Versions with characters in them show false positives #110
Comments
andyjayne
added a commit
to andyjayne/sbt-explicit-dependencies
that referenced
this issue
Nov 30, 2023
This test checks whether the plugin correctly handles dependencies where the version contains a + character. The character is commonly used in semver version strings to add build metadata to the version. Per https://semver.org/ Currently this test fails as the plugin is comparing the following version strings that do not match: 7.2.27+33-04a1ea9e-SNAPSHOT 7.2.27%2B33-04a1ea9e-SNAPSHOT Reproduces: cb372#110
andyjayne
added a commit
to andyjayne/sbt-explicit-dependencies
that referenced
this issue
Nov 30, 2023
Update how version is parsed for pom files in the jar file to dependency logic to to cater for characters that are valid in version strings but encoded in the file path. For example, "+" which is used for semver metadata, encoded as "%2B". Before this change 7.2.27+33-04a1ea9e-SNAPSHOT version string was not handled consistently and would result in different values in the declared/used compile dependencies. Fixes: cb372#110
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have an internal library that I'm using in a project that doesn't have a full release yet, so it's version it still in the form
0.0.0+123. It looks like under the hood sbt is encoding the+, so the version is seen to be0.0.0%2B123rather than0.0.0+123.This means that when this plugin does the dependency checks it thinks that the encoded version (
0.0.0%2B123) is undeclared, and that the non-encoded version (0.0.0+123) isn't being used.The text was updated successfully, but these errors were encountered: