upd-cli 0.0.2__tar.gz → 0.0.3__tar.gz

{upd_cli-0.0.2 → upd_cli-0.0.3}/Cargo.lock

@@ -1521,7 +1521,7 @@ checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
 
 [[package]]
 name = "upd"
-version = "0.0.2"
+version = "0.0.3"
 dependencies = [
  "anyhow",
  "async-trait",

{upd_cli-0.0.2 → upd_cli-0.0.3}/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "upd"
-version = "0.0.2"
+version = "0.0.3"
 edition = "2024"
 rust-version = "1.91.1"
 description = "A fast dependency updater for Python and Node.js projects"

{upd_cli-0.0.2 → upd_cli-0.0.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: upd-cli
-Version: 0.0.2
+Version: 0.0.3
 Classifier: Development Status :: 4 - Beta
 Classifier: Environment :: Console
 Classifier: Intended Audience :: Developers

{upd_cli-0.0.2 → upd_cli-0.0.3}/src/cache.rs

@@ -1,9 +1,12 @@
+use crate::registry::Registry;
 use anyhow::Result;
+use async_trait::async_trait;
 use directories::ProjectDirs;
 use serde::{Deserialize, Serialize};
 use std::collections::HashMap;
 use std::fs;
 use std::path::PathBuf;
+use std::sync::{Arc, Mutex};
 use std::time::{Duration, SystemTime, UNIX_EPOCH};
 
 const CACHE_TTL_HOURS: u64 = 24;
@@ -52,6 +55,19 @@ impl Cache {
         Ok(())
     }
 
+    /// Create a shared cache wrapped in `Arc<Mutex>` for thread-safe access
+    pub fn new_shared() -> Arc<Mutex<Self>> {
+        Arc::new(Mutex::new(Self::load().unwrap_or_default()))
+    }
+
+    /// Save a shared cache to disk
+    pub fn save_shared(cache: &Arc<Mutex<Cache>>) -> Result<()> {
+        cache
+            .lock()
+            .map_err(|e| anyhow::anyhow!("Cache lock poisoned: {}", e))?
+            .save()
+    }
+
     pub fn get(&self, registry: &str, package: &str) -> Option<String> {
         let entries = match registry {
             "pypi" => &self.pypi,
@@ -136,45 +152,86 @@ impl Cache {
     }
 }
 
-/// A cached registry wrapper that checks cache before making network requests
+/// Thread-safe cached registry wrapper that implements the Registry trait.
+/// Checks cache before making network requests, storing results for future lookups.
 pub struct CachedRegistry<R> {
     inner: R,
-    cache: Cache,
-    registry_name: &'static str,
+    cache: Arc<Mutex<Cache>>,
     enabled: bool,
 }
 
-impl<R: crate::registry::Registry> CachedRegistry<R> {
-    pub fn new(inner: R, enabled: bool) -> Self {
-        let cache = Cache::load().unwrap_or_default();
-        let registry_name = inner.name();
-
+impl<R: Registry> CachedRegistry<R> {
+    pub fn new(inner: R, cache: Arc<Mutex<Cache>>, enabled: bool) -> Self {
         Self {
             inner,
             cache,
-            registry_name,
             enabled,
         }
     }
 
-    pub async fn get_latest_version(&mut self, package: &str) -> anyhow::Result<String> {
-        // Check cache first if enabled
-        if self.enabled
-            && let Some(version) = self.cache.get(self.registry_name, package)
-        {
-            return Ok(version);
+    /// Get from cache (returns None if disabled, expired, or missing)
+    fn cache_get(&self, package: &str) -> Option<String> {
+        if !self.enabled {
+            return None;
         }
+        self.cache.lock().ok()?.get(self.inner.name(), package)
+    }
 
-        // Fetch from registry
+    /// Set in cache (no-op if disabled). Does NOT save to disk - caller saves once at end.
+    fn cache_set(&self, package: &str, version: &str) {
+        if !self.enabled {
+            return;
+        }
+        if let Ok(mut cache) = self.cache.lock() {
+            cache.set(self.inner.name(), package, version.to_string());
+        }
+    }
+}
+
+#[async_trait]
+impl<R: Registry> Registry for CachedRegistry<R> {
+    async fn get_latest_version(&self, package: &str) -> Result<String> {
+        if let Some(v) = self.cache_get(package) {
+            return Ok(v);
+        }
         let version = self.inner.get_latest_version(package).await?;
+        self.cache_set(package, &version);
+        Ok(version)
+    }
 
-        // Update cache if enabled
-        if self.enabled {
-            self.cache.set(self.registry_name, package, version.clone());
-            // Best effort save - don't fail the operation if cache save fails
-            let _ = self.cache.save();
+    async fn get_latest_version_including_prereleases(&self, package: &str) -> Result<String> {
+        // Pre-releases use separate cache key to avoid returning stable when pre-release needed
+        let cache_key = format!("{}:prerelease", package);
+        if let Some(v) = self.cache_get(&cache_key) {
+            return Ok(v);
         }
+        let version = self
+            .inner
+            .get_latest_version_including_prereleases(package)
+            .await?;
+        self.cache_set(&cache_key, &version);
+        Ok(version)
+    }
 
+    async fn get_latest_version_matching(
+        &self,
+        package: &str,
+        constraints: &str,
+    ) -> Result<String> {
+        // Constraint-matching uses composite key to cache per-constraint results
+        let cache_key = format!("{}:match:{}", package, constraints);
+        if let Some(v) = self.cache_get(&cache_key) {
+            return Ok(v);
+        }
+        let version = self
+            .inner
+            .get_latest_version_matching(package, constraints)
+            .await?;
+        self.cache_set(&cache_key, &version);
         Ok(version)
     }
+
+    fn name(&self) -> &'static str {
+        self.inner.name()
+    }
 }

{upd_cli-0.0.2 → upd_cli-0.0.3}/src/main.rs

@@ -2,7 +2,8 @@ use anyhow::Result;
 use clap::Parser;
 use colored::Colorize;
 
-use upd::cache::Cache;
+use std::sync::Arc;
+use upd::cache::{Cache, CachedRegistry};
 use upd::cli::{Cli, Command};
 use upd::registry::{CratesIoRegistry, GoProxyRegistry, NpmRegistry, PyPiRegistry};
 use upd::updater::{
@@ -90,11 +91,14 @@ async fn run_update(cli: &Cli) -> Result<()> {
         );
     }
 
-    // Create registries
-    let pypi = PyPiRegistry::new();
-    let npm = NpmRegistry::new();
-    let crates_io = CratesIoRegistry::new();
-    let go_proxy = GoProxyRegistry::new();
+    // Create shared cache and wrap registries with caching layer
+    let cache = Cache::new_shared();
+    let cache_enabled = !cli.no_cache;
+
+    let pypi = CachedRegistry::new(PyPiRegistry::new(), Arc::clone(&cache), cache_enabled);
+    let npm = CachedRegistry::new(NpmRegistry::new(), Arc::clone(&cache), cache_enabled);
+    let crates_io = CachedRegistry::new(CratesIoRegistry::new(), Arc::clone(&cache), cache_enabled);
+    let go_proxy = CachedRegistry::new(GoProxyRegistry::new(), Arc::clone(&cache), cache_enabled);
 
     // Create updaters
     let requirements_updater = RequirementsUpdater::new();
@@ -103,13 +107,6 @@ async fn run_update(cli: &Cli) -> Result<()> {
     let cargo_toml_updater = CargoTomlUpdater::new();
     let go_mod_updater = GoModUpdater::new();
 
-    // Load cache if enabled
-    let mut cache = if !cli.no_cache {
-        Cache::load().ok()
-    } else {
-        None
-    };
-
     let mut total_result = UpdateResult::default();
 
     for (path, file_type) in files {
@@ -143,9 +140,9 @@ async fn run_update(cli: &Cli) -> Result<()> {
         }
     }
 
-    // Save cache
-    if let Some(ref mut cache) = cache {
-        let _ = cache.save();
+    // Save cache to disk
+    if cache_enabled {
+        let _ = Cache::save_shared(&cache);
     }
 
     // Print summary

{upd_cli-0.0.2 → upd_cli-0.0.3}/src/registry/crates_io.rs

@@ -1,8 +1,9 @@
-use super::Registry;
+use super::{Registry, get_with_retry};
 use anyhow::{Result, anyhow};
 use async_trait::async_trait;
 use reqwest::Client;
 use serde::Deserialize;
+use std::time::Duration;
 
 pub struct CratesIoRegistry {
     client: Client,
@@ -37,6 +38,8 @@ impl CratesIoRegistry {
             .gzip(true)
             // crates.io requires a descriptive User-Agent
             .user_agent("upd/0.1.0 (https://github.com/rvben/upd)")
+            .timeout(Duration::from_secs(30))
+            .connect_timeout(Duration::from_secs(10))
             .build()
             .expect("Failed to create HTTP client");
 
@@ -55,7 +58,7 @@ impl CratesIoRegistry {
 
     async fn fetch_crate(&self, name: &str) -> Result<CratesResponse> {
         let url = format!("{}/{}", self.registry_url, name);
-        let response = self.client.get(&url).send().await?;
+        let response = get_with_retry(&self.client, &url).await?;
 
         if !response.status().is_success() {
             return Err(anyhow!(

{upd_cli-0.0.2 → upd_cli-0.0.3}/src/registry/go_proxy.rs

@@ -1,8 +1,9 @@
-use super::Registry;
+use super::{Registry, get_with_retry};
 use anyhow::{Result, anyhow};
 use async_trait::async_trait;
 use reqwest::Client;
 use serde::Deserialize;
+use std::time::Duration;
 
 pub struct GoProxyRegistry {
     client: Client,
@@ -24,6 +25,8 @@ impl GoProxyRegistry {
         let client = Client::builder()
             .gzip(true)
             .user_agent("upd/0.1.0")
+            .timeout(Duration::from_secs(30))
+            .connect_timeout(Duration::from_secs(10))
             .build()
             .expect("Failed to create HTTP client");
 
@@ -49,7 +52,7 @@ impl GoProxyRegistry {
         let escaped = Self::escape_module_path(module);
         let url = format!("{}/{}/@v/list", self.proxy_url, escaped);
 
-        let response = self.client.get(&url).send().await?;
+        let response = get_with_retry(&self.client, &url).await?;
 
         if !response.status().is_success() {
             return Err(anyhow!(
@@ -110,7 +113,7 @@ impl Registry for GoProxyRegistry {
         let escaped = Self::escape_module_path(package);
         let url = format!("{}/{}/@latest", self.proxy_url, escaped);
 
-        if let Ok(response) = self.client.get(&url).send().await
+        if let Ok(response) = get_with_retry(&self.client, &url).await
             && response.status().is_success()
             && let Ok(data) = response.json::<LatestResponse>().await
         {

upd_cli-0.0.3/src/registry/mod.rs

@@ -0,0 +1,85 @@
+mod crates_io;
+mod go_proxy;
+mod npm;
+mod pypi;
+
+pub use crates_io::CratesIoRegistry;
+pub use go_proxy::GoProxyRegistry;
+pub use npm::NpmRegistry;
+pub use pypi::PyPiRegistry;
+
+use anyhow::Result;
+use async_trait::async_trait;
+use reqwest::{Client, Response};
+use std::time::Duration;
+
+/// Maximum number of retry attempts for failed HTTP requests
+const MAX_RETRIES: u32 = 3;
+
+/// Base delay for exponential backoff (100ms, 200ms, 400ms)
+const BASE_DELAY_MS: u64 = 100;
+
+/// Execute an HTTP GET request with retry and exponential backoff.
+/// Retries on transient errors (network issues, 5xx server errors).
+pub async fn get_with_retry(client: &Client, url: &str) -> Result<Response, reqwest::Error> {
+    let mut last_error = None;
+
+    for attempt in 0..MAX_RETRIES {
+        match client.get(url).send().await {
+            Ok(response) => {
+                // Don't retry client errors (4xx) - they won't succeed on retry
+                if response.status().is_client_error() || response.status().is_success() {
+                    return Ok(response);
+                }
+
+                // Retry server errors (5xx)
+                if response.status().is_server_error() && attempt < MAX_RETRIES - 1 {
+                    let delay = Duration::from_millis(BASE_DELAY_MS * (1 << attempt));
+                    tokio::time::sleep(delay).await;
+                    continue;
+                }
+
+                return Ok(response);
+            }
+            Err(e) => {
+                last_error = Some(e);
+
+                // Don't retry on the last attempt
+                if attempt < MAX_RETRIES - 1 {
+                    let delay = Duration::from_millis(BASE_DELAY_MS * (1 << attempt));
+                    tokio::time::sleep(delay).await;
+                }
+            }
+        }
+    }
+
+    Err(last_error.unwrap())
+}
+
+#[async_trait]
+pub trait Registry: Send + Sync {
+    /// Get the latest stable version of a package
+    async fn get_latest_version(&self, package: &str) -> Result<String>;
+
+    /// Get the latest version including pre-releases
+    /// Used when the user's current version is a pre-release
+    async fn get_latest_version_including_prereleases(&self, package: &str) -> Result<String> {
+        // Default: fall back to stable-only
+        self.get_latest_version(package).await
+    }
+
+    /// Get the latest version matching the given constraints (e.g., ">=2.8.0,<9")
+    /// Default implementation falls back to get_latest_version
+    async fn get_latest_version_matching(
+        &self,
+        package: &str,
+        constraints: &str,
+    ) -> Result<String> {
+        // Default: ignore constraints and return latest
+        let _ = constraints;
+        self.get_latest_version(package).await
+    }
+
+    /// Registry name for display
+    fn name(&self) -> &'static str;
+}

{upd_cli-0.0.2 → upd_cli-0.0.3}/src/registry/npm.rs

@@ -3,18 +3,22 @@ use anyhow::{Result, anyhow};
 use async_trait::async_trait;
 use reqwest::Client;
 use serde::Deserialize;
-use std::collections::HashMap;
+use serde_json::Value;
+use std::time::Duration;
 
 pub struct NpmRegistry {
     client: Client,
     registry_url: String,
 }
 
+/// Abbreviated npm response (smaller, faster)
+/// Uses Accept: application/vnd.npm.install-v1+json
 #[derive(Debug, Deserialize)]
-struct NpmResponse {
+struct NpmAbbreviatedResponse {
     #[serde(rename = "dist-tags")]
     dist_tags: DistTags,
-    versions: HashMap<String, VersionInfo>,
+    /// Version keys only (we parse them dynamically to avoid large struct)
+    versions: Value,
 }
 
 #[derive(Debug, Deserialize)]
@@ -22,11 +26,6 @@ struct DistTags {
     latest: Option<String>,
 }
 
-#[derive(Debug, Deserialize)]
-struct VersionInfo {
-    deprecated: Option<String>,
-}
-
 impl NpmRegistry {
     pub fn new() -> Self {
         Self::with_registry_url("https://registry.npmjs.org".to_string())
@@ -36,6 +35,8 @@ impl NpmRegistry {
         let client = Client::builder()
             .gzip(true)
             .user_agent("upd/0.1.0")
+            .timeout(Duration::from_secs(30))
+            .connect_timeout(Duration::from_secs(10))
             .build()
             .expect("Failed to create HTTP client");
 
@@ -50,10 +51,18 @@ impl NpmRegistry {
         std::env::var("NPM_REGISTRY").ok().filter(|s| !s.is_empty())
     }
 
-    /// Fetch package metadata from npm
-    async fn fetch_package(&self, package: &str) -> Result<NpmResponse> {
+    /// Fetch abbreviated package metadata from npm
+    /// Uses the install-v1 format which is smaller and faster
+    async fn fetch_package(&self, package: &str) -> Result<NpmAbbreviatedResponse> {
         let url = format!("{}/{}", self.registry_url, package);
-        let response = self.client.get(&url).send().await?;
+
+        // Use abbreviated metadata format (much smaller for large packages like react)
+        let response = self
+            .client
+            .get(&url)
+            .header("Accept", "application/vnd.npm.install-v1+json")
+            .send()
+            .await?;
 
         if !response.status().is_success() {
             return Err(anyhow!(
@@ -63,16 +72,24 @@ impl NpmRegistry {
             ));
         }
 
-        Ok(response.json().await?)
+        response
+            .json()
+            .await
+            .map_err(|e| anyhow!("Failed to parse npm response for '{}': {}", package, e))
     }
 
-    /// Get all stable (non-prerelease, non-deprecated) versions sorted descending
-    fn get_stable_versions(data: &NpmResponse) -> Vec<(semver::Version, String)> {
-        let mut versions: Vec<_> = data
-            .versions
-            .iter()
-            .filter(|(_, info)| info.deprecated.is_none())
-            .filter_map(|(ver_str, _)| {
+    /// Get all stable (non-prerelease) versions sorted descending
+    /// Note: abbreviated metadata doesn't include deprecated info, but dist-tags.latest
+    /// is authoritative for the recommended version
+    fn get_stable_versions(data: &NpmAbbreviatedResponse) -> Vec<(semver::Version, String)> {
+        let versions_obj = match data.versions.as_object() {
+            Some(obj) => obj,
+            None => return Vec::new(),
+        };
+
+        let mut versions: Vec<_> = versions_obj
+            .keys()
+            .filter_map(|ver_str| {
                 semver::Version::parse(ver_str).ok().and_then(|v| {
                     // Skip pre-release versions
                     if v.pre.is_empty() {
@@ -100,17 +117,15 @@ impl Registry for NpmRegistry {
     async fn get_latest_version(&self, package: &str) -> Result<String> {
         let data = self.fetch_package(package).await?;
 
-        // Use the 'latest' dist-tag first
+        // Use the 'latest' dist-tag (this is the authoritative answer from npm)
         if let Some(latest) = &data.dist_tags.latest
-            && let Some(version_info) = data.versions.get(latest)
-            && version_info.deprecated.is_none()
             && let Ok(v) = semver::Version::parse(latest)
             && v.pre.is_empty()
         {
             return Ok(latest.clone());
         }
 
-        // Fall back to finding the latest stable version
+        // Fall back to finding the latest stable version from the versions list
         let versions = Self::get_stable_versions(&data);
         versions
             .first()

{upd_cli-0.0.2 → upd_cli-0.0.3}/src/registry/pypi.rs

@@ -1,4 +1,4 @@
-use super::Registry;
+use super::{Registry, get_with_retry};
 use anyhow::{Result, anyhow};
 use async_trait::async_trait;
 use pep440_rs::{Version, VersionSpecifiers};
@@ -6,6 +6,7 @@ use reqwest::Client;
 use serde::Deserialize;
 use std::collections::HashMap;
 use std::str::FromStr;
+use std::time::Duration;
 
 pub struct PyPiRegistry {
     client: Client,
@@ -31,6 +32,8 @@ impl PyPiRegistry {
         let client = Client::builder()
             .gzip(true)
             .user_agent("upd/0.1.0")
+            .timeout(Duration::from_secs(30))
+            .connect_timeout(Duration::from_secs(10))
             .build()
             .expect("Failed to create HTTP client");
 
@@ -78,7 +81,7 @@ impl PyPiRegistry {
         let normalized = package.to_lowercase().replace('_', "-");
         let url = format!("{}/{}/json", self.index_url, normalized);
 
-        let response = self.client.get(&url).send().await?;
+        let response = get_with_retry(&self.client, &url).await?;
 
         if !response.status().is_success() {
             return Err(anyhow!(

{upd_cli-0.0.2 → upd_cli-0.0.3}/src/updater/go_mod.rs

@@ -79,6 +79,36 @@ impl GoModUpdater {
             .map(|v| !v.pre.is_empty())
             .unwrap_or(false)
     }
+
+    /// Check if a version is a pseudo-version (commit-based, not a real tag).
+    /// Pseudo-versions have the format: v0.0.0-YYYYMMDDHHMMSS-abcdefabcdef
+    /// Or for pre-release: v1.2.4-0.YYYYMMDDHHMMSS-abcdefabcdef
+    /// These modules have no semver tags (or point to commits), so updating them via registry fails.
+    fn is_pseudo_version(version: &str) -> bool {
+        // Pseudo-version patterns:
+        // 1. v0.0.0-20241217172646-ca3f786aa774 (base version is 0.0.0)
+        // 2. v1.2.4-0.20220331215641-2d8c0ab7ef04 (pre-release pseudo after real version)
+        //
+        // Look for timestamp pattern: 14 digits (YYYYMMDDHHMMSS)
+        let contains_timestamp = |s: &str| s.len() == 14 && s.chars().all(|c| c.is_ascii_digit());
+
+        // Split by dash and look for the timestamp part
+        let parts: Vec<&str> = version.split('-').collect();
+
+        for part in &parts {
+            if contains_timestamp(part) {
+                return true;
+            }
+            // Handle "0.20220331215641" format (pre-release pseudo)
+            if let Some(after_dot) = part.strip_prefix("0.")
+                && contains_timestamp(after_dot)
+            {
+                return true;
+            }
+        }
+
+        false
+    }
 }
 
 impl Default for GoModUpdater {
@@ -149,6 +179,13 @@ impl Updater for GoModUpdater {
                     continue;
                 }
 
+                // Skip pseudo-versions (commit-based, no semver tags available)
+                if Self::is_pseudo_version(current_version) {
+                    new_lines.push(line.to_string());
+                    result.unchanged += 1;
+                    continue;
+                }
+
                 // Fetch latest version
                 let version_result = if Self::is_prerelease(current_version) {
                     registry
@@ -276,4 +313,27 @@ replace (
         assert!(GoModUpdater::is_prerelease("v1.0.0-rc1"));
         assert!(GoModUpdater::is_prerelease("v1.0.0-beta"));
     }
+
+    #[test]
+    fn test_is_pseudo_version() {
+        // Standard pseudo-versions (commit-based, no semver tags)
+        assert!(GoModUpdater::is_pseudo_version(
+            "v0.0.0-20241217172646-ca3f786aa774"
+        ));
+        assert!(GoModUpdater::is_pseudo_version(
+            "v0.0.0-20220331215641-2d8c0ab7ef04"
+        ));
+
+        // Pre-release pseudo-versions (e.g., for modules with tagged releases)
+        assert!(GoModUpdater::is_pseudo_version(
+            "v1.2.4-0.20220331215641-2d8c0ab7ef04"
+        ));
+
+        // Normal versions should NOT be detected as pseudo-versions
+        assert!(!GoModUpdater::is_pseudo_version("v1.0.0"));
+        assert!(!GoModUpdater::is_pseudo_version("v1.0.0-alpha.1"));
+        assert!(!GoModUpdater::is_pseudo_version("v1.0.0-rc1"));
+        assert!(!GoModUpdater::is_pseudo_version("v2.0.0+incompatible"));
+        assert!(!GoModUpdater::is_pseudo_version("v1.0.0-beta"));
+    }
 }

{upd_cli-0.0.2 → upd_cli-0.0.3}/src/updater/requirements.rs

@@ -83,9 +83,30 @@ impl RequirementsUpdater {
         None
     }
 
-    /// Check if constraint is a simple single-version constraint (==, >=, etc. without upper bound)
+    /// Check if constraint is a simple single-version constraint that doesn't need
+    /// constraint-aware lookup (i.e., no upper bounds that could be violated)
     fn is_simple_constraint(constraint: &str) -> bool {
-        !constraint.contains(',')
+        // If there are multiple constraints (comma-separated), need constraint-aware lookup
+        if constraint.contains(',') {
+            return false;
+        }
+
+        // If the constraint has an upper-bound operator, need constraint-aware lookup
+        // Examples: "<4.2", "<=2.0", "~=1.4" (compatible release - allows only patch updates)
+        if constraint.starts_with('<')
+            || constraint.starts_with("<=")
+            || constraint.starts_with("~=")
+        {
+            return false;
+        }
+
+        // Also check for != which could affect version selection
+        if constraint.starts_with("!=") {
+            return false;
+        }
+
+        // Simple constraints like "==1.0.0", ">=1.0.0", ">1.0.0" are fine
+        true
     }
 
     fn update_line(&self, line: &str, new_version: &str) -> String {
@@ -232,10 +253,22 @@ mod tests {
 
     #[test]
     fn test_is_simple_constraint() {
+        // Simple constraints - no upper bound, no exclusions
         assert!(RequirementsUpdater::is_simple_constraint("==1.0.0"));
         assert!(RequirementsUpdater::is_simple_constraint(">=1.0.0"));
+        assert!(RequirementsUpdater::is_simple_constraint(">1.0.0"));
+
+        // Multiple constraints with comma
         assert!(!RequirementsUpdater::is_simple_constraint(">=1.0.0,<2.0.0"));
         assert!(!RequirementsUpdater::is_simple_constraint(">=2.8.0,<9"));
+
+        // Upper-bound operators (need constraint-aware lookup)
+        assert!(!RequirementsUpdater::is_simple_constraint("<4.2"));
+        assert!(!RequirementsUpdater::is_simple_constraint("<=2.0"));
+        assert!(!RequirementsUpdater::is_simple_constraint("~=1.4"));
+
+        // Exclusion operator
+        assert!(!RequirementsUpdater::is_simple_constraint("!=1.5.0"));
     }
 
     #[test]

upd_cli-0.0.3/src/version/semver_util.rs

@@ -0,0 +1,98 @@
+use semver::Version;
+
+/// Normalize a version string to full semver format (MAJOR.MINOR.PATCH)
+/// "1" -> "1.0.0", "1.2" -> "1.2.0", "1.2.3" -> "1.2.3"
+fn normalize_version(version_str: &str) -> String {
+    // Handle prerelease suffix (e.g., "1.0-alpha" -> keep as is after normalization)
+    let (base, suffix) = if let Some(idx) = version_str.find('-') {
+        (&version_str[..idx], &version_str[idx..])
+    } else {
+        (version_str, "")
+    };
+
+    let parts: Vec<&str> = base.split('.').collect();
+    let normalized = match parts.len() {
+        1 => format!("{}.0.0", parts[0]),
+        2 => format!("{}.{}.0", parts[0], parts[1]),
+        _ => base.to_string(),
+    };
+
+    format!("{}{}", normalized, suffix)
+}
+
+/// Check if a semver version string represents a stable release
+/// Handles incomplete versions like "0.9" by normalizing to "0.9.0"
+pub fn is_stable_semver(version_str: &str) -> bool {
+    let normalized = normalize_version(version_str);
+    if let Ok(version) = Version::parse(&normalized) {
+        version.pre.is_empty()
+    } else {
+        // If it still can't parse, assume it's stable (e.g., "*" or complex constraints)
+        // This is safer than treating unknown formats as prereleases
+        true
+    }
+}
+
+/// Compare two semver version strings
+/// Returns None if either version is invalid
+pub fn compare_versions(a: &str, b: &str) -> Option<std::cmp::Ordering> {
+    let va = Version::parse(a).ok()?;
+    let vb = Version::parse(b).ok()?;
+    Some(va.cmp(&vb))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_normalize_version() {
+        assert_eq!(normalize_version("1"), "1.0.0");
+        assert_eq!(normalize_version("1.2"), "1.2.0");
+        assert_eq!(normalize_version("1.2.3"), "1.2.3");
+        assert_eq!(normalize_version("0.9"), "0.9.0");
+        assert_eq!(normalize_version("1.0-alpha"), "1.0.0-alpha");
+        assert_eq!(normalize_version("1-beta.1"), "1.0.0-beta.1");
+    }
+
+    #[test]
+    fn test_stable_versions() {
+        assert!(is_stable_semver("1.0.0"));
+        assert!(is_stable_semver("2.31.0"));
+        assert!(is_stable_semver("0.1.0"));
+    }
+
+    #[test]
+    fn test_incomplete_versions_are_stable() {
+        // Incomplete versions like "0.9" should be treated as stable
+        assert!(is_stable_semver("0.9"));
+        assert!(is_stable_semver("1"));
+        assert!(is_stable_semver("2.0"));
+    }
+
+    #[test]
+    fn test_prerelease_versions() {
+        assert!(!is_stable_semver("1.0.0-alpha.1"));
+        assert!(!is_stable_semver("1.0.0-beta.2"));
+        assert!(!is_stable_semver("1.0.0-rc.1"));
+        // Incomplete versions with prerelease suffix
+        assert!(!is_stable_semver("1.0-alpha"));
+        assert!(!is_stable_semver("0.9-rc1"));
+    }
+
+    #[test]
+    fn test_version_comparison() {
+        assert_eq!(
+            compare_versions("1.0.0", "2.0.0"),
+            Some(std::cmp::Ordering::Less)
+        );
+        assert_eq!(
+            compare_versions("2.0.0", "1.0.0"),
+            Some(std::cmp::Ordering::Greater)
+        );
+        assert_eq!(
+            compare_versions("1.0.0", "1.0.0"),
+            Some(std::cmp::Ordering::Equal)
+        );
+    }
+}

upd_cli-0.0.2/src/registry/mod.rs

@@ -1,40 +0,0 @@
-mod crates_io;
-mod go_proxy;
-mod npm;
-mod pypi;
-
-pub use crates_io::CratesIoRegistry;
-pub use go_proxy::GoProxyRegistry;
-pub use npm::NpmRegistry;
-pub use pypi::PyPiRegistry;
-
-use anyhow::Result;
-use async_trait::async_trait;
-
-#[async_trait]
-pub trait Registry: Send + Sync {
-    /// Get the latest stable version of a package
-    async fn get_latest_version(&self, package: &str) -> Result<String>;
-
-    /// Get the latest version including pre-releases
-    /// Used when the user's current version is a pre-release
-    async fn get_latest_version_including_prereleases(&self, package: &str) -> Result<String> {
-        // Default: fall back to stable-only
-        self.get_latest_version(package).await
-    }
-
-    /// Get the latest version matching the given constraints (e.g., ">=2.8.0,<9")
-    /// Default implementation falls back to get_latest_version
-    async fn get_latest_version_matching(
-        &self,
-        package: &str,
-        constraints: &str,
-    ) -> Result<String> {
-        // Default: ignore constraints and return latest
-        let _ = constraints;
-        self.get_latest_version(package).await
-    }
-
-    /// Registry name for display
-    fn name(&self) -> &'static str;
-}

upd_cli-0.0.2/src/version/semver_util.rs

@@ -1,53 +0,0 @@
-use semver::Version;
-
-/// Check if a semver version string represents a stable release
-pub fn is_stable_semver(version_str: &str) -> bool {
-    if let Ok(version) = Version::parse(version_str) {
-        version.pre.is_empty()
-    } else {
-        false
-    }
-}
-
-/// Compare two semver version strings
-/// Returns None if either version is invalid
-pub fn compare_versions(a: &str, b: &str) -> Option<std::cmp::Ordering> {
-    let va = Version::parse(a).ok()?;
-    let vb = Version::parse(b).ok()?;
-    Some(va.cmp(&vb))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_stable_versions() {
-        assert!(is_stable_semver("1.0.0"));
-        assert!(is_stable_semver("2.31.0"));
-        assert!(is_stable_semver("0.1.0"));
-    }
-
-    #[test]
-    fn test_prerelease_versions() {
-        assert!(!is_stable_semver("1.0.0-alpha.1"));
-        assert!(!is_stable_semver("1.0.0-beta.2"));
-        assert!(!is_stable_semver("1.0.0-rc.1"));
-    }
-
-    #[test]
-    fn test_version_comparison() {
-        assert_eq!(
-            compare_versions("1.0.0", "2.0.0"),
-            Some(std::cmp::Ordering::Less)
-        );
-        assert_eq!(
-            compare_versions("2.0.0", "1.0.0"),
-            Some(std::cmp::Ordering::Greater)
-        );
-        assert_eq!(
-            compare_versions("1.0.0", "1.0.0"),
-            Some(std::cmp::Ordering::Equal)
-        );
-    }
-}