Cvss4.0 support

[unorsk]

Fixing add CVSS 4.0 support

[frasertweedale]

Thanks for the updates @unorsk. I'll try and review them this weekend.

[unorsk]

Thanks for the updates @unorsk. I'll try and review them this weekend.

@frasertweedale You can take a look at it if you want, but this isn't ready yet :) There is one thing I commented out in the tests that I am going to fix and lots of other places in the code that need some love. One of the reasons it took me so long is that I made a rewrite of the reference implementation in TypeScript which I used as a reference for my Haskell implementation, that (not surprisingly) isn't very idiomatic. And then there is a new metric Urgency that can have values 'Red / Amber / Green / Clear' 🙈 in contrast to the rest of the metrics which can only have single character values – haven't solved this one yet.

[unorsk]

@frasertweedale, it's kind of ready 🙈

[frasertweedale]

@frasertweedale, it's kind of ready 🙈

Thanks @unorsk. I've had a quick look; I'll need to set aside some time to understand the implementation - perhaps (hopefully!) this weekend.

[frasertweedale]

So, I've had a look and it's a solid start - thanks @unorsk! I'm working on some improvements using sum types for the MicroVectors and a total function for the score lookup, rather than the maps and lookup tables.

It seems that the scoring function is underspecified in the spec doc. There are some behaviours in the reference implementation that, from what I can see, aren't explained in the spec but rather fill in gaps or resolve ambiguities. I might be missing something but the spec seems rather poor or at least incomplete. Sigh...

[unorsk]

So, I've had a look and it's a solid start - thanks @unorsk! I'm working on some improvements using sum types for the MicroVectors and a total function for the score lookup, rather than the maps and lookup tables.

Yeah, sure.

It seems that the scoring function is underspecified in the spec doc. There are some behaviours in the reference implementation that, from what I can see, aren't explained in the spec but rather fill in gaps or resolve ambiguities. I might be missing something but the spec seems rather poor or at least incomplete. Sigh...

The spec isn't great 😅