You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The issue arises when univers is unable to parse these unusual versions. IMO we should not discard an affected or fixed version just because it is unusual and cannot be parsed by univers. Instead, should we store these versions as strings if we fail to parse them?
The text was updated successfully, but these errors were encountered:
The vulnerability https://public.vulnerablecode.io/vulnerabilities/VCID-aqmt-fmm5-aaad is missing the affected versions
0.7.1.fix1
and0.7.4.svn.r2010
. See the details here: https://github.com/pypa/advisory-database/blob/e56e7a79124764436c8b64e07d4ee7ab7f6b5605/vulns/ipython/PYSEC-2022-12.yaml.Additionally, the vulnerability https://public.vulnerablecode.io/vulnerabilities/VCID-zdzp-uhzh-aaar also affects the
jw.util
package version-class.-jw.util.version.Version-
, as stated here: https://github.com/pypa/advisory-database/blob/e56e7a79124764436c8b64e07d4ee7ab7f6b5605/vulns/jw.util/PYSEC-2020-341.yaml.This version does indeed exist upstream on PyPI: https://pypi.org/project/jw.util/-class.-jw.util.version.Version-/.
The issue arises when
univers
is unable to parse these unusual versions. IMO we should not discard an affected or fixed version just because it is unusual and cannot be parsed by univers. Instead, should we store these versions as strings if we fail to parse them?The text was updated successfully, but these errors were encountered: