Skip to content

hexpm: support vulnerability info from Hex#5900

Open
ankddev wants to merge 5 commits into
gleam-lang:mainfrom
ankddev:support-hexpm-vulnerabilities
Open

hexpm: support vulnerability info from Hex#5900
ankddev wants to merge 5 commits into
gleam-lang:mainfrom
ankddev:support-hexpm-vulnerabilities

Conversation

@ankddev

@ankddev ankddev commented Jun 25, 2026

Copy link
Copy Markdown
Contributor

  • The changes in this PR have been discussed beforehand in an issue
  • The issue for this PR has been linked
  • Tests have been added for new behaviour
  • The changelog has been updated for any user-facing changes

@ankddev
ankddev force-pushed the support-hexpm-vulnerabilities branch 9 times, most recently from 38c1188 to 5fdeec5 Compare June 27, 2026 15:19
@ankddev
ankddev marked this pull request as ready for review June 27, 2026 15:20

@ankddev ankddev left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't added tests for this, because I've seen none for retirement, tell me if I need to write some!

Comment thread hexpm/src/lib.rs
///
/// https://github.com/hexpm/specifications/blob/main/registry-v2.md
///
/// TODO: Where are the API docs for this?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this todo is stale, because there's a documentation in the specifications repo, am I right?

Comment thread hexpm/src/lib.rs
}

/// Create a request to download a version of a package as a tarball
/// TODO: Where are the API docs for this?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See comment above

Comment thread hexpm/src/lib.rs Outdated
.collect::<Result<HashMap<_, _>, _>>()?;
let version = Version::try_from(release.version.as_str())
.expect("Failed to parse version format from Hex");
let security_advisories = package_advisories

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to this, because the info from the repo v2 endpoint (package information) and from the HTTP API endpoint (release information) is in different formats.

Comment thread hexpm/src/lib.rs Outdated
Comment thread hexpm/src/lib.rs Outdated
ankddev added 3 commits July 13, 2026 14:21
There were few quite old TODOs about missing endpoint documentation, but I found it at https://github.com/hexpm/specifications/blob/main/endpoints.md, so I guess that we need to remove it
@ankddev
ankddev force-pushed the support-hexpm-vulnerabilities branch from 06f0933 to 506cfab Compare July 13, 2026 14:21
@ankddev
ankddev requested a review from jtdowney July 13, 2026 14:53
@ankddev

ankddev commented Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

@jtdowney I addresses all of your comments!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants