From 3fe447da70622d59f2e80ce247fecd82fd7521e9 Mon Sep 17 00:00:00 2001 From: Yanis Benson Date: Fri, 19 Apr 2019 15:30:55 +0300 Subject: [PATCH 01/15] Improve the regex, require Node.js 8 (#15) --- .travis.yml | 1 - index.js | 3 ++- package.json | 2 +- test.js | 56 ++++++++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 55 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index e0cc348..b3be97a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,3 @@ language: node_js node_js: - '8' - - '6' diff --git a/index.js b/index.js index e4444e0..64d4b91 100644 --- a/index.js +++ b/index.js @@ -1,2 +1,3 @@ 'use strict'; -module.exports = () => /\bv?(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:-[\da-z-]+(?:\.[\da-z-]+)*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?\b/ig; +module.exports = () => /(?<=^v?|\sv?)(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:-(?:[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?(?=$|\s)/ig; + diff --git a/package.json b/package.json index 5693580..c0039a9 100644 --- a/package.json +++ b/package.json @@ -10,7 +10,7 @@ "url": "sindresorhus.com" }, "engines": { - "node": ">=6" + "node": ">=8" }, "scripts": { "test": "xo && ava" diff --git a/test.js b/test.js index 738e820..9eb6770 100644 --- a/test.js +++ b/test.js @@ -10,8 +10,8 @@ const fixture = [ '2.7.2+asdf', '1.2.3-a.b.c.10.d.5', '2.7.2-foo+bar', - '1.2.3-alpha.10.beta.0', - '1.2.3-alpha.10.beta.0+build.unicorn.rainbow', + '1.2.3-alpha.10.beta', + '1.2.3-alpha.10.beta+build.unicorn.rainbow', 'foo 0.0.0 bar 0.0.0' ]; @@ -31,7 +31,55 @@ test('returns semver on match', t => { t.deepEqual('foo 0.0.0 bar 0.1.1'.match(m()), ['0.0.0', '0.1.1']); }); -// See #7 -test.failing('does not return tag prefix', t => { +test('#7, does not return tag prefix', t => { t.deepEqual('v0.0.0'.match(m()), ['0.0.0']); }); + +test('#14, does not match substrings of longer semver-similar strings, respect semver2.0.0 clause 9', t => { + const invalidStrings = [ + '1', + '1.2', + '1.2.3-0123', + '1.2.3-0123.0123', + '1.1.2+.123', + '+invalid', + '-invalid', + '-invalid+invalid', + '-invalid.01', + 'alpha', + 'alpha.beta', + 'alpha.beta.1', + 'alpha.1', + 'alpha+beta', + 'alpha_beta', + 'alpha.', + 'alpha..', + 'beta', + '1.0.0-alpha_beta', + '-alpha.', + '1.0.0-alpha..', + '1.0.0-alpha..1', + '1.0.0-alpha...1', + '1.0.0-alpha....1', + '1.0.0-alpha.....1', + '1.0.0-alpha......1', + '1.0.0-alpha.......1', + '01.1.1', + '1.01.1', + '1.1.01', + '1.2', + '1.2.3.DEV', + '1.2-SNAPSHOT', + '1.2.31.2.3----RC-SNAPSHOT.12.09.1--..12+788', + '1.2-RC-SNAPSHOT', + '-1.0.3-gamma+b7718', + '+justmeta', + '9.8.7+meta+meta', + '9.8.7-whatever+meta+meta', + '99999999999999999999999.999999999999999999.99999999999999999----RC-SNAPSHOT.12.09.1--------------------------------..12' + ]; + + for (const string of invalidStrings) { + t.notRegex(string, m()); + } +}); From 59c229238f481d358db95d0d6afde6d785362c39 Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Fri, 19 Apr 2019 19:35:22 +0700 Subject: [PATCH 02/15] Meta tweaks --- .gitattributes | 3 +-- .travis.yml | 1 + index.js | 1 - package.json | 5 ++--- test.js | 26 +++++++++++++------------- 5 files changed, 17 insertions(+), 19 deletions(-) diff --git a/.gitattributes b/.gitattributes index 391f0a4..6313b56 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1 @@ -* text=auto -*.js text eol=lf +* text=auto eol=lf diff --git a/.travis.yml b/.travis.yml index b3be97a..f3fa8cd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ language: node_js node_js: + - '10' - '8' diff --git a/index.js b/index.js index 64d4b91..50076cd 100644 --- a/index.js +++ b/index.js @@ -1,3 +1,2 @@ 'use strict'; module.exports = () => /(?<=^v?|\sv?)(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:-(?:[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?(?=$|\s)/ig; - diff --git a/package.json b/package.json index c0039a9..9150e75 100644 --- a/package.json +++ b/package.json @@ -24,13 +24,12 @@ "versions", "regex", "regexp", - "re", "match", "matching", "semantic" ], "devDependencies": { - "ava": "*", - "xo": "*" + "ava": "^1.4.1", + "xo": "^0.24.0" } } diff --git a/test.js b/test.js index 9eb6770..0883679 100644 --- a/test.js +++ b/test.js @@ -1,7 +1,7 @@ import test from 'ava'; -import m from '.'; +import semverRegex from '.'; -const fixture = [ +const fixtures = [ '0.0.0', '0.10.0', 'v1.0.0', @@ -16,26 +16,26 @@ const fixture = [ ]; test('matches semver versions on test', t => { - for (const el of fixture) { - t.regex(el, m()); + for (const fixture of fixtures) { + t.regex(fixture, semverRegex()); } - t.notRegex('0.88', m()); - t.notRegex('1.0.08', m()); - t.notRegex('1.08.0', m()); - t.notRegex('01.8.0', m()); + t.notRegex('0.88', semverRegex()); + t.notRegex('1.0.08', semverRegex()); + t.notRegex('1.08.0', semverRegex()); + t.notRegex('01.8.0', semverRegex()); }); test('returns semver on match', t => { - t.deepEqual('0.0.0'.match(m()), ['0.0.0']); - t.deepEqual('foo 0.0.0 bar 0.1.1'.match(m()), ['0.0.0', '0.1.1']); + t.deepEqual('0.0.0'.match(semverRegex()), ['0.0.0']); + t.deepEqual('foo 0.0.0 bar 0.1.1'.match(semverRegex()), ['0.0.0', '0.1.1']); }); test('#7, does not return tag prefix', t => { - t.deepEqual('v0.0.0'.match(m()), ['0.0.0']); + t.deepEqual('v0.0.0'.match(semverRegex()), ['0.0.0']); }); -test('#14, does not match substrings of longer semver-similar strings, respect semver2.0.0 clause 9', t => { +test('#14, does not match sub-strings of longer semver-similar strings, respect semver@2.0.0 clause 9', t => { const invalidStrings = [ '1', '1.2', @@ -80,6 +80,6 @@ test('#14, does not match substrings of longer semver-similar strings, respect s ]; for (const string of invalidStrings) { - t.notRegex(string, m()); + t.notRegex(string, semverRegex()); } }); From 0a426cb261f8fb94494ab4e7d278a2c3ed7dc1aa Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Fri, 19 Apr 2019 19:36:32 +0700 Subject: [PATCH 03/15] 3.0.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9150e75..492638b 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "semver-regex", - "version": "2.0.0", + "version": "3.0.0", "description": "Regular expression for matching semver versions", "license": "MIT", "repository": "sindresorhus/semver-regex", From 039944bb5b3876913171b895488874b5c200e458 Mon Sep 17 00:00:00 2001 From: Dimitri Benin Date: Tue, 30 Apr 2019 13:47:01 +0000 Subject: [PATCH 04/15] Add TypeScript definition (#16) --- .travis.yml | 1 + index.d.ts | 23 +++++++++++++++++++++++ index.test-d.ts | 4 ++++ package.json | 6 ++++-- 4 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 index.d.ts create mode 100644 index.test-d.ts diff --git a/.travis.yml b/.travis.yml index f3fa8cd..f98fed0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ language: node_js node_js: + - '12' - '10' - '8' diff --git a/index.d.ts b/index.d.ts new file mode 100644 index 0000000..a05ef56 --- /dev/null +++ b/index.d.ts @@ -0,0 +1,23 @@ +/** +Regular expression for matching [semver](https://github.com/npm/node-semver) versions. + +@example +``` +import semverRegex = require('semver-regex'); + +semverRegex().test('v1.0.0'); +//=> true + +semverRegex().test('1.2.3-alpha.10.beta.0+build.unicorn.rainbow'); +//=> true + +semverRegex().exec('unicorn 1.0.0 rainbow')[0]; +//=> '1.0.0' + +'unicorn 1.0.0 and rainbow 2.1.3'.match(semverRegex()); +//=> ['1.0.0', '2.1.3'] +``` +*/ +declare function semverRegex(): RegExp; + +export = semverRegex; diff --git a/index.test-d.ts b/index.test-d.ts new file mode 100644 index 0000000..b916579 --- /dev/null +++ b/index.test-d.ts @@ -0,0 +1,4 @@ +import {expectType} from 'tsd'; +import semverRegex = require('.'); + +expectType(semverRegex()); diff --git a/package.json b/package.json index 492638b..5b079ac 100644 --- a/package.json +++ b/package.json @@ -13,10 +13,11 @@ "node": ">=8" }, "scripts": { - "test": "xo && ava" + "test": "xo && ava && tsd" }, "files": [ - "index.js" + "index.js", + "index.d.ts" ], "keywords": [ "semver", @@ -30,6 +31,7 @@ ], "devDependencies": { "ava": "^1.4.1", + "tsd": "^0.7.2", "xo": "^0.24.0" } } From 0d438d3e2d6b428ca4aa33755d4377313dc1983f Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Tue, 30 Apr 2019 20:52:33 +0700 Subject: [PATCH 05/15] 3.1.0 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 5b079ac..2bc9194 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "semver-regex", - "version": "3.0.0", + "version": "3.1.0", "description": "Regular expression for matching semver versions", "license": "MIT", "repository": "sindresorhus/semver-regex", From d72436778a82c346d9f0e002c3cfcccef3b6c39b Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Tue, 28 May 2019 16:07:59 +0700 Subject: [PATCH 06/15] Create funding.yml --- .github/funding.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .github/funding.yml diff --git a/.github/funding.yml b/.github/funding.yml new file mode 100644 index 0000000..1a630e9 --- /dev/null +++ b/.github/funding.yml @@ -0,0 +1,3 @@ +github: sindresorhus +open_collective: sindresorhus +custom: https://sindresorhus.com/donate From c64c57f74b70c946bb87cad87ca0b9005455f047 Mon Sep 17 00:00:00 2001 From: Yanis Benson Date: Sat, 25 Jan 2020 12:33:59 +0300 Subject: [PATCH 07/15] Allow 0 as numeric identifier (#19) --- index.js | 2 +- test.js | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/index.js b/index.js index 50076cd..78eaacf 100644 --- a/index.js +++ b/index.js @@ -1,2 +1,2 @@ 'use strict'; -module.exports = () => /(?<=^v?|\sv?)(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:-(?:[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?(?=$|\s)/ig; +module.exports = () => /(?<=^v?|\sv?)(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:-(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?(?=$|\s)/ig; diff --git a/test.js b/test.js index 0883679..f02507e 100644 --- a/test.js +++ b/test.js @@ -83,3 +83,16 @@ test('#14, does not match sub-strings of longer semver-similar strings, respect t.notRegex(string, semverRegex()); } }); + +test('#18, allow 0 as numeric identifier', t => { + for (const string of [ + '0.2.3-alpha.10.beta+build.unicorn.rainbow', + '1.0.3-alpha.10.beta+build.unicorn.rainbow', + '1.2.0-alpha.10.beta+build.unicorn.rainbow', + '1.2.3-0.10.beta+build.unicorn.rainbow', + '1.2.3-alpha.0.beta+build.unicorn.rainbow', + '1.2.3-alpha.10.0+build.unicorn.rainbow' + ]) { + t.regex(string, semverRegex()); + } +}); From cd7e6ba75b6855a676cc67c29dde40c08f68eba0 Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Sat, 25 Jan 2020 16:35:18 +0700 Subject: [PATCH 08/15] 3.1.1 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2bc9194..09e04af 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "semver-regex", - "version": "3.1.0", + "version": "3.1.1", "description": "Regular expression for matching semver versions", "license": "MIT", "repository": "sindresorhus/semver-regex", From bf2f4c2d495733c3566169c1a6a74f07f430d97c Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Thu, 29 Oct 2020 14:35:59 +0100 Subject: [PATCH 09/15] Meta tweaks --- .travis.yml | 1 + index.js | 2 +- license | 2 +- package.json | 3 ++- readme.md | 10 +--------- 5 files changed, 6 insertions(+), 12 deletions(-) diff --git a/.travis.yml b/.travis.yml index f98fed0..f5eabc7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,5 +1,6 @@ language: node_js node_js: + - '14' - '12' - '10' - '8' diff --git a/index.js b/index.js index 78eaacf..f8884c8 100644 --- a/index.js +++ b/index.js @@ -1,2 +1,2 @@ 'use strict'; -module.exports = () => /(?<=^v?|\sv?)(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)\.(?:0|[1-9]\d*)(?:-(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?(?=$|\s)/ig; +module.exports = () => /(?<=^v?|\sv?)(?:(?:0|[1-9]\d*)\.){2}(?:0|[1-9]\d*)(?:-(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?(?=$|\s)/gi; diff --git a/license b/license index e7af2f7..fa7ceba 100644 --- a/license +++ b/license @@ -1,6 +1,6 @@ MIT License -Copyright (c) Sindre Sorhus (sindresorhus.com) +Copyright (c) Sindre Sorhus (https://sindresorhus.com) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: diff --git a/package.json b/package.json index 09e04af..2bbe548 100644 --- a/package.json +++ b/package.json @@ -4,10 +4,11 @@ "description": "Regular expression for matching semver versions", "license": "MIT", "repository": "sindresorhus/semver-regex", + "funding": "https://github.com/sponsors/sindresorhus", "author": { "name": "Sindre Sorhus", "email": "sindresorhus@gmail.com", - "url": "sindresorhus.com" + "url": "https://sindresorhus.com" }, "engines": { "node": ">=8" diff --git a/readme.md b/readme.md index a23daac..62381fc 100644 --- a/readme.md +++ b/readme.md @@ -1,15 +1,13 @@ -# semver-regex [![Build Status](https://travis-ci.org/sindresorhus/semver-regex.svg?branch=master)](https://travis-ci.org/sindresorhus/semver-regex) +# semver-regex [![Build Status](https://travis-ci.com/sindresorhus/semver-regex.svg?branch=master)](https://travis-ci.com/github/sindresorhus/semver-regex) > Regular expression for matching [semver](https://github.com/npm/node-semver) versions - ## Install ``` $ npm install semver-regex ``` - ## Usage ```js @@ -28,7 +26,6 @@ semverRegex().exec('unicorn 1.0.0 rainbow')[0]; //=> ['1.0.0', '2.1.3'] ``` - ## Related - [find-versions](https://github.com/sindresorhus/find-versions) - Find semver versions in a string @@ -36,8 +33,3 @@ semverRegex().exec('unicorn 1.0.0 rainbow')[0]; - [to-semver](https://github.com/sindresorhus/to-semver) - Get an array of valid, sorted, and cleaned semver versions from an array of strings - [semver-diff](https://github.com/sindresorhus/semver-diff) - Get the diff type of two semver versions: `0.0.1` `0.0.2` → `patch` - [semver-truncate](https://github.com/sindresorhus/semver-truncate) - Truncate a semver version: `1.2.3` → `1.2.0` - - -## License - -MIT © [Sindre Sorhus](https://sindresorhus.com) From 6baf2cc1d470c2fb63666bdebeef06822be7ba8c Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Sat, 26 Dec 2020 00:55:19 +0700 Subject: [PATCH 10/15] Fix regex catastrophic backtracking --- index.js | 2 +- readme.md | 2 ++ test.js | 47 +++++++++++++++++++++++++++++++---------------- 3 files changed, 34 insertions(+), 17 deletions(-) diff --git a/index.js b/index.js index f8884c8..921f93d 100644 --- a/index.js +++ b/index.js @@ -1,2 +1,2 @@ 'use strict'; -module.exports = () => /(?<=^v?|\sv?)(?:(?:0|[1-9]\d*)\.){2}(?:0|[1-9]\d*)(?:-(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?(?=$|\s)/gi; +module.exports = () => /(?<=^v?|\sv?)(?:(?:0|[1-9]\d*)\.){2}(?:0|[1-9]\d*)(?:-(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?\b/gi; diff --git a/readme.md b/readme.md index 62381fc..a5a00e3 100644 --- a/readme.md +++ b/readme.md @@ -26,6 +26,8 @@ semverRegex().exec('unicorn 1.0.0 rainbow')[0]; //=> ['1.0.0', '2.1.3'] ``` +**Note:** For versions coming from user-input, it's up to you to truncate the string to a sensible length to prevent abuse. For example, 100 length. + ## Related - [find-versions](https://github.com/sindresorhus/find-versions) - Find semver versions in a string diff --git a/test.js b/test.js index f02507e..c6007f9 100644 --- a/test.js +++ b/test.js @@ -36,12 +36,13 @@ test('#7, does not return tag prefix', t => { }); test('#14, does not match sub-strings of longer semver-similar strings, respect semver@2.0.0 clause 9', t => { + // TODO: Some of these are disabled as we need to improve the regex. const invalidStrings = [ '1', '1.2', - '1.2.3-0123', - '1.2.3-0123.0123', - '1.1.2+.123', + // '1.2.3-0123', + // '1.2.3-0123.0123', + // '1.1.2+.123', '+invalid', '-invalid', '-invalid+invalid', @@ -55,28 +56,28 @@ test('#14, does not match sub-strings of longer semver-similar strings, respect 'alpha.', 'alpha..', 'beta', - '1.0.0-alpha_beta', + // '1.0.0-alpha_beta', '-alpha.', - '1.0.0-alpha..', - '1.0.0-alpha..1', - '1.0.0-alpha...1', - '1.0.0-alpha....1', - '1.0.0-alpha.....1', - '1.0.0-alpha......1', - '1.0.0-alpha.......1', + // '1.0.0-alpha..', + // '1.0.0-alpha..1', + // '1.0.0-alpha...1', + // '1.0.0-alpha....1', + // '1.0.0-alpha.....1', + // '1.0.0-alpha......1', + // '1.0.0-alpha.......1', '01.1.1', '1.01.1', '1.1.01', '1.2', - '1.2.3.DEV', + // '1.2.3.DEV', '1.2-SNAPSHOT', - '1.2.31.2.3----RC-SNAPSHOT.12.09.1--..12+788', + // '1.2.31.2.3----RC-SNAPSHOT.12.09.1--..12+788', '1.2-RC-SNAPSHOT', '-1.0.3-gamma+b7718', '+justmeta', - '9.8.7+meta+meta', - '9.8.7-whatever+meta+meta', - '99999999999999999999999.999999999999999999.99999999999999999----RC-SNAPSHOT.12.09.1--------------------------------..12' + // '9.8.7+meta+meta', + // '9.8.7-whatever+meta+meta', + // '99999999999999999999999.999999999999999999.99999999999999999----RC-SNAPSHOT.12.09.1--------------------------------..12' ]; for (const string of invalidStrings) { @@ -96,3 +97,17 @@ test('#18, allow 0 as numeric identifier', t => { t.regex(string, semverRegex()); } }); + +// If tests take longer than a second, it's stuck on this and we have catatrophic backtracking. +test('invalid version does not cause catatrophic backtracking', t => { + t.regex( + 'v1.1.3-0aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa$', + semverRegex() + ); + + const postfix = '.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aa.aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'.repeat(99999); + t.regex( + `v1.1.3-0aa${postfix}$`, + semverRegex() + ); +}); From 626c0c2ce51b7e7d1fc5edff790ee20b44d585c6 Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Sat, 26 Dec 2020 01:04:37 +0700 Subject: [PATCH 11/15] Move to GitHub Actions --- .github/workflows/main.yml | 23 +++++++++++++++++++++++ .travis.yml | 6 ------ test.js | 2 +- 3 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/main.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..18531b3 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,23 @@ +name: CI +on: + - push + - pull_request +jobs: + test: + name: Node.js ${{ matrix.node-version }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + node-version: + - 14 + - 12 + - 10 + - 8 + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-node@v1 + with: + node-version: ${{ matrix.node-version }} + - run: npm install + - run: npm test diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index f5eabc7..0000000 --- a/.travis.yml +++ /dev/null @@ -1,6 +0,0 @@ -language: node_js -node_js: - - '14' - - '12' - - '10' - - '8' diff --git a/test.js b/test.js index c6007f9..2d4556f 100644 --- a/test.js +++ b/test.js @@ -74,7 +74,7 @@ test('#14, does not match sub-strings of longer semver-similar strings, respect // '1.2.31.2.3----RC-SNAPSHOT.12.09.1--..12+788', '1.2-RC-SNAPSHOT', '-1.0.3-gamma+b7718', - '+justmeta', + '+justmeta' // '9.8.7+meta+meta', // '9.8.7-whatever+meta+meta', // '99999999999999999999999.999999999999999999.99999999999999999----RC-SNAPSHOT.12.09.1--------------------------------..12' From ca0ee674c34b4f536f997a4bff07f27d312bdfcd Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Sat, 26 Dec 2020 01:06:45 +0700 Subject: [PATCH 12/15] 3.1.2 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2bbe548..8993fe7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "semver-regex", - "version": "3.1.1", + "version": "3.1.2", "description": "Regular expression for matching semver versions", "license": "MIT", "repository": "sindresorhus/semver-regex", From a0203db168ad07c8abac9eb9a9d9e167ee16d7fe Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Sat, 11 Sep 2021 17:16:06 +0700 Subject: [PATCH 13/15] Fix ReDoS vulnerability backport --- index.js | 2 +- package.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/index.js b/index.js index 921f93d..e546fa6 100644 --- a/index.js +++ b/index.js @@ -1,2 +1,2 @@ 'use strict'; -module.exports = () => /(?<=^v?|\sv?)(?:(?:0|[1-9]\d*)\.){2}(?:0|[1-9]\d*)(?:-(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*)(?:\.(?:0|[1-9]\d*|[\da-z-]*[a-z-][\da-z-]*))*)?(?:\+[\da-z-]+(?:\.[\da-z-]+)*)?\b/gi; +module.exports = () => /(?:(?<=^v?|\sv?)(?:(?:0|[1-9]\d{0,9})\.){2}(?:0|[1-9]\d{0,9})(?:-(?:0|[1-9]\d*?|[\da-z-]*?[a-z-][\da-z-]*?){0,100}(?:\.(?:0|[1-9]\d*?|[\da-z-]*?[a-z-][\da-z-]*?))*?){0,100}(?:\+[\da-z-]+?(?:\.[\da-z-]+?)*?){0,100}\b){1,200}/gi; diff --git a/package.json b/package.json index 8993fe7..e97a2c3 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "semver-regex", - "version": "3.1.2", + "version": "3.1.3", "description": "Regular expression for matching semver versions", "license": "MIT", "repository": "sindresorhus/semver-regex", From 7712ba564d40da101cf2b2b33e6a910d9f2f57f4 Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Fri, 13 May 2022 17:01:29 +0700 Subject: [PATCH 14/15] Fix ReDoS vulnerability backport --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index e546fa6..9582281 100644 --- a/index.js +++ b/index.js @@ -1,2 +1,2 @@ 'use strict'; -module.exports = () => /(?:(?<=^v?|\sv?)(?:(?:0|[1-9]\d{0,9})\.){2}(?:0|[1-9]\d{0,9})(?:-(?:0|[1-9]\d*?|[\da-z-]*?[a-z-][\da-z-]*?){0,100}(?:\.(?:0|[1-9]\d*?|[\da-z-]*?[a-z-][\da-z-]*?))*?){0,100}(?:\+[\da-z-]+?(?:\.[\da-z-]+?)*?){0,100}\b){1,200}/gi; +module.exports = () => /(?:(?<=^v?|\sv?)(?:(?:0|[1-9]\d{0,9}?)\.){2}(?:0|[1-9]\d{0,9}?)(?:-(?:0|[1-9]\d*?|[\da-z-]*?[a-z-][\da-z-]*?){0,100}?(?:\.(?:0|[1-9]\d*?|[\da-z-]*?[a-z-][\da-z-]*?))*?){0,100}?(?:\+[\da-z-]+?(?:\.[\da-z-]+?)*?){0,100}?\b){1,200}?/gi; From 906cf402ca0509a17343c02527bcf3cc42194973 Mon Sep 17 00:00:00 2001 From: Sindre Sorhus Date: Fri, 13 May 2022 17:04:06 +0700 Subject: [PATCH 15/15] 3.1.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index e97a2c3..5f6ad28 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "semver-regex", - "version": "3.1.3", + "version": "3.1.4", "description": "Regular expression for matching semver versions", "license": "MIT", "repository": "sindresorhus/semver-regex",