From b0fd307feccb66753be41c51b0b0428845e18415 Mon Sep 17 00:00:00 2001 From: Abhijeet Mohanty Date: Tue, 26 May 2026 11:24:21 -0400 Subject: [PATCH] Tighten external_dependency_version_regex to match and <*.version> tags The regex previously only matched version values inside ... elements. Custom Maven property tags like 2.18.6 that carry valid {x-version-update} comments were silently skipped, causing version drift and bannedDependencies failures (see PR #49263 for the immediate fix). The new regex uses a lookahead restricted to closing tags that are either or (e.g. ), rejecting unrelated XML elements like or . Python's re module does not support variable-length lookbehinds, so the pattern uses a fixed-width lookbehind (?<=>) and places the restriction entirely in the lookahead (?=). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- eng/versioning/utils.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/eng/versioning/utils.py b/eng/versioning/utils.py index 0b2117c61c5c..fd663de43256 100644 --- a/eng/versioning/utils.py +++ b/eng/versioning/utils.py @@ -27,7 +27,10 @@ # External dependency versions do not have to match semver format and the semver regular expressions # will partially match and produce some hilarious results. -external_dependency_version_regex = r'(?<=).+?(?=)' +# Match version content inside or custom property tags ending with .version +# (e.g. ). The lookahead restricts to closing tags that are +# either or , rejecting unrelated tags like . +external_dependency_version_regex = r'(?<=>)[^<]+(?=)' # This is the original regular expression for semver. This differs from the # previous one in that start of line and end of line anchors are left in place.