fix(pipstar): handle a corner case for compatible version evaluation

[aignas]

It seems that there was one corner case that was left unhandled.
In theory we should also handle 3 ~= 3.0.0, but the fix for that may
be a little more involved and I want to leave it for later. However,
that case is unlikely to occur in reality because LHS for our cases
will most likely have 2 components.

Whilst at it prepare for the patch release (#3584).

Fixes #3580

[gemini-code-assist]

Summary of Changes

Hello @aignas, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on refining the version comparison logic within pipstar to better align with PEP440 standards. It resolves a specific edge case related to compatible version specifiers and includes a new test case to ensure comprehensive coverage across different Python versions. The changes also involve refactoring the code for improved clarity and maintainability.

Highlights

• Version Specifier Fix: Addressed a corner case in version specifier evaluation ("1.2" ~= "1.2.0") to improve PEP440 compatibility.
• Test Case: Added a new test case to cover scenarios spanning all Python versions.
• Code Refactoring: Refactored version comparison logic to handle prefix matching more effectively.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• CHANGELOG.md
  • Added release notes for version 1.8.4, detailing the fix for the version specifier corner case and the addition of read permissions after wheel extraction.
• python/private/version.bzl
  • Modified version comparison functions to handle prefix matching and compatible version checks more accurately.
• tests/pypi/pep508/deps_tests.bzl
  • Added a test case to verify dependency resolution across a range of Python versions.
• tests/pypi/pep508/evaluate_tests.bzl
  • Added a test case to evaluate version specifiers with compatible release operators.

Activity

• Addressed issue bug: version specifier not evaluated correctly "3.11" ~= "3.11.0" #3580 related to version specifier evaluation.
• Included a fix to improve compatibility with the PEP440 standard.
• Added a new test case to cover scenarios spanning all Python versions.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully addresses a corner case in compatible version evaluation (~=) to improve compatibility with the PEP440 standard, introducing new helper functions _is_prefix and _left_is_prefix and integrating them into _version_compatible with new test cases. However, a medium-severity Denial of Service (DoS) vulnerability was identified in python/private/version.bzl due to a lack of input length validation on version strings, which could lead to excessive resource consumption. Remediation has been recommended.