From b11ceeecaaf1b4d8e052a606d673bd68a5365b4c Mon Sep 17 00:00:00 2001 From: fauno Date: Sun, 8 Feb 2026 04:17:55 +0100 Subject: [PATCH] fix: only skip explicit >= 0 and leave pessimistic version locking intact (#11153) Fixes #11083. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [x] in their respective `*_test.go` for unit tests. - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. *The decision if the pull request will be shown in the release notes is up to the mergers / release team.* The content of the `release-notes/.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead. Co-authored-by: f Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11153 Reviewed-by: Mathieu Fenniak Co-authored-by: fauno Co-committed-by: fauno --- modules/packages/rubygems/metadata.go | 6 ++++- modules/packages/rubygems/metadata_test.go | 27 ++++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/modules/packages/rubygems/metadata.go b/modules/packages/rubygems/metadata.go index 9d3fd18f12..0091569fce 100644 --- a/modules/packages/rubygems/metadata.go +++ b/modules/packages/rubygems/metadata.go @@ -128,7 +128,11 @@ func (r requirement) AsVersionRequirement() []VersionRequirement { continue } version, ok := versionInt.(string) - if !ok || version == "0" { + if !ok { + continue + } + + if restriction == ">=" && version == "0" { continue } diff --git a/modules/packages/rubygems/metadata_test.go b/modules/packages/rubygems/metadata_test.go index cd3a5bbd10..683f8d1df8 100644 --- a/modules/packages/rubygems/metadata_test.go +++ b/modules/packages/rubygems/metadata_test.go @@ -87,3 +87,30 @@ yjAbmt9LsOMp8xMamFkSQ38fP5EFjdz8LA4do2C69VvqWXAJgrPbKZb58/xZXrKoW6ttW13Bhvzi assert.Equal(t, "~>", rp.Metadata.DevelopmentDependencies[0].Version[0].Restriction) assert.Equal(t, "5.2", rp.Metadata.DevelopmentDependencies[0].Version[0].Version) } + +func TestPessimisticVersioning(t *testing.T) { + content, _ := base64.StdEncoding.DecodeString(`H4sIABmkhGkCA+1WTY/TMBC9+1eYvfSU1G1ZkCxRgYTYCwcEEgcQshxnmnrXX9gO2lz2t2MnTdOy +1YIKYoVEEimZ8WT8/GY8nqIo8BPfVt3cVtcgIr0CTekHB0JupOBRWoMM10CxgxCkliFKUXwDH9KI +NE0RIUS0k+kJVx+HIYTx3oiUi5Igp3jcWK8pzv8g3sat9YGiAm+yYD18baUHiippaukpTm8kwEcm +tlwmN5+/oJrHhGxJls8KsizIJSaE9k9Jxgt/QjU4MDUYIaH3fx/k69GiSziH5UrtlBQyjmtNAztE +Gkw8tdL303AyPjJP02ZNke6L9YuLXsjiQ3QN1560GZklZexcwkZ9a6LUkBTOgwcFPCT1hqsAE9Hs +CMCjAP5FruH2P9d/nesT+/mP8X63/sd4/w3ANQThpcuVkiLQXKq+hr0MbYxdKax1JfcIbkG0kVcq +laBcueA2gslO9qLnzNdWsI0cbaavrdXgeJPWv43RBTqfC1tDBb4prW/mqYw2cG33b9cqFeaLxeJy +hVKw00RD4bt697ZYlaSwRnVIQ+SpfvLMQtU2LAEQN+BZ6+UZ02A8YjzbQbCtF8DyH2f7SEeDaUDZ +5mwPKQRtzo7+6DvTi7MhMmlC5EoxnfZZDh3qo2v7RBmiustF5njc9vFRshqVNctZyB44WI8z+8e8 +PqomP8/pKaNX5WJ2DKIBHR4BCNnD2G3uzNg9OKtyVS6foyCb3I2wG+goCofdy2T6FIVWa+47il/h +3LbgFDv8Zogfvltjctjj4KnHQdn4YF9+B8hhV5g0CQAA`) + rp, err := parseMetadataFile(bytes.NewReader(content)) + require.NoError(t, err) + assert.NotNil(t, rp) + + assert.Len(t, rp.Metadata.RuntimeDependencies, 3) + assert.Equal(t, "implicit-version", rp.Metadata.RuntimeDependencies[0].Name) + assert.Empty(t, rp.Metadata.RuntimeDependencies[0].Version) + assert.Equal(t, "explicit-version", rp.Metadata.RuntimeDependencies[1].Name) + assert.Empty(t, rp.Metadata.RuntimeDependencies[1].Version) + assert.Equal(t, "explicit-pessimistic-version", rp.Metadata.RuntimeDependencies[2].Name) + assert.Len(t, rp.Metadata.RuntimeDependencies[2].Version, 1) + assert.Equal(t, "~>", rp.Metadata.RuntimeDependencies[2].Version[0].Restriction) + assert.Equal(t, "0", rp.Metadata.RuntimeDependencies[2].Version[0].Version) +}