gomodguard
gomodguard copied to clipboard
ryancurrah
Feature Request: Support blocking multiple ranges for a same dependency
Hi, Ryan, thank you for creating such a great plugin.
I want to restrict a module to a certain version or a certain range, like go.mongodb.org/mongo-driver, I hope I only use version in range1.10.0 - 1.10.6, but I find that due to the implementation of blocked, I can only restrict it to one side, like
blocked:
versions:
- go.mongodb.org/mongo-driver:
version: ">= 1.11.0"
reason: "From v1.11.0, the Go driver now requires MongoDB 3.6 or newer"
or
blocked:
versions:
- go.mongodb.org/mongo-driver:
version: "<= 1.10.0"
reason: "The version is too old"
If I merge this two cases into one config, like
blocked:
versions:
- go.mongodb.org/mongo-driver:
version: ">= 1.11.0"
reason: "From v1.11.0, the Go driver now requires MongoDB 3.6 or newer"
- go.mongodb.org/mongo-driver:
version: "<= 1.10.0"
reason: "The version is too old"
The config will not take effect, would you like to add this feature? If you have interest on this feature, I can help to implement it.
Furthur more, do you like to support some bigger feature about only some speacial version are allowed ? For example, in my case, it's better for me to write some config like
only-allowed:
versions:
- go.mongodb.org/mongo-driver:
version:
- "1.10.1"
- "1.10.2" # for some reason, 1.10.3 and 1.10.4 is not allowed
- "1.10.5"
I have no idea how to implement it in this plugin, but if you have any interest in this topic, I think we can discuss it in another feature request issue.
You should be able to do this with https://github.com/Masterminds/semver#basic-comparisons
Closing as this is possible using basic comparisons.
First, a comparison string is a list of space or comma separated AND comparisons. These are then separated by || (OR) comparisons. For example, ">= 1.2 < 3.0.0 || >= 4.2.3" is looking for a comparison that's greater than or equal to 1.2 and less than 3.0.0 or is greater than or equal to 4.2.3.