Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dealing with non deb-version version schemes #294

Closed
alexandernst opened this issue Dec 23, 2016 · 3 comments
Closed

Dealing with non deb-version version schemes #294

alexandernst opened this issue Dec 23, 2016 · 3 comments

Comments

@alexandernst
Copy link

I'm currently in charge of writing a fetcher plugin for a custom vulnerability source. That source provides NPM-like versions for the packages, and those fail to be parsed by version.NewVersion method.

Examples:

<4.1.2 >=4.0.0
<3.8.39 >=3.5.5 || <4.3.6 >=4.0.0
<3.4.6 || > 4.0.0 <4.0.5

How should I deal with this situation?

Related to #293
@Djelibeybi
Copy link
Contributor

The framework for this was added in #298 so check that out and perhaps extend that for NPM.

@jzelinskie
Copy link
Contributor

The HEAD of clair now has versionfmts for this reason. Rather, the reason you don't seen support for npm and pip in Clair just yet is because images containers can only have one namespace. We're hoping to remove this limitation in the near future.

@jzelinskie
Copy link
Contributor

I'm going to close this, we should create a new issue for supporting verison ranges

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexandernst @Djelibeybi @jzelinskie