diff --git a/phpcs.xml.dist b/phpcs.xml.dist
index b847fced..05dc92b8 100644
--- a/phpcs.xml.dist
+++ b/phpcs.xml.dist
@@ -18,6 +18,10 @@
+
+ src/Roave/SecurityAdvisories/Matchers.php
+
+
build-conflicts.php
public
src
diff --git a/src/Roave/SecurityAdvisories/Flag.php b/src/Roave/SecurityAdvisories/Flag.php
index f36e50d6..d6f2d33f 100644
--- a/src/Roave/SecurityAdvisories/Flag.php
+++ b/src/Roave/SecurityAdvisories/Flag.php
@@ -23,7 +23,7 @@
final class Flag
{
/**
- * within extent of same version patch flag is of the highest priority
+ * Represent flags priority from 0 as lowest to 5 as highest
* e.g. 1.1-alpha < 1.1-beta < 1.1-rc < 1.1-stable < 1.1 < 1.1-p
*/
private const PRIORITY = [
diff --git a/src/Roave/SecurityAdvisories/Matchers.php b/src/Roave/SecurityAdvisories/Matchers.php
index 384df409..bdbd66fc 100644
--- a/src/Roave/SecurityAdvisories/Matchers.php
+++ b/src/Roave/SecurityAdvisories/Matchers.php
@@ -20,44 +20,25 @@
namespace Roave\SecurityAdvisories;
-/**
- * @see https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string
- *
- * @fixme: throw this garbage away and use existing regexp from semver.org
- */
final class Matchers
{
- // pattern that matches full version only, without boundary sign
- public const TAGGED_VERSION_MATCHER = '\s*(?(?:\d+\.)*\d+)' .
- '(?:-' . // dash is required for correct version
- '(?stable|beta|b|rc|alpha|a|patch|p)' .
- '[._-]?' .
- '(?(?:\d+\.)*\d+)?' .
- ')?\s*';
-
- private const UNTAGGED_VERSION_MATCHER = '((?:\d+\.)*\d+)' .
- '(?:-' .
- '(stable|beta|b|rc|alpha|a|patch|p)' .
- '[._-]?' .
- '((?:\d+\.)*\d+)?' .
- ')?';
-
- // pattern that ensures we have a correct boundary in the right place
- public const BOUNDARY_MATCHER = '/^\s*(?<|<=|=|>=|>)\s*' .
- self::TAGGED_VERSION_MATCHER .
- '\s*$/';
-
- public const CLOSED_RANGE_MATCHER = '/^>(=?)\s*' .
- self::UNTAGGED_VERSION_MATCHER .
- '\s*,\s*<(=?)\s*' .
- self::UNTAGGED_VERSION_MATCHER .
- '$/';
-
- public const LEFT_OPEN_RANGE_MATCHER = '/^<(=?)\s*' .
- self::UNTAGGED_VERSION_MATCHER .
- '$/';
-
- public const RIGHT_OPEN_RANGE_MATCHER = '/^>(=?)\s*' .
- self::UNTAGGED_VERSION_MATCHER .
- '$/';
+ /*
+ * Pattern that matches full version only, without boundary sign.
+ * Was "inspired" by semver regexp -- https://github.com/composer/semver/blob/master/src/VersionParser.php
+ * Regular expression was tailored to the needs of the package and catches:
+ * - main version, e.g. 2.1.0
+ * - stability flag, e.g. alpha, beta and etc.
+ * - stability numbers
+ */
+ public const TAGGED_VERSION_MATCHER = '\s*(?(?:\d+\.)*\d+)(?:-(?stable|beta|b|rc|alpha|a|patch|p)[._-]?(?(?:\d+\.)*\d+)?)?\s*';
+
+ private const UNTAGGED_VERSION_MATCHER = '((?:\d+\.)*\d+)(?:-(stable|beta|b|rc|alpha|a|patch|p)[._-]?((?:\d+\.)*\d+)?)?';
+
+ public const BOUNDARY_MATCHER = '/^\s*(?<|<=|=|>=|>)\s*' . self::TAGGED_VERSION_MATCHER . '\s*$/';
+
+ public const CLOSED_RANGE_MATCHER = '/^>(=?)\s*' . self::UNTAGGED_VERSION_MATCHER . '\s*,\s*<(=?)\s*' . self::UNTAGGED_VERSION_MATCHER . '$/';
+
+ public const LEFT_OPEN_RANGE_MATCHER = '/^<(=?)\s*' . self::UNTAGGED_VERSION_MATCHER . '$/';
+
+ public const RIGHT_OPEN_RANGE_MATCHER = '/^>(=?)\s*' . self::UNTAGGED_VERSION_MATCHER . '$/';
}