-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve what version should be picked #3255
Comments
@JavierSegoviaCordoba we have a bunch of logic around this already so might not be too hard to add support for these prefixes. Do you have a sample project/manifest file to share that reproduces the issue? |
I checked that the dev version was published to the wrong repository instead of the snapshot one so there is no fail from dependabot there, for the coroutines one, it is a pattern that coroutines libraries does. Anyway, there is no way we can't filter them, why adding the possibility to use a custom regex is blocked? I think there is no way to solve this problem in a generic way without adding a custom regex. |
Add `dev` as a pre-release token for gradle and maven. Also added `pr` as a pre-release token to maven to align with gradle. Reported here #3255
I think this should be resolved now, feel free to reopen if still running into things |
@jurre I don't think it was resolved, we received this PR 2 weeks ago wisemen-digital/AndroidCore#38 Or do we need to add some kind of ignore filter for this? |
@jurre IMO until a regex function to filter is added, there is no way to resolve the underlying problem I mentioned here. Literally, there are infinite edge cases that dependabot can't handle because any developer can use whatever versioning he wants, so I can't understand why that regex doesn't exist. |
Also I found this issue where Google also made a special case for this in Android Studio (or the Gradle plugin not sure) https://issuetracker.google.com/issues/171369798#comment9 Maybe Dependabot could add something like this? |
Currently, I am seeing multiple issues:
The first one really is mixing a version from "different libs" caused by how coroutines library is releasing the artifact.
The second one is using a dev version that can't be even used in the project because it hasn't the necessary repository.
I can understand that here we can have a real problem about how to solve this issue in a generic way because some libs can use semantic versioning, but, as a workaround, why just don't let the user specify a regex?
It allows filtering unnecessary versions and it can be modified to allow a custom approach for those versions that don't follow semantic versioning.
The text was updated successfully, but these errors were encountered: