Add semver 2 versioning in dependabot common #10434
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amazimbe
force-pushed
the
amazimbe/semver2
branch
from
d3a4c75
to
9ec4716
Compare
amazimbe
changed the title
5 tasks
abdulapopoola
approved these changes
Aug 15, 2024
jakecoffman
reviewed
Aug 15, 2024
There was a problem hiding this comment.
Can you write more tests with known valid/invalid values to make sure this implementation supports valid SemVer 2.0? For example, some folks have listed known values here: semver/semver#833
Why: To be used as a standard for ecosystems that do not have a versioning standard.
amazimbe
force-pushed
the
amazimbe/semver2
branch
from
f04f629
to
61d29eb
Compare
|
I'm very happy with the code and branch test coverage both of which are now on 💯 % |
jakecoffman
approved these changes
Aug 20, 2024
imajes
pushed a commit
to imajes/dependabot-core
that referenced
this pull request
Sep 27, 2024
* Add semver 2 versioning in dependabot common Why: To be used as a standard for ecosystems that do not have a versioning standard. * Fix sorbet errors and address PR comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What are you trying to accomplish?
Implement semver 2 (https://semver.org/spec/v2.0.0.html) as the standard that dependabot follows for ecosystems that have no version standards; docker for example.
We have numerous errors and issues due to lack of clarity on what a valid dependency version should be and how to consistently compare versions within an ecosystem. Gem::Version has been inadequate so far and we think semver 2 will be an improvement especially for ecosystems without a well defined standard.
Malformed version errors and issues related to dependabot opening PRs to update a dependency to an unacceptable version, for example, a prerelease or beta release.
Anything you want to highlight for special attention from reviewers?
This one is the first in a series of PRs. Subsequent PRs will focus on improving ecosystem specific versioning by implementing the standard for the ecosystem where one exists; implementing deviations from semver 2 where applicable and improving test coverage which is below 50% in most cases.
Checklist