Pre-releases are not treated the same than in Composer
Closed this issue · 0 comments
stof commented
see FriendsOfPHP/security-advisories#511 for the initial report.
It looks like the comparison is done using a stricter semver implementation than composer which does require a .
to separate the alphabetical identifier from the following pre-release version. Composer makes that .
optional, treating 2.0.0-alpha11
as it it was 2.0.0-alpha.11
in semver.