Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve what version should be picked #3255

Closed
JavierSegoviaCordoba opened this issue Mar 10, 2021 · 7 comments
Closed

Improve what version should be picked #3255

JavierSegoviaCordoba opened this issue Mar 10, 2021 · 7 comments
Labels
T: bug 🐞 Something isn't working

Comments

@JavierSegoviaCordoba
Copy link

Currently, I am seeing multiple issues:

- val coroutines = "1.4.3"
+ val coroutines = "1.4.3-native-mt"
val dokka = "1.4.20"
val dokka = "1.4.20-dev-65"

The first one really is mixing a version from "different libs" caused by how coroutines library is releasing the artifact.

The second one is using a dev version that can't be even used in the project because it hasn't the necessary repository.

I can understand that here we can have a real problem about how to solve this issue in a generic way because some libs can use semantic versioning, but, as a workaround, why just don't let the user specify a regex?

It allows filtering unnecessary versions and it can be modified to allow a custom approach for those versions that don't follow semantic versioning.

version: 2
updates:
  - package-ecosystem: "gradle"
    directory: "/"
	version-regex: "..."
    schedule:
      interval: "daily"
@JavierSegoviaCordoba JavierSegoviaCordoba added the T: bug 🐞 Something isn't working label Mar 10, 2021
@feelepxyz
Copy link
Contributor

@JavierSegoviaCordoba we have a bunch of logic around this already so might not be too hard to add support for these prefixes. Do you have a sample project/manifest file to share that reproduces the issue?

@JavierSegoviaCordoba
Copy link
Author

I checked that the dev version was published to the wrong repository instead of the snapshot one so there is no fail from dependabot there, for the coroutines one, it is a pattern that coroutines libraries does.

Anyway, there is no way we can't filter them, why adding the possibility to use a custom regex is blocked? I think there is no way to solve this problem in a generic way without adding a custom regex.

feelepxyz added a commit that referenced this issue Mar 26, 2021
Add `dev` as a pre-release token for gradle and maven.

Also added `pr` as a pre-release token to maven to align with gradle.

Reported here #3255
@jurre
Copy link
Member

jurre commented Apr 12, 2021

I think this should be resolved now, feel free to reopen if still running into things

@jurre jurre closed this as completed Apr 12, 2021
@Glennmen
Copy link

@jurre I don't think it was resolved, we received this PR 2 weeks ago wisemen-digital/AndroidCore#38

Or do we need to add some kind of ignore filter for this?

@JavierSegoviaCordoba
Copy link
Author

@jurre IMO until a regex function to filter is added, there is no way to resolve the underlying problem I mentioned here.

Literally, there are infinite edge cases that dependabot can't handle because any developer can use whatever versioning he wants, so I can't understand why that regex doesn't exist.

@Glennmen
Copy link

Also I found this issue where Google also made a special case for this in Android Studio (or the Gradle plugin not sure) https://issuetracker.google.com/issues/171369798#comment9

Maybe Dependabot could add something like this?

@ashughes
Copy link

FYI, this has also been reported/discussed in #2547 and #2460.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
T: bug 🐞 Something isn't working
Projects
None yet
Development

No branches or pull requests

5 participants