Skip to content

Fix version handling for non-semver and prerelease versions#8

Merged
christian-andersson merged 4 commits into
mainfrom
fix-non-semver-and-prerelease-version-handling
Apr 13, 2026
Merged

Fix version handling for non-semver and prerelease versions#8
christian-andersson merged 4 commits into
mainfrom
fix-non-semver-and-prerelease-version-handling

Conversation

@christian-andersson
Copy link
Copy Markdown
Member

@christian-andersson christian-andersson commented Apr 13, 2026

Summary

Fix several real-world version classification failures that produced wrong
"latest" results:

  • Spring AI 2.0.0-M4analyze_dependencies now auto-detects prerelease
    lines and restricts lookups to the same major (with includePrerelease),
    so it won't suggest downgrading to 1.1.4.
  • Guava 33.5.0-jre — legacy r09/r07/r08 tags no longer sort above
    modern -jre versions (compareVersions prefers parseable over
    non-parseable). jre\d* and android\d* are now treated as stable variants.
  • PostgreSQL JDBC 42.7.109.4.1212.jre7 no longer sorts above
    42.7.10 (Maven 4-part regex now accepts digit-start qualifiers and
    jre7/jre8 are stable variants).
  • jgit 7.6.0.202603022253-r — OSGi timestamped release qualifiers
    (\d{6,}-r) are now classified as stable and parseable.
  • jackson-bom stale mirror 2.9.9.20190807 — Maven 4-part numeric
    qualifiers now parse correctly, so 2.21.0 > 2.9.9.20190807 (previously
    localeCompare put 2.9 > 2.21).

Implementation:

  • isPrerelease allowlist extended: jre\d*, android\d*, \d{6,}-r
  • parseVersion Maven 4-part regex accepts letter OR digit qualifier start
  • compareVersions prefers parseable versions over non-parseable
  • New resolveLatestVersions helper centralizes stable/prerelease resolution
    (with prerelease fallback when no stable exists in filtered set)
  • All 13 registry clients adopt the new helper
  • analyze_dependencies auto-detects prerelease current versions and applies
    includePrerelease: true + versionPrefix: "<major>."
  • Tool descriptions updated to guide Claude on variant tags vs prereleases

Test plan

  • deno fmt --check passes
  • deno lint passes
  • deno check main.ts passes
  • deno test --allow-net — 176/176 tests pass (29 new edge-case tests)
  • Manual: analyze_dependencies on a pom.xml with spring-ai-bom:2.0.0-M4
    should suggest updates within 2.x, not downgrade to 1.1.4
  • Manual: lookup_version for com.google.guava:guava should return a
    -jre version, not r09
  • Manual: lookup_version for org.postgresql:postgresql should return
    42.7.x, not 9.4.1212.jre7

🤖 Generated with Claude Code

@christian-andersson
Handle non-semver and prerelease versions correctly
506120f 
Fix several version classification and comparison issues that produced
wrong "latest" results for real-world packages:

- isPrerelease now recognizes stable variant tags (jre, jre7, android,
  android7, incubating, RELEASE, Final, GA, SR\d+) and OSGi-style
  timestamped releases (e.g. jgit's 7.6.0.202603022253-r). These were
  previously misclassified as prereleases.
- parseVersion now handles Maven 4-part dot-style qualifiers with
  letter OR digit start (1.0.0.RELEASE, 2.0.0.M4, 2.9.9.20190807,
  7.6.0.202603022253-r) so they sort correctly via semver rules.
- compareVersions now prefers parseable versions over non-parseable
  ones. Without this, legacy tags like Guava's "r09" sorted lexically
  above modern "33.5.0-jre" ("r" > "3").
- New resolveLatestVersions helper centralizes the stable/prerelease
  resolution across registries. When includePrerelease is true and no
  stable exists in the filtered set, it falls back to the latest
  prerelease (fixes Spring AI 2.0.0-M4 case where stable hasn't
  shipped yet in the 2.x line).
@christian-andersson
Adopt resolveLatestVersions across all registry clients
726c1a5
@christian-andersson
Auto-detect prerelease lines in analyze_dependencies
18bcc83 
When a dependency's current version is itself a prerelease (e.g.
2.0.0-M4, 1.0.0-RC1), automatically restrict the lookup to the same
major version including prereleases. Avoids suggesting "downgrades"
from a prerelease line to an older stable (e.g. spring-ai-bom
2.0.0-M4 being told to downgrade to 1.1.4).

Also extend lookup_version and analyze_dependencies descriptions so
Claude knows when to set includePrerelease + versionPrefix, and
documents which variant tags (jre, RELEASE, Final, GA, SR) are stable.
@christian-andersson
Add tests for non-semver and prerelease version handling
e83dbcf
@christian-andersson christian-andersson merged commit e7644b8 into main Apr 13, 2026
1 check passed
@christian-andersson christian-andersson deleted the fix-non-semver-and-prerelease-version-handling branch April 13, 2026 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@christian-andersson