Closed pmonks closed 1 year ago
@pmonks
Currently antq treats version labels such as -SNAPSHOT and main-SNAPSHOT as being older than any other version
This is correct if the comparing version does not contain "-SNAPSHOT", but incorrect if it does.
For example, in the following deps.edn, antq will compare versions containing "-SNAPSHOT" since next.jdbc
already has a version containing "-SNAPSHOT".
{:deps {com.github.seancorfield/next.jdbc {:mvn/version "1.3.999-SNAPSHOT"}}}
But antq uses xsc/version-clj for version comparing, and it is based on semantic versioning. So the version "master" is treated as older than others.
(sort version-clj.core/version-compare ["1.0.1" "master-SNAPSHOT" "1.0.2-SNAPSHOT"])
;; => ("master-SNAPSHOT" "1.0.1" "1.0.2-SNAPSHOT")
Thus, for now, we should exclude dependencies that are detected incorrectly.
{:deps {com.github.spdx/Spdx-Java-Library ^:antq/exclude {:mvn/version "master-SNAPSHOT"}}
:mvn/repos {"jitpack" {:url "https://jitpack.io"}}}
Oooh thanks - I didn't know about ^:antq/exclude
. That'll work great.
Currently antq treats version labels such as
-SNAPSHOT
andmain-SNAPSHOT
as being older than any other version (which, to be clear, is consistent with how Maven does it and therefore technically correct). However some Maven artifact repositories (notably jitpack.io) (ab)use such version labels to identify the latest commit in a particular branch; in the case of jitpack, version-SNAPSHOT
is the latest commit in the default branch of that GitHub repository, and versionbranchname-SNAPSHOT
is the latest commit in branchbranchname
.So while antq is technically correct as per Maven's behaviour, it reports false positives when such versions are in use.
For example I'm currently testing some code that uses spdx/Spdx-Java-Library version
master-SNAPSHOT
[1], and each time I run antq it reports that this version is out of date compared to v1.1.4 (the last released version published to Maven Central).It would be great if there were an option in antq (perhaps defaulted to off, so that folks who don't use things like jitpack.io aren't caught by surprise) that allowed such version labels to be ignored (i.e. treated as "newest" in all cases).
[1] Here's the
deps.edn
, if you'd like to try this out: