semver
Advanced tools
Comparing version 7.5.2 to 7.5.3
@@ -101,2 +101,3 @@ // hoisted class for cyclic dependency | ||
debug('hyphen replace', range) | ||
// `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5` | ||
@@ -108,5 +109,7 @@ range = range.replace(re[t.COMPARATORTRIM], comparatorTrimReplace) | ||
range = range.replace(re[t.TILDETRIM], tildeTrimReplace) | ||
debug('tilde trim', range) | ||
// `^ 1.2.3` => `^1.2.3` | ||
range = range.replace(re[t.CARETTRIM], caretTrimReplace) | ||
debug('caret trim', range) | ||
@@ -113,0 +116,0 @@ // At this point, the range is completely trimmed and |
@@ -12,2 +12,6 @@ // Note: this is the semver.org version of the spec that it implements | ||
// Max safe length for a build identifier. The max length minus 6 characters for | ||
// the shortest version with a build 0.0.0+BUILD. | ||
const MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6 | ||
const RELEASE_TYPES = [ | ||
@@ -26,2 +30,3 @@ 'major', | ||
MAX_SAFE_COMPONENT_LENGTH, | ||
MAX_SAFE_BUILD_LENGTH, | ||
MAX_SAFE_INTEGER, | ||
@@ -28,0 +33,0 @@ RELEASE_TYPES, |
@@ -1,2 +0,2 @@ | ||
const { MAX_SAFE_COMPONENT_LENGTH } = require('./constants') | ||
const { MAX_SAFE_COMPONENT_LENGTH, MAX_SAFE_BUILD_LENGTH } = require('./constants') | ||
const debug = require('./debug') | ||
@@ -12,12 +12,27 @@ exports = module.exports = {} | ||
const LETTERDASHNUMBER = '[a-zA-Z0-9-]' | ||
// Replace some greedy regex tokens to prevent regex dos issues. These regex are | ||
// used internally via the safeRe object since all inputs in this library get | ||
// normalized first to trim and collapse all extra whitespace. The original | ||
// regexes are exported for userland consumption and lower level usage. A | ||
// future breaking change could export the safer regex only with a note that | ||
// all input should have extra whitespace removed. | ||
const safeRegexReplacements = [ | ||
['\\s', 1], | ||
['\\d', MAX_SAFE_COMPONENT_LENGTH], | ||
[LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH], | ||
] | ||
const makeSafeRegex = (value) => { | ||
for (const [token, max] of safeRegexReplacements) { | ||
value = value | ||
.split(`${token}*`).join(`${token}{0,${max}}`) | ||
.split(`${token}+`).join(`${token}{1,${max}}`) | ||
} | ||
return value | ||
} | ||
const createToken = (name, value, isGlobal) => { | ||
// Replace all greedy whitespace to prevent regex dos issues. These regex are | ||
// used internally via the safeRe object since all inputs in this library get | ||
// normalized first to trim and collapse all extra whitespace. The original | ||
// regexes are exported for userland consumption and lower level usage. A | ||
// future breaking change could export the safer regex only with a note that | ||
// all input should have extra whitespace removed. | ||
const safe = value | ||
.split('\\s*').join('\\s{0,1}') | ||
.split('\\s+').join('\\s') | ||
const safe = makeSafeRegex(value) | ||
const index = R++ | ||
@@ -38,3 +53,3 @@ debug(name, index, value) | ||
createToken('NUMERICIDENTIFIER', '0|[1-9]\\d*') | ||
createToken('NUMERICIDENTIFIERLOOSE', '[0-9]+') | ||
createToken('NUMERICIDENTIFIERLOOSE', '\\d+') | ||
@@ -45,3 +60,3 @@ // ## Non-numeric Identifier | ||
createToken('NONNUMERICIDENTIFIER', '\\d*[a-zA-Z-][a-zA-Z0-9-]*') | ||
createToken('NONNUMERICIDENTIFIER', `\\d*[a-zA-Z-]${LETTERDASHNUMBER}*`) | ||
@@ -81,3 +96,3 @@ // ## Main Version | ||
createToken('BUILDIDENTIFIER', '[0-9A-Za-z-]+') | ||
createToken('BUILDIDENTIFIER', `${LETTERDASHNUMBER}+`) | ||
@@ -84,0 +99,0 @@ // ## Build Metadata |
{ | ||
"name": "semver", | ||
"version": "7.5.2", | ||
"version": "7.5.3", | ||
"description": "The semantic version parser used by npm.", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -162,3 +162,5 @@ semver(1) -- The semantic versioner for npm | ||
`1.2.7`, `1.2.8`, `2.5.3`, and `1.3.9`, but not the versions `1.2.6` | ||
or `1.1.0`. | ||
or `1.1.0`. The comparator `>1` is equivalent to `>=2.0.0` and | ||
would match the versions `2.0.0` and `3.1.0`, but not the versions | ||
`1.0.1` or `1.1.0`. | ||
@@ -165,0 +167,0 @@ Comparators can be joined by whitespace to form a `comparator set`, |
93390
2077
638