Sebastian Schuberth
Sebastian Schuberth
Dear all, is there any progress to report regarding this issue?
> which fails in this case due to an invalid character. Could you help us by stating which character is invalid exactly? Is it the `\`-escaped ampersand? (It's a bit...
BTW, there's more wrongly escaped URLs being returned by VulnerableCode, see https://github.com/oss-review-toolkit/ort/pull/8040. So https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:swiftnio_http\/2:*:*:*:*:*:swift:*:* should be https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:swiftnio_http/2:*:*:*:*:*:swift:*:*
Yet another case https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi\+:*:*:*:*:*:*:*:* should be https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hyperion_bi%2B:*:*:*:*:*:*:*:*
Here's the full response I'm getting from the https://public.vulnerablecode.io/api/docs/#/packages/packages_bulk_search_create endpoint when passing `"pkg:maven/junit/[email protected]"`: ``` [ { "url": "http://public.vulnerablecode.io/api/packages/168702", "purl": "pkg:maven/junit/[email protected]", "type": "maven", "namespace": "junit", "name": "junit", "version": "4.12", "qualifiers": {},...
Or rather, maybe no score is attached if the scoring system is unknown? But still, having something like "Low" could be useful.
> @fviernau do you know if there is any official documentation by Swift stating the normalization rules? Maybe @MaxDesiatov can chime in here?
> I was under the impression such task is always there as it's very likely that a root project includes a base plugin that provides the task, even if the...
That's totally weird: If I change the line val expectedHolder = "The ORT Project Authors (see )" to const val expectedHolder = "The ORT Project Authors (see )" (i.e. just...
> Could it be that the license tag is rather far into the document? No, in lines 16 / 17 we have: * SPDX-License-Identifier: Apache-2.0 * License-Filename: LICENSE