Operationalize semver assessment tool
Problem to solve
Assess accuracy of semver_dialects using gemnas... (#369238 - closed) used the semver-assessment tool for testing advisory-to-dependency version matching differences between semver_dialects and vrange. As capabilities are added and the gem improved, these tests need to be re-run. Making the assessment tool easily automatable would allow it to run in a ci/cd pipeline and to be scheduled.
Proposal
Update the semver-assessment tool to:
- move vrangecheck source from gemnasium to this project and publish to project container registry
- ensure that tool tests fixed_range as well as affected_range
- add support for the conan registry https://gitlab.com/gitlab-org/security-products/tests/semver-assessment/-/tree/main/lib/vmatcher/commands (potentially not needed as it uses the npm resolver in vrange)
Edited by Igor Frenkel