Project
cortex
Description
In cortex-cli/src/upgrade_cmd.rs, semver_compare implements version comparison by splitting on . and parsing components as u32.
let parse = |v: &str| -> Vec<u32> {
v.trim_start_matches('v')
.split('.')
.filter_map(|s| s.parse().ok())
.collect()
};This logic incorrectly handles prerelease versions (e.g. 1.0.0-beta.1).
The component 0-beta fails to parse as u32 and is discarded by filter_map.
So 1.0.0-beta.1 becomes [1, 0].
1.0.0 becomes [1, 0, 0].
Comparison logic:
match a_parts.len().cmp(&b_parts.len()) {
std::cmp::Ordering::Less => -1, // [1, 0] < [1, 0, 0]
// ...
}Thus 1.0.0-beta.1 is considered OLDER than 1.0.0. This part is accidentally correct.
However, consider 1.0.0-beta.1 vs 1.0.0-alpha.1.
Both parse to [1, 0]. They are considered EQUAL.
The upgrade command will see them as the same version and refuse to upgrade/downgrade between them (unless forced).
Also, 1.0.1 vs 1.0.0-patch. 1.0.0-patch parses as [1, 0]. 1.0.1 parses as [1, 0, 1].
[1, 0] (len 2) < [1, 0, 1] (len 3). So 1.0.0-patch < 1.0.1. Correct.
But 1.0.0-beta.2 vs 1.0.0-beta.1. Both [1, 0]. Equal.
You cannot upgrade from beta 1 to beta 2.
Error Message
N/A (Logic Error)
Debug Logs
N/A
System Information
Bounty Version: 0.1.0
OS: Ubuntu 24.04 LTS
CPU: AMD EPYC-Genoa Processor (8 cores)
RAM: 15 GB
Screenshots
No response
Steps to Reproduce
- Have
v1.0.0-beta.1 installed.
- New version
v1.0.0-beta.2 is available.
- Run
cortex upgrade --channel beta.
- Cortex parses both as
[1, 0].
- "Already on v1.0.0-beta.2" (or similar confusion), or "No upgrade needed".
Expected Behavior
It should use a proper semver parser (like semver crate) to handle prerelease precedence correctly.
Actual Behavior
Prerelease suffixes causes version parts to be dropped, making distinct versions appear identical.
Additional Context
- File:
cortex-cli/src/upgrade_cmd.rs
- Function:
semver_compare
- Parsing:
s.parse().ok() fails on non-numeric strings.
Project
cortex
Description
In
cortex-cli/src/upgrade_cmd.rs,semver_compareimplements version comparison by splitting on.and parsing components asu32.This logic incorrectly handles prerelease versions (e.g.
1.0.0-beta.1).The component
0-betafails to parse asu32and is discarded byfilter_map.So
1.0.0-beta.1becomes[1, 0].1.0.0becomes[1, 0, 0].Comparison logic:
Thus
1.0.0-beta.1is considered OLDER than1.0.0. This part is accidentally correct.However, consider
1.0.0-beta.1vs1.0.0-alpha.1.Both parse to
[1, 0]. They are considered EQUAL.The upgrade command will see them as the same version and refuse to upgrade/downgrade between them (unless forced).
Also,
1.0.1vs1.0.0-patch.1.0.0-patchparses as[1, 0].1.0.1parses as[1, 0, 1].[1, 0](len 2) <[1, 0, 1](len 3). So1.0.0-patch<1.0.1. Correct.But
1.0.0-beta.2vs1.0.0-beta.1. Both[1, 0]. Equal.You cannot upgrade from beta 1 to beta 2.
Error Message
N/A (Logic Error)
Debug Logs
N/A
System Information
Screenshots
No response
Steps to Reproduce
v1.0.0-beta.1installed.v1.0.0-beta.2is available.cortex upgrade --channel beta.[1, 0].Expected Behavior
It should use a proper semver parser (like
semvercrate) to handle prerelease precedence correctly.Actual Behavior
Prerelease suffixes causes version parts to be dropped, making distinct versions appear identical.
Additional Context
cortex-cli/src/upgrade_cmd.rssemver_compares.parse().ok()fails on non-numeric strings.