Merge pull request #221 from snyk/fix/fix-regex-redos

fix: avoid redos by replacing regex with string split
snyk · May 7, 2024 · 8981b82 · 8981b82
2 parents 9e24962 + 1f63d42
commit 8981b82
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/lib/dep-graph-builders/pnpm/lockfile-parser/lockfile-v6.ts b/lib/dep-graph-builders/pnpm/lockfile-parser/lockfile-v6.ts
@@ -71,8 +71,7 @@ export class LockfileV6Parser extends PnpmLockfileParser {
   // Dependency path and versions include transitive peer dependencies encapsulated in dependencies
   // e.g. '/cdktf-cli@0.20.3(ink@3.2.0)(react@17.0.2)' -> cdktf-cli@0.20.3
   public excludeTransPeerDepsVersions(fullVersionStr: string): string {
-    const match = fullVersionStr.match(/([^)]*)\(/);
-    return match?.[1] ?? fullVersionStr;
+    return fullVersionStr.split('(')[0];
   }
 
   public static isAbsoluteDepenencyPath(dependencyPath: string): boolean {