Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Naming: VersionSpecifier and VersionRange #8

Closed
Hritik14 opened this issue Sep 12, 2021 · 2 comments
Closed

Naming: VersionSpecifier and VersionRange #8

Hritik14 opened this issue Sep 12, 2021 · 2 comments

Comments

@Hritik14
Copy link
Collaborator

Range resonates with the concept of interval which can be said to be

an interval is a group of numbers that includes all numbers between the beginning and the end

In my understanding, a VersionRange object does not contain both the bounds for a range
https://github.com/nexB/univers/blob/63bd5aec16ec95b5b811ede638ac225f3ab1f6c6/src/univers/version_range.py#L25-L28

A VersionSpecifier does come with multiple VersionRanges and might work for upper-lower bounds but that would require to treat the ranges inside a VersionSpecifier with a mathematical intersection, which doesn't make a lot of sense right now.

For eg: An intersection of semver:1.2.3,>=2.0.0 doesn't quite make sense.
Their union, though, is useful but then we are left without any upper-lower bound range.

Please correct me if I am wrong. Also, it would greatly help if you could add documentation for the exposed classes (like VersionSpecifier, VersionRange etc)

@Hritik14
Copy link
Collaborator Author

We need to work on a canonical syntax for version specifiers. The following representations have been proposed:

>>> "semver:5,(>=1.0,<=2.0),6"
'semver:5,(>=1.0,<=2.0),6'

>>> "semver:5, >=1.0 AND <=2.0, 6"
'semver:5, >=1.0 AND <=2.0, 6'

>>> "semver:5, >=1.0 & <=2.0, 6"
'semver:5, >=1.0 & <=2.0, 6'

>>> "semver:5 || (>=1.0 && <=2.0) || 6"
'semver:5 || (>=1.0 && <=2.0) || 6'

>>> "semver:5 | (>=1.0 & <=2.0) | 6"
'semver:5 | (>=1.0 & <=2.0) | 6'

@pombredanne pombredanne changed the title Naming: VersionSpecifer and VersionRange Naming: VersionSpecifier and VersionRange Oct 5, 2021
Hritik14 added a commit to Hritik14/vulnerablecode that referenced this issue Oct 12, 2021
This is still not perfect because univers is not stable yet. The
uncertainty about the structure of version_specifier needs to be
resolved. As of now, there are many redundant AffectedPackage objects
which would be gone after aboutcode-org/univers#8 is
fixed.

Signed-off-by: Hritik Vijay <[email protected]>
@Hritik14
Copy link
Collaborator Author

This has been taken care of in the vers spec implementation #12

Hritik14 added a commit to Hritik14/vulnerablecode that referenced this issue Jan 23, 2022
This is still not perfect because univers is not stable yet. The
uncertainty about the structure of version_specifier needs to be
resolved. As of now, there are many redundant AffectedPackage objects
which would be gone after aboutcode-org/univers#8 is
fixed.

Signed-off-by: Hritik Vijay <[email protected]>
Hritik14 added a commit to Hritik14/vulnerablecode that referenced this issue Jan 25, 2022
This is still not perfect because univers is not stable yet. The
uncertainty about the structure of version_specifier needs to be
resolved. As of now, there are many redundant AffectedPackage objects
which would be gone after aboutcode-org/univers#8 is
fixed.

Signed-off-by: Hritik Vijay <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant