-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix constraints duplication #69
base: main
Are you sure you want to change the base?
Fix constraints duplication #69
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you . Here are a few comments for your consideration.
4bac91c
to
328ba06
Compare
@keshav-space BTW, you do not need to wait to fix the semantic-version issue... Now the plot thickens, as per https://semver.org/#spec-item-10 :
A change will therefore likely be controversial upstream in @rbarrois code. IMHO the rationale is that we always want a stable sort order of versions and ignoring the build segment when sorting versions does not make sense as this lead to random ordering. Reporting two otherwise identical versions with different build as being the "same" or "equivalent" or "having the same precedence" but not "equal" is IMHO useful but this should not go in the way of a sensible stable sorting/ordering of versions sequence. @keshav-space for now you can subclass all right to create a correct sorting The issue: >>> from semantic_version import *
>>> v1=Version('1.2.3+123')
>>> v1
Version('1.2.3+123')
>>> v1.precedence_key
(1, 2, 3, (MaxIdentifier(),))
>>> v2=Version('1.2.3+234')
>>> v2.precedence_key
(1, 2, 3, (MaxIdentifier(),))
>>> sorted([v2, v1])
[Version('1.2.3+234'), Version('1.2.3+123')]
>>> sorted([v1, v2])
[Version('1.2.3+123'), Version('1.2.3+234')] duh! >>> class SortableSemverVersion(Version):
... @property
... def precedence_key(self):
... return super().precedence_key + (self.build,)
...
>>> sv1=SortableSemverVersion('1.2.3+123')
>>> sv2=SortableSemverVersion('1.2.3+234')
>>> sorted([sv1, sv2])
[SortableSemverVersion('1.2.3+123'), SortableSemverVersion('1.2.3+234')]
>>> sorted([sv2, sv1])
[SortableSemverVersion('1.2.3+123'), SortableSemverVersion('1.2.3+234')] much better! now IMHO the fact that semver specs does not define precendence does not mean that this library should not have a stable ordering |
Also see https://github.com/npm/node-semver/blob/c56a701f45653940ee8536eafe43b3e46c11d6cc/functions/compare-build.js#L5 and https://github.com/npm/node-semver/blob/c56a701f45653940ee8536eafe43b3e46c11d6cc/classes/semver.js#L152 |
Yeah, It makes a lot more sense to have an in-house fix for this. I don't see this making its way upstream. |
I think it should as a random, non-stable sort is a terribly bad thing IMHO |
Hey, just chiming in since I got mentioned: I agree that a "random" sort would be an issue; and that's a use-case that should be addressed one way or another in python-semanticversion. In order to move forward, could you please open an issue in my project, explaining which behaviour you would expect as a "stable" ordering? Thanks! |
@rbarrois awesome! will raise an issue for this along with the potential patch. We can take it forward from there :) |
No problem ;) I recommend starting with an issue where we can discuss the expected API / behaviour; the implementation is easy to build once that consensus has been reached ;) |
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! see some feedback inline. You have test failures too.
Signed-off-by: Keshav Priyadarshi <[email protected]>
Signed-off-by: Keshav Priyadarshi <[email protected]>
- add test for constraint duplicaton - closes: aboutcode-org#45 Signed-off-by: Keshav Priyadarshi <[email protected]>
- Revert this once this is fixed in upstream - rbarrois/python-semanticversion#132 Signed-off-by: Keshav Priyadarshi <[email protected]>
0fc20b6
to
df34260
Compare
Tracking for the inconsistent affected version range in Context: https://github.com/nexB/vulnerablecode/wiki/WeeklyMeetings#strange-gitlab-version-ranges |
Something weird is happening here >>> from univers.utils import SortableSemverVersion
>>> ssv1 = SortableSemverVersion.coerce("1.3")
>>> ssv2 = SortableSemverVersion("1.3.0")
>>> ssv1 == ssv2
True
>>> ssv1 > ssv2
False
>>> ssv1 < ssv2
True
>>> ssv1
Version('1.3.0')
>>> ssv2
SortableSemverVersion('1.3.0') The root of this problem |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this duplicated (in part?) with #75 ?
@keshav-space gentle ping... let's find a way to get this merged! |
#69 (comment), #69 (comment) |
Closes: Handle possible duplication of constraints in VersionRange #45