OSV.dev API doesn't respect .nuspec package id  case-insensitivity

**Describe the bug**
The .nuspec specification indicate that [package id is case-insensitive](https://learn.microsoft.com/en-us/nuget/reference/nuspec#id). However, the OSV.dev API is case-sensitive for NuGet package id.

**To Reproduce**
Steps to reproduce the behaviour:
1. Calling the following don't return any vulnerabilities:
    ```
    curl -d \
      '{"package": {"name": "snowflake.Data", "ecosystem": "NuGet"}, "version": "2.1.2"}' \
      "https://api.osv.dev/v1/query"
    ```
2. Calling the following return three vulnerabilities:
    ```
    curl -d \
      '{"package": {"name": "Snowflake.Data", "ecosystem": "NuGet"}, "version": "2.1.2"}' \
      "https://api.osv.dev/v1/query"
    ```
  
**Expected behaviour**
The OSV.dev API respect the .nuspec specification case-insensitivity for package id. Invoking the API for NuGet package id ``snowflake.Data`` should return the same results as for ``Snowflake.Data`` for a given version.

**Screenshots**

Calling the API for ``snowflake.Data``:

<img width="1238" height="150" alt="Image" src="https://github.com/user-attachments/assets/2a4b9ce7-dd6d-4cd1-8e22-4834c2e30d87" />


Calling the API for ``Snowflake.Data``:

<img width="1256" height="403" alt="Image" src="https://github.com/user-attachments/assets/43743f3c-b52f-4b55-9cb3-8464888b531d" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OSV.dev API doesn't respect .nuspec package id case-insensitivity #5292

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

OSV.dev API doesn't respect .nuspec package id case-insensitivity #5292

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions