-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ingest pub data through Github api #1417
base: main
Are you sure you want to change the base?
Ingest pub data through Github api #1417
Conversation
Signed-off-by: Shenoy <[email protected]>
Signed-off-by: Shenoy <[email protected]>
@shravankshenoy we need univers support for pub, see https://github.com/nexB/univers |
Thanks @TG1999 for sharing this. I went through the official pubspec documents (https://dart.dev/tools/pub/pubspec) to understand how versioning works in Dart, and I believe Dart follows semantic versioning (ref https://dart.dev/tools/pub/pubspec#version). However, I would like to learn a bit of Dart so that I can understand the docs better. Post that, I will try to create a PR in univers which supports pub. Until then I will convert this PR to a draft. Moreover, since Rust/Cargo is supported in both purl spec and univers, I will create a similar PR for Rust which fixes #1039 . Hope that works |
@shravankshenoy 🙇 , IMO you don't need to learn dart for adding pub support in univers. |
Got it 😅 Will try to create the PR to support pub on univers then. |
@shravankshenoy please rebase this PR! |
Fixes #1039
Changes Made
Modified github.py importer to ingest pub data and added test files
Other Considerations
The Github Advisory Database has very few advisories for Pub (https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apub), hence one can see all of those in the pub_expected.json test file (just helps in case anyone wants to do an additional round of manual check with the source database)