Comments (2)
adg
commented on May 20, 2024
Thanks for the report.
This is a general issue that we intend to address: some package managers permit multiple spellings for a given version string (depending on many contextual factors), but we only match requests against a specific version string that we store in the database. We could instead convert the requested version into a canonical form, and use that to match versions in the database.
(We already do this for package names - for example, requests for either Cargo/clap-builder or Cargo/clap_builder will return data about the same package (because deps.dev observes cargo's rules on names)).
from deps.dev.
adg
commented on May 20, 2024
We've rolled out some changes that canonicalize the requested versions, so the example you give now works:
$ curl -s https://api.deps.dev/v3alpha/systems/PYPI/packages/cryptography/versions/2.7 | jq
{
"versionKey": {
"system": "PYPI",
"name": "cryptography",
"version": "2.7.0"
},
"isDefault": false,
"licenses": [
"non-standard"
],
"advisoryKeys": [
{
"id": "GHSA-hggm-jpg3-v476"
},
{
"id": "GHSA-w7pp-m8wf-vj6r"
},
{
"id": "GHSA-x4qr-2fvf-3mr5"
},
{
"id": "PYSEC-2021-62"
}
],
"links": [
{
"label": "SOURCE_REPO",
"url": "https://github.com/pyca/cryptography"
}
]
}
@jamietanna Thanks again for the report. Please let us know if encounter other issues. :)
from deps.dev.
Related Issues (20)
- Dependent information storage
- LLM Dependency chatbot HOT 1
- GetRequirements API call does not return version in case of maven HOT 2
- Details for non-standard licenses HOT 3
- Add input examples / OpenAPI spec HOT 2
- Support `GetDependencies` to consider "context" information
- Latest version is not available fot nuget/Grpc.Core
- how to get the checksum information or some type of hash value of the package through the API HOT 1
- Unresolved dependency tree in go HOT 1
- The maven component query return data is missing the publishedAt field. HOT 1
- license ids do not always correspond to the official SPDX list HOT 2
- Commercial use of deps.dev HOT 1
- Compatibility v3 - v3alpha HOT 2
- Missing version for Go package github.com/cncf/xds/go
- Missing Go package github.com/docker/cli
- Missing version for Go package github.com/opencontainers/image-spec
- Support Go standard library package
- Missing version for Go package github.com/asaskevich/govalidator
- Frequent missing publishedAt element for versions where default = true HOT 1
- Python (PyPi) version numbers padded with '.0' HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deps.dev.