DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.67k stars 573 forks source link

Projects view, versions column should support semantic versioning #378

Open wlfshmn opened 5 years ago

wlfshmn commented 5 years ago

The enhancement may already be reported! Please search for the enhancement before creating one.

Current Behavior:

Sorting the versions column sorts on the string value, leading to version 5.6.1000-SNAPSHOT being considered higher than 5.6.900-SNAPSHOT

Screenshot from 2019-06-26 16-31-42

Proposed Behavior:

It would be nice if semantic versioning rules were observed and 5.6.1000 was considered higher than 5.6.900

stevespringett commented 5 years ago

This would be a good enhancement. Don't think it's been reported previously. DT relies on the database to perform sorting and there are no requirements that versions follow a pattern, such as semver. But agree that it would be ideal.

The solution would need to be database agnostic, work natively with the persistence layer (datanucleus), and only apply when a list of semver versions are detected and fall back to native database sorting if not a list of semvers.

One possibility would be to leave the existing sorting in-place and let the client do the work.

msymons commented 3 years ago

I came across this issue in v4.0.0 Beta 4 when testing the components screen. It can be a pain when one has (say) 30 different versions of jackson-databind