Skip to content

Emit single SEMVER range with multiple events per affected#49

Draft
PushkarJ wants to merge 1 commit intokubernetes-sigs:mainfrom
PushkarJ:enhance-semver-non-overlap-pj
Draft

Emit single SEMVER range with multiple events per affected#49
PushkarJ wants to merge 1 commit intokubernetes-sigs:mainfrom
PushkarJ:enhance-semver-non-overlap-pj

Conversation

@PushkarJ
Copy link
Member

@PushkarJ PushkarJ commented Feb 26, 2026

Collector now outputs one Range per affected entry with a concatenated timeline of non-overlapping events (introduced/fixed, introduced/fixed, ...) instead of one range per version interval. This matches OSV schema and keeps branch intervals in one place.

  • getAffectedEvents: build per-interval ranges, run overlap fix, then merge into one range via mergeRangesIntoOne.
  • Add mergeRangesIntoOne, makeRangesNonOverlapping, rangeEndVersion, nextMinorStart for overlap handling and merging.
  • Remove unused exported MakeAffectedRangesNonOverlapping.
  • Update tests and expected-vulndb.json for single-range format.
  • Fix comment typo: collected.

Follow up to #46

/sig security

@PushkarJ
Emit single SEMVER range with multiple events per affected
1c2a8ec 
Collector now outputs one Range per affected entry with a concatenated
timeline of non-overlapping events (introduced/fixed, introduced/fixed,
...) instead of one range per version interval. This matches OSV
schema and keeps branch intervals in one place.

- getAffectedEvents: build per-interval ranges, run overlap fix, then
  merge into one range via mergeRangesIntoOne.
- Add mergeRangesIntoOne, makeRangesNonOverlapping, rangeEndVersion,
  nextMinorStart for overlap handling and merging.
- Remove unused exported MakeAffectedRangesNonOverlapping.
- Update tests and expected-vulndb.json for single-range format.
- Fix comment typo: collected.
@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. sig/security Categorizes an issue or PR as relevant to SIG Security. labels Feb 26, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Feb 26, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: PushkarJ

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Feb 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@IanColdwater IanColdwater Awaiting requested review from IanColdwater

@knqyf263 knqyf263 Awaiting requested review from knqyf263

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. sig/security Categorizes an issue or PR as relevant to SIG Security. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@PushkarJ @k8s-ci-robot