Skip to content

Fixes for cargo #629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Fixes for cargo #629

wants to merge 1 commit into from

Conversation

prabhu
Copy link
Contributor

@prabhu prabhu commented Aug 23, 2025

  • Corrected Typo: The non-standard attribute is_case_sensitve in name_definition has been corrected to the standard case_sensitive.
  • Defined Requirements: Both the name_definition and version_definition are now correctly marked as "required", reflecting that they are mandatory components for a valid cargo purl.
  • Improved Descriptions: The note fields for the name and version have been updated to be more specific. The name is clarified as the "package name," and the version note now specifies that it should follow the Semantic Versioning (SemVer) specification.
  • Added Qualifiers Definition: A qualifiers_definition has been added to define the optional repository_url key, which is used to specify alternative registries for packages not hosted on crates.io.

@prabhu
Fixes for cargo
6449c81 
Signed-off-by: Prabhu Subramanian <[email protected]>
@prabhu prabhu marked this pull request as draft August 24, 2025 20:15
matt-phylum
matt-phylum reviewed Aug 25, 2025
View reviewed changes
types/cargo-definition.json
},
"version_definition": {
"requirement": "required",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"requirement": "required",

Why would the version be required for Cargo specifically if it is not required for other, similar package managers?

types/cargo-definition.json
"native_name": "version",
"note": "The version is the package version."
"note": "The version is the package version. It should follow the Semantic Versioning (SemVer) specification."
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does it mean for PURL implementations that the version "should" be semver? Either it is semver or it is not semver. I don't know if it matters. This seems like unnecessary information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@matt-phylum matt-phylum matt-phylum left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@prabhu @matt-phylum