@hyperfrontend/versioning 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/README.md +8 -6
  3. package/changelog/index.cjs.js +15 -4
  4. package/changelog/index.cjs.js.map +1 -1
  5. package/changelog/index.esm.js +15 -4
  6. package/changelog/index.esm.js.map +1 -1
  7. package/changelog/parse/index.cjs.js +62 -4
  8. package/changelog/parse/index.cjs.js.map +1 -1
  9. package/changelog/parse/index.esm.js +62 -4
  10. package/changelog/parse/index.esm.js.map +1 -1
  11. package/changelog/parse/parser.d.ts +0 -6
  12. package/changelog/parse/parser.d.ts.map +1 -1
  13. package/commits/classify/index.cjs.js +8 -6
  14. package/commits/classify/index.cjs.js.map +1 -1
  15. package/commits/classify/index.d.ts +1 -1
  16. package/commits/classify/index.d.ts.map +1 -1
  17. package/commits/classify/index.esm.js +8 -7
  18. package/commits/classify/index.esm.js.map +1 -1
  19. package/commits/classify/project-scopes.d.ts +10 -0
  20. package/commits/classify/project-scopes.d.ts.map +1 -1
  21. package/commits/index.cjs.js +8 -6
  22. package/commits/index.cjs.js.map +1 -1
  23. package/commits/index.esm.js +8 -7
  24. package/commits/index.esm.js.map +1 -1
  25. package/flow/executor/index.cjs.js +12 -0
  26. package/flow/executor/index.cjs.js.map +1 -1
  27. package/flow/executor/index.esm.js +12 -0
  28. package/flow/executor/index.esm.js.map +1 -1
  29. package/flow/index.cjs.js +89 -36
  30. package/flow/index.cjs.js.map +1 -1
  31. package/flow/index.esm.js +88 -37
  32. package/flow/index.esm.js.map +1 -1
  33. package/flow/models/index.cjs.js +13 -0
  34. package/flow/models/index.cjs.js.map +1 -1
  35. package/flow/models/index.d.ts +1 -1
  36. package/flow/models/index.d.ts.map +1 -1
  37. package/flow/models/index.esm.js +13 -1
  38. package/flow/models/index.esm.js.map +1 -1
  39. package/flow/models/types.d.ts +33 -1
  40. package/flow/models/types.d.ts.map +1 -1
  41. package/flow/presets/index.cjs.js +84 -36
  42. package/flow/presets/index.cjs.js.map +1 -1
  43. package/flow/presets/index.esm.js +84 -36
  44. package/flow/presets/index.esm.js.map +1 -1
  45. package/flow/steps/analyze-commits.d.ts.map +1 -1
  46. package/flow/steps/generate-changelog.d.ts +5 -0
  47. package/flow/steps/generate-changelog.d.ts.map +1 -1
  48. package/flow/steps/index.cjs.js +85 -36
  49. package/flow/steps/index.cjs.js.map +1 -1
  50. package/flow/steps/index.d.ts +1 -1
  51. package/flow/steps/index.d.ts.map +1 -1
  52. package/flow/steps/index.esm.js +85 -37
  53. package/flow/steps/index.esm.js.map +1 -1
  54. package/index.cjs.js +9223 -9172
  55. package/index.cjs.js.map +1 -1
  56. package/index.d.ts +3 -1
  57. package/index.d.ts.map +1 -1
  58. package/index.esm.js +9220 -9173
  59. package/index.esm.js.map +1 -1
  60. package/package.json +14 -1
  61. package/workspace/discovery/changelog-path.d.ts +3 -7
  62. package/workspace/discovery/changelog-path.d.ts.map +1 -1
  63. package/workspace/discovery/index.cjs.js +84 -5
  64. package/workspace/discovery/index.cjs.js.map +1 -1
  65. package/workspace/discovery/index.esm.js +84 -5
  66. package/workspace/discovery/index.esm.js.map +1 -1
  67. package/workspace/index.cjs.js +84 -5
  68. package/workspace/index.cjs.js.map +1 -1
  69. package/workspace/index.esm.js +84 -5
  70. package/workspace/index.esm.js.map +1 -1
package/changelog/index.esm.js CHANGED
@@ -2840,11 +2840,22 @@ function isWhitespace$1(char) {
2840
2840
  }
2841
2841
 
2842
2842
  /**
2843
- * Changelog Parser
2843
+ * Validates that a URL is actually a GitHub URL by parsing it properly.
2844
+ * This prevents SSRF attacks where 'github.com' could appear in path/query.
2844
2845
  *
2845
- * Parses a changelog markdown string into a structured Changelog object.
2846
- * Uses a state machine tokenizer for ReDoS-safe parsing.
2846
+ * @param url - The URL string to validate
2847
+ * @returns True if the URL host is github.com or a subdomain
2847
2848
  */
2849
+ function isGitHubUrl(url) {
2850
+ try {
2851
+ const parsed = createURL(url);
2852
+ // Check that the host is exactly github.com or ends with .github.com
2853
+ return parsed.host === 'github.com' || parsed.host.endsWith('.github.com');
2854
+ }
2855
+ catch {
2856
+ return false;
2857
+ }
2858
+ }
2848
2859
  /**
2849
2860
  * Parses a changelog markdown string into a Changelog object.
2850
2861
  *
@@ -2912,7 +2923,7 @@ function parseHeader(state) {
2912
2923
  description.push(`[${token.value}](${nextToken.value})`);
2913
2924
  links.push({ label: token.value, url: nextToken.value });
2914
2925
  // Try to detect repository URL
2915
- if (!state.repositoryUrl && nextToken.value.includes('github.com')) {
2926
+ if (!state.repositoryUrl && isGitHubUrl(nextToken.value)) {
2916
2927
  state.repositoryUrl = extractRepoUrl(nextToken.value);
2917
2928
  }
2918
2929
  advance(state); // skip link-text