Move semver ignore-condition range code into version#10664
Move semver ignore-condition range code into version#10664
Conversation
amazimbe
force-pushed
the
amazimbe/update-git-ignore-semver
branch
from
1fb3f80 to
38f3189
Compare
amazimbe
force-pushed
the
amazimbe/update-git-ignore-semver
branch
2 times, most recently
from
0fcc693 to
a3677f4
Compare
amazimbe
changed the title
amazimbe
force-pushed
the
amazimbe/update-git-ignore-semver
branch
from
a3677f4 to
403624e
Compare
|
Thanks @amazimbe for the deep analysis, one question
Does this mean >3.0 or >3.a0? |
In maven 3.a0 is the earliest 3 prerelease. My assumption is that if they are on 2.9 and their settings are to ignore major updates then they don't want any versions with a 3 in the major section e.g. 3.a0. |
amazimbe
force-pushed
the
amazimbe/update-git-ignore-semver
branch
from
403624e to
5c724a7
Compare
amazimbe
force-pushed
the
amazimbe/update-git-ignore-semver
branch
from
5c724a7 to
583a888
Compare
| lower_parts = version_parts.first(1) + [version_parts[1].to_i + 1] + ["a"] | ||
| upper_parts = version_parts.first(0) + [version_parts[0].to_i + 1] | ||
| lower_bound = ">= #{lower_parts.join('.')}" | ||
| upper_bound = "< #{upper_parts.join('.')}" |
There was a problem hiding this comment.
Can we have a unit test covering the regression that exposed this gap?
There was a problem hiding this comment.
The issue was only in maven and I already have maven specific tests below
|
This makes sense, and I poked at it a little using Maven's feature to test versions: $ java -jar ${MAVEN_HOME}/lib/maven-artifact-3.9.2.jar 3alpha 3.a0 3.a1 3.0 3.a
Display parameters as parsed by Maven (in canonical form and as a list of tokens) and comparison result:
1. 3alpha -> 3-alpha; tokens: [3, [alpha]]
3alpha == 3.a0
2. 3.a0 -> 3-alpha; tokens: [3, [alpha]]
3.a0 < 3.a1
3. 3.a1 -> 3-alpha-1; tokens: [3, [alpha, [1]]]
3.a1 < 3.0
4. 3.0 -> 3; tokens: [3]
3.0 < 3.a
5. 3.a -> 3-a; tokens: [3, [a]]So 3.a is a post 3.0 version, but 3.a0 and 3.a1 get normalized to alpha pre-releases. Interesting! The change makes sense, but my understanding is Dependabot currently is working correctly now that the previous Maven Version was rolled back here. Will merging this directly into main break something or does this need to get merged into the new Maven Version class branch? |
I agree, probably best to merge this into the new Maven version class although it wouldn't make any difference in the current Maven version implementation that treats any version with a letter e.g. 3.a, 3.a0 as a prerelease. |
Co-authored-by: AbdulFattaah Popoola <abdulapopoola@github.com>
|
I'll close this one as I have merged it into #10704 which has the other new maven spec changes. |
5 participants
Issue: (Dependabot ignore semantic version not working with latest dependabot-updater-maven) [https://github.com//issues/10634]
What are you trying to accomplish?
Fix an issue where ignore conditions like ["version-update:semver-major", "version-update:semver-minor"] are not applied correctly across version boundaries because we are appending
arather than0when calculating version ranges.The presence of
ain a version affects ordering in different ways based on the ecosystem. In the Maven spec, for example, an ignore condition like>=3.aaccepts3.0but rejects3.a1and3alphabecause 3alpha < 3.a1 < 3.0 < 3.a .By moving the code that calculates the range of ignored versions into version.rb we can calculate correct ranges of which versions to ignore based on the version specification followed by an ecosystem. In maven, for example, a dependency with version 2.9 and settings that say ignore majors would not upgrade to anything >= 3.a0.
@jonjanego @abdulapopoola FYI
How will you know you've accomplished your goal?
Checklist