CycloneDX · jkowalleck · Sep 29, 2025
@@ -116,7 +116,7 @@ message Component {
   // Must be used exclusively, either 'version' or 'versionRange', but not both.
   string version = 9;
   // For an external component, this specifies the accepted version range.
-  // The value must adhere to the Package URL Version Range syntax (vers), as defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst.
+  // The value must adhere to the Package URL Version Range syntax (vers), as defined at https://github.com/package-url/vers-spec/blob/main/VERSION-RANGE-SPEC.rst.
   // May only be used if `isExternal` is set to `true`.
   // Must be used exclusively, either 'version' or 'versionRange', but not both.
   optional string versionRange = 33;
@@ -1195,7 +1195,7 @@ message VulnerabilityAffectedVersions {
   oneof choice {
     // A single version of a component or service.
     string version = 1;
-    // A version range specified in Package URL Version Range syntax (vers), which is defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst
+    // A version range specified in Package URL Version Range syntax (vers), which is defined at https://github.com/package-url/vers-spec/blob/main/VERSION-RANGE-SPEC.rst
     string range = 2;
   }
   // The vulnerability status for the version or range of versions. Defaults to VULNERABILITY_AFFECTED_STATUS_AFFECTED if not specified.

@@ -981,7 +981,7 @@
         "versionRange": {
           "$ref": "#/definitions/versionRange",
           "title": "Component Version Range",
-          "description": "For an external component, this specifies the accepted version range.\nThe value must adhere to the Package URL Version Range syntax (vers), as defined at <https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst>.\nMay only be used if `.isExternal` is set to `true`.\nMust be used exclusively, either 'version' or 'versionRange', but not both."
+          "description": "For an external component, this specifies the accepted version range.\nThe value must adhere to the Package URL Version Range syntax (vers), as defined at <https://github.com/package-url/vers-spec/blob/main/VERSION-RANGE-SPEC.rst\nMay only be used if `.isExternal` is set to `true`.\nMust be used exclusively, either 'version' or 'versionRange', but not both."
         },
         "isExternal": {
           "type": "boolean",
@@ -3089,7 +3089,7 @@
                     },
                     "range": {
                       "title": "Version Range",
-                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst",
+                      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec/blob/main/VERSION-RANGE-SPEC.rst",
                       "$ref": "#/definitions/versionRange"
                     },
                     "status": {
@@ -3144,7 +3144,7 @@
       ]
     },
     "versionRange": {
-      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst",
+      "description": "A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec/blob/main/VERSION-RANGE-SPEC.rst",
       "type": "string",
       "minLength": 1,
       "maxLength": 4096,

@@ -76,7 +76,7 @@ limitations under the License.
     <xs:simpleType name="versionRangeType">
         <xs:annotation>
             <xs:documentation xml:lang="en"><![CDATA[
-                A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst
+                A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec/blob/main/VERSION-RANGE-SPEC.rst
 
                 Example values:
                 - "vers:cargo/9.0.14"
@@ -634,7 +634,7 @@ limitations under the License.
                     <xs:annotation>
                         <xs:documentation><![CDATA[
                         For an external component, this specifies the accepted version range.
-                        The value must adhere to the Package URL Version Range syntax (vers), as defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst.
+                        The value must adhere to the Package URL Version Range syntax (vers), as defined at https://github.com/package-url/vers-spec/blob/main/VERSION-RANGE-SPEC.rst.
                         May only be used if `@isExternal` is set to `true`.
                         ]]></xs:documentation>
                     </xs:annotation>
@@ -4718,7 +4718,7 @@ limitations under the License.
                                                                 </xs:element>
                                                                 <xs:element name="range" type="bom:versionRangeType" minOccurs="1" maxOccurs="1">
                                                                     <xs:annotation>
-                                                                        <xs:documentation>A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/purl-spec/blob/master/VERSION-RANGE-SPEC.rst</xs:documentation>
+                                                                        <xs:documentation>A version range specified in Package URL Version Range syntax (vers) which is defined at https://github.com/package-url/vers-spec/blob/main/VERSION-RANGE-SPEC.rst</xs:documentation>
                                                                     </xs:annotation>
                                                                 </xs:element>
                                                             </xs:choice>