template-archive
template-archive copied to clipboard
accordproject
Cicero should check that the template version is a valid semver
Describe the bug Each Accord Project template has a version number that is assumed to be a valid semver (https://semver.org).
Currently the check for valid semver uses a coercion on the version for both Cicero and the template:
https://github.com/accordproject/cicero/blob/c348ab2ae36ee70c43cb0d26402450d7517a3e26/packages/cicero-core/src/metadata.js#L79-L86
This does not update the versions in the package.json which means applications relying on those to be proper semver numbers would have to do the same coercion, which isn't documented.
To Reproduce Steps to reproduce the behavior:
- got to any existing template
- Change the template version to
1.0 - Call cicero archive
- See that it does not raise an error
Changing the template version to foo would raise an error.
Expected behavior Reject non-valid semver versions in templates.
Proposed resolution: make the check in Cicero stricter and remove the semver coercions in the code in the issue description.
Addendum: for the cicero version, it should check that this is a valid semver range not a valid semver version. I.e., it should allow 0.20.0 or ^0.20.0 but not ^foo.
@jeromesimeon Is there anything left in this issue? I am asking since I see your pull request (#500 ) here.
That's a good question. I don't think so -- I may have left it open at the time since it was pushed to a branch. I need to double check if this properly made it to the release-1.0 branch.
https://github.com/accordproject/cicero/commit/d112bc6dfdc596dc3d44362670702ef605c9b64e
I think it'll be released eventually. I'm closing this.
Gah... it looks like this fix was merged into the wrong branch? Unclear, but I'm re-opening for investigation.