-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some schema cleanup. #210
Some schema cleanup. #210
Conversation
oliverchang
commented
Nov 21, 2023
•
edited
Loading
edited
- Make Purpose section more concise. We don't need a history lesson here anymore :)
- Remove old changelogs.
- Alphabetically sort databases and ecosystems.
- Add some missing databases (Curl, NVD).
- Make Purpose section more concise. - Remove old changelogs. - Alphabetically sort databases and ecosystems. - Add some missing databases (Curl, NVD). Signed-off-by: Oliver Chang <ochang@google.com>
@hayleycd may wish to review as well? |
I ran this locally and it looks good to me. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the sorted tables!
# Change Log | ||
|
||
- 2021-03-29 added "withdrawn" field | ||
- 2021-04-07 changed "details" to Markdown, change "references" to a list of | ||
objects with a new "type" field in addition to the URL. | ||
- 2021-04-23 handful of changes, see Status - 2021-04-23 below for details. Corrected examples. | ||
- 2021-04-26 changed `database-specific` and `ecosystem-specific` to | ||
`database_specific` and `ecosystem_specific` for easier access from languages | ||
that access JSON field keys using x.field notation. | ||
- 2021-06-08 Added "purl" to the "package" field and some minor clarifications. | ||
- 2021-06-30 Fixed an incorrect/typoed specification for "affects" from an array | ||
of objects to an object. | ||
- 2021-08-17 Support multiple packages per entry by moving `packages`, | ||
`ecosystem_specific` and `database_specific` into `affected`. The `affected` | ||
field is intentionally named differently to the previous `affects` field to | ||
make migration easier. Also use "events" containing single versions to | ||
represent affected version ranges instead. | ||
- 2021-09-08 Promoted schema to 1.0. | ||
- 2022-01-19 Released version 1.2.0. Includes various changes suggested by | ||
GitHub (`schema_version`, top-level `database_specific`, `credits`, | ||
`severity`, relaxation of version enumeration requirement). | ||
- 2022-03-24 Released version 1.3.0. Added `last_affected` event type and | ||
`database_specific` to `affected[].ranges[]`. | ||
Context: https://github.com/ossf/osv-schema/issues/35. | ||
- 2023-02-21 Released version 1.4.0. Added per package `severity` and | ||
credit types. | ||
- 2023-04-26 Released version 1.5.0. Added new reference types. | ||
- 2023-08-11 Released version 1.6.0. Several new databases and clarified | ||
definitions of `aliases` and `related`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Makes sense to remove this from the schema, but I was surprised to it wasn't replaced with a separate changelog file. Not a blocker, but do you feel it's not worth a log at all?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO just sorting in reverse chronology and retaining would address the concern I had about the newer entries not being visible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the callout! I've pulled this out into a separate CHANGELOG.md
Signed-off-by: Oliver Chang <ochang@google.com>
Signed-off-by: Oliver Chang <ochang@google.com>
Signed-off-by: Oliver Chang <oliverchang@users.noreply.github.com>
Signed-off-by: Oliver Chang <oliverchang@users.noreply.github.com>