From efb3328ad8067dac6738a0209b1e8518ba890ed5 Mon Sep 17 00:00:00 2001
From: jaimergp <jaimergp@users.noreply.github.com>
Date: Sun, 30 Mar 2025 20:41:11 +0200
Subject: [PATCH 1/2] Validate vers qualifier

---
 setup.cfg                  | 1 +
 src/packageurl/__init__.py | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/setup.cfg b/setup.cfg
index 668d254..a6f0ebc 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -41,6 +41,7 @@ package_dir = =src
 include_package_data = true
 zip_safe = false
 install_requires =
+    univers>=30.12.1
 
 [options.packages.find]
 where = src
diff --git a/src/packageurl/__init__.py b/src/packageurl/__init__.py
index 8199e39..b88aac9 100644
--- a/src/packageurl/__init__.py
+++ b/src/packageurl/__init__.py
@@ -43,6 +43,8 @@
 
     AnyStr = Union[str, bytes]
 
+from univers.version_range import VersionRange
+
 # Python 3
 basestring = (bytes, str)
 
@@ -221,6 +223,9 @@ def normalize_qualifiers(
         if key[0] in string.digits:
             raise ValueError(f"A qualifier key cannot start with a number: {key!r}")
 
+    if vers := qualifiers_map.get("vers"):
+        VersionRange.from_string(vers, validate=True)
+
     qualifiers_map = dict(sorted(qualifiers_map.items()))
 
     if not encode:

From 2e48bf06ffc32a2457a625495f74e30d19dfb84e Mon Sep 17 00:00:00 2001
From: jaimergp <jaimergp@users.noreply.github.com>
Date: Thu, 8 May 2025 21:01:31 +0200
Subject: [PATCH 2/2] add tests

---
 tests/test_packageurl.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tests/test_packageurl.py b/tests/test_packageurl.py
index cb419e2..7cf03e6 100644
--- a/tests/test_packageurl.py
+++ b/tests/test_packageurl.py
@@ -29,6 +29,8 @@
 import re
 import unittest
 
+import pytest
+
 from packageurl import PackageURL
 from packageurl import normalize
 from packageurl import normalize_qualifiers
@@ -330,3 +332,13 @@ def test_to_dict_custom_empty_value(self):
 def test_purl_is_hashable():
     s = {PackageURL(name="hashable", type="pypi")}
     assert len(s) == 1
+
+
+def test_vers_validation_ok():
+    url = PackageURL.from_string("pkg:pypi/requests?vers=vers:pypi/>=2.0")
+    assert url.qualifiers["vers"] == "vers:pypi/>=2.0"
+
+
+def test_vers_validation_fails():
+    with pytest.raises(ValueError, match="must start with the 'vers:' URI scheme."):
+        PackageURL.from_string("pkg:pypi/requests?vers=>=2.0")