Skip to content

fix(deps-maven): use <release> field as authoritative latest stable version#93

Merged
bug-ops merged 2 commits intomainfrom
91-maven-wrong-latest-version
Mar 28, 2026
Merged

fix(deps-maven): use <release> field as authoritative latest stable version#93
bug-ops merged 2 commits intomainfrom
91-maven-wrong-latest-version

Conversation

@bug-ops
Copy link
Copy Markdown
Owner

@bug-ops bug-ops commented Mar 28, 2026

Summary

  • Parses the <release> element from maven-metadata.xml and returns it directly as the latest stable version instead of sorting all versions
  • Falls back to sort-based selection only when <release> is absent
  • Adds private get_metadata() helper returning (Vec<MavenVersion>, Option<String>) so both get_versions_typed and get_latest_matching_typed share a single fetch without changing the public API

Root Cause

compare_versions falls back to lexicographic comparison for non-numeric segments, so legacy versions like r09 (ASCII 114) sort higher than semver versions like 33.5.0-jre (ASCII 51). The registry already provides the correct answer in <release> — it was simply ignored.

Test Plan

  • test_parse_metadata_xml — updated to assert release field is captured
  • test_parse_metadata_xml_empty — updated to assert release is None when absent
  • test_parse_metadata_xml_legacy_versions_release_wins — new test verifying guava scenario: <release>33.5.0-jre</release> is returned even though r09 sorts to the top of the version list
  • cargo nextest run --workspace --all-features — 1315 tests pass

Closes #91

@github-actions github-actions Bot added documentation Improvements or additions to documentation rust Rust code changes needs-review Needs review size: M 50-200 lines changed labels Mar 28, 2026
@bug-ops bug-ops enabled auto-merge (squash) March 28, 2026 21:36
@bug-ops bug-ops force-pushed the 91-maven-wrong-latest-version branch from 5bdd76d to 2a41902 Compare March 28, 2026 21:37
bug-ops added 2 commits March 28, 2026 22:42
@bug-ops
fix(deps-maven): use <release> field as authoritative latest stable v…
359a828 
…ersion

Packages with legacy non-semver versions (e.g. guava r03-r09) were
incorrectly reported as latest because compare_versions falls back to
lexicographic comparison for non-numeric segments, placing "r09" above
"33.5.0-jre".

Parse the <release> element from maven-metadata.xml and return it
directly as the latest stable version in get_latest_matching_typed.
Fall back to sort-based selection only when <release> is absent.

Adds get_metadata() private helper returning (versions, release) so
the release field is available without changing the public API of
get_versions_typed.

Closes #91
@bug-ops
style: apply nightly fmt
8fcc018
@bug-ops bug-ops force-pushed the 91-maven-wrong-latest-version branch from eff6c1a to 8fcc018 Compare March 28, 2026 21:43
@bug-ops bug-ops merged commit 98e907c into main Mar 28, 2026
20 checks passed
@bug-ops bug-ops deleted the 91-maven-wrong-latest-version branch March 28, 2026 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation needs-review Needs review rust Rust code changes size: M 50-200 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix(deps-maven): wrong latest version for packages with legacy non-semver versions (e.g. guava r09 vs 33.5.0-jre)

1 participant

@bug-ops