Comparing version 7.5.1 to 7.5.3
@@ -19,2 +19,3 @@ const ANY = Symbol('SemVer ANY') | ||
comp = comp.trim().split(/\s+/).join(' ') | ||
debug('comparator', comp, options) | ||
@@ -137,3 +138,3 @@ this.options = options | ||
const parseOptions = require('../internal/parse-options') | ||
const { re, t } = require('../internal/re') | ||
const { safeRe: re, t } = require('../internal/re') | ||
const cmp = require('../functions/cmp') | ||
@@ -140,0 +141,0 @@ const debug = require('../internal/debug') |
@@ -29,8 +29,15 @@ // hoisted class for cyclic dependency | ||
// First, split based on boolean or || | ||
// First reduce all whitespace as much as possible so we do not have to rely | ||
// on potentially slow regexes like \s*. This is then stored and used for | ||
// future error messages as well. | ||
this.raw = range | ||
this.set = range | ||
.trim() | ||
.split(/\s+/) | ||
.join(' ') | ||
// First, split on || | ||
this.set = this.raw | ||
.split('||') | ||
// map the range to a 2d array of comparators | ||
.map(r => this.parseRange(r.trim())) | ||
.map(r => this.parseRange(r)) | ||
// throw out any comparator lists that are empty | ||
@@ -42,3 +49,3 @@ // this generally means that it was not a valid range, which is allowed | ||
if (!this.set.length) { | ||
throw new TypeError(`Invalid SemVer Range: ${range}`) | ||
throw new TypeError(`Invalid SemVer Range: ${this.raw}`) | ||
} | ||
@@ -69,5 +76,3 @@ | ||
this.range = this.set | ||
.map((comps) => { | ||
return comps.join(' ').trim() | ||
}) | ||
.map((comps) => comps.join(' ').trim()) | ||
.join('||') | ||
@@ -83,4 +88,2 @@ .trim() | ||
parseRange (range) { | ||
range = range.trim() | ||
// memoize range parsing for performance. | ||
@@ -102,2 +105,3 @@ // this is a very hot path, and fully deterministic. | ||
debug('hyphen replace', range) | ||
// `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5` | ||
@@ -109,9 +113,8 @@ range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace) | ||
range = range.replace(re[t.TILDETRIM], tildeTrimReplace) | ||
debug('tilde trim', range) | ||
// `^ 1.2.3` => `^1.2.3` | ||
range = range.replace(re[t.CARETTRIM], caretTrimReplace) | ||
debug('caret trim', range) | ||
// normalize spaces | ||
range = range.split(/\s+/).join(' ') | ||
// At this point, the range is completely trimmed and | ||
@@ -212,3 +215,3 @@ // ready to be split into comparators. | ||
const { | ||
re, | ||
safeRe: re, | ||
t, | ||
@@ -267,6 +270,9 @@ comparatorTrimReplace, | ||
// ~0.0.1 --> >=0.0.1 <0.1.0-0 | ||
const replaceTildes = (comp, options) => | ||
comp.trim().split(/\s+/).map((c) => { | ||
return replaceTilde(c, options) | ||
}).join(' ') | ||
const replaceTildes = (comp, options) => { | ||
return comp | ||
.trim() | ||
.split(/\s+/) | ||
.map((c) => replaceTilde(c, options)) | ||
.join(' ') | ||
} | ||
@@ -309,6 +315,9 @@ const replaceTilde = (comp, options) => { | ||
// ^0.1.0 --> >=0.1.0 <0.2.0-0 | ||
const replaceCarets = (comp, options) => | ||
comp.trim().split(/\s+/).map((c) => { | ||
return replaceCaret(c, options) | ||
}).join(' ') | ||
const replaceCarets = (comp, options) => { | ||
return comp | ||
.trim() | ||
.split(/\s+/) | ||
.map((c) => replaceCaret(c, options)) | ||
.join(' ') | ||
} | ||
@@ -370,5 +379,6 @@ const replaceCaret = (comp, options) => { | ||
debug('replaceXRanges', comp, options) | ||
return comp.split(/\s+/).map((c) => { | ||
return replaceXRange(c, options) | ||
}).join(' ') | ||
return comp | ||
.split(/\s+/) | ||
.map((c) => replaceXRange(c, options)) | ||
.join(' ') | ||
} | ||
@@ -456,3 +466,5 @@ | ||
// Looseness is ignored here. star is always as loose as it gets! | ||
return comp.trim().replace(re[t.STAR], '') | ||
return comp | ||
.trim() | ||
.replace(re[t.STAR], '') | ||
} | ||
@@ -462,3 +474,4 @@ | ||
debug('replaceGTE0', comp, options) | ||
return comp.trim() | ||
return comp | ||
.trim() | ||
.replace(re[options.includePrerelease ? t.GTE0PRE : t.GTE0], '') | ||
@@ -501,3 +514,3 @@ } | ||
return (`${from} ${to}`).trim() | ||
return `${from} ${to}`.trim() | ||
} | ||
@@ -504,0 +517,0 @@ |
const debug = require('../internal/debug') | ||
const { MAX_LENGTH, MAX_SAFE_INTEGER } = require('../internal/constants') | ||
const { re, t } = require('../internal/re') | ||
const { safeRe: re, t } = require('../internal/re') | ||
@@ -294,4 +294,6 @@ const parseOptions = require('../internal/parse-options') | ||
} | ||
this.format() | ||
this.raw = this.version | ||
this.raw = this.format() | ||
if (this.build.length) { | ||
this.raw += `+${this.build.join('.')}` | ||
} | ||
return this | ||
@@ -298,0 +300,0 @@ } |
const SemVer = require('../classes/semver') | ||
const parse = require('./parse') | ||
const { re, t } = require('../internal/re') | ||
const { safeRe: re, t } = require('../internal/re') | ||
@@ -5,0 +5,0 @@ const coerce = (version, options) => { |
@@ -16,3 +16,32 @@ const parse = require('./parse.js') | ||
const highHasPre = !!highVersion.prerelease.length | ||
const lowHasPre = !!lowVersion.prerelease.length | ||
if (lowHasPre && !highHasPre) { | ||
// Going from prerelease -> no prerelease requires some special casing | ||
// If the low version has only a major, then it will always be a major | ||
// Some examples: | ||
// 1.0.0-1 -> 1.0.0 | ||
// 1.0.0-1 -> 1.1.1 | ||
// 1.0.0-1 -> 2.0.0 | ||
if (!lowVersion.patch && !lowVersion.minor) { | ||
return 'major' | ||
} | ||
// Otherwise it can be determined by checking the high version | ||
if (highVersion.patch) { | ||
// anything higher than a patch bump would result in the wrong version | ||
return 'patch' | ||
} | ||
if (highVersion.minor) { | ||
// anything higher than a minor bump would result in the wrong version | ||
return 'minor' | ||
} | ||
// bumping major/minor/patch all have same result | ||
return 'major' | ||
} | ||
// add the `pre` prefix if we are going to a prerelease version | ||
@@ -33,24 +62,6 @@ const prefix = highHasPre ? 'pre' : '' | ||
// at this point we know stable versions match but overall versions are not equal, | ||
// so either they are both prereleases, or the lower version is a prerelease | ||
if (highHasPre) { | ||
// high and low are preleases | ||
return 'prerelease' | ||
} | ||
if (lowVersion.patch) { | ||
// anything higher than a patch bump would result in the wrong version | ||
return 'patch' | ||
} | ||
if (lowVersion.minor) { | ||
// anything higher than a minor bump would result in the wrong version | ||
return 'minor' | ||
} | ||
// bumping major/minor/patch all have same result | ||
return 'major' | ||
// high and low are preleases | ||
return 'prerelease' | ||
} | ||
module.exports = diff |
@@ -12,2 +12,6 @@ // Note: this is the semver.org version of the spec that it implements | ||
// Max safe length for a build identifier. The max length minus 6 characters for | ||
// the shortest version with a build 0.0.0+BUILD. | ||
const MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6 | ||
const RELEASE_TYPES = [ | ||
@@ -26,2 +30,3 @@ 'major', | ||
MAX_SAFE_COMPONENT_LENGTH, | ||
MAX_SAFE_BUILD_LENGTH, | ||
MAX_SAFE_INTEGER, | ||
@@ -28,0 +33,0 @@ RELEASE_TYPES, |
@@ -1,2 +0,2 @@ | ||
const { MAX_SAFE_COMPONENT_LENGTH } = require('./constants') | ||
const { MAX_SAFE_COMPONENT_LENGTH, MAX_SAFE_BUILD_LENGTH } = require('./constants') | ||
const debug = require('./debug') | ||
@@ -7,2 +7,3 @@ exports = module.exports = {} | ||
const re = exports.re = [] | ||
const safeRe = exports.safeRe = [] | ||
const src = exports.src = [] | ||
@@ -12,3 +13,27 @@ const t = exports.t = {} | ||
const LETTERDASHNUMBER = '[a-zA-Z0-9-]' | ||
// Replace some greedy regex tokens to prevent regex dos issues. These regex are | ||
// used internally via the safeRe object since all inputs in this library get | ||
// normalized first to trim and collapse all extra whitespace. The original | ||
// regexes are exported for userland consumption and lower level usage. A | ||
// future breaking change could export the safer regex only with a note that | ||
// all input should have extra whitespace removed. | ||
const safeRegexReplacements = [ | ||
['\\s', 1], | ||
['\\d', MAX_SAFE_COMPONENT_LENGTH], | ||
[LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH], | ||
] | ||
const makeSafeRegex = (value) => { | ||
for (const [token, max] of safeRegexReplacements) { | ||
value = value | ||
.split(`${token}*`).join(`${token}{0,${max}}`) | ||
.split(`${token}+`).join(`${token}{1,${max}}`) | ||
} | ||
return value | ||
} | ||
const createToken = (name, value, isGlobal) => { | ||
const safe = makeSafeRegex(value) | ||
const index = R++ | ||
@@ -19,2 +44,3 @@ debug(name, index, value) | ||
re[index] = new RegExp(value, isGlobal ? 'g' : undefined) | ||
safeRe[index] = new RegExp(safe, isGlobal ? 'g' : undefined) | ||
} | ||
@@ -29,3 +55,3 @@ | ||
createToken('NUMERICIDENTIFIER', '0|[1-9]\\d*') | ||
createToken('NUMERICIDENTIFIERLOOSE', '[0-9]+') | ||
createToken('NUMERICIDENTIFIERLOOSE', '\\d+') | ||
@@ -36,3 +62,3 @@ // ## Non-numeric Identifier | ||
createToken('NONNUMERICIDENTIFIER', '\\d*[a-zA-Z-][a-zA-Z0-9-]*') | ||
createToken('NONNUMERICIDENTIFIER', `\\d*[a-zA-Z-]${LETTERDASHNUMBER}*`) | ||
@@ -72,3 +98,3 @@ // ## Main Version | ||
createToken('BUILDIDENTIFIER', '[0-9A-Za-z-]+') | ||
createToken('BUILDIDENTIFIER', `${LETTERDASHNUMBER}+`) | ||
@@ -75,0 +101,0 @@ // ## Build Metadata |
{ | ||
"name": "semver", | ||
"version": "7.5.1", | ||
"version": "7.5.3", | ||
"description": "The semantic version parser used by npm.", | ||
@@ -17,3 +17,3 @@ "main": "index.js", | ||
"@npmcli/eslint-config": "^4.0.0", | ||
"@npmcli/template-oss": "4.14.1", | ||
"@npmcli/template-oss": "4.15.1", | ||
"tap": "^16.0.0" | ||
@@ -41,3 +41,3 @@ }, | ||
"tap": { | ||
"check-coverage": true, | ||
"timeout": 30, | ||
"coverage-map": "map.js", | ||
@@ -58,3 +58,3 @@ "nyc-arg": [ | ||
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", | ||
"version": "4.14.1", | ||
"version": "4.15.1", | ||
"engines": ">=10", | ||
@@ -61,0 +61,0 @@ "ciVersions": [ |
@@ -162,3 +162,5 @@ semver(1) -- The semantic versioner for npm | ||
`1.2.7`, `1.2.8`, `2.5.3`, and `1.3.9`, but not the versions `1.2.6` | ||
or `1.1.0`. | ||
or `1.1.0`. The comparator `>1` is equivalent to `>=2.0.0` and | ||
would match the versions `2.0.0` and `3.1.0`, but not the versions | ||
`1.0.1` or `1.1.0`. | ||
@@ -165,0 +167,0 @@ Comparators can be joined by whitespace to form a `comparator set`, |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
93390
2077
638