lib/build: more spec-compliant semver regex (fixes #9267 again)

[gudvinr]

In PR#9316 support for meta-only version suffixes was added. However, some version strings still weren't supported. Notably, v0.13.0+not.allowed.to.do.this is a valid regex but gets rejected.

Here's updated regex with a bunch of new test samples from semver.org

[calmh]

I don't think we ever aimed for a complete implementation of semver though. This is more about what we use, and what we need our other tools like usage reporting and upgrade servers etc to understand. The value of widening this here is not obvious to me.

Your previous use case was "because we build things with these version numbers" but I'm more inclined to just say "don't do that, then" now...

[gudvinr]

Your previous use case was "because we build things with these version numbers"

It's the same use-case actually. I had strings like v1.27.3+noupgrade.f2f5786b failing because while it is technically valid version, syncthing didn't think the same.

The value of widening this here is not obvious to me.

At the beginning my logic was that "since semver is used here, then I can probably use any valid semver string". So it's more or less just a convenience thing.

I'm more inclined to just say "don't do that, then" now...

I'd agree with that. If you don't think it's worth the hassle I don't mind if it'd be possible to make just versions v0.13.0+to.be.allowed.to.work to be allowed to work.

Another thing I noticed is that some incorrect semver strings are considered correct by existing regex:
https://regex101.com/r/LhI4HR/1

If some external tools are used, there is a some chance that they might not like version that syncthing thinks are correct. But that's just a side note because if nobody thought of that, then there are no issues with other tools.

[calmh]

I don't know how this affects your case, but note that build tags like noupgrade are noted in the binary and visible in the version output already as is.

[gudvinr]

I don't know how this affects your case, but note that build tags like noupgrade are noted in the binary and visible in the version output already as is.

Basically, I want to add some meta to build version so it can be clearly distinguished from official builds and from each other. But it's kinda hard to do without delimiters.

For all intents and purposes, +meta is essentially a non-functional junk, which is not true for -prerelease part. E.g. it is used in ursrv or lib/upgrade and in some other parts I believe. So I assumed that version that "looks like semver" is a semver-compliant version. Turned out, it's not and that's why I filed the issue in first place.

Then, it turned out again that it's not that simple, so I finally tried to debug regex to find out what I can use. That's when I found out that it's not really a semver.
So I thought if it was useful for me, it could be useful for other people. Since there's no really any spec other than test cases, it's not clear what's allowed. And semver is a spec, so no one needs to think about that at all (ideally).

But again, I understand that it might not be a desirable change and I won't be fighting to get it merged.

As a side note, while I wrote this comment, I noticed that versionParts in lib/upgrade and ursrv are different. But that could be intended or unused.