diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c4ce8e2ec..7bd7dc278 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,8 +1,10 @@ Release notes ============= -Version (next) ------------------------ +Version v34.3.1 +---------------- + +- HOTFIX: Fix API bug #1654 Version v34.3.0 diff --git a/setup.cfg b/setup.cfg index 6760f917c..e317a5a82 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,6 +1,6 @@ [metadata] name = vulnerablecode -version = 34.3.0 +version = 34.3.1 license = Apache-2.0 AND CC-BY-SA-4.0 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390 diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py index c4a82b529..8cc07b82e 100644 --- a/vulnerabilities/api.py +++ b/vulnerabilities/api.py @@ -323,7 +323,7 @@ def get_vulnerabilities_for_a_package(self, package, fix) -> dict: otherwise return vulnerabilities fixed by the `package`. """ fixed_packages = self.get_fixed_packages(package=package) - if fix: + if not fix: qs = package.affected_by_vulnerabilities.all() else: qs = package.fixing_vulnerabilities.all() diff --git a/vulnerabilities/migrations/0080_alter_packagechangelog_software_version_and_more.py b/vulnerabilities/migrations/0080_alter_packagechangelog_software_version_and_more.py new file mode 100644 index 000000000..f535e7fe4 --- /dev/null +++ b/vulnerabilities/migrations/0080_alter_packagechangelog_software_version_and_more.py @@ -0,0 +1,31 @@ +# Generated by Django 4.2.16 on 2024-11-15 02:18 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("vulnerabilities", "0079_alter_packagechangelog_software_version_and_more"), + ] + + operations = [ + migrations.AlterField( + model_name="packagechangelog", + name="software_version", + field=models.CharField( + default="34.3.1", + help_text="Version of the software at the time of change", + max_length=100, + ), + ), + migrations.AlterField( + model_name="vulnerabilitychangelog", + name="software_version", + field=models.CharField( + default="34.3.1", + help_text="Version of the software at the time of change", + max_length=100, + ), + ), + ] diff --git a/vulnerabilities/tests/test_api.py b/vulnerabilities/tests/test_api.py index ac10d1b7c..d9c435528 100644 --- a/vulnerabilities/tests/test_api.py +++ b/vulnerabilities/tests/test_api.py @@ -583,17 +583,6 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self): "next_non_vulnerable_version": "2.14.0-rc1", "latest_non_vulnerable_version": "2.14.0-rc1", "affected_by_vulnerabilities": [ - { - "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul3.id), - "vulnerability_id": "VCID-vul3-vul3-vul3", - "summary": "This is VCID-vul3-vul3-vul3", - "references": [], - "fixed_packages": [], - "aliases": ["CVE-2021-46877", "GHSA-3x8x-79m2-3w2w"], - "resource_url": "http://testserver/vulnerabilities/VCID-vul3-vul3-vul3", - } - ], - "fixing_vulnerabilities": [ { "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul1.id), "vulnerability_id": "VCID-vul1-vul1-vul1", @@ -601,32 +590,49 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self): "references": [], "fixed_packages": [ { - "url": "http://testserver/api/packages/{0}".format( - self.pkg_2_12_6_1.id - ), - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1", + "url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_2.id), + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2", "is_vulnerable": True, "affected_by_vulnerabilities": [ {"vulnerability": "VCID-vul2-vul2-vul2"} ], - "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1", + "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2", + } + ], + "aliases": ["CVE-2020-36518", "GHSA-57j2-w4cx-62h2"], + "resource_url": "http://testserver/vulnerabilities/VCID-vul1-vul1-vul1", + } + ], + "fixing_vulnerabilities": [ + { + "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul3.id), + "vulnerability_id": "VCID-vul3-vul3-vul3", + "summary": "This is VCID-vul3-vul3-vul3", + "references": [], + "fixed_packages": [ + { + "url": "http://testserver/api/packages/{0}".format(self.pkg_2_12_6.id), + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6", + "is_vulnerable": False, + "affected_by_vulnerabilities": [], + "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6", }, { - "url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_2.id), - "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2", + "url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_1.id), + "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1", "is_vulnerable": True, "affected_by_vulnerabilities": [ - {"vulnerability": "VCID-vul2-vul2-vul2"} + {"vulnerability": "VCID-vul1-vul1-vul1"} ], - "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2", + "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1", }, ], - "aliases": ["CVE-2020-36518", "GHSA-57j2-w4cx-62h2"], - "resource_url": "http://testserver/vulnerabilities/VCID-vul1-vul1-vul1", + "aliases": ["CVE-2021-46877", "GHSA-3x8x-79m2-3w2w"], + "resource_url": "http://testserver/vulnerabilities/VCID-vul3-vul3-vul3", } ], - "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1", "risk_score": None, + "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1", } assert response == expected diff --git a/vulnerablecode/__init__.py b/vulnerablecode/__init__.py index 8e76d4ba0..56e782dad 100644 --- a/vulnerablecode/__init__.py +++ b/vulnerablecode/__init__.py @@ -12,7 +12,7 @@ import warnings from pathlib import Path -__version__ = "34.3.0" +__version__ = "34.3.1" def command_line():