Skip to content

fix(frontend): fix ecosystem filtering for versioned ecosystem variants #3813

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hogo6002 merged 2 commits into from
Aug 18, 2025
Merged

fix(frontend): fix ecosystem filtering for versioned ecosystem variants #3813

hogo6002 merged 2 commits into from
Aug 18, 2025

Conversation

@ashmod
Copy link
Contributor

@ashmod ashmod commented Aug 15, 2025

Fixes ecosystem filtering to correctly match versioned ecosystem variants (e.g., filtering by "Alpaquita" now matches "Alpaquita:23", "Alpaquita:stream").

Closes #3812

@cuixq cuixq requested a review from another-rex August 17, 2025 22:57
@another-rex
Copy link
Contributor

another-rex commented Aug 18, 2025

/gcbrun

@hogo6002 hogo6002 merged commit 1625410 into google:master Aug 18, 2025
16 checks passed
@kirigiricloud kirigiricloud mentioned this pull request Aug 18, 2025
Closed
6 tasks
@another-rex
Copy link
Contributor

another-rex commented Aug 18, 2025

Hmm, this issue still seems to be showing up for GIT ecosystems. E.g. https://test.osv.dev/list?q=CVE-2025-55285&ecosystem=GIT

@another-rex
Copy link
Contributor

another-rex commented Aug 18, 2025

The git one is a bit weird, you need to add a special case for it, maybe just try to match all ecosystems if the input ecosystem is GIT.

@ashmod
Copy link
Contributor Author

ashmod commented Aug 18, 2025

Hmm, this issue still seems to be showing up for GIT ecosystems. E.g. https://test.osv.dev/list?q=CVE-2025-55285&ecosystem=GIT

Just noticed that too - this stems from Git ecosystems missing a package field in their affected structure. This should be handled now in #3814

@michaelkedar michaelkedar mentioned this pull request Dec 8, 2025
Merged
michaelkedar added a commit that referenced this pull request Dec 16, 2025
@michaelkedar
feat: Make website no longer depend on Bug entities (#4469)
8d44204 
Make use of the `ListedVulnerability` datastore entity for the `/list`
page, and the GCS bucket for the vulnerability page, instead of the
hefty, deprecated `Bug` entity for both.

Unfortunately, the `ListedVulnerability` does not quite have enough
information as-is to 100% match the current behaviour, and a couple of
things will be regressed:
- #3356 because we don't have alias/related/upstream information on the
new entity. I've made exact ID matches sort first, which should be okay
temporarily.
- #3812 / #3813 since there is no per-ecosystem `is_fixed` field on the
`ListedVulnerability` (and computing it currently would require another
query to the full vulnerability, which I'm trying to avoid on the list
page). I think we could update the `ListedVulnerability` to have a list
of fixed ecosystems to re-enable this, but I'd want to do that in a
followup PR.
- Also, records that have no affected packages (but are not withdrawn)
will now show up on the search page. IDK if that's preferable or not.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@another-rex another-rex another-rex approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Inaccurate "Fix Available" tag when filtering by versioned ecosystems

3 participants

@ashmod @another-rex @hogo6002