univers
univers copied to clipboard
aboutcode-org
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project...
Fixes #110 ## How Versioning works in Pub/Dart Pub Version semantics very closely follow semver except for a few corner cases listed below (refer https://github.com/dart-lang/pub_semver/tree/master) 1. Version ordering does take...
Fixes: - https://github.com/aboutcode-org/univers/issues/81 Signed-off-by: ziad
The current univers `VersionRange` includes the pre-release versions. While this behavior is desirable when dealing with version ranges in a security advisory, it is not appropriate for the version range...
- support normalization of range expression from GitHub, Snyk, GitLab - Discrete range normalization for OSV, DEPS, VulerableCode
Fix the problem with the ~= operator and the versions ending in *, exposed in the [issue](https://github.com/nexB/univers/issues/26).
reported by @kwwall in this [comment](https://www.linkedin.com/feed/update/urn%3Ali%3Aactivity%3A7129861889332793344/?commentUrn=urn%3Ali%3Acomment%3A(activity%3A7129861889332793344%2C7130193407813025795)&dashCommentUrn=urn%3Ali%3Afsd_comment%3A(7130193407813025795%2Curn%3Ali%3Aactivity%3A7129861889332793344)&midToken=AQEFXmditerzrw ) > Is there a way that this new version notation for dependency and vulnerability ranges can be made to work for back-ported vulnerability...
https://github.com/nexB/univers/blob/aa2253d17a11be3af36278be37e898c05fdbc4fd/src/univers/version_range.py#L501-L504 and PEP 440 shows an example for version specifier as follows: ``` ~= 0.9, >= 1.0, != 1.3.4.*, < 2.0 ``` See: https://www.python.org/dev/peps/pep-0440/#version-specifiers Let's try: ```py >>> from univers.version_range...
Our current implementation of VersionRange assumes that information regarding the logical operation (AND/OR) can be inferred by the order in which the constraints are arranged (currently, we arrange them in...
Metadata
Owner
Metadata
Parse and compare all the package versions and all the ranges. From debian, npm, pypi, ruby and more. Process all the version range specs and expressions. This project is sponsored by an NLnet project...