Fix the test for osv pipelines

Fix CVSSv4 vector length issue

Signed-off-by: ziad hany <ziadhany2016@gmail.com>

Author: ziadhany

vulnerabilities/importers/osv_v2.py

@@ -18,7 +18,6 @@
 from cvss.exceptions import CVSS4MalformedError
 from packageurl import PackageURL
 from univers.version_constraint import VersionConstraint
-from univers.version_constraint import validate_comparators
 from univers.version_range import RANGE_CLASS_BY_SCHEMES
 from univers.versions import InvalidVersion
 from univers.versions import SemverVersion
@@ -90,6 +89,13 @@ def parse_advisory_data_v3(
         )
         affected_constraints.extend(explicit_affected_constraints)
 
+        last_known_affected = get_last_known_affected__constraint(
+            affected_pkg=affected_pkg,
+            raw_id=advisory_id,
+            supported_ecosystem=purl.type,
+        )
+        affected_constraints.extend(last_known_affected)
+
         fixed_constraints = []
         for r in affected_pkg.get("ranges") or []:
             (
@@ -345,14 +351,32 @@ def get_explicit_affected_constraints(affected_pkg, raw_id, supported_ecosystem)
             logger.error(
                 f"Invalid VersionConstraint: {version} " f"for OSV id: {raw_id!r}: error:{e!r}"
             )
-
-        try:
-            validate_comparators(constraints)
-        except Exception as e:
-            logger.error(f"InvalidConstraint: {version} " f"for OSV id: {raw_id!r}: error:{e!r}")
     return constraints
 
 
+def get_last_known_affected__constraint(affected_pkg, raw_id, supported_ecosystem):
+    """
+    Return the last_known_affected_version_range from the database_specific
+    """
+    database_specific = affected_pkg.get("database_specific") or {}
+    last_known_value = database_specific.get("last_known_affected_version_range")
+
+    if not last_known_value:
+        return []
+
+    try:
+        version_range_class = RANGE_CLASS_BY_SCHEMES.get(supported_ecosystem)
+        version_range = version_range_class.from_native(last_known_value)
+        return version_range.constraints
+
+    except Exception as e:
+        logger.error(
+            f"Invalid VersionConstraint in last_known_affected_version_range: {last_known_value!r} "
+            f"for OSV id: {raw_id!r}: error:{e!r}"
+        )
+        return []
+
+
 def get_version_ranges_constraints(ranges, raw_id, supported_ecosystem):
     """
     Return a tuple containing lists of affected constraints, fixed constraints,
@@ -378,7 +402,7 @@ def get_version_ranges_constraints(ranges, raw_id, supported_ecosystem):
     intro_commits = []
 
     if "type" not in ranges:
-        logger.error(f"Invalid fixed_range type for: {ranges} for OSV id: {raw_id!r}")
+        logger.error(f"Invalid Range type for: {ranges} for OSV id: {raw_id!r}")
         return []
 
     range_type = ranges["type"]
@@ -408,10 +432,12 @@ def get_version_ranges_constraints(ranges, raw_id, supported_ecosystem):
             try:
                 v_obj = version_class(event_value)
             except InvalidVersion:
-                logger.error(f"Invalid SemverVersion: {event_value!r} for OSV id: {raw_id!r}")
+                logger.error(f"Invalid Version: {event_value!r} for OSV id: {raw_id!r}")
                 continue
 
             if event_type == "introduced":
+                if event_value == "0":
+                    continue
                 constraint = VersionConstraint(comparator=">=", version=v_obj)
                 affected_constraints.append(constraint)
 
@@ -426,7 +452,9 @@ def get_version_ranges_constraints(ranges, raw_id, supported_ecosystem):
                 constraint = VersionConstraint(comparator="<=", version=v_obj)
                 affected_constraints.append(constraint)
         else:
-            logger.error(f"Unsupported fixed version type: {event_value!r} for OSV id: {raw_id!r}")
+            logger.error(
+                f"Unsupported version constraint type: {event_type}:{event_value!r} for OSV id: {raw_id!r}"
+            )
 
     return (
         affected_constraints,

vulnerabilities/migrations/0106_alter_advisoryseverity_scoring_elements.py

@@ -0,0 +1,22 @@
+# Generated by Django 4.2.25 on 2025-12-23 17:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0105_packagecommitpatch_patch_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="advisoryseverity",
+            name="scoring_elements",
+            field=models.CharField(
+                help_text="Supporting scoring elements used to compute the score values. For example a CVSS vector string as used to compute a CVSS score.",
+                max_length=200,
+                null=True,
+            ),
+        ),
+    ]

vulnerabilities/models.py

@@ -2577,7 +2577,7 @@ class AdvisorySeverity(models.Model):
     value = models.CharField(max_length=50, help_text="Example: 9.0, Important, High", null=True)
 
     scoring_elements = models.CharField(
-        max_length=150,
+        max_length=200,
         null=True,
         help_text="Supporting scoring elements used to compute the score values. "
         "For example a CVSS vector string as used to compute a CVSS score.",

vulnerabilities/tests/test_data/osv_test/github/github-expected-1.json

@@ -14,7 +14,7 @@
         "qualifiers": "",
         "subpath": ""
       },
-      "affected_version_range": "vers:maven/>=0|<7.17.16",
+      "affected_version_range": "vers:maven/<7.17.16",
       "fixed_version_range": "vers:maven/7.17.16",
       "introduced_by_commit_patches": [],
       "fixed_by_commit_patches": []

vulnerabilities/tests/test_data/osv_test/github/github-expected-2.json

@@ -4,7 +4,22 @@
     "CVE-2025-65103"
   ],
   "summary": "OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter\n### Summary\nAn authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the `display` parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full system compromise.\n\n### Details\nThe vulnerability is located in the `retrieve()` method within `src/API/Manager.php`.\n\nUser input from the `display` GET parameter is processed without proper validation. The code strips the surrounding brackets `[]`, splits the string by commas, and then passes each resulting element directly into the `selectRaw()` function of the query builder.\n\n```php\n// User input from 'display' is taken without sanitization.\n$select = !empty($request['display']) ? explode(',', substr((string) $request['display'], 1, -1)) : null;\n\n// ...\n\n// The unsanitized input is passed directly to `selectRaw()`.\nforeach ($select as $s) {\n    $query->selectRaw($s);\n}\n```\n\nSince `selectRaw()` is designed to execute raw SQL expressions, it executes any malicious SQL code provided in the `display` parameter.\n\n### PoC\n1.  Log in to an OpenSTAManager instance as any user.\n2.  Navigate to the user's profile page to obtain their personal API Token.\n3.  Use this API token to send a specially crafted GET request to the API endpoint.\n\n**Time-Based Blind Injection Test:**\n\nReplace `<your_host>`, `<your_token>`, and `<resource_name>` with your actual values. `anagrafiche` is a valid resource.\n\n```bash\ncurl \"http://<your_host>/openstamanager/api?token=<your_token>&resource=anagrafiche&display=[1,SLEEP(5)]\"\n```\n\nThe server will delay its response by approximately 5 seconds, confirming the `SLEEP(5)` command was executed by the database.\n\n### Impact\nThis is a critical SQL Injection vulnerability. Any authenticated user, even those with the lowest privileges, can exploit this vulnerability to:\n\n*   **Exfiltrate all data** from the database (e.g., user credentials, customer information, invoices, internal data).\n*   **Modify or delete data**, compromising data integrity.\n*   Potentially achieve further system compromise, depending on the database user's privileges and system configuration.",
-  "affected_packages": [],
+  "affected_packages": [
+    {
+      "package": {
+        "type": "composer",
+        "namespace": "devcode-it",
+        "name": "openstamanager",
+        "version": "",
+        "qualifiers": "",
+        "subpath": ""
+      },
+      "affected_version_range": "vers:composer/<2.9.5",
+      "fixed_version_range": "vers:composer/2.9.5",
+      "introduced_by_commit_patches": [],
+      "fixed_by_commit_patches": []
+    }
+  ],
   "references_v2": [
     {
       "reference_id": "",

vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-1.json

@@ -14,7 +14,7 @@
         "qualifiers": "",
         "subpath": ""
       },
-      "affected_version_range": "vers:pypi/>=0|4.4.0.dev1|4.5.0|4.5.2|4.5.4|4.6.2|4.6.3|4.6.4|4.6.5|4.6.7|4.7.0|4.7.1|4.7.2|4.7.4|4.7.5|4.8.0rc1|4.8.0|4.8.1|4.8.2|4.8.3|4.8.5|4.8.6|4.8.7|4.8.9|4.9.12|4.10.2|4.12.2",
+      "affected_version_range": "vers:pypi/4.4.0.dev1|4.5.0|4.5.2|4.5.4|4.6.2|4.6.3|4.6.4|4.6.5|4.6.7|4.7.0|4.7.1|4.7.2|4.7.4|4.7.5|4.8.0rc1|4.8.0|4.8.1|4.8.2|4.8.3|4.8.5|4.8.6|4.8.7|4.8.9|4.9.12|4.10.2|4.12.2",
       "fixed_version_range": null,
       "introduced_by_commit_patches": [],
       "fixed_by_commit_patches": []

vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-2.json

@@ -14,7 +14,7 @@
         "qualifiers": "",
         "subpath": ""
       },
-      "affected_version_range": "vers:pypi/>=0|0.0.1|0.0.2|0.0.3|0.1.0|0.2.0|0.2.1|0.3.0|0.3.1|0.3.2|0.4.0|0.4.1|0.4.2|0.4.3|0.5.0|0.5.1|0.5.2|0.5.3|0.5.4|0.6.0|0.7.0|1.0.0|1.0.1|1.1.0|1.1.1|1.1.2|1.1.3|1.1.4|1.1.5|1.2.2|1.3.3|1.4.1|1.5.1|1.6.0|1.7.0|2.0.0|2.0.1|2.0.2|2.0.3|2.0.4|2.0.5|2.1.0|2.2.0a0|2.2.0|2.2.1|2.2.2|2.2.3|<2.3.0",
+      "affected_version_range": "vers:pypi/0.0.1|0.0.2|0.0.3|0.1.0|0.2.0|0.2.1|0.3.0|0.3.1|0.3.2|0.4.0|0.4.1|0.4.2|0.4.3|0.5.0|0.5.1|0.5.2|0.5.3|0.5.4|0.6.0|0.7.0|1.0.0|1.0.1|1.1.0|1.1.1|1.1.2|1.1.3|1.1.4|1.1.5|1.2.2|1.3.3|1.4.1|1.5.1|1.6.0|1.7.0|2.0.0|2.0.1|2.0.2|2.0.3|2.0.4|2.0.5|2.1.0|2.2.0a0|2.2.0|2.2.1|2.2.2|2.2.3|<2.3.0",
       "fixed_version_range": "vers:pypi/2.3.0",
       "introduced_by_commit_patches": [
         {

vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-3.json

@@ -15,7 +15,7 @@
         "qualifiers": "",
         "subpath": ""
       },
-      "affected_version_range": "vers:pypi/>=0|0.1|0.2|0.3|0.4|0.4.1|0.4.2|0.4.3|0.4.4|0.5.0|0.6.0|0.6.1|0.6.2|0.6.3|0.6.4|0.6.5|0.7.0|0.7.1|0.7.2|0.7.3|0.8.0|0.8.1|0.8.2|0.8.3|0.8.4|0.9.0|0.9.1|0.9.2|0.9.3|0.10.0|0.10.1|0.10.2|0.11.0|0.12.0|0.13.0|0.13.1|0.14.0|0.14.1|0.14.2|0.14.3|0.14.4|0.15.0|0.15.1|0.15.2|0.15.3|0.16.0|0.16.1|0.16.2|0.16.3|0.16.4|0.16.5|0.16.6|0.17.0|0.17.1|0.17.2|0.17.3|0.17.4|0.18.0|0.18.1|0.18.2|0.18.3|0.18.4|0.19.0|0.20.0|0.20.1|0.20.2|0.21.0|0.21.1|0.21.2|0.21.4|0.21.5|0.21.6|0.22.0a0|0.22.0b0|0.22.0b1|0.22.0b2|0.22.0b3|0.22.0b4|0.22.0b5|0.22.0b6|0.22.0|0.22.1|0.22.2|0.22.3|0.22.4|0.22.5|1.0.0|1.0.1|1.0.2|1.0.3|1.0.5|1.1.0|1.1.1|1.1.2|1.1.3|1.1.4|1.1.5|1.1.6|1.2.0|1.3.0|1.3.1|1.3.2|1.3.3|1.3.4|1.3.5|2.0.0rc1|2.0.0|2.0.1|2.0.2|2.0.3|2.0.4|2.0.5|2.0.6|2.0.7|2.1.0|2.2.0|2.2.1|2.2.2|2.2.3|2.2.4|2.2.5|2.3.0a1|2.3.0a2|2.3.0a3|2.3.0a4|2.3.0|2.3.1a1|2.3.1|2.3.2b2|2.3.2b3|2.3.2|2.3.3|2.3.4|2.3.5|2.3.6|2.3.7|2.3.8|2.3.9|2.3.10|3.0.0b0|3.0.0b1|3.0.0b2|3.0.0b3|3.0.0b4|3.0.0|3.0.1|3.0.2|3.0.3|3.0.4|3.0.5|3.0.6|3.0.7|3.0.8|3.0.9|3.1.0|3.1.1|3.1.2|3.1.3|3.2.0|3.2.1|3.3.0a0|3.3.0|3.3.1|3.3.2a0|3.3.2|3.4.0a0|3.4.0a3|3.4.0b1|3.4.0b2|3.4.0|3.4.1|3.4.2|3.4.3|3.4.4|3.5.0a1|3.5.0b1|3.5.0b2|3.5.0b3|3.5.0|3.5.1|3.5.2|3.5.3|3.5.4|3.6.0a0|3.6.0a1|3.6.0a2|3.6.0a3|3.6.0a4|3.6.0a5|3.6.0a6|3.6.0a7|3.6.0a8|3.6.0a9|3.6.0a11|3.6.0a12|3.6.0b0|3.6.0|3.6.1b3|3.6.1b4|3.6.1|3.6.2a0|3.6.2a1|3.6.2a2|3.6.2|3.6.3|3.7.0b0|3.7.0b1|3.7.0|3.7.1|3.7.2|3.7.3|3.7.4|3.7.4.post0|3.8.0a7|3.8.0b0|3.8.0|3.8.1|3.8.2|3.8.3|3.8.4|3.8.5|3.8.6|3.9.0b0|3.9.0b1|3.9.0rc0|3.9.0|3.9.1|<3.9.2",
+      "affected_version_range": "vers:pypi/0.1|0.2|0.3|0.4|0.4.1|0.4.2|0.4.3|0.4.4|0.5.0|0.6.0|0.6.1|0.6.2|0.6.3|0.6.4|0.6.5|0.7.0|0.7.1|0.7.2|0.7.3|0.8.0|0.8.1|0.8.2|0.8.3|0.8.4|0.9.0|0.9.1|0.9.2|0.9.3|0.10.0|0.10.1|0.10.2|0.11.0|0.12.0|0.13.0|0.13.1|0.14.0|0.14.1|0.14.2|0.14.3|0.14.4|0.15.0|0.15.1|0.15.2|0.15.3|0.16.0|0.16.1|0.16.2|0.16.3|0.16.4|0.16.5|0.16.6|0.17.0|0.17.1|0.17.2|0.17.3|0.17.4|0.18.0|0.18.1|0.18.2|0.18.3|0.18.4|0.19.0|0.20.0|0.20.1|0.20.2|0.21.0|0.21.1|0.21.2|0.21.4|0.21.5|0.21.6|0.22.0a0|0.22.0b0|0.22.0b1|0.22.0b2|0.22.0b3|0.22.0b4|0.22.0b5|0.22.0b6|0.22.0|0.22.1|0.22.2|0.22.3|0.22.4|0.22.5|1.0.0|1.0.1|1.0.2|1.0.3|1.0.5|1.1.0|1.1.1|1.1.2|1.1.3|1.1.4|1.1.5|1.1.6|1.2.0|1.3.0|1.3.1|1.3.2|1.3.3|1.3.4|1.3.5|2.0.0rc1|2.0.0|2.0.1|2.0.2|2.0.3|2.0.4|2.0.5|2.0.6|2.0.7|2.1.0|2.2.0|2.2.1|2.2.2|2.2.3|2.2.4|2.2.5|2.3.0a1|2.3.0a2|2.3.0a3|2.3.0a4|2.3.0|2.3.1a1|2.3.1|2.3.2b2|2.3.2b3|2.3.2|2.3.3|2.3.4|2.3.5|2.3.6|2.3.7|2.3.8|2.3.9|2.3.10|3.0.0b0|3.0.0b1|3.0.0b2|3.0.0b3|3.0.0b4|3.0.0|3.0.1|3.0.2|3.0.3|3.0.4|3.0.5|3.0.6|3.0.7|3.0.8|3.0.9|3.1.0|3.1.1|3.1.2|3.1.3|3.2.0|3.2.1|3.3.0a0|3.3.0|3.3.1|3.3.2a0|3.3.2|3.4.0a0|3.4.0a3|3.4.0b1|3.4.0b2|3.4.0|3.4.1|3.4.2|3.4.3|3.4.4|3.5.0a1|3.5.0b1|3.5.0b2|3.5.0b3|3.5.0|3.5.1|3.5.2|3.5.3|3.5.4|3.6.0a0|3.6.0a1|3.6.0a2|3.6.0a3|3.6.0a4|3.6.0a5|3.6.0a6|3.6.0a7|3.6.0a8|3.6.0a9|3.6.0a11|3.6.0a12|3.6.0b0|3.6.0|3.6.1b3|3.6.1b4|3.6.1|3.6.2a0|3.6.2a1|3.6.2a2|3.6.2|3.6.3|3.7.0b0|3.7.0b1|3.7.0|3.7.1|3.7.2|3.7.3|3.7.4|3.7.4.post0|3.8.0a7|3.8.0b0|3.8.0|3.8.1|3.8.2|3.8.3|3.8.4|3.8.5|3.8.6|3.9.0b0|3.9.0b1|3.9.0rc0|3.9.0|3.9.1|<3.9.2",
       "fixed_version_range": "vers:pypi/3.9.2",
       "introduced_by_commit_patches": [
         {

vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-5.json

@@ -15,7 +15,7 @@
         "qualifiers": "",
         "subpath": ""
       },
-      "affected_version_range": "vers:pypi/>=0|1.9a2|1.9a5|1.9a6|2.0|2.0.1|2.1.0|2.2|2.3|2.4|2.4.1|2.5|2.6|2.6.1",
+      "affected_version_range": "vers:pypi/1.9a2|1.9a5|1.9a6|2.0|2.0.1|2.1.0|2.2|2.3|2.4|2.4.1|2.5|2.6|2.6.1",
       "fixed_version_range": null,
       "introduced_by_commit_patches": [
         {

vulnerabilities/tests/test_data/osv_test/pypa/pypa-expected-6.json

@@ -15,7 +15,7 @@
         "qualifiers": "",
         "subpath": ""
       },
-      "affected_version_range": "vers:pypi/>=0|0.1|0.2|0.3|0.3.1|0.4|0.4.1|0.5|0.6|0.7|0.8|0.8.1|0.8.2|0.8.3|0.8.4|0.8.5|0.8.6|0.8.7|0.8.8|0.8.9|0.8.10|1.0b1|1.0b2|1.0rc1|1.0rc2|1.0|1.1rc1|1.1|1.2rc1|1.2|1.3rc1|1.3|1.3.1|1.4rc1|1.4|1.4.1|1.4.2|1.4.3|1.4.4|1.4.5|1.4.6|1.5rc1|1.5|1.5.1|1.5.2|1.5.3|1.6rc1|1.6|1.6.1|1.6.2|1.6.3|1.7rc1|1.7|1.8rc1|1.8|1.8.1|1.8.2|1.9rc1|1.9|1.9.1|1.10rc1|1.10|1.10.1|1.11rc1|1.11|1.11.1|1.12rc1|1.12|1.12.1|1.12.2|1.12.3|1.12.4|1.12.5|1.12.6|1.13rc1|1.13|1.13.1|1.13.2|1.13.3|1.13.4|2.0b1|2.0rc1|2.0|2.0.1|2.0.2|2.1rc1|2.1rc2|2.1|2.1.1|2.1.2|2.1.3|2.2rc1|2.2rc2|2.2|2.2.1|2.2.2|2.3rc1|2.3rc2|2.3|2.4rc1|2.4|2.5rc1|2.5|2.5.1|2.5.2|2.6rc1|2.6|2.6.1|2.6.2|2.6.3|2.7rc1|2.7rc2|2.7|2.7.1|2.7.2|2.7.3|2.7.4|2.8rc1|2.8|2.8.1|2.8.2|2.9rc1|2.9|2.9.1|2.9.2|2.9.3|2.10rc1|2.10rc2|2.10|2.10.1|2.10.2|2.11rc1|2.11|2.11.1|2.11.2|2.11.3|2.11.4|2.11.5|2.11.6|2.11.7|2.11.8|2.11.9|2.12rc1|2.12|2.12.1|2.12.2|2.12.3|2.12.4|2.12.5|2.12.6|2.13rc1|2.13rc2|2.13rc3|2.13|2.13.1|2.13.2|2.13.3|2.13.4|2.13.5|2.14rc1|2.14|2.14.1|2.14.2|2.15rc1|2.15rc2|2.15|2.15.1|2.15.2|2.15.3|2.15.4|2.15.5|2.15.6|2.16rc1|2.16rc2|2.16|2.16.1|2.16.2|2.16.3|3.0rc1|3.0rc2|3.0rc3|3.0|3.0.1|3.0.2|3.0.3|4.0rc1|4.0rc2|4.0|4.0.1|4.0.2|4.0.3|4.0.4|4.1rc1|4.1|4.1.1|4.1.2|4.1.3|<4.1.4|4.2|>=4.2|4.2.1|<4.2.2",
+      "affected_version_range": "vers:pypi/0.1|0.2|0.3|0.3.1|0.4|0.4.1|0.5|0.6|0.7|0.8|0.8.1|0.8.2|0.8.3|0.8.4|0.8.5|0.8.6|0.8.7|0.8.8|0.8.9|0.8.10|1.0b1|1.0b2|1.0rc1|1.0rc2|1.0|1.1rc1|1.1|1.2rc1|1.2|1.3rc1|1.3|1.3.1|1.4rc1|1.4|1.4.1|1.4.2|1.4.3|1.4.4|1.4.5|1.4.6|1.5rc1|1.5|1.5.1|1.5.2|1.5.3|1.6rc1|1.6|1.6.1|1.6.2|1.6.3|1.7rc1|1.7|1.8rc1|1.8|1.8.1|1.8.2|1.9rc1|1.9|1.9.1|1.10rc1|1.10|1.10.1|1.11rc1|1.11|1.11.1|1.12rc1|1.12|1.12.1|1.12.2|1.12.3|1.12.4|1.12.5|1.12.6|1.13rc1|1.13|1.13.1|1.13.2|1.13.3|1.13.4|2.0b1|2.0rc1|2.0|2.0.1|2.0.2|2.1rc1|2.1rc2|2.1|2.1.1|2.1.2|2.1.3|2.2rc1|2.2rc2|2.2|2.2.1|2.2.2|2.3rc1|2.3rc2|2.3|2.4rc1|2.4|2.5rc1|2.5|2.5.1|2.5.2|2.6rc1|2.6|2.6.1|2.6.2|2.6.3|2.7rc1|2.7rc2|2.7|2.7.1|2.7.2|2.7.3|2.7.4|2.8rc1|2.8|2.8.1|2.8.2|2.9rc1|2.9|2.9.1|2.9.2|2.9.3|2.10rc1|2.10rc2|2.10|2.10.1|2.10.2|2.11rc1|2.11|2.11.1|2.11.2|2.11.3|2.11.4|2.11.5|2.11.6|2.11.7|2.11.8|2.11.9|2.12rc1|2.12|2.12.1|2.12.2|2.12.3|2.12.4|2.12.5|2.12.6|2.13rc1|2.13rc2|2.13rc3|2.13|2.13.1|2.13.2|2.13.3|2.13.4|2.13.5|2.14rc1|2.14|2.14.1|2.14.2|2.15rc1|2.15rc2|2.15|2.15.1|2.15.2|2.15.3|2.15.4|2.15.5|2.15.6|2.16rc1|2.16rc2|2.16|2.16.1|2.16.2|2.16.3|3.0rc1|3.0rc2|3.0rc3|3.0|3.0.1|3.0.2|3.0.3|4.0rc1|4.0rc2|4.0|4.0.1|4.0.2|4.0.3|4.0.4|4.1rc1|4.1|4.1.1|4.1.2|4.1.3|<4.1.4|4.2|>=4.2|4.2.1|<4.2.2",
       "fixed_version_range": "vers:pypi/4.1.4|4.2.2",
       "introduced_by_commit_patches": [
         {