Ingest pub data through Github api #1417
Conversation
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
Signed-off-by: Shenoy <shravanshenoy1998@hotmail.com>
|
@shravankshenoy we need univers support for pub, see https://github.com/nexB/univers |
Thanks @TG1999 for sharing this. I went through the official pubspec documents (https://dart.dev/tools/pub/pubspec) to understand how versioning works in Dart, and I believe Dart follows semantic versioning (ref https://dart.dev/tools/pub/pubspec#version). However, I would like to learn a bit of Dart so that I can understand the docs better. Post that, I will try to create a PR in univers which supports pub. Until then I will convert this PR to a draft. Moreover, since Rust/Cargo is supported in both purl spec and univers, I will create a similar PR for Rust which fixes #1039 . Hope that works |
|
@shravankshenoy 🙇 , IMO you don't need to learn dart for adding pub support in univers. |
Got it 😅 Will try to create the PR to support pub on univers then. |
Fixes #1039
Changes Made
Modified github.py importer to ingest pub data and added test files
Other Considerations
The Github Advisory Database has very few advisories for Pub (https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apub), hence one can see all of those in the pub_expected.json test file (just helps in case anyone wants to do an additional round of manual check with the source database)