librariesio
[BUG] Project Dependencies API returns dependencies for wrong "latest" version
Description
At the Doc of the Project Dependencies API, it says pass latest to get dependency info for the latest available version. However, dependency info of the wrong latest version is returned.
Steps
GET https://libraries.io/api/maven/org.assertj:assertj-core/latest/dependencies?api_key=my_key
I run the command curl -H "Accept: application/json" -H "Content-Type: application/json" -X GET "https://libraries.io/api/maven/org.assertj:assertj-core/latest/dependencies?api_key=my_key" to get the dependency informations of the latest version of org.assertj:assertj-core.
Expected Behavior
Return the dependency informations of the version 3.22.0 (latest version) of org.assertj:assertj-core
Observed Behavior
Return the dependency informations of the version 3.9.1 of org.assertj:assertj-core
The result is like:
{
...
"latest_release_number": "3.22.0",
...
"name": "org.assertj:assertj-core",
...
"dependencies_for_version": "3.9.1",
"dependencies": ...
}
Comments
It looks like libraries.io wrongly takes the last element in the versions array of org.assertj:assertj-core as the latest version. the versions array is sorted in alphabetical order where 3.22.0 is placed before 3.9.1 and 3.9.1 is the last element.
I can confirm this.
https://libraries.io/api/npm/chalk/latest/dependencies?api_key=API_KEY
This returns a list of 10 dependencies when chalk has zero dependencies as can be seen here:
https://libraries.io/npm/chalk
I think the 0 deps is runtime deps only while the API also returns dev deps (kind:"Development")
