From 1fad42aae778830232ddc42c8cded47238ef5e42 Mon Sep 17 00:00:00 2001
From: Sebastian Schuberth <sebastian@doubleopen.org>
Date: Thu, 5 Jun 2025 11:30:20 +0200
Subject: [PATCH 1/3] chore(model): Remove `IVY_VERSION_RANGE_INDICATORS`

These are by now only used for an early return from `getVersionRange()`.
As checking for a valid range is done by the `RangesListFactory`, the
only remaining case to check for is the empty string, which would
otherwise create a ">= 0.0.0" range.

Note that as of 8142cdc the variable name was misleading anyway, as it
does not only contain Ivy version range indicators.

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
---
 model/src/main/kotlin/utils/VersionUtils.kt | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/model/src/main/kotlin/utils/VersionUtils.kt b/model/src/main/kotlin/utils/VersionUtils.kt
index be7a7c8d45b5b..48264132747b0 100644
--- a/model/src/main/kotlin/utils/VersionUtils.kt
+++ b/model/src/main/kotlin/utils/VersionUtils.kt
@@ -27,11 +27,6 @@ import org.semver4j.RangesList
 import org.semver4j.RangesListFactory
 import org.semver4j.Semver
 
-/**
- * A list of Strings that are used by Ivy-style version ranges.
- */
-private val IVY_VERSION_RANGE_INDICATORS = listOf(",", "~", "*", "+", ">", "<", "=", " - ", "^", ".x", "||")
-
 /**
  * Return true if the version of this [Identifier] interpreted as an Ivy version matcher is applicable to the
  * package with the given [identifier][pkgId].
@@ -66,7 +61,7 @@ internal fun Identifier.isVersionRange(): Boolean {
 }
 
 private fun Identifier.getVersionRanges(): RangesList? {
-    if (IVY_VERSION_RANGE_INDICATORS.none { version.contains(it, ignoreCase = true) }) return null
+    if (version.isEmpty()) return null
 
     return runCatching {
         RangesListFactory.create(version).takeUnless { it.get().isEmpty() }

From 0f4854a48ed9bd28cf059d90cb7d0068b2f4c27c Mon Sep 17 00:00:00 2001
From: Sebastian Schuberth <sebastian@doubleopen.org>
Date: Thu, 5 Jun 2025 11:56:22 +0200
Subject: [PATCH 2/3] docs: Update version range docs to not be limited to Ivy

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
---
 model/src/main/kotlin/PackageCuration.kt             | 2 +-
 model/src/main/kotlin/config/PackageConfiguration.kt | 2 +-
 model/src/main/kotlin/utils/VersionUtils.kt          | 4 ++--
 website/docs/configuration/package-configurations.md | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/model/src/main/kotlin/PackageCuration.kt b/model/src/main/kotlin/PackageCuration.kt
index 4d86ba634a4e5..acb9577f1c52d 100644
--- a/model/src/main/kotlin/PackageCuration.kt
+++ b/model/src/main/kotlin/PackageCuration.kt
@@ -55,7 +55,7 @@ data class PackageCuration(
     /**
      * Return true if this [PackageCuration] is applicable to the package with the given [identifier][pkgId]. The
      * curation's version may be an
-     * [Ivy version matcher](http://ant.apache.org/ivy/history/2.4.0/settings/version-matchers.html).
+     * [Ivy, NPM, or CocoaPods version range](https://github.com/semver4j/semver4j?tab=readme-ov-file#external).
      */
     fun isApplicable(pkgId: Identifier): Boolean =
         isApplicableDisregardingVersion(pkgId)
diff --git a/model/src/main/kotlin/config/PackageConfiguration.kt b/model/src/main/kotlin/config/PackageConfiguration.kt
index 5f9137e3069e1..fa1f9fbc03523 100644
--- a/model/src/main/kotlin/config/PackageConfiguration.kt
+++ b/model/src/main/kotlin/config/PackageConfiguration.kt
@@ -44,7 +44,7 @@ data class PackageConfiguration(
     /**
      * The [Identifier] which must match with the identifier of the package in order for this package curation to apply.
      * The [version][Identifier.version] can be either a plain version string matched for equality, or an
-     * [Ivy-style version matchers](https://ant.apache.org/ivy/history/2.5.0/settings/version-matchers.html).
+     * [Ivy, NPM, or CocoaPods version range](https://github.com/semver4j/semver4j?tab=readme-ov-file#external).
      * The other components of the [identifier][id] are matched by equality.
      */
     val id: Identifier,
diff --git a/model/src/main/kotlin/utils/VersionUtils.kt b/model/src/main/kotlin/utils/VersionUtils.kt
index 48264132747b0..ba5c668f1eca7 100644
--- a/model/src/main/kotlin/utils/VersionUtils.kt
+++ b/model/src/main/kotlin/utils/VersionUtils.kt
@@ -28,8 +28,8 @@ import org.semver4j.RangesListFactory
 import org.semver4j.Semver
 
 /**
- * Return true if the version of this [Identifier] interpreted as an Ivy version matcher is applicable to the
- * package with the given [identifier][pkgId].
+ * Return true if the version of this [Identifier] interpreted as an Ivy, NPM or CocoaPods version range is applicable
+ * to the package with the given [identifier][pkgId].
  */
 internal fun Identifier.isApplicableIvyVersion(pkgId: Identifier) =
     runCatching {
diff --git a/website/docs/configuration/package-configurations.md b/website/docs/configuration/package-configurations.md
index 8e0b27f195b4e..785b62a1def19 100644
--- a/website/docs/configuration/package-configurations.md
+++ b/website/docs/configuration/package-configurations.md
@@ -14,7 +14,7 @@ Use a package configuration file to:
 ## Package Configuration File Basics
 
 A package configuration applies to the packages it matches with.
-It contains the mandatory `id` matcher, for matching package IDs, which allows for using [Ivy-style version matchers](https://ant.apache.org/ivy/history/2.5.0/settings/version-matchers.html).
+It contains the mandatory `id` matcher, for matching package IDs, which allows for using [Ivy, NPM, or CocoaPods version ranges](https://github.com/semver4j/semver4j?tab=readme-ov-file#external).
 In addition to the `id`, at most one of the matchers `vcs`, `sourceArtifactUrl` or `sourceCodeOrigin` may additionally
 be specified, which targets the repository provenance, the source artifact provenance or just the source code origin of
 the package's scan result(s).

From 1527bed539896ed634ab2edc85658bee07e228d8 Mon Sep 17 00:00:00 2001
From: Sebastian Schuberth <sebastian@doubleopen.org>
Date: Thu, 5 Jun 2025 11:57:02 +0200
Subject: [PATCH 3/3] chore(model): Rename a version range function to not be
 limited to Ivy

Signed-off-by: Sebastian Schuberth <sebastian@doubleopen.org>
---
 model/src/main/kotlin/PackageCuration.kt             | 4 ++--
 model/src/main/kotlin/config/PackageConfiguration.kt | 4 ++--
 model/src/main/kotlin/utils/VersionUtils.kt          | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/model/src/main/kotlin/PackageCuration.kt b/model/src/main/kotlin/PackageCuration.kt
index acb9577f1c52d..52197a8567501 100644
--- a/model/src/main/kotlin/PackageCuration.kt
+++ b/model/src/main/kotlin/PackageCuration.kt
@@ -21,7 +21,7 @@ package org.ossreviewtoolkit.model
 
 import com.fasterxml.jackson.annotation.JsonProperty
 
-import org.ossreviewtoolkit.model.utils.isApplicableIvyVersion
+import org.ossreviewtoolkit.model.utils.isApplicableVersionRangeFor
 
 /**
  * Return true if this string equals the [other] string, or if either string is blank.
@@ -59,7 +59,7 @@ data class PackageCuration(
      */
     fun isApplicable(pkgId: Identifier): Boolean =
         isApplicableDisregardingVersion(pkgId)
-            && (id.version.equalsOrIsBlank(pkgId.version) || id.isApplicableIvyVersion(pkgId))
+            && (id.version.equalsOrIsBlank(pkgId.version) || id.isApplicableVersionRangeFor(pkgId))
 
     /**
      * Apply the curation [data] to the provided [basePackage] by calling [PackageCurationData.apply], if applicable.
diff --git a/model/src/main/kotlin/config/PackageConfiguration.kt b/model/src/main/kotlin/config/PackageConfiguration.kt
index fa1f9fbc03523..b5ca996c7d8fe 100644
--- a/model/src/main/kotlin/config/PackageConfiguration.kt
+++ b/model/src/main/kotlin/config/PackageConfiguration.kt
@@ -30,7 +30,7 @@ import org.ossreviewtoolkit.model.RepositoryProvenance
 import org.ossreviewtoolkit.model.SourceCodeOrigin
 import org.ossreviewtoolkit.model.VcsInfo
 import org.ossreviewtoolkit.model.VcsType
-import org.ossreviewtoolkit.model.utils.isApplicableIvyVersion
+import org.ossreviewtoolkit.model.utils.isApplicableVersionRangeFor
 import org.ossreviewtoolkit.model.utils.isVersionRange
 import org.ossreviewtoolkit.utils.common.replaceCredentialsInUri
 
@@ -98,7 +98,7 @@ data class PackageConfiguration(
         if (!id.type.equals(otherId.type, ignoreCase = true) ||
             id.namespace != otherId.namespace ||
             id.name != otherId.name ||
-            !id.isApplicableIvyVersion(otherId)
+            !id.isApplicableVersionRangeFor(otherId)
         ) {
             return false
         }
diff --git a/model/src/main/kotlin/utils/VersionUtils.kt b/model/src/main/kotlin/utils/VersionUtils.kt
index ba5c668f1eca7..10a662a0e08e5 100644
--- a/model/src/main/kotlin/utils/VersionUtils.kt
+++ b/model/src/main/kotlin/utils/VersionUtils.kt
@@ -31,7 +31,7 @@ import org.semver4j.Semver
  * Return true if the version of this [Identifier] interpreted as an Ivy, NPM or CocoaPods version range is applicable
  * to the package with the given [identifier][pkgId].
  */
-internal fun Identifier.isApplicableIvyVersion(pkgId: Identifier) =
+internal fun Identifier.isApplicableVersionRangeFor(pkgId: Identifier) =
     runCatching {
         if (version == pkgId.version) return true