Update dependency semver to v7.7.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
semver	7.3.5 → 7.7.3

---

Release Notes

npm/node-semver (semver)

v7.7.3

Compare Source

Bug Fixes

• e37e0ca #​813 faster paths for compare (#​813) (@​H4ad)
• 2471d75 #​811 x-range build metadata support (i529015)

Chores

• 8f05c87 #​807 bump @​npmcli/template-oss from 4.25.0 to 4.25.1 (#​807) (@​dependabot[bot], @​owlstronaut)

v7.7.2

Compare Source

Bug Fixes

• fcafb61 #​780 add missing 'use strict' directives (#​780) (@​Fdawgs)
• c99f336 #​781 prerelease identifier starting with digits (#​781) (@​mbtools)

Chores

• c760403 #​784 template-oss-apply for workflow permissions (#​784) (@​wraithgar)
• 2677f2a #​778 bump @​npmcli/template-oss from 4.23.6 to 4.24.3 (#​778) (@​dependabot[bot], @​npm-cli-bot)

v7.7.1

Compare Source

Bug Fixes

• af761c0 #​764 inc: fully capture prerelease identifier (#​764) (@​wraithgar)

v7.7.0

Compare Source

Features

• 0864b3c #​753 add "release" inc type (#​753) (@​mbtools)

Bug Fixes

• d588e37 #​755 diff: fix prerelease to stable version diff logic (#​755) (@​eminberkayd, berkay.daglar)
• 8a34bde #​754 add identifier validation to inc() (#​754) (@​mbtools)

Documentation

• 67e5478 #​756 readme: added missing period for consistency (#​756) (@​shaymolcho)
• 868d4bb #​749 clarify comment about obsolete prefixes (#​749) (@​mbtools, @​ljharb)

Chores

• 145c554 #​741 bump @​npmcli/eslint-config from 4.0.5 to 5.0.0 (@​dependabot[bot])
• 753e02b #​747 bump @​npmcli/template-oss from 4.23.3 to 4.23.4 (#​747) (@​dependabot[bot], @​npm-cli-bot)
• 0b812d5 #​744 postinstall for dependabot template-oss PR (@​hashtagchris)

v7.6.3

Compare Source

Bug Fixes

• 73a3d79 #​726 optimize Range parsing and formatting (#​726) (@​jviide)

Documentation

• 2975ece #​719 fix extra backtick typo (#​719) (@​stdavis)

v7.6.2

Compare Source

Bug Fixes

• 6466ba9 #​713 lru: use map.delete() directly (#​713) (@​negezor, @​lukekarrys)

v7.6.1

Compare Source

Bug Fixes

• c570a34 #​704 linting: no-unused-vars (@​wraithgar)
• ad8ff11 #​704 use internal cache implementation (@​mbtools)
• ac9b357 #​682 typo in compareBuild debug message (#​682) (@​mbtools)

Dependencies

• 988a8de #​709 uninstall lru-cache (#​709)
• 3fabe4d #​704 remove lru-cache

Chores

• dd09b60 #​705 bump @​npmcli/template-oss to 4.22.0 (@​lukekarrys)
• ec49cdc #​701 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• b236c3d #​696 add benchmarks (#​696) (@​H4ad)
• 692451b #​688 various improvements to README (#​688) (@​mbtools)
• 5feeb7f #​705 postinstall for dependabot template-oss PR (@​lukekarrys)
• 074156f #​701 bump @​npmcli/template-oss from 4.21.3 to 4.21.4 (@​dependabot[bot])

v7.6.0

Compare Source

Features

• a7ab13a #​671 preserve pre-release and build parts of a version on coerce (#​671) (@​madtisa, madtisa, @​wraithgar)

Chores

• 816c7b2 #​667 postinstall for dependabot template-oss PR (@​lukekarrys)
• 0bd24d9 #​667 bump @​npmcli/template-oss from 4.21.1 to 4.21.3 (@​dependabot[bot])
• e521932 #​652 postinstall for dependabot template-oss PR (@​lukekarrys)
• 8873991 #​652 chore: chore: postinstall for dependabot template-oss PR (@​lukekarrys)
• f317dc8 #​652 bump @​npmcli/template-oss from 4.19.0 to 4.21.0 (@​dependabot[bot])
• 7303db1 #​658 add clean() test for build metadata (#​658) (@​jethrodaniel)
• 6240d75 #​656 add missing quotes in README.md (#​656) (@​zyxkad)
• 14d263f #​625 postinstall for dependabot template-oss PR (@​lukekarrys)
• 7c34e1a #​625 bump @​npmcli/template-oss from 4.18.1 to 4.19.0 (@​dependabot[bot])
• 123e0b0 #​622 postinstall for dependabot template-oss PR (@​lukekarrys)
• 737d5e1 #​622 bump @​npmcli/template-oss from 4.18.0 to 4.18.1 (@​dependabot[bot])
• cce6180 #​598 postinstall for dependabot template-oss PR (@​lukekarrys)
• b914a3d #​598 bump @​npmcli/template-oss from 4.17.0 to 4.18.0 (@​dependabot[bot])

v7.5.4

Compare Source

Bug Fixes

• cc6fde2 #​588 trim each range set before parsing (@​lukekarrys)
• 99d8287 #​583 correctly parse long build ids as valid (#​583) (@​lukekarrys)

v7.5.3

Compare Source

Bug Fixes

• abdd93d #​571 set max lengths in regex for numeric and build identifiers (#​571) (@​lukekarrys)

Documentation

• bf53dd8 #​569 add example for > comparator (#​569) (@​mbtools)

v7.5.2

Compare Source

Bug Fixes

• 58c791f #​566 diff when detecting major change from prerelease (#​566) (@​lukekarrys)
• 5c8efbc #​565 preserve build in raw after inc (#​565) (@​lukekarrys)
• 717534e #​564 better handling of whitespace (#​564) (@​lukekarrys)

v7.5.1

Compare Source

Bug Fixes

• d30d25a #​559 show type on invalid semver error (#​559) (@​tjenkinson)

v7.5.0

Compare Source

Features

• 503a4e5 #​548 allow identifierBase to be false (#​548) (@​lsvalina)

Bug Fixes

• e219bb4 #​552 throw on bad version with correct error message (#​552) (@​wraithgar)
• fc2f3df #​546 incorrect results from diff sometimes with prerelease versions (#​546) (@​tjenkinson)
• 2781767 #​547 avoid re-instantiating SemVer during diff compare (#​547) (@​macno)

v7.4.0

Compare Source

Features

• 113f513 #​532 identifierBase parameter for .inc (#​532) (@​wraithgar, @​b-bly)
• 48d8f8f #​530 export new RELEASE_TYPES constant (@​hcharley)

Bug Fixes

• 940723d #​538 intersects with v0.0.0 and v0.0.0-0 (#​538) (@​wraithgar)
• aa516b5 #​535 faster parse options (#​535) (@​H4ad)
• 61e6ea1 #​536 faster cache key factory for range (#​536) (@​H4ad)
• f8b8b61 #​541 optimistic parse (#​541) (@​H4ad)
• 796cbe2 #​533 semver.diff prerelease to release recognition (#​533) (@​wraithgar, @​dominique-blockchain)
• 3f222b1 #​537 reuse comparators on subset (#​537) (@​H4ad)
• f66cc45 #​539 faster diff (#​539) (@​H4ad)

Documentation

• c5d29df #​530 Add "Constants" section to README (@​hcharley)

v7.3.8

Compare Source

Bug Fixes

• d8ef32c #​383 add support for node.js esm auto exports (#​383) (@​MylesBorins)

Documentation

• 7209b14 #​477 update range.js comments to clarify the caret ranges examples (#​477) (@​amitse)

7.3.7 (2022-04-11)

Bug Fixes

• allow node >=10 (85b269a)
• bin: get correct value from arg separated by equals (#​449) (4ceca76), closes #​431
• ensure SemVer instance passed to inc are not modified (#​427) (f070dde)
• inc prerelease with numeric preid (#​380) (802e161)

Dependencies

• revert to lru-cache@​6 (22ae54d)

7.3.6 (2022-04-05)

Bug Fixes

• #​329 (cb1ca1d)
• properly escape dots in GTE0 regexes (#​432) (11494f1)
• replace deprecated String.prototype.substr() (#​445) (e2d55e7)
• replace regex used to split ranges (#​434) (9ab7b71)

Documentation

• clarify * range behavior (cb1ca1d)

Dependencies

• lru-cache@​7.4.0 (#​442) (9a3064c)
• tap@​16.0.0 (#​439) (60cbb3f)

v7.3.7

Compare Source

Bug Fixes

• d8ef32c #​383 add support for node.js esm auto exports (#​383) (@​MylesBorins)

Documentation

• 7209b14 #​477 update range.js comments to clarify the caret ranges examples (#​477) (@​amitse)

7.3.7 (2022-04-11)

Bug Fixes

• allow node >=10 (85b269a)
• bin: get correct value from arg separated by equals (#​449) (4ceca76), closes #​431
• ensure SemVer instance passed to inc are not modified (#​427) (f070dde)
• inc prerelease with numeric preid (#​380) (802e161)

Dependencies

• revert to lru-cache@​6 (22ae54d)

7.3.6 (2022-04-05)

Bug Fixes

• #​329 (cb1ca1d)
• properly escape dots in GTE0 regexes (#​432) (11494f1)
• replace deprecated String.prototype.substr() (#​445) (e2d55e7)
• replace regex used to split ranges (#​434) (9ab7b71)

Documentation

• clarify * range behavior (cb1ca1d)

Dependencies

• lru-cache@​7.4.0 (#​442) (9a3064c)
• tap@​16.0.0 (#​439) (60cbb3f)

v7.3.6

Compare Source

Bug Fixes

• d8ef32c #​383 add support for node.js esm auto exports (#​383) (@​MylesBorins)

Documentation

• 7209b14 #​477 update range.js comments to clarify the caret ranges examples (#​477) (@​amitse)

7.3.7 (2022-04-11)

Bug Fixes

• allow node >=10 (85b269a)
• bin: get correct value from arg separated by equals (#​449) (4ceca76), closes #​431
• ensure SemVer instance passed to inc are not modified (#​427) (f070dde)
• inc prerelease with numeric preid (#​380) (802e161)

Dependencies

• revert to lru-cache@​6 (22ae54d)

7.3.6 (2022-04-05)

Bug Fixes

• #​329 (cb1ca1d)
• properly escape dots in GTE0 regexes (#​432) (11494f1)
• replace deprecated String.prototype.substr() (#​445) (e2d55e7)
• replace regex used to split ranges (#​434) (9ab7b71)

Documentation

• clarify * range behavior (cb1ca1d)

Dependencies

• lru-cache@​7.4.0 (#​442) (9a3064c)
• tap@​16.0.0 (#​439) (60cbb3f)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Key Changes from 7.3.5 to 7.7.3:

• Dependency removal: Major improvement - removed lru-cache dependency and implemented internal caching (v7.6.1)
• Performance optimizations: Faster comparison paths, optimized range parsing, and improved diff performance
• Bug fixes: Better prerelease handling, improved validation, enhanced regex patterns, and stricter mode support
• New features: Added "release" increment type (v7.7.0) and improved coerce functionality to preserve pre-release parts
• Security improvements: Added validation for prerelease identifiers starting with digits, regex length limits
• ESM support: Added Node.js ESM auto exports compatibility

No Breaking Changes: All changes are backward compatible. The API surface used by Piston remains unchanged.

🎯 Impact Scope Investigation

Semver Usage in Piston:

• api/src/runtime.js:127: semver.parse() - Parse package versions
• api/src/runtime.js:203,220: semver.satisfies() - Match runtime versions
• api/src/runtime.js:212: semver.rcompare() - Sort versions for latest selection
• api/src/package.js:18: semver.parse() - Parse package versions
• api/src/package.js:222: semver.satisfies() - Match available packages
• api/src/package.js:226: semver.rcompare() - Sort package candidates
• cli/commands/ppman_commands/spec.js:13,74: semver.satisfies() and semver.rcompare() - Package management

Impact Assessment:

• All functions used (parse, satisfies, rcompare) maintain backward compatibility
• Internal caching improvements should provide performance benefits with no API changes
• Enhanced validation and bug fixes improve reliability without affecting existing behavior
• No configuration changes required

Dependency Changes:

• Removal of lru-cache dependency reduces attack surface and bundle size
• No new external dependencies introduced
• Cleaner dependency tree improves security posture

💡 Recommended Actions

Safe to merge immediately:

• All semver API functions used by Piston are fully backward compatible
• Performance improvements and bug fixes enhance system reliability
• Dependency reduction improves security and reduces bundle size
• No code modifications required in Piston codebase

Optional follow-up actions:

• Consider testing package installation/management functionality after deployment to verify improved performance
• Monitor for any edge cases in version parsing, though none are expected based on usage patterns

🔗 Reference Links

• Semver CHANGELOG
• Release diff: 7.3.5 to 7.7.3
• npm/node-semver Repository

Generated by koki-develop/claude-renovate-review