Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[BUG] subset() incorrectly returns false for prerelease versions that should be subsets #757

Open
1 task done
rrosenshain-sc opened this issue Jan 29, 2025 · 5 comments
Open
1 task done

[BUG] subset() incorrectly returns false for prerelease versions that should be subsets #757

rrosenshain-sc opened this issue Jan 29, 2025 · 5 comments
Labels
Bug thing that needs fixing Needs Triage needs an initial review

Comments

@rrosenshain-sc
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

Description

semver.subset(subRange, superRange) is expected to return true when every version in subRange is also contained in superRange. However, when dealing with prerelease versions, semver.subset() appears to incorrectly return false even when the subrange is fully contained in the superrange.

Steps to Reproduce

const semver = require('semver');

console.log(semver.subset('^10.2.0-beta.2', '^10.2.0-beta.1')); // Expected: true, Actual: false

Expected Behavior

Expected Behavior

The first test (semver.subset('^10.2.0-beta.2', '^10.2.0-beta.1')) should return true because:
• ^10.2.0-beta.2 includes 10.2.0-beta.2, 10.2.0-beta.3, 10.2.0-beta.4, etc.
• ^10.2.0-beta.1 includes everything in ^10.2.0-beta.2, plus 10.2.0-beta.1.
• Since every version in ^10.2.0-beta.2 is also in ^10.2.0-beta.1, semver.subset() should return true.

Actual Behavior
Instead of returning true, semver.subset('^10.2.0-beta.2', '^10.2.0-beta.1') returns false.

Steps To Reproduce

No response

Environment

No response
@rrosenshain-sc rrosenshain-sc added Bug thing that needs fixing Needs Triage needs an initial review labels Jan 29, 2025
@ljharb
Copy link
Contributor

ljharb commented Jan 29, 2025

What if you set includePrereleases: true?

@rrosenshain-sc
Copy link
Author

What if you set includePrereleases: true?

dang now it works! Thanks for the SUPER fast resposne.
Would be cool if it automatically detects it has a prerelease and automatically uses it or maybe emit a warning or something.

@rrosenshain-sc
Copy link
Author

Actually, I realized it's not what I expect. I see that part about includePrereleases in the docs but that's simply an opt out approach.
For example

subset('^10.2.0', ^10.2.0-beta.1 , {includePrereleases: true}) should return false. but it returns true.
And same here when not using the same major/minor subset('^10.2.0-beta.2', ^10.1.0-beta.1 , {includePrereleases: true})

So essentially it seems like includePrereleases is a bypass but it's more loose than I'd expect

@ljharb
Copy link
Contributor

ljharb commented Jan 29, 2025

To clarify, ^10.2.0 by default does not include any prereleases. The semver range you probably want is ^10.2.0-beta.0.

@rrosenshain-sc
Copy link
Author

To clarify, ^10.2.0 by default does not include any prereleases. The semver range you probably want is ^10.2.0-beta.0.

Yes that's exactly my point.

// Base case (the bug)
// ^10.2.0-beta.2 is a subset of ^10.2.0-beta.1.
console.log(semver.subset('^10.2.0-beta.2', '^10.2.0-beta.1')); // Expected: True. Actual: false.

// somehow includePrerelease which ops out of some rules makes it work
console.log(semver.subset('^10.2.0-beta.2', '^10.2.0-beta.1', { includePrerelease: true })); // it works with includePrerelease: true. Actual: true

// This should return False because ^beta.1 does should not include ^10.2.0 (just like you said). But because
// I use includePrereleases it returns true.
console.log(semver.subset('^10.2.0', '^10.2.0-beta.1', { includePrereleases: true })); // Expected: False.. Actual: true

// Similarly this should return false b/c I'm not using the same major/minor/patch version
console.log(semver.subset('^10.2.0-beta.2', '^10.1.0-beta.1', { includePrereleases: true })); // Expected: False . Actual: false

The last 2 examples demonstrates that despite includePrereleases "fixing" the main bug I'm talking about, it also makes it much more "loose".

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs an initial review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ljharb @rrosenshain-sc