for both reproducible examples:
for the component https://packagist.org/packages/typo3/class-alias-loader
the latest version is v1.1.3, so the version hint in DT should be green, mentioning that the latest version is used.
Database Server: the one bundled in the docker image dependencytrack/apiserver
Browser: FireFox
Additional Details:
regarding PHP's composer versioning and the leading v:
composer heals itself. composer might add/remove the leading v whenever needed.
this means for composer components the v1.3.0 could be synonym to 1.3.0 and vice versa.
Current Behavior:
if a PHP's composer component has a version with a leading
v
it is not handled properly:v
in themv
Steps to Reproduce:
tested with component https://packagist.org/packages/typo3/class-alias-loader which has versions with a leading
v
and some without av
.to reproduce "detection of newer version fails if they have a leading
v
in them"to reproduce "detection of any version fails, if version does not match completely, including the leading
v
"Expected Behavior:
for both reproducible examples: for the component https://packagist.org/packages/typo3/class-alias-loader the latest version is
v1.1.3
, so the version hint in DT should be green, mentioning that the latest version is used.Environment:
dependencytrack/apiserver
Additional Details:
regarding PHP's composer versioning and the leading
v
: composer heals itself. composer might add/remove the leadingv
whenever needed. this means for composer components thev1.3.0
could be synonym to1.3.0
and vice versa.read more: https://getcomposer.org/doc/articles/versions.md