Tushar Goel

- commit rank should be in unique together - get rid of author, message and date - commit_patch = models.TextField( null=True, blank=True, help_text="patch content of the commit." ) - Rename...

- commit_patch_hash = models.TextField( null=True, blank=True, help_text="patch content of the commit." ) We can introduce commit patch hash later - Just commit. - Just patch. - Both commit and patch....

# When we have a VCS URL & Commit hash & not code patch - Case 1: We can parse a package and commit - Create PackageCommitPatch with VCS URL...

@ziadhany also moving forward, we will store code fixes data in AdvisoryV2 Model, and use Impacted Packages to store and reference commits.

IMO we should treat fix commit data as advisory, but special advisory. As brought up by @keshav-space we can accomodate the changes in impacted package data model as well. Thanks!

@ziadhany add description in the PR please!

@ziadhany mostly looks good! Please run the importer once and paste the logs here. Thanks! I want to see if we are missing on any data in OSV format. And...

@ziadhany ``` Invalid VersionRange for affected_pkg: {'package': {'name': 'apache-commons-io', 'ecosystem': 'OSS-Fuzz', 'purl': 'pkg:generic/apache-commons-io'}, 'ranges': [{'type': 'GIT', 'repo': 'https://github.com/apache/commons-io.git', 'events': [{'introduced': '72b1f88fb722def136ce87c9b2bfdd3c9126bb3d'}, {'fixed': 'd3e5bd6de8bc96abbadccea8b934dc038a32e90c'}]}], 'versions': ['commons-io-2.14.0-RC1', 'rel/commons-io-2.14.0'], 'ecosystem_specific': {'severity': 'LOW'}, 'database_specific':...

See all `Invalid VersionRange` errors. Why these are coming? ``` {'package': {'name': 'apache-commons-codec', 'ecosystem': 'OSS-Fuzz', 'purl': 'pkg:generic/apache-commons-codec'}, 'ranges': [{'type': 'GIT', 'repo': 'https://gitbox.apache.org/repos/asf/commons-codec.git', 'events': [{'introduced': '44e4c4d778c3ab87db09c00e9d1c3260fd42dad5'}, {'fixed': '3bf874e2141dc08550c0b330c7a7006f358bb0f0'}]}], 'versions': ['commons-codec-1.16.1-RC1', 'rel/commons-codec-1.16.1'],...

`ERROR 2025-11-11 13:34:49.213781 UTC Unsupported PyPI advisory data file: GHSA-227r-w5j2-6243.json` This log does not tell me a lot, what's the data. Why this is unsupported.