Filter out unwanted versions by regex

[ryanb93]

Sometimes a library (usually internal company libraries) will publish snapshots, branch builds, or some other prefix/suffix to indicate a non-release build. For example something like:

1.0.1 to 1.0.2.feature/test
1.0.1 to 1.0.2.dev1234

Currently scala-steward will create a PR using this later version which is not ideal. It would be good to provide users of the service with a way of configuring dependencies to ignore these sort of versions. There is already support for ignoring SNAPSHOT, ALPHA, BETA, MILESTONE and RC - this could be extended to provide a negative order for a user defined list of string values, configured via .scala-steward.conf. Or it might be something that could be added to individual dependencies rather than a global setting.

[fthomas]

There is already the updates.ignore setting in .scala-steward.conf which can be used to ignore updates that match a given pattern. It currently requires a groupId and can only match a prefix, or suffix of the version but maybe we can tweak that so that the groupId is optional and versions match if they contain a given string. I think I would prefer that to a new way to ignore updates.

[esamson]

Just adding a specific use case of a library I'd like to ignore: early-access releases of javafx-web.

[fthomas]

@esamson I think we can easily achieve this by adding ea to this list of pre-release identifiers:

scala-steward/modules/core/src/main/scala/org/scalasteward/core/data/Version.scala

Lines 141 to 146 in 5fea5f1

	case "SNAP" | "SNAPSHOT" | "NIGHTLY" => -5
	case "ALPHA" | "PREVIEW" => -4
	case "BETA" | "B" => -3
	case "M" | "MILESTONE" | "AM" => -2
	case "RC" => -1
	case _ => 0

[fthomas]

I propose to fix this by adding a new contains: Option[String] field to VersionPattern that matches substrings in the version. So for example, to prevent updates to versions like 1.0.2.feature/test, one would add this to .scala-steward.conf:

updates.ignore = [ { groupId = "org.example", version = { contains = "feature" } } ]

This entry would work for all dependencies with the org.example groupId. Would this work for you @ryanb93?

[ryanb93]

I propose to fix this by adding a new contains: Option[String] field to VersionPattern that matches substrings in the version. So for example, to prevent updates to versions like 1.0.2.feature/test, one would add this to .scala-steward.conf:

updates.ignore = [ { groupId = "org.example", version = { contains = "feature" } } ]

This entry would work for all dependencies with the org.example groupId. Would this work for you @ryanb93?

That would work nicely for my use case.

[mzuehlke]

What about the more generic version to give a regex instead of contains ?

[fthomas]

I don't want to support regular expressions in .scala-steward.conf because of the possibility of DoS attacks: https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS