From 2f738e9a70d9b9468b7b69e9ed3e12418725c650 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 May 2023 09:52:29 -0700 Subject: [PATCH 1/5] chore: bump @npmcli/template-oss from 4.14.1 to 4.15.1 (#558) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: npm CLI robot Co-authored-by: Gar --- .github/settings.yml | 28 +++++++++++++++-- .github/workflows/ci-release.yml | 8 ++--- .github/workflows/pull-request.yml | 4 ++- .github/workflows/release.yml | 8 ++--- .gitignore | 1 + CONTRIBUTING.md | 50 ++++++++++++++++++++++++++++++ package.json | 4 +-- 7 files changed, 90 insertions(+), 13 deletions(-) create mode 100644 CONTRIBUTING.md diff --git a/.github/settings.yml b/.github/settings.yml index 1019e26f..107aa0ad 100644 --- a/.github/settings.yml +++ b/.github/settings.yml @@ -1,2 +1,26 @@ ---- -_extends: '.github:npm-cli/settings.yml' +# This file is automatically added by @npmcli/template-oss. Do not edit. + +repository: + allow_merge_commit: false + allow_rebase_merge: true + allow_squash_merge: true + squash_merge_commit_title: PR_TITLE + squash_merge_commit_message: PR_BODY + delete_branch_on_merge: true + enable_automated_security_fixes: true + enable_vulnerability_alerts: true + +branches: + - name: main + protection: + required_status_checks: null + enforce_admins: true + required_pull_request_reviews: + required_approving_review_count: 1 + require_code_owner_reviews: true + require_last_push_approval: true + dismiss_stale_reviews: true + restrictions: + apps: [] + users: [] + teams: [ "cli-team" ] diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml index 1e8c0719..98b70866 100644 --- a/.github/workflows/ci-release.yml +++ b/.github/workflows/ci-release.yml @@ -61,7 +61,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: inputs.check-sha with: @@ -93,7 +93,7 @@ jobs: - name: Post Lint run: npm run postlint --ignore-scripts - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: steps.check.outputs.check_id && always() with: token: ${{ secrets.GITHUB_TOKEN }} @@ -162,7 +162,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: inputs.check-sha with: @@ -208,7 +208,7 @@ jobs: - name: Test run: npm test --ignore-scripts - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: steps.check.outputs.check_id && always() with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml index 3b7b8ac5..da5779df 100644 --- a/.github/workflows/pull-request.yml +++ b/.github/workflows/pull-request.yml @@ -44,5 +44,7 @@ jobs: npx --offline commitlint -V --from 'origin/${{ github.base_ref }}' --to ${{ github.event.pull_request.head.sha }} - name: Run Commitlint on PR Title if: steps.commit.outcome == 'failure' + env: + PR_TITLE: ${{ github.event.pull_request.title }} run: | - echo '${{ github.event.pull_request.title }}' | npx --offline commitlint -V + echo '$PR_TITLE' | npx --offline commitlint -V diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eb79eb20..3b69ae10 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -124,7 +124,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: steps.release.outputs.pr-sha with: @@ -215,7 +215,7 @@ jobs: return { summary } - name: Create Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 id: check if: steps.commit.outputs.sha with: @@ -225,7 +225,7 @@ jobs: sha: ${{ steps.commit.outputs.sha }} output: ${{ steps.check-output.outputs.result }} - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: needs.release.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} @@ -263,7 +263,7 @@ jobs: fi echo "result=$result" >> $GITHUB_OUTPUT - name: Conclude Check - uses: LouisBrunner/checks-action@v1.3.1 + uses: LouisBrunner/checks-action@v1.6.0 if: needs.update.outputs.check-id && always() with: token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.gitignore b/.gitignore index 3b94e235..00bdaf2b 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,7 @@ !/CHANGELOG* !/classes/ !/CODE_OF_CONDUCT.md +!/CONTRIBUTING.md !/docs/ !/functions/ !/index.js diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..69e88788 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,50 @@ + + +# Contributing + +## Code of Conduct + +All interactions in the **npm** organization on GitHub are considered to be covered by our standard [Code of Conduct](https://docs.npmjs.com/policies/conduct). + +## Reporting Bugs + +Before submitting a new bug report please search for an existing or similar report. + +Use one of our existing issue templates if you believe you've come across a unique problem. + +Duplicate issues, or issues that don't use one of our templates may get closed without a response. + +## Pull Request Conventions + +### Commits + +We use [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/). + +When opening a pull request please be sure that either the pull request title, or each commit in the pull request, has one of the following prefixes: + + - `feat`: For when introducing a new feature. The result will be a new semver minor version of the package when it is next published. + - `fix`: For bug fixes. The result will be a new semver patch version of the package when it is next published. + - `docs`: For documentation updates. The result will be a new semver patch version of the package when it is next published. + - `chore`: For changes that do not affect the published module. Often these are changes to tests. The result will be *no* change to the version of the package when it is next published (as the commit does not affect the published version). + +### Test Coverage + +Pull requests made against this repo will run `npm test` automatically. Please make sure tests pass locally before submitting a PR. + +Every new feature or bug fix should come with a corresponding test or tests that validate the solutions. Testing also reports on code coverage and will fail if code coverage drops. + +### Linting + +Linting is also done automatically once tests pass. `npm run lintfix` will fix most linting errors automatically. + +Please make sure linting passes before submitting a PR. + +## What _not_ to contribute? + +### Dependencies + +It should be noted that our team does not accept third-party dependency updates/PRs. If you submit a PR trying to update our dependencies we will close it with or without a reference to these contribution guidelines. + +### Tools/Automation + +Our core team is responsible for the maintenance of the tooling/automation in this project and we ask contributors to not make changes to these when contributing (e.g. `.github/*`, `.eslintrc.json`, `.licensee.json`). Most of those files also have a header at the top to remind folks they are automatically generated. Pull requests that alter these will not be accepted. diff --git a/package.json b/package.json index 592404a3..204e0086 100644 --- a/package.json +++ b/package.json @@ -14,7 +14,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.14.1", + "@npmcli/template-oss": "4.15.1", "tap": "^16.0.0" }, "license": "ISC", @@ -53,7 +53,7 @@ "author": "GitHub Inc.", "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.14.1", + "version": "4.15.1", "engines": ">=10", "ciVersions": [ "10.0.0", From 717534ee353682f3bcf33e60a8af4292626d4441 Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 15 Jun 2023 12:21:14 -0700 Subject: [PATCH 2/5] fix: better handling of whitespace (#564) --- classes/comparator.js | 3 +- classes/range.js | 64 ++++++++++++++++------------ classes/semver.js | 2 +- functions/coerce.js | 2 +- internal/re.js | 11 +++++ package.json | 2 +- test/integration/whitespace.js | 39 +++++++++++++++++ test/internal/re.js | 8 +++- test/map.js | 77 ++++++++++++++++------------------ 9 files changed, 136 insertions(+), 72 deletions(-) create mode 100644 test/integration/whitespace.js diff --git a/classes/comparator.js b/classes/comparator.js index 2146c884..3d39c0ee 100644 --- a/classes/comparator.js +++ b/classes/comparator.js @@ -16,6 +16,7 @@ class Comparator { } } + comp = comp.trim().split(/\s+/).join(' ') debug('comparator', comp, options) this.options = options this.loose = !!options.loose @@ -133,7 +134,7 @@ class Comparator { module.exports = Comparator const parseOptions = require('../internal/parse-options') -const { re, t } = require('../internal/re') +const { safeRe: re, t } = require('../internal/re') const cmp = require('../functions/cmp') const debug = require('../internal/debug') const SemVer = require('./semver') diff --git a/classes/range.js b/classes/range.js index d9e866de..53c2540f 100644 --- a/classes/range.js +++ b/classes/range.js @@ -26,19 +26,26 @@ class Range { this.loose = !!options.loose this.includePrerelease = !!options.includePrerelease - // First, split based on boolean or || + // First reduce all whitespace as much as possible so we do not have to rely + // on potentially slow regexes like \s*. This is then stored and used for + // future error messages as well. this.raw = range - this.set = range + .trim() + .split(/\s+/) + .join(' ') + + // First, split on || + this.set = this.raw .split('||') // map the range to a 2d array of comparators - .map(r => this.parseRange(r.trim())) + .map(r => this.parseRange(r)) // throw out any comparator lists that are empty // this generally means that it was not a valid range, which is allowed // in loose mode, but will still throw if the WHOLE range is invalid. .filter(c => c.length) if (!this.set.length) { - throw new TypeError(`Invalid SemVer Range: ${range}`) + throw new TypeError(`Invalid SemVer Range: ${this.raw}`) } // if we have any that are not the null set, throw out null sets. @@ -64,9 +71,7 @@ class Range { format () { this.range = this.set - .map((comps) => { - return comps.join(' ').trim() - }) + .map((comps) => comps.join(' ').trim()) .join('||') .trim() return this.range @@ -77,8 +82,6 @@ class Range { } parseRange (range) { - range = range.trim() - // memoize range parsing for performance. // this is a very hot path, and fully deterministic. const memoOpts = @@ -105,9 +108,6 @@ class Range { // `^ 1.2.3` => `^1.2.3` range = range.replace(re[t.CARETTRIM], caretTrimReplace) - // normalize spaces - range = range.split(/\s+/).join(' ') - // At this point, the range is completely trimmed and // ready to be split into comparators. @@ -203,7 +203,7 @@ const Comparator = require('./comparator') const debug = require('../internal/debug') const SemVer = require('./semver') const { - re, + safeRe: re, t, comparatorTrimReplace, tildeTrimReplace, @@ -257,10 +257,13 @@ const isX = id => !id || id.toLowerCase() === 'x' || id === '*' // ~1.2.3, ~>1.2.3 --> >=1.2.3 <1.3.0-0 // ~1.2.0, ~>1.2.0 --> >=1.2.0 <1.3.0-0 // ~0.0.1 --> >=0.0.1 <0.1.0-0 -const replaceTildes = (comp, options) => - comp.trim().split(/\s+/).map((c) => { - return replaceTilde(c, options) - }).join(' ') +const replaceTildes = (comp, options) => { + return comp + .trim() + .split(/\s+/) + .map((c) => replaceTilde(c, options)) + .join(' ') +} const replaceTilde = (comp, options) => { const r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE] @@ -298,10 +301,13 @@ const replaceTilde = (comp, options) => { // ^1.2.0 --> >=1.2.0 <2.0.0-0 // ^0.0.1 --> >=0.0.1 <0.0.2-0 // ^0.1.0 --> >=0.1.0 <0.2.0-0 -const replaceCarets = (comp, options) => - comp.trim().split(/\s+/).map((c) => { - return replaceCaret(c, options) - }).join(' ') +const replaceCarets = (comp, options) => { + return comp + .trim() + .split(/\s+/) + .map((c) => replaceCaret(c, options)) + .join(' ') +} const replaceCaret = (comp, options) => { debug('caret', comp, options) @@ -358,9 +364,10 @@ const replaceCaret = (comp, options) => { const replaceXRanges = (comp, options) => { debug('replaceXRanges', comp, options) - return comp.split(/\s+/).map((c) => { - return replaceXRange(c, options) - }).join(' ') + return comp + .split(/\s+/) + .map((c) => replaceXRange(c, options)) + .join(' ') } const replaceXRange = (comp, options) => { @@ -443,12 +450,15 @@ const replaceXRange = (comp, options) => { const replaceStars = (comp, options) => { debug('replaceStars', comp, options) // Looseness is ignored here. star is always as loose as it gets! - return comp.trim().replace(re[t.STAR], '') + return comp + .trim() + .replace(re[t.STAR], '') } const replaceGTE0 = (comp, options) => { debug('replaceGTE0', comp, options) - return comp.trim() + return comp + .trim() .replace(re[options.includePrerelease ? t.GTE0PRE : t.GTE0], '') } @@ -486,7 +496,7 @@ const hyphenReplace = incPr => ($0, to = `<=${to}` } - return (`${from} ${to}`).trim() + return `${from} ${to}`.trim() } const testSet = (set, version, options) => { diff --git a/classes/semver.js b/classes/semver.js index 99dbe82d..e1208fe6 100644 --- a/classes/semver.js +++ b/classes/semver.js @@ -1,6 +1,6 @@ const debug = require('../internal/debug') const { MAX_LENGTH, MAX_SAFE_INTEGER } = require('../internal/constants') -const { re, t } = require('../internal/re') +const { safeRe: re, t } = require('../internal/re') const parseOptions = require('../internal/parse-options') const { compareIdentifiers } = require('../internal/identifiers') diff --git a/functions/coerce.js b/functions/coerce.js index 2e01452f..febbff9c 100644 --- a/functions/coerce.js +++ b/functions/coerce.js @@ -1,6 +1,6 @@ const SemVer = require('../classes/semver') const parse = require('./parse') -const { re, t } = require('../internal/re') +const { safeRe: re, t } = require('../internal/re') const coerce = (version, options) => { if (version instanceof SemVer) { diff --git a/internal/re.js b/internal/re.js index ed88398a..f73ef1aa 100644 --- a/internal/re.js +++ b/internal/re.js @@ -4,16 +4,27 @@ exports = module.exports = {} // The actual regexps go on exports.re const re = exports.re = [] +const safeRe = exports.safeRe = [] const src = exports.src = [] const t = exports.t = {} let R = 0 const createToken = (name, value, isGlobal) => { + // Replace all greedy whitespace to prevent regex dos issues. These regex are + // used internally via the safeRe object since all inputs in this library get + // normalized first to trim and collapse all extra whitespace. The original + // regexes are exported for userland consumption and lower level usage. A + // future breaking change could export the safer regex only with a note that + // all input should have extra whitespace removed. + const safe = value + .split('\\s*').join('\\s{0,1}') + .split('\\s+').join('\\s') const index = R++ debug(name, index, value) t[name] = index src[index] = value re[index] = new RegExp(value, isGlobal ? 'g' : undefined) + safeRe[index] = new RegExp(safe, isGlobal ? 'g' : undefined) } // The following Regular Expressions can be used for tokenizing, diff --git a/package.json b/package.json index 204e0086..72077036 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "range.bnf" ], "tap": { - "check-coverage": true, + "timeout": 30, "coverage-map": "map.js", "nyc-arg": [ "--exclude", diff --git a/test/integration/whitespace.js b/test/integration/whitespace.js new file mode 100644 index 00000000..eb9744d9 --- /dev/null +++ b/test/integration/whitespace.js @@ -0,0 +1,39 @@ +const { test } = require('tap') +const Range = require('../../classes/range') +const SemVer = require('../../classes/semver') +const Comparator = require('../../classes/comparator') +const validRange = require('../../ranges/valid') +const minVersion = require('../../ranges/min-version') +const minSatisfying = require('../../ranges/min-satisfying') +const maxSatisfying = require('../../ranges/max-satisfying') + +const s = (n = 500000) => ' '.repeat(n) + +test('regex dos via range whitespace', (t) => { + // a range with this much whitespace would take a few minutes to process if + // any redos susceptible regexes were used. there is a global tap timeout per + // file set in the package.json that will error if this test takes too long. + const r = `1.2.3 ${s()} <1.3.0` + + t.equal(new Range(r).range, '1.2.3 <1.3.0') + t.equal(validRange(r), '1.2.3 <1.3.0') + t.equal(minVersion(r).version, '1.2.3') + t.equal(minSatisfying(['1.2.3'], r), '1.2.3') + t.equal(maxSatisfying(['1.2.3'], r), '1.2.3') + + t.end() +}) + +test('semver version', (t) => { + const v = `${s(125)}1.2.3${s(125)}` + const tooLong = `${s()}1.2.3${s()}` + t.equal(new SemVer(v).version, '1.2.3') + t.throws(() => new SemVer(tooLong)) + t.end() +}) + +test('comparator', (t) => { + const c = `${s()}<${s()}1.2.3${s()}` + t.equal(new Comparator(c).value, '<1.2.3') + t.end() +}) diff --git a/test/internal/re.js b/test/internal/re.js index 1aad22ba..2851b325 100644 --- a/test/internal/re.js +++ b/test/internal/re.js @@ -1,5 +1,5 @@ const { test } = require('tap') -const { src, re } = require('../../internal/re') +const { src, re, safeRe } = require('../../internal/re') const semver = require('../../') test('has a list of src, re, and tokens', (t) => { @@ -13,5 +13,11 @@ test('has a list of src, re, and tokens', (t) => { for (const i in semver.tokens) { t.match(semver.tokens[i], Number, 'tokens are numbers') } + + safeRe.forEach(r => { + t.notMatch(r.source, '\\s+', 'safe regex do not contain greedy whitespace') + t.notMatch(r.source, '\\s*', 'safe regex do not contain greedy whitespace') + }) + t.end() }) diff --git a/test/map.js b/test/map.js index 8179e71e..5c36eb7d 100644 --- a/test/map.js +++ b/test/map.js @@ -1,49 +1,46 @@ const t = require('tap') +const { resolve, join, relative, extname, dirname, basename } = require('path') +const { statSync, readdirSync } = require('fs') +const map = require('../map.js') +const pkg = require('../package.json') -// ensure that the coverage map maps all coverage -const ignore = [ - '.git', - '.github', - '.commitlintrc.js', - '.eslintrc.js', - '.eslintrc.local.js', - 'node_modules', - 'coverage', - 'tap-snapshots', - 'test', - 'fixtures', -] +const ROOT = resolve(__dirname, '..') +const TEST = join(ROOT, 'test') +const IGNORE_DIRS = ['fixtures', 'integration'] -const { statSync, readdirSync } = require('fs') -const find = (folder, set = [], root = true) => { - const ent = readdirSync(folder) - set.push(...ent.filter(f => !ignore.includes(f) && /\.m?js$/.test(f)).map(f => folder + '/' + f)) - for (const e of ent.filter(f => !ignore.includes(f) && !/\.m?js$/.test(f))) { - if (statSync(folder + '/' + e).isDirectory()) { - find(folder + '/' + e, set, false) +const getFile = (f) => { + try { + if (statSync(f).isFile()) { + return extname(f) === '.js' ? [f] : [] } + } catch { + return [] } - if (!root) { - return - } - return set.map(f => f.slice(folder.length + 1) - .replace(/\\/g, '/')) - .sort((a, b) => a.localeCompare(b)) } -const { resolve } = require('path') -const root = resolve(__dirname, '..') +const walk = (item, res = []) => getFile(item) || readdirSync(item) + .map(f => join(item, f)) + .reduce((acc, f) => acc.concat(statSync(f).isDirectory() ? walk(f, res) : getFile(f)), []) + .filter(Boolean) -const sut = find(root) -const tests = find(root + '/test') -t.strictSame(sut, tests, 'test files should match system files') -const map = require('../map.js') +const walkAll = (items, relativeTo) => items + .reduce((acc, f) => acc.concat(walk(join(ROOT, f))), []) + .map((f) => relative(relativeTo, f)) + .sort() -for (const testFile of tests) { - t.test(testFile, t => { - t.plan(1) - // cast to an array, since map() can return a string or array - const systemFiles = [].concat(map(testFile)) - t.ok(systemFiles.some(sys => sut.includes(sys)), 'test covers a file') - }) -} +t.test('tests match system', t => { + const sut = walkAll([pkg.tap['coverage-map'], ...pkg.files], ROOT) + const tests = walkAll([basename(TEST)], TEST) + .filter(f => !IGNORE_DIRS.includes(dirname(f))) + + t.strictSame(sut, tests, 'test files should match system files') + + for (const f of tests) { + t.test(f, t => { + t.plan(1) + t.ok(sut.includes(map(f)), 'test covers a file') + }) + } + + t.end() +}) From 5c8efbcb3c6c125af10746d054faff13e8c33fbd Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 15 Jun 2023 12:21:30 -0700 Subject: [PATCH 3/5] fix: preserve build in raw after inc (#565) Fixes: #562 --- classes/semver.js | 6 ++++-- test/classes/semver.js | 11 +++++++++-- test/fixtures/increments.js | 1 + test/functions/inc.js | 10 +++++++++- 4 files changed, 23 insertions(+), 5 deletions(-) diff --git a/classes/semver.js b/classes/semver.js index e1208fe6..84e84590 100644 --- a/classes/semver.js +++ b/classes/semver.js @@ -291,8 +291,10 @@ class SemVer { default: throw new Error(`invalid increment argument: ${release}`) } - this.format() - this.raw = this.version + this.raw = this.format() + if (this.build.length) { + this.raw += `+${this.build.join('.')}` + } return this } } diff --git a/test/classes/semver.js b/test/classes/semver.js index 6be0ac8f..1e4d48f8 100644 --- a/test/classes/semver.js +++ b/test/classes/semver.js @@ -90,11 +90,18 @@ test('incrementing', t => { id, base, ]) => t.test(`${version} ${inc} ${id || ''}`.trim(), t => { - t.plan(1) if (expect === null) { + t.plan(1) t.throws(() => new SemVer(version, options).inc(inc, id, base)) } else { - t.equal(new SemVer(version, options).inc(inc, id, base).version, expect) + t.plan(2) + const incremented = new SemVer(version, options).inc(inc, id, base) + t.equal(incremented.version, expect) + if (incremented.build.length) { + t.equal(incremented.raw, `${expect}+${incremented.build.join('.')}`) + } else { + t.equal(incremented.raw, expect) + } } })) }) diff --git a/test/fixtures/increments.js b/test/fixtures/increments.js index 1fbc4bc9..65e9530b 100644 --- a/test/fixtures/increments.js +++ b/test/fixtures/increments.js @@ -123,4 +123,5 @@ module.exports = [ ['1.2.0-dev', 'preminor', '1.3.0-beta', false, 'beta', false], ['1.2.0-dev', 'prepatch', '1.2.1-dev', false, 'dev', false], ['1.2.0', 'prerelease', null, false, '', false], + ['1.0.0-rc.1+build.4', 'prerelease', '1.0.0-rc.2', 'rc', false], ] diff --git a/test/functions/inc.js b/test/functions/inc.js index e2d0768c..2f6f9bb4 100644 --- a/test/functions/inc.js +++ b/test/functions/inc.js @@ -14,7 +14,15 @@ test('increment versions test', (t) => { if (wanted) { parsed.inc(what, id, base) t.equal(parsed.version, wanted, `${cmd} object version updated`) - t.equal(parsed.raw, wanted, `${cmd} object raw field updated`) + if (parsed.build.length) { + t.equal( + parsed.raw, + `${wanted}+${parsed.build.join('.')}`, + `${cmd} object raw field updated with build` + ) + } else { + t.equal(parsed.raw, wanted, `${cmd} object raw field updated`) + } const preIncObject = JSON.stringify(parsedAsInput) inc(parsedAsInput, what, options, id, base) From 58c791f40ba8cf4be35a5ca6644353ecd6249edc Mon Sep 17 00:00:00 2001 From: Luke Karrys Date: Thu, 15 Jun 2023 12:21:55 -0700 Subject: [PATCH 4/5] fix: diff when detecting major change from prerelease (#566) Fixes #561 --- functions/diff.js | 51 +++++++++++++++++++++++++----------------- test/functions/diff.js | 2 ++ 2 files changed, 33 insertions(+), 20 deletions(-) diff --git a/functions/diff.js b/functions/diff.js index fafc11c4..fc224e30 100644 --- a/functions/diff.js +++ b/functions/diff.js @@ -13,6 +13,35 @@ const diff = (version1, version2) => { const highVersion = v1Higher ? v1 : v2 const lowVersion = v1Higher ? v2 : v1 const highHasPre = !!highVersion.prerelease.length + const lowHasPre = !!lowVersion.prerelease.length + + if (lowHasPre && !highHasPre) { + // Going from prerelease -> no prerelease requires some special casing + + // If the low version has only a major, then it will always be a major + // Some examples: + // 1.0.0-1 -> 1.0.0 + // 1.0.0-1 -> 1.1.1 + // 1.0.0-1 -> 2.0.0 + if (!lowVersion.patch && !lowVersion.minor) { + return 'major' + } + + // Otherwise it can be determined by checking the high version + + if (highVersion.patch) { + // anything higher than a patch bump would result in the wrong version + return 'patch' + } + + if (highVersion.minor) { + // anything higher than a minor bump would result in the wrong version + return 'minor' + } + + // bumping major/minor/patch all have same result + return 'major' + } // add the `pre` prefix if we are going to a prerelease version const prefix = highHasPre ? 'pre' : '' @@ -29,26 +58,8 @@ const diff = (version1, version2) => { return prefix + 'patch' } - // at this point we know stable versions match but overall versions are not equal, - // so either they are both prereleases, or the lower version is a prerelease - - if (highHasPre) { - // high and low are preleases - return 'prerelease' - } - - if (lowVersion.patch) { - // anything higher than a patch bump would result in the wrong version - return 'patch' - } - - if (lowVersion.minor) { - // anything higher than a minor bump would result in the wrong version - return 'minor' - } - - // bumping major/minor/patch all have same result - return 'major' + // high and low are preleases + return 'prerelease' } module.exports = diff diff --git a/test/functions/diff.js b/test/functions/diff.js index 74a80569..720e159b 100644 --- a/test/functions/diff.js +++ b/test/functions/diff.js @@ -26,6 +26,8 @@ test('diff versions test', (t) => { ['0.0.2-1', '1.0.0', 'major'], ['0.1.0-1', '0.1.0', 'minor'], ['1.0.0-1', '1.0.0', 'major'], + ['1.0.0-1', '1.1.1', 'major'], + ['1.0.0-1', '2.1.1', 'major'], ['1.0.1-1', '1.0.1', 'patch'], ['0.0.0-1', '0.0.0', 'major'], ['1.0.0-1', '2.0.0', 'major'], From e7b78de06eb14a7fa2075cedf9f167040d8d31af Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 15 Jun 2023 19:22:19 +0000 Subject: [PATCH 5/5] chore: release 7.5.2 --- .release-please-manifest.json | 2 +- CHANGELOG.md | 8 ++++++++ package.json | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.release-please-manifest.json b/.release-please-manifest.json index fbde66cb..0be3c6ce 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -1,3 +1,3 @@ { - ".": "7.5.1" + ".": "7.5.2" } diff --git a/CHANGELOG.md b/CHANGELOG.md index 99f8e567..c08c960c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## [7.5.2](https://github.com/npm/node-semver/compare/v7.5.1...v7.5.2) (2023-06-15) + +### Bug Fixes + +* [`58c791f`](https://github.com/npm/node-semver/commit/58c791f40ba8cf4be35a5ca6644353ecd6249edc) [#566](https://github.com/npm/node-semver/pull/566) diff when detecting major change from prerelease (#566) (@lukekarrys) +* [`5c8efbc`](https://github.com/npm/node-semver/commit/5c8efbcb3c6c125af10746d054faff13e8c33fbd) [#565](https://github.com/npm/node-semver/pull/565) preserve build in raw after inc (#565) (@lukekarrys) +* [`717534e`](https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441) [#564](https://github.com/npm/node-semver/pull/564) better handling of whitespace (#564) (@lukekarrys) + ## [7.5.1](https://github.com/npm/node-semver/compare/v7.5.0...v7.5.1) (2023-05-12) ### Bug Fixes diff --git a/package.json b/package.json index 72077036..7d0aff3c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "semver", - "version": "7.5.1", + "version": "7.5.2", "description": "The semantic version parser used by npm.", "main": "index.js", "scripts": {