Skip to content

More Version Validation

Julian Thome requested to merge julian/versionvalidation into master

Closes gitlab-org/gitlab#454638 (closed)

I investigated whether we could include gemnasium, or more specifically, the vrange checker as a test but it seems as if it does not actually error even if the upper bound of a version range is not provided.

As the version checkers may actually handle these types of constraints gracefully, I think it may be safer to just include basic test (that may be even more restrictive as the spec of the native version checker) to ensure that we do not have version constraint without cuts. The added constraints as part of this MR are not perfect, but they improve the status quo.

/vrange # cat test.json
[
        {"range": ">1.0.0,<=", "version": "1.0.0"},
        {"range": ">1.0.0,<=", "version": "2.0.0"}
]

/vrange # python/rangecheck.py test.json
[
{"range": ">1.0.0,<=", "version": "1.0.0", "satisfies": false},
{"range": ">1.0.0,<=", "version": "2.0.0", "satisfies": false}
]
Edited by Julian Thome

Merge request reports

Loading