3
0
Fork 0
mirror of https://gitea.com/actions/setup-node.git synced 2024-11-21 17:49:33 +01:00

Bump semver from 6.1.2 to 6.3.1 (#807)

This commit is contained in:
dependabot[bot] 2023-07-12 13:17:54 +02:00 committed by GitHub
parent ea800d4ebc
commit ef9c88b169
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 443 additions and 310 deletions

View file

@ -53422,78 +53422,111 @@ var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||
// Max safe segment length for coercion. // Max safe segment length for coercion.
var MAX_SAFE_COMPONENT_LENGTH = 16 var MAX_SAFE_COMPONENT_LENGTH = 16
var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6
// The actual regexps go on exports.re // The actual regexps go on exports.re
var re = exports.re = [] var re = exports.re = []
var safeRe = exports.safeRe = []
var src = exports.src = [] var src = exports.src = []
var t = exports.tokens = {}
var R = 0 var R = 0
function tok (n) {
t[n] = R++
}
var LETTERDASHNUMBER = '[a-zA-Z0-9-]'
// Replace some greedy regex tokens to prevent regex dos issues. These regex are
// used internally via the safeRe object since all inputs in this library get
// normalized first to trim and collapse all extra whitespace. The original
// regexes are exported for userland consumption and lower level usage. A
// future breaking change could export the safer regex only with a note that
// all input should have extra whitespace removed.
var safeRegexReplacements = [
['\\s', 1],
['\\d', MAX_LENGTH],
[LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH],
]
function makeSafeRe (value) {
for (var i = 0; i < safeRegexReplacements.length; i++) {
var token = safeRegexReplacements[i][0]
var max = safeRegexReplacements[i][1]
value = value
.split(token + '*').join(token + '{0,' + max + '}')
.split(token + '+').join(token + '{1,' + max + '}')
}
return value
}
// The following Regular Expressions can be used for tokenizing, // The following Regular Expressions can be used for tokenizing,
// validating, and parsing SemVer version strings. // validating, and parsing SemVer version strings.
// ## Numeric Identifier // ## Numeric Identifier
// A single `0`, or a non-zero digit followed by zero or more digits. // A single `0`, or a non-zero digit followed by zero or more digits.
var NUMERICIDENTIFIER = R++ tok('NUMERICIDENTIFIER')
src[NUMERICIDENTIFIER] = '0|[1-9]\\d*' src[t.NUMERICIDENTIFIER] = '0|[1-9]\\d*'
var NUMERICIDENTIFIERLOOSE = R++ tok('NUMERICIDENTIFIERLOOSE')
src[NUMERICIDENTIFIERLOOSE] = '[0-9]+' src[t.NUMERICIDENTIFIERLOOSE] = '\\d+'
// ## Non-numeric Identifier // ## Non-numeric Identifier
// Zero or more digits, followed by a letter or hyphen, and then zero or // Zero or more digits, followed by a letter or hyphen, and then zero or
// more letters, digits, or hyphens. // more letters, digits, or hyphens.
var NONNUMERICIDENTIFIER = R++ tok('NONNUMERICIDENTIFIER')
src[NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-][a-zA-Z0-9-]*' src[t.NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-]' + LETTERDASHNUMBER + '*'
// ## Main Version // ## Main Version
// Three dot-separated numeric identifiers. // Three dot-separated numeric identifiers.
var MAINVERSION = R++ tok('MAINVERSION')
src[MAINVERSION] = '(' + src[NUMERICIDENTIFIER] + ')\\.' + src[t.MAINVERSION] = '(' + src[t.NUMERICIDENTIFIER] + ')\\.' +
'(' + src[NUMERICIDENTIFIER] + ')\\.' + '(' + src[t.NUMERICIDENTIFIER] + ')\\.' +
'(' + src[NUMERICIDENTIFIER] + ')' '(' + src[t.NUMERICIDENTIFIER] + ')'
var MAINVERSIONLOOSE = R++ tok('MAINVERSIONLOOSE')
src[MAINVERSIONLOOSE] = '(' + src[NUMERICIDENTIFIERLOOSE] + ')\\.' + src[t.MAINVERSIONLOOSE] = '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')\\.' +
'(' + src[NUMERICIDENTIFIERLOOSE] + ')\\.' + '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')\\.' +
'(' + src[NUMERICIDENTIFIERLOOSE] + ')' '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')'
// ## Pre-release Version Identifier // ## Pre-release Version Identifier
// A numeric identifier, or a non-numeric identifier. // A numeric identifier, or a non-numeric identifier.
var PRERELEASEIDENTIFIER = R++ tok('PRERELEASEIDENTIFIER')
src[PRERELEASEIDENTIFIER] = '(?:' + src[NUMERICIDENTIFIER] + src[t.PRERELEASEIDENTIFIER] = '(?:' + src[t.NUMERICIDENTIFIER] +
'|' + src[NONNUMERICIDENTIFIER] + ')' '|' + src[t.NONNUMERICIDENTIFIER] + ')'
var PRERELEASEIDENTIFIERLOOSE = R++ tok('PRERELEASEIDENTIFIERLOOSE')
src[PRERELEASEIDENTIFIERLOOSE] = '(?:' + src[NUMERICIDENTIFIERLOOSE] + src[t.PRERELEASEIDENTIFIERLOOSE] = '(?:' + src[t.NUMERICIDENTIFIERLOOSE] +
'|' + src[NONNUMERICIDENTIFIER] + ')' '|' + src[t.NONNUMERICIDENTIFIER] + ')'
// ## Pre-release Version // ## Pre-release Version
// Hyphen, followed by one or more dot-separated pre-release version // Hyphen, followed by one or more dot-separated pre-release version
// identifiers. // identifiers.
var PRERELEASE = R++ tok('PRERELEASE')
src[PRERELEASE] = '(?:-(' + src[PRERELEASEIDENTIFIER] + src[t.PRERELEASE] = '(?:-(' + src[t.PRERELEASEIDENTIFIER] +
'(?:\\.' + src[PRERELEASEIDENTIFIER] + ')*))' '(?:\\.' + src[t.PRERELEASEIDENTIFIER] + ')*))'
var PRERELEASELOOSE = R++ tok('PRERELEASELOOSE')
src[PRERELEASELOOSE] = '(?:-?(' + src[PRERELEASEIDENTIFIERLOOSE] + src[t.PRERELEASELOOSE] = '(?:-?(' + src[t.PRERELEASEIDENTIFIERLOOSE] +
'(?:\\.' + src[PRERELEASEIDENTIFIERLOOSE] + ')*))' '(?:\\.' + src[t.PRERELEASEIDENTIFIERLOOSE] + ')*))'
// ## Build Metadata Identifier // ## Build Metadata Identifier
// Any combination of digits, letters, or hyphens. // Any combination of digits, letters, or hyphens.
var BUILDIDENTIFIER = R++ tok('BUILDIDENTIFIER')
src[BUILDIDENTIFIER] = '[0-9A-Za-z-]+' src[t.BUILDIDENTIFIER] = LETTERDASHNUMBER + '+'
// ## Build Metadata // ## Build Metadata
// Plus sign, followed by one or more period-separated build metadata // Plus sign, followed by one or more period-separated build metadata
// identifiers. // identifiers.
var BUILD = R++ tok('BUILD')
src[BUILD] = '(?:\\+(' + src[BUILDIDENTIFIER] + src[t.BUILD] = '(?:\\+(' + src[t.BUILDIDENTIFIER] +
'(?:\\.' + src[BUILDIDENTIFIER] + ')*))' '(?:\\.' + src[t.BUILDIDENTIFIER] + ')*))'
// ## Full Version String // ## Full Version String
// A main version, followed optionally by a pre-release version and // A main version, followed optionally by a pre-release version and
@ -53504,129 +53537,137 @@ src[BUILD] = '(?:\\+(' + src[BUILDIDENTIFIER] +
// capturing group, because it should not ever be used in version // capturing group, because it should not ever be used in version
// comparison. // comparison.
var FULL = R++ tok('FULL')
var FULLPLAIN = 'v?' + src[MAINVERSION] + tok('FULLPLAIN')
src[PRERELEASE] + '?' + src[t.FULLPLAIN] = 'v?' + src[t.MAINVERSION] +
src[BUILD] + '?' src[t.PRERELEASE] + '?' +
src[t.BUILD] + '?'
src[FULL] = '^' + FULLPLAIN + '$' src[t.FULL] = '^' + src[t.FULLPLAIN] + '$'
// like full, but allows v1.2.3 and =1.2.3, which people do sometimes. // like full, but allows v1.2.3 and =1.2.3, which people do sometimes.
// also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty // also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty
// common in the npm registry. // common in the npm registry.
var LOOSEPLAIN = '[v=\\s]*' + src[MAINVERSIONLOOSE] + tok('LOOSEPLAIN')
src[PRERELEASELOOSE] + '?' + src[t.LOOSEPLAIN] = '[v=\\s]*' + src[t.MAINVERSIONLOOSE] +
src[BUILD] + '?' src[t.PRERELEASELOOSE] + '?' +
src[t.BUILD] + '?'
var LOOSE = R++ tok('LOOSE')
src[LOOSE] = '^' + LOOSEPLAIN + '$' src[t.LOOSE] = '^' + src[t.LOOSEPLAIN] + '$'
var GTLT = R++ tok('GTLT')
src[GTLT] = '((?:<|>)?=?)' src[t.GTLT] = '((?:<|>)?=?)'
// Something like "2.*" or "1.2.x". // Something like "2.*" or "1.2.x".
// Note that "x.x" is a valid xRange identifer, meaning "any version" // Note that "x.x" is a valid xRange identifer, meaning "any version"
// Only the first item is strictly required. // Only the first item is strictly required.
var XRANGEIDENTIFIERLOOSE = R++ tok('XRANGEIDENTIFIERLOOSE')
src[XRANGEIDENTIFIERLOOSE] = src[NUMERICIDENTIFIERLOOSE] + '|x|X|\\*' src[t.XRANGEIDENTIFIERLOOSE] = src[t.NUMERICIDENTIFIERLOOSE] + '|x|X|\\*'
var XRANGEIDENTIFIER = R++ tok('XRANGEIDENTIFIER')
src[XRANGEIDENTIFIER] = src[NUMERICIDENTIFIER] + '|x|X|\\*' src[t.XRANGEIDENTIFIER] = src[t.NUMERICIDENTIFIER] + '|x|X|\\*'
var XRANGEPLAIN = R++ tok('XRANGEPLAIN')
src[XRANGEPLAIN] = '[v=\\s]*(' + src[XRANGEIDENTIFIER] + ')' + src[t.XRANGEPLAIN] = '[v=\\s]*(' + src[t.XRANGEIDENTIFIER] + ')' +
'(?:\\.(' + src[XRANGEIDENTIFIER] + ')' + '(?:\\.(' + src[t.XRANGEIDENTIFIER] + ')' +
'(?:\\.(' + src[XRANGEIDENTIFIER] + ')' + '(?:\\.(' + src[t.XRANGEIDENTIFIER] + ')' +
'(?:' + src[PRERELEASE] + ')?' + '(?:' + src[t.PRERELEASE] + ')?' +
src[BUILD] + '?' + src[t.BUILD] + '?' +
')?)?' ')?)?'
var XRANGEPLAINLOOSE = R++ tok('XRANGEPLAINLOOSE')
src[XRANGEPLAINLOOSE] = '[v=\\s]*(' + src[XRANGEIDENTIFIERLOOSE] + ')' + src[t.XRANGEPLAINLOOSE] = '[v=\\s]*(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +
'(?:\\.(' + src[XRANGEIDENTIFIERLOOSE] + ')' + '(?:\\.(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +
'(?:\\.(' + src[XRANGEIDENTIFIERLOOSE] + ')' + '(?:\\.(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +
'(?:' + src[PRERELEASELOOSE] + ')?' + '(?:' + src[t.PRERELEASELOOSE] + ')?' +
src[BUILD] + '?' + src[t.BUILD] + '?' +
')?)?' ')?)?'
var XRANGE = R++ tok('XRANGE')
src[XRANGE] = '^' + src[GTLT] + '\\s*' + src[XRANGEPLAIN] + '$' src[t.XRANGE] = '^' + src[t.GTLT] + '\\s*' + src[t.XRANGEPLAIN] + '$'
var XRANGELOOSE = R++ tok('XRANGELOOSE')
src[XRANGELOOSE] = '^' + src[GTLT] + '\\s*' + src[XRANGEPLAINLOOSE] + '$' src[t.XRANGELOOSE] = '^' + src[t.GTLT] + '\\s*' + src[t.XRANGEPLAINLOOSE] + '$'
// Coercion. // Coercion.
// Extract anything that could conceivably be a part of a valid semver // Extract anything that could conceivably be a part of a valid semver
var COERCE = R++ tok('COERCE')
src[COERCE] = '(?:^|[^\\d])' + src[t.COERCE] = '(^|[^\\d])' +
'(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '})' + '(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '})' +
'(?:\\.(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' + '(?:\\.(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' +
'(?:\\.(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' + '(?:\\.(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' +
'(?:$|[^\\d])' '(?:$|[^\\d])'
tok('COERCERTL')
re[t.COERCERTL] = new RegExp(src[t.COERCE], 'g')
safeRe[t.COERCERTL] = new RegExp(makeSafeRe(src[t.COERCE]), 'g')
// Tilde ranges. // Tilde ranges.
// Meaning is "reasonably at or greater than" // Meaning is "reasonably at or greater than"
var LONETILDE = R++ tok('LONETILDE')
src[LONETILDE] = '(?:~>?)' src[t.LONETILDE] = '(?:~>?)'
var TILDETRIM = R++ tok('TILDETRIM')
src[TILDETRIM] = '(\\s*)' + src[LONETILDE] + '\\s+' src[t.TILDETRIM] = '(\\s*)' + src[t.LONETILDE] + '\\s+'
re[TILDETRIM] = new RegExp(src[TILDETRIM], 'g') re[t.TILDETRIM] = new RegExp(src[t.TILDETRIM], 'g')
safeRe[t.TILDETRIM] = new RegExp(makeSafeRe(src[t.TILDETRIM]), 'g')
var tildeTrimReplace = '$1~' var tildeTrimReplace = '$1~'
var TILDE = R++ tok('TILDE')
src[TILDE] = '^' + src[LONETILDE] + src[XRANGEPLAIN] + '$' src[t.TILDE] = '^' + src[t.LONETILDE] + src[t.XRANGEPLAIN] + '$'
var TILDELOOSE = R++ tok('TILDELOOSE')
src[TILDELOOSE] = '^' + src[LONETILDE] + src[XRANGEPLAINLOOSE] + '$' src[t.TILDELOOSE] = '^' + src[t.LONETILDE] + src[t.XRANGEPLAINLOOSE] + '$'
// Caret ranges. // Caret ranges.
// Meaning is "at least and backwards compatible with" // Meaning is "at least and backwards compatible with"
var LONECARET = R++ tok('LONECARET')
src[LONECARET] = '(?:\\^)' src[t.LONECARET] = '(?:\\^)'
var CARETTRIM = R++ tok('CARETTRIM')
src[CARETTRIM] = '(\\s*)' + src[LONECARET] + '\\s+' src[t.CARETTRIM] = '(\\s*)' + src[t.LONECARET] + '\\s+'
re[CARETTRIM] = new RegExp(src[CARETTRIM], 'g') re[t.CARETTRIM] = new RegExp(src[t.CARETTRIM], 'g')
safeRe[t.CARETTRIM] = new RegExp(makeSafeRe(src[t.CARETTRIM]), 'g')
var caretTrimReplace = '$1^' var caretTrimReplace = '$1^'
var CARET = R++ tok('CARET')
src[CARET] = '^' + src[LONECARET] + src[XRANGEPLAIN] + '$' src[t.CARET] = '^' + src[t.LONECARET] + src[t.XRANGEPLAIN] + '$'
var CARETLOOSE = R++ tok('CARETLOOSE')
src[CARETLOOSE] = '^' + src[LONECARET] + src[XRANGEPLAINLOOSE] + '$' src[t.CARETLOOSE] = '^' + src[t.LONECARET] + src[t.XRANGEPLAINLOOSE] + '$'
// A simple gt/lt/eq thing, or just "" to indicate "any version" // A simple gt/lt/eq thing, or just "" to indicate "any version"
var COMPARATORLOOSE = R++ tok('COMPARATORLOOSE')
src[COMPARATORLOOSE] = '^' + src[GTLT] + '\\s*(' + LOOSEPLAIN + ')$|^$' src[t.COMPARATORLOOSE] = '^' + src[t.GTLT] + '\\s*(' + src[t.LOOSEPLAIN] + ')$|^$'
var COMPARATOR = R++ tok('COMPARATOR')
src[COMPARATOR] = '^' + src[GTLT] + '\\s*(' + FULLPLAIN + ')$|^$' src[t.COMPARATOR] = '^' + src[t.GTLT] + '\\s*(' + src[t.FULLPLAIN] + ')$|^$'
// An expression to strip any whitespace between the gtlt and the thing // An expression to strip any whitespace between the gtlt and the thing
// it modifies, so that `> 1.2.3` ==> `>1.2.3` // it modifies, so that `> 1.2.3` ==> `>1.2.3`
var COMPARATORTRIM = R++ tok('COMPARATORTRIM')
src[COMPARATORTRIM] = '(\\s*)' + src[GTLT] + src[t.COMPARATORTRIM] = '(\\s*)' + src[t.GTLT] +
'\\s*(' + LOOSEPLAIN + '|' + src[XRANGEPLAIN] + ')' '\\s*(' + src[t.LOOSEPLAIN] + '|' + src[t.XRANGEPLAIN] + ')'
// this one has to use the /g flag // this one has to use the /g flag
re[COMPARATORTRIM] = new RegExp(src[COMPARATORTRIM], 'g') re[t.COMPARATORTRIM] = new RegExp(src[t.COMPARATORTRIM], 'g')
safeRe[t.COMPARATORTRIM] = new RegExp(makeSafeRe(src[t.COMPARATORTRIM]), 'g')
var comparatorTrimReplace = '$1$2$3' var comparatorTrimReplace = '$1$2$3'
// Something like `1.2.3 - 1.2.4` // Something like `1.2.3 - 1.2.4`
// Note that these all use the loose form, because they'll be // Note that these all use the loose form, because they'll be
// checked against either the strict or loose comparator form // checked against either the strict or loose comparator form
// later. // later.
var HYPHENRANGE = R++ tok('HYPHENRANGE')
src[HYPHENRANGE] = '^\\s*(' + src[XRANGEPLAIN] + ')' + src[t.HYPHENRANGE] = '^\\s*(' + src[t.XRANGEPLAIN] + ')' +
'\\s+-\\s+' + '\\s+-\\s+' +
'(' + src[XRANGEPLAIN] + ')' + '(' + src[t.XRANGEPLAIN] + ')' +
'\\s*$' '\\s*$'
var HYPHENRANGELOOSE = R++ tok('HYPHENRANGELOOSE')
src[HYPHENRANGELOOSE] = '^\\s*(' + src[XRANGEPLAINLOOSE] + ')' + src[t.HYPHENRANGELOOSE] = '^\\s*(' + src[t.XRANGEPLAINLOOSE] + ')' +
'\\s+-\\s+' + '\\s+-\\s+' +
'(' + src[XRANGEPLAINLOOSE] + ')' + '(' + src[t.XRANGEPLAINLOOSE] + ')' +
'\\s*$' '\\s*$'
// Star ranges basically just allow anything at all. // Star ranges basically just allow anything at all.
var STAR = R++ tok('STAR')
src[STAR] = '(<|>)?=?\\s*\\*' src[t.STAR] = '(<|>)?=?\\s*\\*'
// Compile to actual regexp objects. // Compile to actual regexp objects.
// All are flag-free, unless they were created above with a flag. // All are flag-free, unless they were created above with a flag.
@ -53634,6 +53675,14 @@ for (var i = 0; i < R; i++) {
debug(i, src[i]) debug(i, src[i])
if (!re[i]) { if (!re[i]) {
re[i] = new RegExp(src[i]) re[i] = new RegExp(src[i])
// Replace all greedy whitespace to prevent regex dos issues. These regex are
// used internally via the safeRe object since all inputs in this library get
// normalized first to trim and collapse all extra whitespace. The original
// regexes are exported for userland consumption and lower level usage. A
// future breaking change could export the safer regex only with a note that
// all input should have extra whitespace removed.
safeRe[i] = new RegExp(makeSafeRe(src[i]))
} }
} }
@ -53658,7 +53707,7 @@ function parse (version, options) {
return null return null
} }
var r = options.loose ? re[LOOSE] : re[FULL] var r = options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL]
if (!r.test(version)) { if (!r.test(version)) {
return null return null
} }
@ -53713,7 +53762,7 @@ function SemVer (version, options) {
this.options = options this.options = options
this.loose = !!options.loose this.loose = !!options.loose
var m = version.trim().match(options.loose ? re[LOOSE] : re[FULL]) var m = version.trim().match(options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL])
if (!m) { if (!m) {
throw new TypeError('Invalid Version: ' + version) throw new TypeError('Invalid Version: ' + version)
@ -54158,6 +54207,7 @@ function Comparator (comp, options) {
return new Comparator(comp, options) return new Comparator(comp, options)
} }
comp = comp.trim().split(/\s+/).join(' ')
debug('comparator', comp, options) debug('comparator', comp, options)
this.options = options this.options = options
this.loose = !!options.loose this.loose = !!options.loose
@ -54174,7 +54224,7 @@ function Comparator (comp, options) {
var ANY = {} var ANY = {}
Comparator.prototype.parse = function (comp) { Comparator.prototype.parse = function (comp) {
var r = this.options.loose ? re[COMPARATORLOOSE] : re[COMPARATOR] var r = this.options.loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
var m = comp.match(r) var m = comp.match(r)
if (!m) { if (!m) {
@ -54298,9 +54348,16 @@ function Range (range, options) {
this.loose = !!options.loose this.loose = !!options.loose
this.includePrerelease = !!options.includePrerelease this.includePrerelease = !!options.includePrerelease
// First, split based on boolean or || // First reduce all whitespace as much as possible so we do not have to rely
// on potentially slow regexes like \s*. This is then stored and used for
// future error messages as well.
this.raw = range this.raw = range
this.set = range.split(/\s*\|\|\s*/).map(function (range) { .trim()
.split(/\s+/)
.join(' ')
// First, split based on boolean or ||
this.set = this.raw.split('||').map(function (range) {
return this.parseRange(range.trim()) return this.parseRange(range.trim())
}, this).filter(function (c) { }, this).filter(function (c) {
// throw out any that are not relevant for whatever reason // throw out any that are not relevant for whatever reason
@ -54308,7 +54365,7 @@ function Range (range, options) {
}) })
if (!this.set.length) { if (!this.set.length) {
throw new TypeError('Invalid SemVer Range: ' + range) throw new TypeError('Invalid SemVer Range: ' + this.raw)
} }
this.format() this.format()
@ -54327,20 +54384,19 @@ Range.prototype.toString = function () {
Range.prototype.parseRange = function (range) { Range.prototype.parseRange = function (range) {
var loose = this.options.loose var loose = this.options.loose
range = range.trim()
// `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4` // `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4`
var hr = loose ? re[HYPHENRANGELOOSE] : re[HYPHENRANGE] var hr = loose ? safeRe[t.HYPHENRANGELOOSE] : safeRe[t.HYPHENRANGE]
range = range.replace(hr, hyphenReplace) range = range.replace(hr, hyphenReplace)
debug('hyphen replace', range) debug('hyphen replace', range)
// `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5` // `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5`
range = range.replace(re[COMPARATORTRIM], comparatorTrimReplace) range = range.replace(safeRe[t.COMPARATORTRIM], comparatorTrimReplace)
debug('comparator trim', range, re[COMPARATORTRIM]) debug('comparator trim', range, safeRe[t.COMPARATORTRIM])
// `~ 1.2.3` => `~1.2.3` // `~ 1.2.3` => `~1.2.3`
range = range.replace(re[TILDETRIM], tildeTrimReplace) range = range.replace(safeRe[t.TILDETRIM], tildeTrimReplace)
// `^ 1.2.3` => `^1.2.3` // `^ 1.2.3` => `^1.2.3`
range = range.replace(re[CARETTRIM], caretTrimReplace) range = range.replace(safeRe[t.CARETTRIM], caretTrimReplace)
// normalize spaces // normalize spaces
range = range.split(/\s+/).join(' ') range = range.split(/\s+/).join(' ')
@ -54348,7 +54404,7 @@ Range.prototype.parseRange = function (range) {
// At this point, the range is completely trimmed and // At this point, the range is completely trimmed and
// ready to be split into comparators. // ready to be split into comparators.
var compRe = loose ? re[COMPARATORLOOSE] : re[COMPARATOR] var compRe = loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
var set = range.split(' ').map(function (comp) { var set = range.split(' ').map(function (comp) {
return parseComparator(comp, this.options) return parseComparator(comp, this.options)
}, this).join(' ').split(/\s+/) }, this).join(' ').split(/\s+/)
@ -54448,7 +54504,7 @@ function replaceTildes (comp, options) {
} }
function replaceTilde (comp, options) { function replaceTilde (comp, options) {
var r = options.loose ? re[TILDELOOSE] : re[TILDE] var r = options.loose ? safeRe[t.TILDELOOSE] : safeRe[t.TILDE]
return comp.replace(r, function (_, M, m, p, pr) { return comp.replace(r, function (_, M, m, p, pr) {
debug('tilde', comp, _, M, m, p, pr) debug('tilde', comp, _, M, m, p, pr)
var ret var ret
@ -54489,7 +54545,7 @@ function replaceCarets (comp, options) {
function replaceCaret (comp, options) { function replaceCaret (comp, options) {
debug('caret', comp, options) debug('caret', comp, options)
var r = options.loose ? re[CARETLOOSE] : re[CARET] var r = options.loose ? safeRe[t.CARETLOOSE] : safeRe[t.CARET]
return comp.replace(r, function (_, M, m, p, pr) { return comp.replace(r, function (_, M, m, p, pr) {
debug('caret', comp, _, M, m, p, pr) debug('caret', comp, _, M, m, p, pr)
var ret var ret
@ -54548,7 +54604,7 @@ function replaceXRanges (comp, options) {
function replaceXRange (comp, options) { function replaceXRange (comp, options) {
comp = comp.trim() comp = comp.trim()
var r = options.loose ? re[XRANGELOOSE] : re[XRANGE] var r = options.loose ? safeRe[t.XRANGELOOSE] : safeRe[t.XRANGE]
return comp.replace(r, function (ret, gtlt, M, m, p, pr) { return comp.replace(r, function (ret, gtlt, M, m, p, pr) {
debug('xRange', comp, ret, gtlt, M, m, p, pr) debug('xRange', comp, ret, gtlt, M, m, p, pr)
var xM = isX(M) var xM = isX(M)
@ -54560,10 +54616,14 @@ function replaceXRange (comp, options) {
gtlt = '' gtlt = ''
} }
// if we're including prereleases in the match, then we need
// to fix this to -0, the lowest possible prerelease value
pr = options.includePrerelease ? '-0' : ''
if (xM) { if (xM) {
if (gtlt === '>' || gtlt === '<') { if (gtlt === '>' || gtlt === '<') {
// nothing is allowed // nothing is allowed
ret = '<0.0.0' ret = '<0.0.0-0'
} else { } else {
// nothing is forbidden // nothing is forbidden
ret = '*' ret = '*'
@ -54600,11 +54660,12 @@ function replaceXRange (comp, options) {
} }
} }
ret = gtlt + M + '.' + m + '.' + p ret = gtlt + M + '.' + m + '.' + p + pr
} else if (xm) { } else if (xm) {
ret = '>=' + M + '.0.0 <' + (+M + 1) + '.0.0' ret = '>=' + M + '.0.0' + pr + ' <' + (+M + 1) + '.0.0' + pr
} else if (xp) { } else if (xp) {
ret = '>=' + M + '.' + m + '.0 <' + M + '.' + (+m + 1) + '.0' ret = '>=' + M + '.' + m + '.0' + pr +
' <' + M + '.' + (+m + 1) + '.0' + pr
} }
debug('xRange return', ret) debug('xRange return', ret)
@ -54618,10 +54679,10 @@ function replaceXRange (comp, options) {
function replaceStars (comp, options) { function replaceStars (comp, options) {
debug('replaceStars', comp, options) debug('replaceStars', comp, options)
// Looseness is ignored here. star is always as loose as it gets! // Looseness is ignored here. star is always as loose as it gets!
return comp.trim().replace(re[STAR], '') return comp.trim().replace(safeRe[t.STAR], '')
} }
// This function is passed to string.replace(re[HYPHENRANGE]) // This function is passed to string.replace(re[t.HYPHENRANGE])
// M, m, patch, prerelease, build // M, m, patch, prerelease, build
// 1.2 - 3.4.5 => >=1.2.0 <=3.4.5 // 1.2 - 3.4.5 => >=1.2.0 <=3.4.5
// 1.2.3 - 3.4 => >=1.2.0 <3.5.0 Any 3.4.x will do // 1.2.3 - 3.4 => >=1.2.0 <3.5.0 Any 3.4.x will do
@ -54932,19 +54993,49 @@ function coerce (version, options) {
return version return version
} }
if (typeof version === 'number') {
version = String(version)
}
if (typeof version !== 'string') { if (typeof version !== 'string') {
return null return null
} }
var match = version.match(re[COERCE]) options = options || {}
if (match == null) { var match = null
if (!options.rtl) {
match = version.match(safeRe[t.COERCE])
} else {
// Find the right-most coercible string that does not share
// a terminus with a more left-ward coercible string.
// Eg, '1.2.3.4' wants to coerce '2.3.4', not '3.4' or '4'
//
// Walk through the string checking with a /g regexp
// Manually set the index so as to pick up overlapping matches.
// Stop when we get a match that ends at the string end, since no
// coercible string can be more right-ward without the same terminus.
var next
while ((next = safeRe[t.COERCERTL].exec(version)) &&
(!match || match.index + match[0].length !== version.length)
) {
if (!match ||
next.index + next[0].length !== match.index + match[0].length) {
match = next
}
safeRe[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
}
// leave it in a clean state
safeRe[t.COERCERTL].lastIndex = -1
}
if (match === null) {
return null return null
} }
return parse(match[1] + return parse(match[2] +
'.' + (match[2] || '0') + '.' + (match[3] || '0') +
'.' + (match[3] || '0'), options) '.' + (match[4] || '0'), options)
} }

343
dist/setup/index.js vendored
View file

@ -63509,78 +63509,111 @@ var MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||
// Max safe segment length for coercion. // Max safe segment length for coercion.
var MAX_SAFE_COMPONENT_LENGTH = 16 var MAX_SAFE_COMPONENT_LENGTH = 16
var MAX_SAFE_BUILD_LENGTH = MAX_LENGTH - 6
// The actual regexps go on exports.re // The actual regexps go on exports.re
var re = exports.re = [] var re = exports.re = []
var safeRe = exports.safeRe = []
var src = exports.src = [] var src = exports.src = []
var t = exports.tokens = {}
var R = 0 var R = 0
function tok (n) {
t[n] = R++
}
var LETTERDASHNUMBER = '[a-zA-Z0-9-]'
// Replace some greedy regex tokens to prevent regex dos issues. These regex are
// used internally via the safeRe object since all inputs in this library get
// normalized first to trim and collapse all extra whitespace. The original
// regexes are exported for userland consumption and lower level usage. A
// future breaking change could export the safer regex only with a note that
// all input should have extra whitespace removed.
var safeRegexReplacements = [
['\\s', 1],
['\\d', MAX_LENGTH],
[LETTERDASHNUMBER, MAX_SAFE_BUILD_LENGTH],
]
function makeSafeRe (value) {
for (var i = 0; i < safeRegexReplacements.length; i++) {
var token = safeRegexReplacements[i][0]
var max = safeRegexReplacements[i][1]
value = value
.split(token + '*').join(token + '{0,' + max + '}')
.split(token + '+').join(token + '{1,' + max + '}')
}
return value
}
// The following Regular Expressions can be used for tokenizing, // The following Regular Expressions can be used for tokenizing,
// validating, and parsing SemVer version strings. // validating, and parsing SemVer version strings.
// ## Numeric Identifier // ## Numeric Identifier
// A single `0`, or a non-zero digit followed by zero or more digits. // A single `0`, or a non-zero digit followed by zero or more digits.
var NUMERICIDENTIFIER = R++ tok('NUMERICIDENTIFIER')
src[NUMERICIDENTIFIER] = '0|[1-9]\\d*' src[t.NUMERICIDENTIFIER] = '0|[1-9]\\d*'
var NUMERICIDENTIFIERLOOSE = R++ tok('NUMERICIDENTIFIERLOOSE')
src[NUMERICIDENTIFIERLOOSE] = '[0-9]+' src[t.NUMERICIDENTIFIERLOOSE] = '\\d+'
// ## Non-numeric Identifier // ## Non-numeric Identifier
// Zero or more digits, followed by a letter or hyphen, and then zero or // Zero or more digits, followed by a letter or hyphen, and then zero or
// more letters, digits, or hyphens. // more letters, digits, or hyphens.
var NONNUMERICIDENTIFIER = R++ tok('NONNUMERICIDENTIFIER')
src[NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-][a-zA-Z0-9-]*' src[t.NONNUMERICIDENTIFIER] = '\\d*[a-zA-Z-]' + LETTERDASHNUMBER + '*'
// ## Main Version // ## Main Version
// Three dot-separated numeric identifiers. // Three dot-separated numeric identifiers.
var MAINVERSION = R++ tok('MAINVERSION')
src[MAINVERSION] = '(' + src[NUMERICIDENTIFIER] + ')\\.' + src[t.MAINVERSION] = '(' + src[t.NUMERICIDENTIFIER] + ')\\.' +
'(' + src[NUMERICIDENTIFIER] + ')\\.' + '(' + src[t.NUMERICIDENTIFIER] + ')\\.' +
'(' + src[NUMERICIDENTIFIER] + ')' '(' + src[t.NUMERICIDENTIFIER] + ')'
var MAINVERSIONLOOSE = R++ tok('MAINVERSIONLOOSE')
src[MAINVERSIONLOOSE] = '(' + src[NUMERICIDENTIFIERLOOSE] + ')\\.' + src[t.MAINVERSIONLOOSE] = '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')\\.' +
'(' + src[NUMERICIDENTIFIERLOOSE] + ')\\.' + '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')\\.' +
'(' + src[NUMERICIDENTIFIERLOOSE] + ')' '(' + src[t.NUMERICIDENTIFIERLOOSE] + ')'
// ## Pre-release Version Identifier // ## Pre-release Version Identifier
// A numeric identifier, or a non-numeric identifier. // A numeric identifier, or a non-numeric identifier.
var PRERELEASEIDENTIFIER = R++ tok('PRERELEASEIDENTIFIER')
src[PRERELEASEIDENTIFIER] = '(?:' + src[NUMERICIDENTIFIER] + src[t.PRERELEASEIDENTIFIER] = '(?:' + src[t.NUMERICIDENTIFIER] +
'|' + src[NONNUMERICIDENTIFIER] + ')' '|' + src[t.NONNUMERICIDENTIFIER] + ')'
var PRERELEASEIDENTIFIERLOOSE = R++ tok('PRERELEASEIDENTIFIERLOOSE')
src[PRERELEASEIDENTIFIERLOOSE] = '(?:' + src[NUMERICIDENTIFIERLOOSE] + src[t.PRERELEASEIDENTIFIERLOOSE] = '(?:' + src[t.NUMERICIDENTIFIERLOOSE] +
'|' + src[NONNUMERICIDENTIFIER] + ')' '|' + src[t.NONNUMERICIDENTIFIER] + ')'
// ## Pre-release Version // ## Pre-release Version
// Hyphen, followed by one or more dot-separated pre-release version // Hyphen, followed by one or more dot-separated pre-release version
// identifiers. // identifiers.
var PRERELEASE = R++ tok('PRERELEASE')
src[PRERELEASE] = '(?:-(' + src[PRERELEASEIDENTIFIER] + src[t.PRERELEASE] = '(?:-(' + src[t.PRERELEASEIDENTIFIER] +
'(?:\\.' + src[PRERELEASEIDENTIFIER] + ')*))' '(?:\\.' + src[t.PRERELEASEIDENTIFIER] + ')*))'
var PRERELEASELOOSE = R++ tok('PRERELEASELOOSE')
src[PRERELEASELOOSE] = '(?:-?(' + src[PRERELEASEIDENTIFIERLOOSE] + src[t.PRERELEASELOOSE] = '(?:-?(' + src[t.PRERELEASEIDENTIFIERLOOSE] +
'(?:\\.' + src[PRERELEASEIDENTIFIERLOOSE] + ')*))' '(?:\\.' + src[t.PRERELEASEIDENTIFIERLOOSE] + ')*))'
// ## Build Metadata Identifier // ## Build Metadata Identifier
// Any combination of digits, letters, or hyphens. // Any combination of digits, letters, or hyphens.
var BUILDIDENTIFIER = R++ tok('BUILDIDENTIFIER')
src[BUILDIDENTIFIER] = '[0-9A-Za-z-]+' src[t.BUILDIDENTIFIER] = LETTERDASHNUMBER + '+'
// ## Build Metadata // ## Build Metadata
// Plus sign, followed by one or more period-separated build metadata // Plus sign, followed by one or more period-separated build metadata
// identifiers. // identifiers.
var BUILD = R++ tok('BUILD')
src[BUILD] = '(?:\\+(' + src[BUILDIDENTIFIER] + src[t.BUILD] = '(?:\\+(' + src[t.BUILDIDENTIFIER] +
'(?:\\.' + src[BUILDIDENTIFIER] + ')*))' '(?:\\.' + src[t.BUILDIDENTIFIER] + ')*))'
// ## Full Version String // ## Full Version String
// A main version, followed optionally by a pre-release version and // A main version, followed optionally by a pre-release version and
@ -63591,129 +63624,137 @@ src[BUILD] = '(?:\\+(' + src[BUILDIDENTIFIER] +
// capturing group, because it should not ever be used in version // capturing group, because it should not ever be used in version
// comparison. // comparison.
var FULL = R++ tok('FULL')
var FULLPLAIN = 'v?' + src[MAINVERSION] + tok('FULLPLAIN')
src[PRERELEASE] + '?' + src[t.FULLPLAIN] = 'v?' + src[t.MAINVERSION] +
src[BUILD] + '?' src[t.PRERELEASE] + '?' +
src[t.BUILD] + '?'
src[FULL] = '^' + FULLPLAIN + '$' src[t.FULL] = '^' + src[t.FULLPLAIN] + '$'
// like full, but allows v1.2.3 and =1.2.3, which people do sometimes. // like full, but allows v1.2.3 and =1.2.3, which people do sometimes.
// also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty // also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty
// common in the npm registry. // common in the npm registry.
var LOOSEPLAIN = '[v=\\s]*' + src[MAINVERSIONLOOSE] + tok('LOOSEPLAIN')
src[PRERELEASELOOSE] + '?' + src[t.LOOSEPLAIN] = '[v=\\s]*' + src[t.MAINVERSIONLOOSE] +
src[BUILD] + '?' src[t.PRERELEASELOOSE] + '?' +
src[t.BUILD] + '?'
var LOOSE = R++ tok('LOOSE')
src[LOOSE] = '^' + LOOSEPLAIN + '$' src[t.LOOSE] = '^' + src[t.LOOSEPLAIN] + '$'
var GTLT = R++ tok('GTLT')
src[GTLT] = '((?:<|>)?=?)' src[t.GTLT] = '((?:<|>)?=?)'
// Something like "2.*" or "1.2.x". // Something like "2.*" or "1.2.x".
// Note that "x.x" is a valid xRange identifer, meaning "any version" // Note that "x.x" is a valid xRange identifer, meaning "any version"
// Only the first item is strictly required. // Only the first item is strictly required.
var XRANGEIDENTIFIERLOOSE = R++ tok('XRANGEIDENTIFIERLOOSE')
src[XRANGEIDENTIFIERLOOSE] = src[NUMERICIDENTIFIERLOOSE] + '|x|X|\\*' src[t.XRANGEIDENTIFIERLOOSE] = src[t.NUMERICIDENTIFIERLOOSE] + '|x|X|\\*'
var XRANGEIDENTIFIER = R++ tok('XRANGEIDENTIFIER')
src[XRANGEIDENTIFIER] = src[NUMERICIDENTIFIER] + '|x|X|\\*' src[t.XRANGEIDENTIFIER] = src[t.NUMERICIDENTIFIER] + '|x|X|\\*'
var XRANGEPLAIN = R++ tok('XRANGEPLAIN')
src[XRANGEPLAIN] = '[v=\\s]*(' + src[XRANGEIDENTIFIER] + ')' + src[t.XRANGEPLAIN] = '[v=\\s]*(' + src[t.XRANGEIDENTIFIER] + ')' +
'(?:\\.(' + src[XRANGEIDENTIFIER] + ')' + '(?:\\.(' + src[t.XRANGEIDENTIFIER] + ')' +
'(?:\\.(' + src[XRANGEIDENTIFIER] + ')' + '(?:\\.(' + src[t.XRANGEIDENTIFIER] + ')' +
'(?:' + src[PRERELEASE] + ')?' + '(?:' + src[t.PRERELEASE] + ')?' +
src[BUILD] + '?' + src[t.BUILD] + '?' +
')?)?' ')?)?'
var XRANGEPLAINLOOSE = R++ tok('XRANGEPLAINLOOSE')
src[XRANGEPLAINLOOSE] = '[v=\\s]*(' + src[XRANGEIDENTIFIERLOOSE] + ')' + src[t.XRANGEPLAINLOOSE] = '[v=\\s]*(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +
'(?:\\.(' + src[XRANGEIDENTIFIERLOOSE] + ')' + '(?:\\.(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +
'(?:\\.(' + src[XRANGEIDENTIFIERLOOSE] + ')' + '(?:\\.(' + src[t.XRANGEIDENTIFIERLOOSE] + ')' +
'(?:' + src[PRERELEASELOOSE] + ')?' + '(?:' + src[t.PRERELEASELOOSE] + ')?' +
src[BUILD] + '?' + src[t.BUILD] + '?' +
')?)?' ')?)?'
var XRANGE = R++ tok('XRANGE')
src[XRANGE] = '^' + src[GTLT] + '\\s*' + src[XRANGEPLAIN] + '$' src[t.XRANGE] = '^' + src[t.GTLT] + '\\s*' + src[t.XRANGEPLAIN] + '$'
var XRANGELOOSE = R++ tok('XRANGELOOSE')
src[XRANGELOOSE] = '^' + src[GTLT] + '\\s*' + src[XRANGEPLAINLOOSE] + '$' src[t.XRANGELOOSE] = '^' + src[t.GTLT] + '\\s*' + src[t.XRANGEPLAINLOOSE] + '$'
// Coercion. // Coercion.
// Extract anything that could conceivably be a part of a valid semver // Extract anything that could conceivably be a part of a valid semver
var COERCE = R++ tok('COERCE')
src[COERCE] = '(?:^|[^\\d])' + src[t.COERCE] = '(^|[^\\d])' +
'(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '})' + '(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '})' +
'(?:\\.(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' + '(?:\\.(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' +
'(?:\\.(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' + '(?:\\.(\\d{1,' + MAX_SAFE_COMPONENT_LENGTH + '}))?' +
'(?:$|[^\\d])' '(?:$|[^\\d])'
tok('COERCERTL')
re[t.COERCERTL] = new RegExp(src[t.COERCE], 'g')
safeRe[t.COERCERTL] = new RegExp(makeSafeRe(src[t.COERCE]), 'g')
// Tilde ranges. // Tilde ranges.
// Meaning is "reasonably at or greater than" // Meaning is "reasonably at or greater than"
var LONETILDE = R++ tok('LONETILDE')
src[LONETILDE] = '(?:~>?)' src[t.LONETILDE] = '(?:~>?)'
var TILDETRIM = R++ tok('TILDETRIM')
src[TILDETRIM] = '(\\s*)' + src[LONETILDE] + '\\s+' src[t.TILDETRIM] = '(\\s*)' + src[t.LONETILDE] + '\\s+'
re[TILDETRIM] = new RegExp(src[TILDETRIM], 'g') re[t.TILDETRIM] = new RegExp(src[t.TILDETRIM], 'g')
safeRe[t.TILDETRIM] = new RegExp(makeSafeRe(src[t.TILDETRIM]), 'g')
var tildeTrimReplace = '$1~' var tildeTrimReplace = '$1~'
var TILDE = R++ tok('TILDE')
src[TILDE] = '^' + src[LONETILDE] + src[XRANGEPLAIN] + '$' src[t.TILDE] = '^' + src[t.LONETILDE] + src[t.XRANGEPLAIN] + '$'
var TILDELOOSE = R++ tok('TILDELOOSE')
src[TILDELOOSE] = '^' + src[LONETILDE] + src[XRANGEPLAINLOOSE] + '$' src[t.TILDELOOSE] = '^' + src[t.LONETILDE] + src[t.XRANGEPLAINLOOSE] + '$'
// Caret ranges. // Caret ranges.
// Meaning is "at least and backwards compatible with" // Meaning is "at least and backwards compatible with"
var LONECARET = R++ tok('LONECARET')
src[LONECARET] = '(?:\\^)' src[t.LONECARET] = '(?:\\^)'
var CARETTRIM = R++ tok('CARETTRIM')
src[CARETTRIM] = '(\\s*)' + src[LONECARET] + '\\s+' src[t.CARETTRIM] = '(\\s*)' + src[t.LONECARET] + '\\s+'
re[CARETTRIM] = new RegExp(src[CARETTRIM], 'g') re[t.CARETTRIM] = new RegExp(src[t.CARETTRIM], 'g')
safeRe[t.CARETTRIM] = new RegExp(makeSafeRe(src[t.CARETTRIM]), 'g')
var caretTrimReplace = '$1^' var caretTrimReplace = '$1^'
var CARET = R++ tok('CARET')
src[CARET] = '^' + src[LONECARET] + src[XRANGEPLAIN] + '$' src[t.CARET] = '^' + src[t.LONECARET] + src[t.XRANGEPLAIN] + '$'
var CARETLOOSE = R++ tok('CARETLOOSE')
src[CARETLOOSE] = '^' + src[LONECARET] + src[XRANGEPLAINLOOSE] + '$' src[t.CARETLOOSE] = '^' + src[t.LONECARET] + src[t.XRANGEPLAINLOOSE] + '$'
// A simple gt/lt/eq thing, or just "" to indicate "any version" // A simple gt/lt/eq thing, or just "" to indicate "any version"
var COMPARATORLOOSE = R++ tok('COMPARATORLOOSE')
src[COMPARATORLOOSE] = '^' + src[GTLT] + '\\s*(' + LOOSEPLAIN + ')$|^$' src[t.COMPARATORLOOSE] = '^' + src[t.GTLT] + '\\s*(' + src[t.LOOSEPLAIN] + ')$|^$'
var COMPARATOR = R++ tok('COMPARATOR')
src[COMPARATOR] = '^' + src[GTLT] + '\\s*(' + FULLPLAIN + ')$|^$' src[t.COMPARATOR] = '^' + src[t.GTLT] + '\\s*(' + src[t.FULLPLAIN] + ')$|^$'
// An expression to strip any whitespace between the gtlt and the thing // An expression to strip any whitespace between the gtlt and the thing
// it modifies, so that `> 1.2.3` ==> `>1.2.3` // it modifies, so that `> 1.2.3` ==> `>1.2.3`
var COMPARATORTRIM = R++ tok('COMPARATORTRIM')
src[COMPARATORTRIM] = '(\\s*)' + src[GTLT] + src[t.COMPARATORTRIM] = '(\\s*)' + src[t.GTLT] +
'\\s*(' + LOOSEPLAIN + '|' + src[XRANGEPLAIN] + ')' '\\s*(' + src[t.LOOSEPLAIN] + '|' + src[t.XRANGEPLAIN] + ')'
// this one has to use the /g flag // this one has to use the /g flag
re[COMPARATORTRIM] = new RegExp(src[COMPARATORTRIM], 'g') re[t.COMPARATORTRIM] = new RegExp(src[t.COMPARATORTRIM], 'g')
safeRe[t.COMPARATORTRIM] = new RegExp(makeSafeRe(src[t.COMPARATORTRIM]), 'g')
var comparatorTrimReplace = '$1$2$3' var comparatorTrimReplace = '$1$2$3'
// Something like `1.2.3 - 1.2.4` // Something like `1.2.3 - 1.2.4`
// Note that these all use the loose form, because they'll be // Note that these all use the loose form, because they'll be
// checked against either the strict or loose comparator form // checked against either the strict or loose comparator form
// later. // later.
var HYPHENRANGE = R++ tok('HYPHENRANGE')
src[HYPHENRANGE] = '^\\s*(' + src[XRANGEPLAIN] + ')' + src[t.HYPHENRANGE] = '^\\s*(' + src[t.XRANGEPLAIN] + ')' +
'\\s+-\\s+' + '\\s+-\\s+' +
'(' + src[XRANGEPLAIN] + ')' + '(' + src[t.XRANGEPLAIN] + ')' +
'\\s*$' '\\s*$'
var HYPHENRANGELOOSE = R++ tok('HYPHENRANGELOOSE')
src[HYPHENRANGELOOSE] = '^\\s*(' + src[XRANGEPLAINLOOSE] + ')' + src[t.HYPHENRANGELOOSE] = '^\\s*(' + src[t.XRANGEPLAINLOOSE] + ')' +
'\\s+-\\s+' + '\\s+-\\s+' +
'(' + src[XRANGEPLAINLOOSE] + ')' + '(' + src[t.XRANGEPLAINLOOSE] + ')' +
'\\s*$' '\\s*$'
// Star ranges basically just allow anything at all. // Star ranges basically just allow anything at all.
var STAR = R++ tok('STAR')
src[STAR] = '(<|>)?=?\\s*\\*' src[t.STAR] = '(<|>)?=?\\s*\\*'
// Compile to actual regexp objects. // Compile to actual regexp objects.
// All are flag-free, unless they were created above with a flag. // All are flag-free, unless they were created above with a flag.
@ -63721,6 +63762,14 @@ for (var i = 0; i < R; i++) {
debug(i, src[i]) debug(i, src[i])
if (!re[i]) { if (!re[i]) {
re[i] = new RegExp(src[i]) re[i] = new RegExp(src[i])
// Replace all greedy whitespace to prevent regex dos issues. These regex are
// used internally via the safeRe object since all inputs in this library get
// normalized first to trim and collapse all extra whitespace. The original
// regexes are exported for userland consumption and lower level usage. A
// future breaking change could export the safer regex only with a note that
// all input should have extra whitespace removed.
safeRe[i] = new RegExp(makeSafeRe(src[i]))
} }
} }
@ -63745,7 +63794,7 @@ function parse (version, options) {
return null return null
} }
var r = options.loose ? re[LOOSE] : re[FULL] var r = options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL]
if (!r.test(version)) { if (!r.test(version)) {
return null return null
} }
@ -63800,7 +63849,7 @@ function SemVer (version, options) {
this.options = options this.options = options
this.loose = !!options.loose this.loose = !!options.loose
var m = version.trim().match(options.loose ? re[LOOSE] : re[FULL]) var m = version.trim().match(options.loose ? safeRe[t.LOOSE] : safeRe[t.FULL])
if (!m) { if (!m) {
throw new TypeError('Invalid Version: ' + version) throw new TypeError('Invalid Version: ' + version)
@ -64245,6 +64294,7 @@ function Comparator (comp, options) {
return new Comparator(comp, options) return new Comparator(comp, options)
} }
comp = comp.trim().split(/\s+/).join(' ')
debug('comparator', comp, options) debug('comparator', comp, options)
this.options = options this.options = options
this.loose = !!options.loose this.loose = !!options.loose
@ -64261,7 +64311,7 @@ function Comparator (comp, options) {
var ANY = {} var ANY = {}
Comparator.prototype.parse = function (comp) { Comparator.prototype.parse = function (comp) {
var r = this.options.loose ? re[COMPARATORLOOSE] : re[COMPARATOR] var r = this.options.loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
var m = comp.match(r) var m = comp.match(r)
if (!m) { if (!m) {
@ -64385,9 +64435,16 @@ function Range (range, options) {
this.loose = !!options.loose this.loose = !!options.loose
this.includePrerelease = !!options.includePrerelease this.includePrerelease = !!options.includePrerelease
// First, split based on boolean or || // First reduce all whitespace as much as possible so we do not have to rely
// on potentially slow regexes like \s*. This is then stored and used for
// future error messages as well.
this.raw = range this.raw = range
this.set = range.split(/\s*\|\|\s*/).map(function (range) { .trim()
.split(/\s+/)
.join(' ')
// First, split based on boolean or ||
this.set = this.raw.split('||').map(function (range) {
return this.parseRange(range.trim()) return this.parseRange(range.trim())
}, this).filter(function (c) { }, this).filter(function (c) {
// throw out any that are not relevant for whatever reason // throw out any that are not relevant for whatever reason
@ -64395,7 +64452,7 @@ function Range (range, options) {
}) })
if (!this.set.length) { if (!this.set.length) {
throw new TypeError('Invalid SemVer Range: ' + range) throw new TypeError('Invalid SemVer Range: ' + this.raw)
} }
this.format() this.format()
@ -64414,20 +64471,19 @@ Range.prototype.toString = function () {
Range.prototype.parseRange = function (range) { Range.prototype.parseRange = function (range) {
var loose = this.options.loose var loose = this.options.loose
range = range.trim()
// `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4` // `1.2.3 - 1.2.4` => `>=1.2.3 <=1.2.4`
var hr = loose ? re[HYPHENRANGELOOSE] : re[HYPHENRANGE] var hr = loose ? safeRe[t.HYPHENRANGELOOSE] : safeRe[t.HYPHENRANGE]
range = range.replace(hr, hyphenReplace) range = range.replace(hr, hyphenReplace)
debug('hyphen replace', range) debug('hyphen replace', range)
// `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5` // `> 1.2.3 < 1.2.5` => `>1.2.3 <1.2.5`
range = range.replace(re[COMPARATORTRIM], comparatorTrimReplace) range = range.replace(safeRe[t.COMPARATORTRIM], comparatorTrimReplace)
debug('comparator trim', range, re[COMPARATORTRIM]) debug('comparator trim', range, safeRe[t.COMPARATORTRIM])
// `~ 1.2.3` => `~1.2.3` // `~ 1.2.3` => `~1.2.3`
range = range.replace(re[TILDETRIM], tildeTrimReplace) range = range.replace(safeRe[t.TILDETRIM], tildeTrimReplace)
// `^ 1.2.3` => `^1.2.3` // `^ 1.2.3` => `^1.2.3`
range = range.replace(re[CARETTRIM], caretTrimReplace) range = range.replace(safeRe[t.CARETTRIM], caretTrimReplace)
// normalize spaces // normalize spaces
range = range.split(/\s+/).join(' ') range = range.split(/\s+/).join(' ')
@ -64435,7 +64491,7 @@ Range.prototype.parseRange = function (range) {
// At this point, the range is completely trimmed and // At this point, the range is completely trimmed and
// ready to be split into comparators. // ready to be split into comparators.
var compRe = loose ? re[COMPARATORLOOSE] : re[COMPARATOR] var compRe = loose ? safeRe[t.COMPARATORLOOSE] : safeRe[t.COMPARATOR]
var set = range.split(' ').map(function (comp) { var set = range.split(' ').map(function (comp) {
return parseComparator(comp, this.options) return parseComparator(comp, this.options)
}, this).join(' ').split(/\s+/) }, this).join(' ').split(/\s+/)
@ -64535,7 +64591,7 @@ function replaceTildes (comp, options) {
} }
function replaceTilde (comp, options) { function replaceTilde (comp, options) {
var r = options.loose ? re[TILDELOOSE] : re[TILDE] var r = options.loose ? safeRe[t.TILDELOOSE] : safeRe[t.TILDE]
return comp.replace(r, function (_, M, m, p, pr) { return comp.replace(r, function (_, M, m, p, pr) {
debug('tilde', comp, _, M, m, p, pr) debug('tilde', comp, _, M, m, p, pr)
var ret var ret
@ -64576,7 +64632,7 @@ function replaceCarets (comp, options) {
function replaceCaret (comp, options) { function replaceCaret (comp, options) {
debug('caret', comp, options) debug('caret', comp, options)
var r = options.loose ? re[CARETLOOSE] : re[CARET] var r = options.loose ? safeRe[t.CARETLOOSE] : safeRe[t.CARET]
return comp.replace(r, function (_, M, m, p, pr) { return comp.replace(r, function (_, M, m, p, pr) {
debug('caret', comp, _, M, m, p, pr) debug('caret', comp, _, M, m, p, pr)
var ret var ret
@ -64635,7 +64691,7 @@ function replaceXRanges (comp, options) {
function replaceXRange (comp, options) { function replaceXRange (comp, options) {
comp = comp.trim() comp = comp.trim()
var r = options.loose ? re[XRANGELOOSE] : re[XRANGE] var r = options.loose ? safeRe[t.XRANGELOOSE] : safeRe[t.XRANGE]
return comp.replace(r, function (ret, gtlt, M, m, p, pr) { return comp.replace(r, function (ret, gtlt, M, m, p, pr) {
debug('xRange', comp, ret, gtlt, M, m, p, pr) debug('xRange', comp, ret, gtlt, M, m, p, pr)
var xM = isX(M) var xM = isX(M)
@ -64647,10 +64703,14 @@ function replaceXRange (comp, options) {
gtlt = '' gtlt = ''
} }
// if we're including prereleases in the match, then we need
// to fix this to -0, the lowest possible prerelease value
pr = options.includePrerelease ? '-0' : ''
if (xM) { if (xM) {
if (gtlt === '>' || gtlt === '<') { if (gtlt === '>' || gtlt === '<') {
// nothing is allowed // nothing is allowed
ret = '<0.0.0' ret = '<0.0.0-0'
} else { } else {
// nothing is forbidden // nothing is forbidden
ret = '*' ret = '*'
@ -64687,11 +64747,12 @@ function replaceXRange (comp, options) {
} }
} }
ret = gtlt + M + '.' + m + '.' + p ret = gtlt + M + '.' + m + '.' + p + pr
} else if (xm) { } else if (xm) {
ret = '>=' + M + '.0.0 <' + (+M + 1) + '.0.0' ret = '>=' + M + '.0.0' + pr + ' <' + (+M + 1) + '.0.0' + pr
} else if (xp) { } else if (xp) {
ret = '>=' + M + '.' + m + '.0 <' + M + '.' + (+m + 1) + '.0' ret = '>=' + M + '.' + m + '.0' + pr +
' <' + M + '.' + (+m + 1) + '.0' + pr
} }
debug('xRange return', ret) debug('xRange return', ret)
@ -64705,10 +64766,10 @@ function replaceXRange (comp, options) {
function replaceStars (comp, options) { function replaceStars (comp, options) {
debug('replaceStars', comp, options) debug('replaceStars', comp, options)
// Looseness is ignored here. star is always as loose as it gets! // Looseness is ignored here. star is always as loose as it gets!
return comp.trim().replace(re[STAR], '') return comp.trim().replace(safeRe[t.STAR], '')
} }
// This function is passed to string.replace(re[HYPHENRANGE]) // This function is passed to string.replace(re[t.HYPHENRANGE])
// M, m, patch, prerelease, build // M, m, patch, prerelease, build
// 1.2 - 3.4.5 => >=1.2.0 <=3.4.5 // 1.2 - 3.4.5 => >=1.2.0 <=3.4.5
// 1.2.3 - 3.4 => >=1.2.0 <3.5.0 Any 3.4.x will do // 1.2.3 - 3.4 => >=1.2.0 <3.5.0 Any 3.4.x will do
@ -65019,19 +65080,49 @@ function coerce (version, options) {
return version return version
} }
if (typeof version === 'number') {
version = String(version)
}
if (typeof version !== 'string') { if (typeof version !== 'string') {
return null return null
} }
var match = version.match(re[COERCE]) options = options || {}
if (match == null) { var match = null
if (!options.rtl) {
match = version.match(safeRe[t.COERCE])
} else {
// Find the right-most coercible string that does not share
// a terminus with a more left-ward coercible string.
// Eg, '1.2.3.4' wants to coerce '2.3.4', not '3.4' or '4'
//
// Walk through the string checking with a /g regexp
// Manually set the index so as to pick up overlapping matches.
// Stop when we get a match that ends at the string end, since no
// coercible string can be more right-ward without the same terminus.
var next
while ((next = safeRe[t.COERCERTL].exec(version)) &&
(!match || match.index + match[0].length !== version.length)
) {
if (!match ||
next.index + next[0].length !== match.index + match[0].length) {
match = next
}
safeRe[t.COERCERTL].lastIndex = next.index + next[1].length + next[2].length
}
// leave it in a clean state
safeRe[t.COERCERTL].lastIndex = -1
}
if (match === null) {
return null return null
} }
return parse(match[1] + return parse(match[2] +
'.' + (match[2] || '0') + '.' + (match[3] || '0') +
'.' + (match[3] || '0'), options) '.' + (match[4] || '0'), options)
} }

65
package-lock.json generated
View file

@ -17,7 +17,7 @@
"@actions/http-client": "^1.0.11", "@actions/http-client": "^1.0.11",
"@actions/io": "^1.0.2", "@actions/io": "^1.0.2",
"@actions/tool-cache": "^1.5.4", "@actions/tool-cache": "^1.5.4",
"semver": "^6.1.1" "semver": "^6.3.1"
}, },
"devDependencies": { "devDependencies": {
"@types/jest": "^27.0.2", "@types/jest": "^27.0.2",
@ -445,15 +445,6 @@
"url": "https://opencollective.com/babel" "url": "https://opencollective.com/babel"
} }
}, },
"node_modules/@babel/core/node_modules/semver": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
"integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
"dev": true,
"bin": {
"semver": "bin/semver.js"
}
},
"node_modules/@babel/core/node_modules/source-map": { "node_modules/@babel/core/node_modules/source-map": {
"version": "0.5.7", "version": "0.5.7",
"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
@ -504,15 +495,6 @@
"@babel/core": "^7.0.0" "@babel/core": "^7.0.0"
} }
}, },
"node_modules/@babel/helper-compilation-targets/node_modules/semver": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
"integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
"dev": true,
"bin": {
"semver": "bin/semver.js"
}
},
"node_modules/@babel/helper-function-name": { "node_modules/@babel/helper-function-name": {
"version": "7.15.4", "version": "7.15.4",
"resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.15.4.tgz", "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.15.4.tgz",
@ -3902,15 +3884,6 @@
"node": ">=8" "node": ">=8"
} }
}, },
"node_modules/istanbul-lib-instrument/node_modules/semver": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
"integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
"dev": true,
"bin": {
"semver": "bin/semver.js"
}
},
"node_modules/istanbul-lib-report": { "node_modules/istanbul-lib-report": {
"version": "3.0.0", "version": "3.0.0",
"resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz", "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz",
@ -5713,11 +5686,11 @@
} }
}, },
"node_modules/semver": { "node_modules/semver": {
"version": "6.1.2", "version": "6.3.1",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.1.2.tgz", "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
"integrity": "sha512-z4PqiCpomGtWj8633oeAdXm1Kn1W++3T8epkZYnwiVgIYIJ0QHszhInYSJTYxebByQH7KVCEAn8R9duzZW2PhQ==", "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
"bin": { "bin": {
"semver": "bin/semver" "semver": "bin/semver.js"
} }
}, },
"node_modules/shebang-command": { "node_modules/shebang-command": {
@ -6838,12 +6811,6 @@
"source-map": "^0.5.0" "source-map": "^0.5.0"
}, },
"dependencies": { "dependencies": {
"semver": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
"integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
"dev": true
},
"source-map": { "source-map": {
"version": "0.5.7", "version": "0.5.7",
"resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
@ -6881,14 +6848,6 @@
"@babel/helper-validator-option": "^7.14.5", "@babel/helper-validator-option": "^7.14.5",
"browserslist": "^4.16.6", "browserslist": "^4.16.6",
"semver": "^6.3.0" "semver": "^6.3.0"
},
"dependencies": {
"semver": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
"integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
"dev": true
}
} }
}, },
"@babel/helper-function-name": { "@babel/helper-function-name": {
@ -9456,14 +9415,6 @@
"@istanbuljs/schema": "^0.1.2", "@istanbuljs/schema": "^0.1.2",
"istanbul-lib-coverage": "^3.0.0", "istanbul-lib-coverage": "^3.0.0",
"semver": "^6.3.0" "semver": "^6.3.0"
},
"dependencies": {
"semver": {
"version": "6.3.0",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
"integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
"dev": true
}
} }
}, },
"istanbul-lib-report": { "istanbul-lib-report": {
@ -10815,9 +10766,9 @@
} }
}, },
"semver": { "semver": {
"version": "6.1.2", "version": "6.3.1",
"resolved": "https://registry.npmjs.org/semver/-/semver-6.1.2.tgz", "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
"integrity": "sha512-z4PqiCpomGtWj8633oeAdXm1Kn1W++3T8epkZYnwiVgIYIJ0QHszhInYSJTYxebByQH7KVCEAn8R9duzZW2PhQ==" "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA=="
}, },
"shebang-command": { "shebang-command": {
"version": "1.2.0", "version": "1.2.0",

View file

@ -33,7 +33,7 @@
"@actions/http-client": "^1.0.11", "@actions/http-client": "^1.0.11",
"@actions/io": "^1.0.2", "@actions/io": "^1.0.2",
"@actions/tool-cache": "^1.5.4", "@actions/tool-cache": "^1.5.4",
"semver": "^6.1.1" "semver": "^6.3.1"
}, },
"devDependencies": { "devDependencies": {
"@types/jest": "^27.0.2", "@types/jest": "^27.0.2",