Raise invalid constraint when invalid version (!78) · Merge requests · GitLab.org / ruby / gems / semver_dialects · GitLab

Fabien Catteau requested to merge v3-raise-invalid-constraint into v3 Apr 26, 2024

What does this MR do?

Make IntervalParser raise an InvalidConstraintError when parsing the version raises an InvalidVersionError.

This change is necessary b/c validation based on a generic regular expression no longer ensures that the version is invalid.

In the gitlab backend, Continuous Vulnerability Scanning makes a distinction b/w the two types of errors.

It recovers from invalid versions referenced in project dependencies.
However, it lets the advisory scan job fails when the invalid version is in the affected range of versions, in the advisory.

What are the relevant issue numbers?

gitlab-org/gitlab#386070 (comment 1821312900)

Does this MR meet the acceptance criteria?

Changelog entry added
Documentation created/updated for this project, if necessary
Tests added for this feature/bug
Conforms to the code review guidelines
Security reports checked/validated by reviewer

Edited Apr 26, 2024 by Fabien Catteau