incrementals-tools generates version numbers which are Dependabot prereleases
#34
Comments
FTR #28 + jenkinsci/plugin-compat-tester#340 + #24 + jenkinsci/plugin-compat-tester#341 + #31
Reverting #31 basically (except retaining test coverage). Seems like the most prudent approach. @jetersen @timja any comment? |
|
To be clear, the lack of a trailing underscore is fine for any digit or letter except for "a" or "b", in which case it triggers https://github.com/dependabot/dependabot-core/blob/1afa8518245f23c14eb652452e6f9539e48893d7/maven/lib/dependabot/maven/version.rb#L57. |
|
what if we remove the last a or b at the end the commit sha will still be unique enough? |
|
I am not comfortable with that. Adding hex digits until you find |
|
Since this issue has not been resolved two weeks after it was filed, should the relevant commit be reverted? |
|
Yes as per #34 (comment); was just waiting to see if there were any alternate ideas, since this did not appear urgent. |
|
Caused downstream issues: jenkinsci/bom#1805, jenkinsci/bom#1806, jenkinsci/bom#1807 |
https://github.com/jenkinsci/jenkins-test-harness/releases/tag/1933.vda_8285a_2162a was not offered by Dependabot as expected. Rather it was erroneously filtered out as a prerelease by https://github.com/dependabot/dependabot-core/blob/1afa8518245f23c14eb652452e6f9539e48893d7/maven/lib/dependabot/maven/update_checker/version_finder.rb#L34. The Dependabot tokenization of this version was ["1933", "vda_8285", "a_2162", "a"]. The last token causes https://github.com/dependabot/dependabot-core/blob/1afa8518245f23c14eb652452e6f9539e48893d7/maven/lib/dependabot/maven/version.rb#L57 to erroneously flag this as an alpha version. One solution would be to append an underscore in cases like this so that the last token would be "a_" and would not trigger https://github.com/dependabot/dependabot-core/blob/1afa8518245f23c14eb652452e6f9539e48893d7/maven/lib/dependabot/maven/version.rb#L57.
The text was updated successfully, but these errors were encountered: