Oliver Chang
Oliver Chang
Another potential case to flag: https://github.com/pypa/advisory-db/commit/b9996079edcc5585cd3a0828d4347d974f5f7ac6
Thanks for connecting us! We would be very happy to have OSV track Dart vulnerabilities. I'll start a conversation with @jonasfj to discuss this.
`Packagist` support is tracked in https://github.com/google/osv.dev/issues/230. `Go`, `npm`, and `crates.io` use SEMVER, where enumerating versions is not a requirement. To evaluate them, one can use the defined `events` instead according...
Thank you for trying these instructions! They're definitely a little rough and I'll address them. @andrewpollock FYI.
Thanks again @lumjjb. Let us know if you run into more issues here!
Thanks @lumjjb ! Those issues should be fixed with https://github.com/google/osv.dev/pull/562
Indeed! This is an important feature we need to support.
Composer's version parsing code appears to be here: https://github.com/composer/semver/blob/main/src/VersionParser.php, and diverges from strict SemVer in a number of ways.
Looks like version comparison eventualy calls PHP's built in [`version_compare`](https://www.php.net/manual/en/function.version-compare.php) after some normalization: https://github.com/composer/semver/blob/a951f614bd64dcd26137bc9b7b2637ddcfc57649/src/Constraint/Constraint.php#L226 `version_compare` has some strange semantics: > The function first replaces _, - and + with a...