aboutcode-org · TG1999 · Nov 15, 2024 · Nov 15, 2024 · Nov 15, 2024 · Nov 15, 2024
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -1,8 +1,10 @@
 Release notes
 =============
 
-Version (next)
------------------------
+Version v34.3.1
+----------------
+
+- HOTFIX: Fix API bug #1654
 
 
 Version v34.3.0

diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = vulnerablecode
-version = 34.3.0
+version = 34.3.1
 license = Apache-2.0 AND CC-BY-SA-4.0
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390

diff --git a/vulnerabilities/api.py b/vulnerabilities/api.py
@@ -323,7 +323,7 @@ def get_vulnerabilities_for_a_package(self, package, fix) -> dict:
         otherwise return vulnerabilities fixed by the `package`.
         """
         fixed_packages = self.get_fixed_packages(package=package)
-        if fix:
+        if not fix:
             qs = package.affected_by_vulnerabilities.all()
         else:
             qs = package.fixing_vulnerabilities.all()

diff --git a/vulnerabilities/migrations/0080_alter_packagechangelog_software_version_and_more.py b/vulnerabilities/migrations/0080_alter_packagechangelog_software_version_and_more.py
@@ -0,0 +1,31 @@
+# Generated by Django 4.2.16 on 2024-11-15 02:18
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("vulnerabilities", "0079_alter_packagechangelog_software_version_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="packagechangelog",
+            name="software_version",
+            field=models.CharField(
+                default="34.3.1",
+                help_text="Version of the software at the time of change",
+                max_length=100,
+            ),
+        ),
+        migrations.AlterField(
+            model_name="vulnerabilitychangelog",
+            name="software_version",
+            field=models.CharField(
+                default="34.3.1",
+                help_text="Version of the software at the time of change",
+                max_length=100,
+            ),
+        ),
+    ]
diff --git a/vulnerabilities/tests/test_api.py b/vulnerabilities/tests/test_api.py
@@ -583,50 +583,56 @@ def test_api_with_lesser_and_greater_fixed_by_packages(self):
             "next_non_vulnerable_version": "2.14.0-rc1",
             "latest_non_vulnerable_version": "2.14.0-rc1",
             "affected_by_vulnerabilities": [
-                {
-                    "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul3.id),
-                    "vulnerability_id": "VCID-vul3-vul3-vul3",
-                    "summary": "This is VCID-vul3-vul3-vul3",
-                    "references": [],
-                    "fixed_packages": [],
-                    "aliases": ["CVE-2021-46877", "GHSA-3x8x-79m2-3w2w"],
-                    "resource_url": "http://testserver/vulnerabilities/VCID-vul3-vul3-vul3",
-                }
-            ],
-            "fixing_vulnerabilities": [
                 {
                     "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul1.id),
                     "vulnerability_id": "VCID-vul1-vul1-vul1",
                     "summary": "This is VCID-vul1-vul1-vul1",
                     "references": [],
                     "fixed_packages": [
                         {
-                            "url": "http://testserver/api/packages/{0}".format(
-                                self.pkg_2_12_6_1.id
-                            ),
-                            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1",
+                            "url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_2.id),
+                            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2",
                             "is_vulnerable": True,
                             "affected_by_vulnerabilities": [
                                 {"vulnerability": "VCID-vul2-vul2-vul2"}
                             ],
-                            "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6.1",
+                            "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2",
+                        }
+                    ],
+                    "aliases": ["CVE-2020-36518", "GHSA-57j2-w4cx-62h2"],
+                    "resource_url": "http://testserver/vulnerabilities/VCID-vul1-vul1-vul1",
+                }
+            ],
+            "fixing_vulnerabilities": [
+                {
+                    "url": "http://testserver/api/vulnerabilities/{0}".format(self.vul3.id),
+                    "vulnerability_id": "VCID-vul3-vul3-vul3",
+                    "summary": "This is VCID-vul3-vul3-vul3",
+                    "references": [],
+                    "fixed_packages": [
+                        {
+                            "url": "http://testserver/api/packages/{0}".format(self.pkg_2_12_6.id),
+                            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6",
+                            "is_vulnerable": False,
+                            "affected_by_vulnerabilities": [],
+                            "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.6",
                         },
                         {
-                            "url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_2.id),
-                            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2",
+                            "url": "http://testserver/api/packages/{0}".format(self.pkg_2_13_1.id),
+                            "purl": "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
                             "is_vulnerable": True,
                             "affected_by_vulnerabilities": [
-                                {"vulnerability": "VCID-vul2-vul2-vul2"}
+                                {"vulnerability": "VCID-vul1-vul1-vul1"}
                             ],
-                            "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.2",
+                            "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
                         },
                     ],
-                    "aliases": ["CVE-2020-36518", "GHSA-57j2-w4cx-62h2"],
-                    "resource_url": "http://testserver/vulnerabilities/VCID-vul1-vul1-vul1",
+                    "aliases": ["CVE-2021-46877", "GHSA-3x8x-79m2-3w2w"],
+                    "resource_url": "http://testserver/vulnerabilities/VCID-vul3-vul3-vul3",
                 }
             ],
-            "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
             "risk_score": None,
+            "resource_url": "http://testserver/packages/pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.13.1",
         }
 
         assert response == expected

diff --git a/vulnerablecode/__init__.py b/vulnerablecode/__init__.py
@@ -12,7 +12,7 @@
 import warnings
 from pathlib import Path
 
-__version__ = "34.3.0"
+__version__ = "34.3.1"
 
 
 def command_line():