Properly handle the pre-release versions in VersionRange #130

keshav-space · 2024-01-25T14:27:56Z

The current univers VersionRange includes the pre-release versions. While this behavior is desirable when dealing with version ranges in a security advisory, it is not appropriate for the version range present in package manifests.

Scenario:

Consider the following release versions for an npm package:
1.0.0, 1.2.0, 2.0.0-rc.1, 2.0.0, 2.1.0, and 3.0.0

Desired Behavior:

When dealing with version ranges in a security advisory:
2.0.0-rc.1 in vers:npm/>=1.2.0|<2.0.0 => True
When dealing with version ranges in manifest files:
2.0.0-rc.1 in vers:npm/>=1.2.0|<2.0.0 => False

The text was updated successfully, but these errors were encountered:

pombredanne · 2024-10-01T16:04:42Z

Merging duplicate:

Detect if a version is a prerelease, beta, rc and similar #139

It would be useful to detect if a version is a prerelease, beta, rc and similar. This can then be used when doing version tests to exclude some prerelease optionally

keshav-space mentioned this issue Jan 25, 2024

Add support for cargo version range #84

Draft

shravankshenoy mentioned this issue Mar 4, 2024

Support pub package manager #131

Draft

pombredanne added 3-next enhancement New feature or request labels Oct 1, 2024

pombredanne mentioned this issue Oct 1, 2024

Detect if a version is a prerelease, beta, rc and similar #139

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Properly handle the pre-release versions in VersionRange #130

Properly handle the pre-release versions in VersionRange #130

keshav-space commented Jan 25, 2024

pombredanne commented Oct 1, 2024

Properly handle the pre-release versions in VersionRange #130

Properly handle the pre-release versions in VersionRange #130

Comments

keshav-space commented Jan 25, 2024

Scenario:

Desired Behavior:

pombredanne commented Oct 1, 2024