Skip to content

Commit d37b1f6

Browse files
david-christiansendavid-christiansen
committed
Cabal v2.0
1 parent a863a6c commit d37b1f6

File tree

1 file changed

+3
-3
lines changed

1 file changed

+3
-3
lines changed

proposals/advisory-db.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -100,10 +100,10 @@ The TOML frontmatter must contain a table called `advisory` and a table called `
100100
The `affected` table, if present, contains the following fields, all of which are optional:
101101
* `arch`, an array of strings, each of which is the value of `System.Info.arch` on the affected systems. The advisory only applies to the specified architectures. If this key is absent, then the advisory applies to all architectures.
102102
* `os`, an array of strings, each of which is the value of `System.Info.os` on the affected systems. The advisory only applies to the specified operating systems. If this key is absent, then the advisory applies to all operating systems.
103-
* `declarations`, a table that maps fully-qualified names from the package to Cabal v2.4 version ranges. These ranges must all be contained in the affected versions (specified later), and they specify that the given name is the source of the advisory in that sub-range. This allows one advisory to mention a function or datatype that is renamed at some point during development.
104-
The `versions` table contains a single mandatory key, `affected`, whose value is a string that contains a Cabal v2.4 version range.
103+
* `declarations`, a table that maps fully-qualified names from the package to Cabal v2.0 version ranges. These ranges must all be contained in the affected versions (specified later), and they specify that the given name is the source of the advisory in that sub-range. This allows one advisory to mention a function or datatype that is renamed at some point during development.
104+
The `versions` table contains a single mandatory key, `affected`, whose value is a string that contains a Cabal v2.0 version range.
105105

106-
Cabal v2.4 version ranges are specified using the following grammar: TODO
106+
Cabal v2.0 version ranges are specified using the following grammar: TODO
107107

108108
Tools that detect vulnerabilities will need to check whether advisory version ranges overlap with dependency version constraints. The algorithm for this is TODO.
109109

0 commit comments

Comments
 (0)