Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Normalize PyPI packages from sources. #508

Closed
xu1119 opened this issue Jul 12, 2022 · 1 comment · Fixed by #578
Closed

Normalize PyPI packages from sources. #508

xu1119 opened this issue Jul 12, 2022 · 1 comment · Fixed by #578
Assignees
@andrewpollock
Labels
enhancement New feature or request infra infrastructure bugs/FRs

Comments

@xu1119
Copy link

xu1119 commented Jul 12, 2022

Description

PyPI package names are case insensitive. When search vulnerability by ID GHSA-jwqp-28gf-p498, here are two affected packages: Scrapy and scrapy, but they are the same one package.

https://osv.dev/list?ecosystem=&q=GHSA-jwqp-28gf-p498
image
@oliverchang
Copy link
Collaborator

Hi,

Thanks for reporting this. This is a known issue (ossf/osv-schema#42) on the GitHub advisories side. My understanding is that this may take some time to fix on their end.

We could also potentially normalize this ourselves, so I'll keep this open as a FR for that.

@oliverchang oliverchang changed the title PyPI package names are case insensitive Normalize PyPI packages from sources. Jul 12, 2022
@oliverchang oliverchang added enhancement New feature or request infra infrastructure bugs/FRs labels Jul 12, 2022
@andrewpollock andrewpollock self-assigned this Jul 19, 2022
@andrewpollock andrewpollock mentioned this issue Aug 11, 2022
Merged
@oliverchang oliverchang mentioned this issue Aug 29, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewpollock andrewpollock

Labels
enhancement New feature or request infra infrastructure bugs/FRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Normalize PyPI package names andrewpollock/osv.dev
3 participants
@oliverchang @andrewpollock @xu1119