Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maven 'zero' versions causes errors when comparing #1020

Closed
michaelkedar opened this issue Feb 13, 2023 · 0 comments · Fixed by #1021
Closed

Maven 'zero' versions causes errors when comparing #1020

michaelkedar opened this issue Feb 13, 2023 · 0 comments · Fixed by #1021
Assignees
@michaelkedar
Labels
bug Something isn't working

Comments

@michaelkedar
Copy link
Member

Maven versions that are 'zero' (e.g. 0.0.0 and 0.0.0-X.Y.Z) cause assertion errors when comparing with non-zero versions, because the comparisons assume there's always an initial token without a . or - 'prefix'.

This seems to be causing some of the missing vulnerabilities in #1018
@michaelkedar michaelkedar added the bug Something isn't working label Feb 13, 2023
@michaelkedar michaelkedar self-assigned this Feb 13, 2023
@michaelkedar michaelkedar mentioned this issue Feb 13, 2023
Merged
oliverchang pushed a commit that referenced this issue Feb 13, 2023
@michaelkedar
Fix Maven handling of version 0 (#1021)
6a1939e 
Fixes #1020 

This should also fix some of the missing vulnerabilities in #1018 on
reimport:
- GHSA-v62j-cxhh-fq22
- GHSA-g2qw-6vrr-v6pq
- GHSA-789v-h9hw-38pg
@G-Rath G-Rath mentioned this issue Mar 3, 2023
Merged
another-rex added a commit to google/osv-scanner that referenced this issue Mar 5, 2023
@G-Rath @another-rex
fix: properly handle comparing zero versions in Maven (#267)
1467230 
Turns out `semantic` suffers from
google/osv.dev#1020 too 😞

Co-authored-by: Rex P <[email protected]>
hayleycd pushed a commit to google/osv-scanner that referenced this issue Mar 9, 2023
@G-Rath @another-rex @hayleycd
fix: properly handle comparing zero versions in Maven (#267)
3dec36c 
Turns out `semantic` suffers from
google/osv.dev#1020 too 😞

Co-authored-by: Rex P <[email protected]>
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this issue May 2, 2023
@G-Rath @another-rex @julieqiu
fix: properly handle comparing zero versions in Maven (google#267)
6584e0c 
Turns out `semantic` suffers from
google/osv.dev#1020 too 😞

Co-authored-by: Rex P <[email protected]>
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this issue May 2, 2023
@G-Rath @another-rex @julieqiu
fix: properly handle comparing zero versions in Maven (google#267)
61ac726 
Turns out `semantic` suffers from
google/osv.dev#1020 too 😞

Co-authored-by: Rex P <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelkedar michaelkedar

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Maven handling of version 0 michaelkedar/osv.dev
1 participant
@michaelkedar