Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: update semver regular expression constraint to allow for 1.20rc1 cases no '-' #1434

Merged
merged 6 commits into from
Aug 15, 2023
Merged

fix: update semver regular expression constraint to allow for 1.20rc1 cases no '-' #1434

merged 6 commits into from
Aug 15, 2023

Conversation

spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Aug 15, 2023
edited
Loading

Summary

Related to anchore/grype-db#145

Grype was seeing issues where semantic versions like 1.20rc1 would fall into the fuzzy matcher and not use the correct Satisfied method. This PR updates the regex so that cases without the dash will be considered by the semantic version matcher while still preserving the openssl fuzzy matcher gate of checking cases like 1.20.0a-rc0

Note - should these cases NOT use the semantic matcher there is a chance the fuzzy matcher is behaving incorrectly:
https://github.com/anchore/grype/blob/main/grype/version/fuzzy_constraint_test.go needs an extra look in a separate PR to account for cases that are not valid semver.

TOOO:

  • Add example python and openssl test cases to the fuzzy constraint harness to protect against regressions

@spiffcs spiffcs changed the title fix: update semver constraint to allow 1.20rc1 cases fix: update semver regular expression constraint to allow for 1.20rc1 cases no '-' Aug 15, 2023
@spiffcs
test: update test names
271a2c2 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs
revert: revert test name field
9ccdf47 
Signed-off-by: Christopher Phillips <[email protected]>
@spiffcs spiffcs mentioned this pull request Aug 15, 2023
Merged
westonsteimel
westonsteimel approved these changes Aug 15, 2023
View reviewed changes
Copy link
Contributor

@westonsteimel westonsteimel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for diving into this one for me @spiffcs .

@spiffcs spiffcs merged commit 94d58fb into main Aug 15, 2023
9 checks passed
@spiffcs spiffcs deleted the version-constraint branch August 15, 2023 19:08
@chenrui333 chenrui333 mentioned this pull request Aug 17, 2023
Merged
@dependabot dependabot bot mentioned this pull request Aug 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@westonsteimel westonsteimel westonsteimel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@spiffcs @westonsteimel