-
As a way to provide a better means to annotate certain dependencies with information about why the package(s), or certain versions of a package must not be used, we can introduce the concept of Advisories. This produces a new table, `advisories`, that can be used to insert arbitrary advisories for package, such as "this package is no longer maintained" or "don't use this because of a security vulnerability". We can add a `db generate advisory` subcommand which can pre-seed with some community-provided package advisories, as an example of what can be done. We can use a more complicated query to perform this lookup using a `case / when` which allows us to perform more logic inside our query to look up the data, instead of performing the lookup in Go code. This uses an enum-style approach inside the database schema to provide a bit more control over the entries, as this is more likely to have custom SQL executed against it, so we want to make sure that we're not going to end up with out-of-sync data. Unfortunately sqlc seems to be unhappy when using multiple `INSERT`s, so we need to execute the query manually. Closes #45.
As a way to provide a better means to annotate certain dependencies with information about why the package(s), or certain versions of a package must not be used, we can introduce the concept of Advisories. This produces a new table, `advisories`, that can be used to insert arbitrary advisories for package, such as "this package is no longer maintained" or "don't use this because of a security vulnerability". We can add a `db generate advisory` subcommand which can pre-seed with some community-provided package advisories, as an example of what can be done. We can use a more complicated query to perform this lookup using a `case / when` which allows us to perform more logic inside our query to look up the data, instead of performing the lookup in Go code. This uses an enum-style approach inside the database schema to provide a bit more control over the entries, as this is more likely to have custom SQL executed against it, so we want to make sure that we're not going to end up with out-of-sync data. Unfortunately sqlc seems to be unhappy when using multiple `INSERT`s, so we need to execute the query manually. Closes #45.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
version_match.go 504 B
package advisory
// VersionMatchStrategy defines how the Advisory.Version, if present, should be compared lexicographically with a CurrentVersion
type VersionMatchStrategy = string
const (
VersionMatchStrategyAny = "ANY"
VersionMatchStrategyEquals = "EQUALS"
VersionMatchStrategyLessThan = "LESS_THAN"
VersionMatchStrategyLessOrEqualTo = "LESS_EQUAL"
VersionMatchStrategyGreaterThan = "GREATER_THAN"
VersionMatchStrategyGreaterOrEqualTo = "GREATER_EQUAL"
)