Sorting of version fields is not numeric

[Kanti]

Current Behavior

currently the order of versions is not always sorted by the numeric version number.

If you have eg. composer packages, there version number is prefixed by a v and with that the sorting is not done numerically.

e.g.

• v1.0.0
• v10.0.0
• v2.0.0

if it is mixed with eg. npm components, there the version number is not prefixed. Than the Sorting of npm packages are correct but the composer packages are also sorted at the buttom (v is after every number).

Steps to Reproduce

Have 3 Components with version numbers like v1.0.0 v2.0.0 and v10.0.0

Expected Behavior

it should sort numerically like this:

• v1.0.0
• v2.0.0
• v10.0.0

if mixed with npm packges it should look something like this:

• 1.0.0
• v1.0.0
• 1.5.0
• v2.0.0
• 9.0.0
• v10.0.0

Dependency-Track Frontend Version

4.7.x

Browser

Mozilla Firefox

Browser Version

No response

Operating System

Windows

Checklist

• [X] I have read and understand the contributing guidelines
• [X] I have checked the existing issues for whether this defect was already reported

[msymons]

This still occurs in v4.11.5. Example, when performing a component search for commons-lang3 in a large portfolio and sorting the results by version:

3.1
3.10
3.11
3.12.0
3.13.0
3.3.2
3.4
3.5
3.6
3.7
3.8.1
3.9

[nscuro]

Honestly I'm not sure how this can be achieved, since databases have no understanding of version semantics. Sorting in the application is a non-starter, as it would require us to load all data into memory first.

If versions were known to always be SemVer-conformant we could probably hack something together similar to this, but it would all fall apart as soon as non-SemVer versions are involved (branch names, commit hashes, etc.).

There is also https://pgxn.org/dist/semver/doc/semver.html, but it's Postgres-specific and not available in managed solutions. So not an option either.

Open for any ideas to make this work.