isUnstableVersion counts versions with build metadata as unstable and shouldn't

[sfackler]

https://crates.io/crates/openssl-src points to 110.0.0, but the newest release is 110.0.1+1.1.0f.

[carols10cents]

Yep, looks like this isUnstableVersion function is treating build metadata as if it were a prerelease version.

I think a fix to paper over this problem would be to add + to this conditional, but this is starting to make me wonder if we should be returning the semver-crate parsed version info to the frontend and using that instead of recreating that logic poorly....

[sgrif]

There are semver libraries for JavaScript aren't there? Is there a reason that we don't just use one of those?

[gyscos]

I think a fix to paper over this problem would be to add + to this conditional

Not quite; metadata may contain non-numeric fields (as the given example 110.0.1+1.1.0f), so simply accepting the '+' character is not enough. Actually, the metadata might even include hyphens, like 110.0.1+release-1.1.0f.

If we stick to string-based check (rather than going full real-semver), a better solution might be:

• Find the index i of the first - in the string
• Return true iff - was found and + is not present before i.

[sfackler]

From talking to @sgrif today, it seems like this may be an issue on the Postgres side with how we sort versions in the database.

[mitsuhiko]

I just noticed the same issue with the zstd crate (gyscos/zstd-rs#62). It claims 0.4.14 is latest but the actual latest version is 0.4.24.

[Turbo87]

We are now using the semver npm package, and specifically the prerelease() function to figure out if a version is a pre-release or not. I assume this means we can close the issue as the original problem is fixed by this.

I'm aware that there maybe be other problems with the current approach of figuring out the "latest stable" version on the frontend, but iirc there are other GitHub issues for that already.