enforce Dependabot version comparison matches Go's implementation
jakecoffman opened this issue · comments
Code improvement description
It's important that Dependabot matches native behavior when it comes to version comparison, otherwise we see strange behavior like downgrades.
Some of our ecosystems have native tests and we can enforce that we're getting it right. To do that, remove the following program from the comment and add it as a native test:
dependabot-core/go_modules/spec/dependabot/go_modules/version_spec.rb
Lines 151 to 177 in 2384f2d
Then, from both the version_spec.rb
and this new native Go test, extract the list of version strings into, for instance, an ordered_version_list.json
they both can use as a fixture.
This will ensure that with any changes, Dependabot will remain in sync with Go.