From c50a13683dc2d76e233610edb1f1b322bf636796 Mon Sep 17 00:00:00 2001 From: Jon Moroney Date: Mon, 9 Dec 2024 13:33:06 -0800 Subject: [PATCH] Add a formal semver 2.0.0 version type First crack at adding a formal version type in response to https://github.com/CVEProject/cve-schema/issues/362#issuecomment-2529000807 Any others which are agreed upon should be spun up in their own PRs so that conversations in the PRs can be kept on topic Happy to expand this if people think the full semver spec should be in this repo as well. I went back and forth on that. --- schema/docs/versions.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/schema/docs/versions.md b/schema/docs/versions.md index e87a6a26a17..e0b31f51a54 100644 --- a/schema/docs/versions.md +++ b/schema/docs/versions.md @@ -288,6 +288,27 @@ Now that we know how to encode version objects, that would be written as: } ] +### Version Types + +#### Semantic versioning 2.0.0 +Type identifier: `semver-2.0.0` +Formally specified here at https://semver.org/spec/v2.0.0.html +`semver-2.0.0` is new type introduced to formally specify usage of semantic versioning. +--- +`semver-2.0.0` in its simplest form is a dot separated triple. eg `1.2.3`. The three parts have names with the first being the `MAJOR`, the second being `MINOR` and the third `PATCH`. The [Semantic](https://en.wikipedia.org/wiki/Semantics) meaning of each is described as +1. MAJOR version when you make incompatible API changes +2. MINOR version when you add functionality in a backward compatible manner +3. PATCH version when you make backward compatible bug fixes +This triple can be extended with either a `-` or a `+` or with both for `pre-release` and `build` identifiers. +The triple can only be populated with non-negative integers and must not contain leading zeros. +Ordering of the triple is determined by the first difference when comparing each of these identifiers from left to right as follows: Major, minor, and patch versions are always compared numerically. +Full ordering for pre-releases and builds are described in the semver document [here](https://semver.org/spec/v2.0.0.html#spec-item-11). +While the triple can only contain numeric values the `pre-release` and `build` are free to be alpha numeric. +A complete definition of this version type can be viewed here +https://semver.org/spec/v2.0.0.html#backusnaur-form-grammar-for-valid-semver-versions + + + ## Version Status Changes As presented in the previous section,