Package purl model updates #1368
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TG1999
force-pushed
the
package-purl-model-updates
branch
from
49fa7f0
to
261daf7
Compare
Signed-off-by: Philippe Ombredanne <[email protected]>
Create qualifiers_temp temp field Reference: #1327 Signed-off-by: Philippe Ombredanne <[email protected]>
Copy qualifiers to qualifiers_temp Reference: #1327 Signed-off-by: Philippe Ombredanne <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Create qualifiers_temp temp field Reference: #1327 Signed-off-by: Philippe Ombredanne <[email protected]>
Copy qualifiers to qualifiers_temp Reference: #1327 Signed-off-by: Philippe Ombredanne <[email protected]>
Reference: #1327 Signed-off-by: Tushar Goel <[email protected]> Signed-off-by: Philippe Ombredanne <[email protected]>
Reference: #1327 Signed-off-by: Tushar Goel <[email protected]> Signed-off-by: Philippe Ombredanne <[email protected]>
Reference: #1327 Signed-off-by: Tushar Goel <[email protected]> Signed-off-by: Philippe Ombredanne <[email protected]>
Reference: #1327 Signed-off-by: Tushar Goel <[email protected]> Signed-off-by: Philippe Ombredanne <[email protected]>
Reference: #1327 Signed-off-by: Tushar Goel <[email protected]> Signed-off-by: Philippe Ombredanne <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
TG1999
force-pushed
the
package-purl-model-updates
branch
from
a73a150
to
969b35d
Compare
Signed-off-by: Tushar Goel <[email protected]>
pombredanne
reviewed
Dec 28, 2023
vulnerabilities/models.py
Outdated
|
|
||
|
|
||
| class Package(PackageURLMixin): | ||
| """ | ||
| A software package with related vulnerabilities. | ||
| """ | ||
|
|
||
| """ |
There was a problem hiding this comment.
These comments may no longer be needed now.
pombredanne
approved these changes
Dec 28, 2023
Signed-off-by: Tushar Goel <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR does two major changes:
internally we now store Package URL qualifiers as a string and not a JSON field anymore. The API is unchanged for now but will change in the future and will also return a string and not a dict/object.
Because of qualifiers storage inconsistencies, we had several data issues that the schema changes addresses. We also have namespaces inconsistencies issues described in Remove redundant package-urls from VCIO #1327 and we use a sequence of data and schema migrations to fix these issues and normalize the storage of name and namespaces for all records now and in the future.
Therefore, this PR fixes: