Open gimler opened 1 month ago
Hello, thank you for filing this.
https://stackblitz.com/edit/node-semver-check-ocyv5l?file=index.js
Type node index.js
in the terminal, isn't that behavior what's expected or am I misunderstanding the bug report?
basically yes.
the r0 is a release suffix not a prerelease.
So the bug is in the semver lib right?
So the bug is in the semver lib right?
The way I'm reading the semver spec, the behavior of the node and go libraries seem accurate. My guess is alpine doesn't strictly follow semver for their package versions.
https://semver.org/#spec-item-2 https://semver.org/#spec-item-9 https://semver.org/#spec-item-11
The explanation of Alpine versioning. It follows not strictly semver: https://wiki.alpinelinux.org/wiki/Package_policies#Package_versions
Right, goss doesn't support Alpine (or any other package format) versioning currently. The only one supported is semver.
A little bit related to:
I'll create a new feature request for Goss to support version comparison for all supported package managers: alpine, rpm, deb, etc.
I'll close this ticket and #334 when I create the new comprehensive feature request.
This has been a gap in Goss for a long time now and should be addressed.. I think since I last looked at it, there may be more libraries that handle version comparisons of the different package types. Hopefully there's mature libraries for all, otherwise, Goss may have to implement some from hopefully well defined specs.
There is a similar issue with an implementation: https://github.com/google/osv-scanner/issues/952 under Apache2 license.
Describe the bug Semver versions check for package doesn't work with alpine packages. The actual package version for curl is
8.5.0-r0
How To Reproduce
>=8.4.0
is green. it seams that-r0
is interpreted as release candidateExpected Behavior valid
Actual Behavior error
Environment: