Add validation to reject package versions with leading zeros in numeric identifiers (semver v2.0.0)

[xavierdecoster]

Currently, no . characters are allowed in (pre)release labels in the version string, so this is a non-issue currently. However, when introducing semver v2.0.0 support, we should reject packages that use leading zeros in numeric identifiers of release labels.

Example of invalid semver2 version string: 1.0.0-alpha.001
Example of valid semver2 version string (possible today, no numeric identifier parts in release label): 1.0.0-alpha-001

[joelverhagen]

How is this different than #3482?
edit: fixed link

The mentioned version is already not parsable as a version range:
http://nugettoolsdev.azurewebsites.net/4.0.0-rtm-2265/parse-version-range?versionRange=%5B1.0.0-alpha.001%2C+%29

[xavierdecoster]

You refer to this very same issue?

It may very well be that it is not parsable, but this issue tracks the very fact that gallery doesn't even try to parse/validate it.

[joelverhagen]

You refer to this very same issue?

😆 oops! Very confusing. Sorry.

I meant #3482.

It may very well be that it is not parsable, but this issue tracks the very fact that gallery doesn't even try to parse/validate it.

Okay, perhaps we're saying the same thing. I don't understand what work there would be to complete this issue on top of the work required to complete #3482.

[xavierdecoster]

One is for dependency version ranges (#3482), the other (#3648) is for the actual package versions :)

[joelverhagen]

Clear. Thanks!

[xavierdecoster]

This is implicitly fixed by the upgrade to latests NuGet.Versioning and the validation fix #3645. No additional work needed, besides testing, which is tracked by functional test issue #3731.