actions/setup-java
1
0
Fork 0
mirror of https://github.com/actions/setup-java.git synced 2026-06-16 16:38:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: reject non-semver candidate versions in isVersionSatisfies

Browse Source 
Distributions like JetBrains Runtime publish 4-segment versions such as
'17.0.8.1+1080.1' that the semver package rejects. Both compareBuild and
satisfies throw on these, which surfaced to users as "Error: Invalid
Version: 17.0.8.1+1080.1" and aborted the whole install when any
available version was non-semver. Guard with an early semver.valid check
so unparseable versions are treated as a non-match.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Sean Proctor 2026-05-26 15:25:06 -04:00
parent b622de1dfa
commit ebc5abf3fb
4 changed files with 27 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
__tests__/util.test.ts
View File

@ -27,7 +27,11 @@ describe('isVersionSatisfies', () => {
['2.5.1+3', '2.5.1+3', true],
['2.5.1+3', '2.5.1+2', false],
['15.0.0+14', '15.0.0+14.1.202003190635', false],
['15.0.0+14.1.202003190635', '15.0.0+14.1.202003190635', true]
['15.0.0+14.1.202003190635', '15.0.0+14.1.202003190635', true],
// 4-segment versions (e.g. JetBrains Runtime '17.0.8.1+1080.1') are not
// valid semver — they should be rejected, not throw.
['25.0.3+480.61', '17.0.8.1+1080.1', false],
['17', '17.0.8.1+1080.1', false]
])(
'%s, %s -> %s',
(inputRange: string, inputVersion: string, expected: boolean) => {

7
dist/cleanup/index.js vendored
View File

@ -51941,6 +51941,13 @@ function getDownloadArchiveExtension() {
exports.getDownloadArchiveExtension = getDownloadArchiveExtension;
function isVersionSatisfies(range, version) {
var _a;
// Some distributions (e.g. JetBrains Runtime) publish 4-segment versions
// like '17.0.8.1+1080.1' that semver rejects. If the candidate version
// isn't valid semver, it can't match — bail out rather than letting
// compareBuild / satisfies throw.
if (!semver.valid(version)) {
return false;
}
if (semver.valid(range)) {
// if full version with build digit is provided as a range (such as '1.2.3+4')
// we should check for exact equal via compareBuild

7
dist/setup/index.js vendored
View File

@ -80695,6 +80695,13 @@ function getDownloadArchiveExtension() {
exports.getDownloadArchiveExtension = getDownloadArchiveExtension;
function isVersionSatisfies(range, version) {
var _a;
// Some distributions (e.g. JetBrains Runtime) publish 4-segment versions
// like '17.0.8.1+1080.1' that semver rejects. If the candidate version
// isn't valid semver, it can't match — bail out rather than letting
// compareBuild / satisfies throw.
if (!semver.valid(version)) {
return false;
}
if (semver.valid(range)) {
// if full version with build digit is provided as a range (such as '1.2.3+4')
// we should check for exact equal via compareBuild

8
src/util.ts
View File

@ -55,6 +55,14 @@ export function getDownloadArchiveExtension() {
}
export function isVersionSatisfies(range: string, version: string): boolean {
// Some distributions (e.g. JetBrains Runtime) publish 4-segment versions
// like '17.0.8.1+1080.1' that semver rejects. If the candidate version
// isn't valid semver, it can't match — bail out rather than letting
// compareBuild / satisfies throw.
if (!semver.valid(version)) {
return false;
}
if (semver.valid(range)) {
// if full version with build digit is provided as a range (such as '1.2.3+4')
// we should check for exact equal via compareBuild