Incorrect versions added for pinned versions of dev modules. #33
Description
A known limitation of the Drupal packagist prevents pinned -dev versions of packages from being accurate.
Example:
composer require drupal/composer_deploy:1.x-dev#d8cf3fccf8966fb9e45659c501741a844c41a635
As of this writing, this commit should be described as version 8.x-1.1+1, meaning 1 commit ahead of release 8.x-1.1. Instead you will see this in the composer extra section.
"drupal": {
"version": "8.x-1.3+1-dev",
"datestamp": "1555315985",
"security-coverage": {
"status": "not-covered",
"message": "Dev releases are not covered by Drupal security advisories."
}
}
This is the latest commit's metadata, therefore, your pinned commit is reporting it's 2 versions ahead. Additionally, you will find that if the dependencies of the -dev package has changed between your pinned and the latest, you may not have everything you need to satisfy the needs of your pinned version.
All that to say. If we want to accurately add versions for pinned dev versions of modules we would likely have to use the git describe method Drush used back in the day. I've written a plugin that does this prior to knowing this project existed, but it's not nearly as clean. I would love to see the 2 combined as yalls code is SO much cleaner and stable. see https://github.com/generalredneck/drupal-version-info