Skip to content

Commit 17aa702

Browse files
owlstronautowlstronaut
authored
fix: strip build metadata before comparator trimming (#869)
1 parent 5f3ca13 commit 17aa702

2 files changed

Lines changed: 21 additions & 0 deletions

File tree

classes/range.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,9 @@ class Range {
9898
}
9999

100100
parseRange (range) {
101+
// strip build metadata so it can't bleed into the version
102+
range = range.replace(BUILDSTRIPRE, '')
103+
101104
// memoize range parsing for performance.
102105
// this is a very hot path, and fully deterministic.
103106
const memoOpts =
@@ -223,13 +226,17 @@ const debug = require('../internal/debug')
223226
const SemVer = require('./semver')
224227
const {
225228
safeRe: re,
229+
src,
226230
t,
227231
comparatorTrimReplace,
228232
tildeTrimReplace,
229233
caretTrimReplace,
230234
} = require('../internal/re')
231235
const { FLAG_INCLUDE_PRERELEASE, FLAG_LOOSE } = require('../internal/constants')
232236

237+
// unbounded global build-metadata stripper used by parseRange
238+
const BUILDSTRIPRE = new RegExp(src[t.BUILD], 'g')
239+
233240
const isNullSet = c => c.value === '<0.0.0-0'
234241
const isAny = c => c.value === ''
235242

test/fixtures/range-parse.js

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,4 +116,18 @@ module.exports = [
116116
['>1.x.x-alpha+build', '>=2.0.0', null],
117117
['>=1.x.x-alpha+build <2.x.x+build', '>=1.0.0 <2.0.0-0', null],
118118
['1.x.x-alpha+build || 2.x.x+build', '>=1.0.0 <2.0.0-0||>=2.0.0 <3.0.0-0', null],
119+
// long build metadata must be stripped, not bled into the version
120+
['4.17.0+' + 'a'.repeat(250) + '3', '4.17.0', { loose: true }],
121+
['4.17.0+' + 'a'.repeat(251), '4.17.0', { loose: true }],
122+
['v1.0+' + 'a'.repeat(249) + 'x6', '>=1.0.0 <1.1.0-0', null],
123+
['1.2.3+' + 'a'.repeat(251) + ' - 2.0.0', '>=1.2.3 <=2.0.0', null],
124+
['1.2.3+' + 'a'.repeat(251) + ' - 2.0.0', '>=1.2.3 <=2.0.0', { loose: true }],
125+
['> 1.2.3+' + 'a'.repeat(251), '>1.2.3', null],
126+
['>= 1.2.3+' + 'a'.repeat(251), '>=1.2.3', { loose: true }],
127+
['~1.2.3+' + 'a'.repeat(251), '>=1.2.3 <1.3.0-0', null],
128+
['^1.2.3+' + 'a'.repeat(251), '>=1.2.3 <2.0.0-0', null],
129+
['1.2.3+sha512.' + 'a'.repeat(251), '1.2.3', { loose: true }],
130+
['1.2.3+sha256.' + 'a'.repeat(200) + '.' + 'b'.repeat(200), '1.2.3', { loose: true }],
131+
['1.2.3+' + 'a'.repeat(251) + ' || 2.0.0+' + 'b'.repeat(251),
132+
'1.2.3||2.0.0', { loose: true }],
119133
]

0 commit comments

Comments
 (0)