Omit prerelease versions from update selection.

[4kbyte]

📖 Description

Prevent a prerelease version from being offered as an upgrade.

🔗 References

microsoft/winget-pkgs#368913

🔍 Validation

TDD: unit test.

✅ Checklist

• Signed the Contributor License Agreement
• Linked to an issue
• Updated Release Notes (if applicable)
• Updated documentation (if applicable)
• Updated Copilot instructions (if build, architecture, or conventions changed)

📋 Issue Type

• Bug fix
• Feature
• Task

Microsoft Reviewers: Open in CodeFlow

[4kbyte]

@microsoft-github-policy-service agree

[Trenly]

This has the potential to be a breaking change for publishers who intentionally ship releases like this. Especially because there isn’t a switch that you've provided to bypass this behavior and haven’t updated any of the documentation to go with this change.

Your test case also doesn’t actually guarantee the sorting because 3.14.5 is always sorted as a higher version than 3.14.5rc1 regardless.

I understand the frustration that a release candidate slipping into stable packages causes, but I'm not sure that this check achieves the goal of preventing that in a meaningful way. Sure, it will stop some cases, but it breaks others and doesn’t capture the full spectum of behavior that WinGet has to account for.

Something like #147 would seem more along the lines of what is needed here, or an actual flag in the manifest indicating that a release is a pre-release.

• Support different release channels [released, beta, alpha] #147

Ultimately, though, this is a failure of the moderation in the source repository (winget-pkgs) and as a user of WinGet I'd rather see a proper fix there than a quick fix that has the potential to cause additional confusion when using the client.

[4kbyte]

Intent: Make stable releases the default upgrade target.

Correct that SemVer sorts 3.14.5 higher than 3.14.5rc1 (SemVer 2.0.0 section 11). That's why the patch is focused on GetLatestApplicableVersion and not SemVer handling. The test compares installed 3.14.4 against a single available manifest per case, not 3.14.5 against 3.14.5rc1; no sort is asserted.

This is larger than user experience; it's chain of trust. The winget project has become load-bearing for unattended upgrades. The original issue microsoft/winget-pkgs#368913 observes that Microsoft Store invokes winget.exe upgrade --scope user --accept-source-agreements --disable-interactivity daily.

A switch and docs are straightforward to add upon consensus. Complementary to #147, not a substitute.

[JohnMcPMS]

We can't make this change as the new default behavior without the potential for breaking something as @Trenly pointed out. It is not a security feature, it is a hurdle for a mistake to get tripped up on. Unfortunately it is susceptible to false positives in blocking.

If it were a setting that enabled this behavior, then --force could override it, that would be much easier to take without additional investigation.