Tushar Goel
Tushar Goel
`Invalid VersionRange for affected_pkg: ['0.8', '0.9', '0.9.3', '0.9.4', '0.9.5', '0.9.6', '0.9.7', '0.9.8', '0.9.9', '2.0.1', '2.0.1rc1', '2.0.1rc2-git', '2.0.1rc3', '2.0.1rc4', '2.0.2', '2.0.3', '2.0.4', '2.0.5', '2.0b4', '2.0b5', '2.0b6', '2.0b7', '2.0b8', '2.0b9', '3.0.0', '3.0.0b1',...
> > `ERROR 2025-11-11 13:34:49.213781 UTC Unsupported PyPI advisory data file: GHSA-227r-w5j2-6243.json` > > > > > > This log does not tell me a lot, what's the data. Why...
> > `Invalid VersionRange for affected_pkg: ['0.8', '0.9', '0.9.3', '0.9.4', '0.9.5', '0.9.6', '0.9.7', '0.9.8', '0.9.9', '2.0.1', '2.0.1rc1', '2.0.1rc2-git', '2.0.1rc3', '2.0.1rc4', '2.0.2', '2.0.3', '2.0.4', '2.0.5', '2.0b4', '2.0b5', '2.0b6', '2.0b7', '2.0b8', '2.0b9',...
For PYSEC data we would be using github version range, coz the versions are Semver. And if a version is not parsable that version should be skipped. Not the entire...
`Failed to extract fixed commits: ValueError('Commit must be a valid a commit_hash.')` We need to know the hash here. Do log the hash as well.
Unsupported severity type: {'type': 'CVSS_V4', 'score': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'} for OSV id: 'PYSEC-2024-154' Why this score is not supported ?
@ziadhany we either need a test pipeline or an actual code commit collection pipeline to see how we are doing. Also there is nothing in current code that talks about...
``` [ {url: https://github.com/abc/def, commit_hash: None, patch_text: None}, {url: https://github.com/abc/def, commit_hash: None, patch_text: "+1-2"}, {url: https://github.com/abc/def, commit_hash: "1213",patch_text: None}, {url: https://github.com/abc/def, commit_hash: "1213",patch_text: "+1-2"}, {url: "https://github.com/abc/def/commit/12323", commit_hash: None, patch_text: None},...
@ziadhany LGTM! please rebase and adjust the migrations! great work :raised_hands:
@paarthbhatt thank you so much for this PR. https://github.com/aboutcode-org/vulnerablecode/tree/main/vulnerabilities/pipelines/v2_importers We are using these type of importer pipelines now. Can you adjust/migrate your code accordingly. Also see: - https://github.com/aboutcode-org/vulnerablecode/issues/1944 If you...