projects
Trustify
Status: In review
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ctron