semver4j
semver4j copied to clipboard
Inconsistent isSatisfiedBy for NPM mode and potential incorrect isEquivalentTo for NPM mode
Requirement.buildNPM("=1.2").isSatisfiedBy(new Semver("1.2", Semver.SemverType.NPM)); // true
Requirement.buildNPM("1.2").isSatisfiedBy(new Semver("1.2", Semver.SemverType.NPM)); // false <-- ISSUE
Worth calling out that the following is right when the version is actually valid 1.2.0
,
Requirement.buildNPM("1.2").isSatisfiedBy(new Semver("1.2.0", Semver.SemverType.NPM)); // true
but since the constructor of Semver can take 1.2
and Semver.SemverType.NPM
, which produces the inconsistency.
The real issue is the second one above as marked in the comment. Did a little debugging with source code, and seems that it failed at the final equality check, at here: https://github.com/vdurmont/semver4j/blob/master/src/main/java/com/vdurmont/semver4j/Semver.java#L330.
new Semver("1.2", Semver.SemverType.NPM). isEquivalentTo(new Semver("1.2.0", Semver.SemverType.NPM)); // false <-- Potential ISSUE
And since isEquivalentTo
is a public method - it might also be potentially wrong, depending on how do we treat the "1.2" and mode "NPM".
Thanks, Ethan
@vdurmont Any update on this issue?
In my use case, that's the bug I reproduce:
Requirement.buildNPM("<1.2").isSatisfiedBy(new Semver("1.1.0", Semver.SemverType.NPM)); // false
@leaf94 if you are still interesting, I've made copy of this lib and fix bug reported by you. Look for version 2.0.1