Skip to content

fix: allow epoch 0 to match, update test outputs and testing #87

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: allow epoch 0 to match, update test outputs and testing #87

wants to merge 1 commit into from

Conversation

@tyler-catlin
Copy link

@tyler-catlin tyler-catlin commented Nov 26, 2025

  • Tests written and linted
  • Documentation written
  • Commit history is tidy
  • Potential release notes have been inspected

What this does

We are currently stripping out 0 epochs if they are given, which is causing us to have problems with version parsing.

Notes for the reviewer

Instructions on how to run this locally, background context, what to review, questions…

More information

@CLAassistant
Copy link

CLAassistant commented Nov 26, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tyler-catlin tyler-catlin marked this pull request as ready for review November 26, 2025 15:15
@tyler-catlin tyler-catlin requested a review from a team as a code owner November 26, 2025 15:15
@snyk-pr-review-bot
Copy link

snyk-pr-review-bot bot commented Nov 26, 2025

PR Reviewer Guide 🔍

🧪 PR contains tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Deviation from standard RPM display

The updated formatRpmPackageVersion now explicitly includes the 0: prefix for packages with epoch 0. Standard RPM tools (e.g., rpm -q) typically suppress the epoch if it is zero. While this appears to be the intended behavior to fix version matching issues, please ensure that downstream consumers of this string format are compatible with the explicit 0: prefix. Additionally, verify that the distinction between an undefined epoch (resulting in V-R) and a 0 epoch (resulting in 0:V-R) is intentional and handled correctly by the consuming logic, as missing epochs often imply 0 in RPM contexts.

 
if (packageInfo.epoch === undefined) {
  return `${packageInfo.version}-${packageInfo.release}`;
}
return `${packageInfo.epoch}:${packageInfo.version}-${packageInfo.release}`;
📚 Repository Context Analyzed

This review considered 20 relevant code sections from 9 files (average relevance: 0.76)

SteveShani
SteveShani approved these changes Nov 26, 2025
View reviewed changes
Copy link
Contributor

@SteveShani SteveShani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving, but I am not aware of the full consequences of this change. As long as vulndb is able to understand the version, it should be fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SteveShani SteveShani SteveShani approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tyler-catlin @CLAassistant @SteveShani