Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce "all" and "none" specifiers #146

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Conversation

immqu
Copy link

@immqu immqu commented Nov 13, 2024

This PR introduces the possibility to specify all versions, or none using the notation vers:all/* and vers:none/*. To allow this, it simply adds a version check in the contains method that returns true if all is specified, and false if none is specified.
Addresses the spec improvement suggested in package-url/purl-spec#267

@tschmidtb51
Copy link

Do we check somewhere that the strings are just vers:all/* or vers:none/* instead of something invalid as vers:all/*|>17.4 or vers:none/!4.2?

@tschmidtb51
Copy link

@immqu Please also check that your commits are signed (see DCO fails).

Signed-off-by: Immanuel Kunz <immanuel.kunz@aisec.fraunhofer.de>
Signed-off-by: Kunz, Immanuel <immanuel.kunz@aisec.fraunhofer.de>
Signed-off-by: Immanuel Kunz <immanuel.kunz@aisec.fraunhofer.de>
Signed-off-by: Kunz, Immanuel <immanuel.kunz@aisec.fraunhofer.de>
Signed-off-by: Kunz, Immanuel <immanuel.kunz@aisec.fraunhofer.de>
@immqu
Copy link
Author

immqu commented Nov 14, 2024

Do we check somewhere that the strings are just vers:all/* or vers:none/* instead of something invalid as vers:all/*|>17.4 or vers:none/!4.2?

Currently, it is checked whether the * constraint is included, and if so, no other constraint is allowed. So, no adjustment is necessary to prevent something like vers:all/*|>17.4 (see https://github.com/aboutcode-org/univers/blob/main/src/univers/version_range.py#L141). However, it is possible to specify something like vers:all/>1.2.3 (without the *).
I have added a strict string equality check now, though.

Signed-off-by: Kunz, Immanuel <immanuel.kunz@aisec.fraunhofer.de>
Copy link

@tschmidtb51 tschmidtb51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Signed-off-by: Kunz, Immanuel <immanuel.kunz@aisec.fraunhofer.de>
Signed-off-by: Kunz, Immanuel <immanuel.kunz@aisec.fraunhofer.de>
@immqu immqu marked this pull request as ready for review November 15, 2024 10:41
@immqu
Copy link
Author

immqu commented Nov 15, 2024

See also the corresponding PR for purl

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants