It is possible to publish a package with empty version to the registry #246

kubkon · 2025-02-13T10:03:37Z

I have checked the following:

I have searched the issues of this repository and believe that this is not a duplicate.
I have checked that the bug is reproducible with the latest version of Soldeer.

Soldeer Version

soldeer 0.5.2

What Happened?

We use automated pushing of our contracts to the soldeer registry and somehow a bug crept in that erroneously pushed our package with missing version:

I have since repro'ed the issue using a dummy test project and managed to push the project with an empty version:

Expected Behavior

$ forge init
$ soldeer push my-project~ --dry-run
...
error during publishing: package version cannot be empty

(Should return an error that version cannot be empty.)

Reproduction Steps

$ forge init
$ soldeer push my-project~ --dry-run
...
Done!

(Should never succeed.)

Configuration

The text was updated successfully, but these errors were encountered:

mario-eth · 2025-02-13T10:12:49Z

this is interesting, will double check on the backend as well, at least the backend should have caught it. weird. thanks for the fix, will review

mario-eth · 2025-02-13T12:40:24Z

I'm reopening this so i can keep track to solve on the backend

kubkon · 2025-02-14T08:55:11Z

@mario-eth would it be possible for you and any other maintainer with access to the backend to yank an invalid published (empty) version? In particular, at vlayer we are currently blocked by this in vlayer package. If you list more versions you will see this bug manifested itself between 0.1.0-nightly-20250127-334f0a0 and 0.1.0-nightly-20250127-5ee6ca8. Any help on this would greatly be appreciated! Thanks!

mario-eth · 2025-02-14T08:59:46Z

you mean to delete this empty version?

kubkon · 2025-02-14T09:47:18Z

Yep, exactly right!

mario-eth · 2025-02-14T12:32:12Z

@mario-eth would it be possible for you and any other maintainer with access to the backend to yank an invalid published (empty) version? In particular, at vlayer we are currently blocked by this in vlayer package. If you list more versions you will see this bug manifested itself between 0.1.0-nightly-20250127-334f0a0 and 0.1.0-nightly-20250127-5ee6ca8. Any help on this would greatly be appreciated! Thanks!

solved, we run the integrity checker.

kubkon added the bug Something isn't working label Feb 13, 2025

This was referenced Feb 13, 2025

fix(push): ensure version is non-empty when pushing to registry #247

Merged

refactor!: logging #242

Merged

mario-eth closed this as completed in #247 Feb 13, 2025

mario-eth reopened this Feb 13, 2025

mario-eth self-assigned this Feb 13, 2025

mario-eth added the backend label Feb 13, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

It is possible to publish a package with empty version to the registry #246

It is possible to publish a package with empty version to the registry #246

kubkon commented Feb 13, 2025

mario-eth commented Feb 13, 2025

mario-eth commented Feb 13, 2025

kubkon commented Feb 14, 2025

mario-eth commented Feb 14, 2025

kubkon commented Feb 14, 2025

mario-eth commented Feb 14, 2025 •

edited

Loading

It is possible to publish a package with empty version to the registry #246

It is possible to publish a package with empty version to the registry #246

Comments

kubkon commented Feb 13, 2025

I have checked the following:

Soldeer Version

What Happened?

Expected Behavior

Reproduction Steps

Configuration

mario-eth commented Feb 13, 2025

mario-eth commented Feb 13, 2025

kubkon commented Feb 14, 2025

mario-eth commented Feb 14, 2025

kubkon commented Feb 14, 2025

mario-eth commented Feb 14, 2025 • edited Loading

mario-eth commented Feb 14, 2025 •

edited

Loading