Pre-releases are not treated the same than in Composer

Question

Pre-releases are not treated the same than in Composer

Closed this issue 3 years ago · 0 comments

see FriendsOfPHP/security-advisories#511 for the initial report.

It looks like the comparison is done using a stricter semver implementation than composer which does require a . to separate the alphabetical identifier from the following pre-release version. Composer makes that . optional, treating 2.0.0-alpha11 as it it was 2.0.0-alpha.11 in semver.