packageurl-js
Advanced tools
Comparing version 1.2.0 to 1.2.1
@@ -0,1 +1,6 @@ | ||
# 1.2.1 | ||
## Bug Fixes | ||
* purls with + in versions are now valid #52 (contributed by @satanshiro) | ||
* purl names staring with `:` are now accepted #45 (contributed by @aniruth37) | ||
# 1.2.0 | ||
@@ -2,0 +7,0 @@ ## Features |
{ | ||
"name": "packageurl-js", | ||
"version": "1.2.0", | ||
"version": "1.2.1", | ||
"description": "JavaScript library to parse and build \"purl\" aka. package URLs. This is a microlibrary implementing the purl spec at https://github.com/package-url", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -107,3 +107,3 @@ /*! | ||
purl.push('@'); | ||
purl.push(encodeURIComponent(this.version).replace(/%3A/g, ':')); | ||
purl.push(encodeURIComponent(this.version).replace(/%3A/g, ':').replace(/%2B/g,'+')); | ||
} | ||
@@ -142,3 +142,4 @@ | ||
let [scheme, remainder] = purl.split(':', 2); | ||
let scheme = purl.slice(0, purl.indexOf(':')) | ||
let remainder = purl.slice(purl.indexOf(':') + 1) | ||
if (scheme !== 'pkg') { | ||
@@ -193,3 +194,3 @@ throw new Error('purl is missing the required "pkg" scheme component.'); | ||
// https://github.com/package-url/packageurl-js/blob/58026c86978c6e356e5e07f29ecfdccbf8829918/src/package-url.js#L98C10-L98C10 | ||
let versionEncoded = encodeURIComponent(version).replace(/%3A/g, ':'); | ||
let versionEncoded = encodeURIComponent(version).replace(/%3A/g, ':').replace(/%2B/g,'+'); | ||
@@ -196,0 +197,0 @@ if (rawVersion !== versionEncoded) { |
@@ -111,2 +111,14 @@ [ | ||
{ | ||
"description": "debian can have debian versions as part of version with plus sign", | ||
"purl": "pkg:deb/debian/libssl1.1@1.1.1n-0+deb10u3?arch=amd64&distro=debian-10", | ||
"canonical_purl": "pkg:deb/debian/libssl1.1@1.1.1n-0+deb10u3?arch=amd64&distro=debian-10", | ||
"type": "deb", | ||
"namespace": "debian", | ||
"name": "libssl1.1", | ||
"version": "1.1.1n-0+deb10u3", | ||
"qualifiers": {"arch": "amd64", "distro": "debian-10"}, | ||
"subpath": null, | ||
"is_invalid": false | ||
}, | ||
{ | ||
"description": "docker uses qualifiers and hash image id as versions", | ||
@@ -410,3 +422,15 @@ "purl": "pkg:docker/customer/dockerimage@sha256:244fd47e07d1004f0aed9c?repository_url=gcr.io", | ||
"is_invalid": true | ||
}, | ||
{ | ||
"description": "colon present in name is a valid PURL", | ||
"purl": "pkg:maven/:spring-context@5.2.8-RELEASE", | ||
"canonical_purl": "pkg:maven/:spring-context@5.2.8-RELEASE", | ||
"type": "maven", | ||
"namespace": null, | ||
"name": ":spring-context", | ||
"version": "5.2.8-RELEASE", | ||
"qualifiers": null, | ||
"subpath": null, | ||
"is_invalid": false | ||
} | ||
] |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
42223
15
907