Skip to content

Automatically downgrade/fallback bundled signatures to next lower version if missing #274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
uschindler merged 7 commits into from
Sep 30, 2025
Merged

Automatically downgrade/fallback bundled signatures to next lower version if missing #274

uschindler merged 7 commits into from
Sep 30, 2025

Conversation

@uschindler
Copy link
Member

@uschindler uschindler commented Sep 29, 2025

This fixes #273.

The code is in early stage, but works. I added a version comparator and a comparator for bundled-signatures names. The comparator may not be the fastest, but should work correctly.

@uschindler uschindler added this to the 3.10 milestone Sep 29, 2025
@uschindler uschindler self-assigned this Sep 29, 2025
@uschindler uschindler mentioned this pull request Sep 29, 2025
Closed
@uschindler uschindler marked this pull request as draft September 29, 2025 22:54
@uschindler uschindler marked this pull request as ready for review September 30, 2025 07:55
@uschindler
Copy link
Member Author

uschindler commented Sep 30, 2025

I think this is ready now, will merge soon. This improvement will allow the following:

  • If a version of a versioned bundled signature (e.g., commons-io-unsafe-x.y) is not found it will try to find the next lower version and print a warning (e.g., versions searched is "2.10.1" instead of "2.10.0")
  • If a version of a versioned bundled signature (e.g., commons-io-unsafe-x.y) is not found it will try to find the equivalent version and NOT print a warning (e.g, version searched is "2.10" instead of "2.10.0")

This allows to refer to newer commons-io versions than the ones released as bundled signatures. A warning is printed. This warning implicitely suggests to update forbiddenapis once a new version is available, but this is not clearly communicated to prevent users from opening issues and requesting new versions (hopefully).

@uschindler uschindler merged commit cf99ebe into main Sep 30, 2025
1 check passed
@uschindler uschindler deleted the dev/issue273 branch September 30, 2025 08:57
This was referenced Sep 30, 2025
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@uschindler uschindler

Labels

enhancement

Milestone

3.10

Development

Successfully merging this pull request may close these issues.

Downgrade bundled-signatures automatically when version does not exist

2 participants

@uschindler