Skip to content

fix(version): Extract shared validation and fix generated formatting#375

Open
cameroncooke wants to merge 1 commit intomainfrom
cam/fix-368-369
Open

fix(version): Extract shared validation and fix generated formatting#375
cameroncooke wants to merge 1 commit intomainfrom
cam/fix-368-369

Conversation

@cameroncooke
Copy link
Copy Markdown
Collaborator

@cameroncooke cameroncooke commented Apr 28, 2026

Extract the version regex and validation into a shared module, then reuse it from both the version generator script and its validation test.

This removes duplicate semver validation logic that previously had to be kept in sync manually, and it closes the follow-up maintainability gap left after #289.

The generated src/version.ts output now uses single-quoted literals again instead of JSON.stringify(...) output. That resolves the Prettier formatting conflict directly, so the temporary eslint ignore for src/version.ts is removed.

Fixes #368
Fixes #369

@cameroncooke @codex
fix(version): Share version validation and restore single-quote output
beb6e1b 
Extract VERSION_REGEX and validateVersion into a shared module used by the generator and validation tests, so regex updates only happen in one place.

Switch generated src/version.ts literals back to single quotes to align with Prettier and remove the eslint ignore carve-out for that generated file.

Fixes #368
Fixes #369
Co-Authored-By: OpenAI Codex <codex@openai.com>
@pkg-pr-new
Copy link
Copy Markdown

pkg-pr-new Bot commented Apr 28, 2026

Open in StackBlitz

npm i https://pkg.pr.new/xcodebuildmcp@375

commit: beb6e1b

@cameroncooke cameroncooke marked this pull request as ready for review April 29, 2026 08:17
cursor[bot]
cursor Bot reviewed Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit beb6e1b. Configure here.

Comment thread scripts/generate-version.ts
`export const macOSTemplateVersion = '${pkg.macOSTemplateVersion}';\n` +
`export const packageName = '${pkg.name}';\n` +
`export const repositoryOwner = '${repo.owner}';\n` +
`export const repositoryName = '${repo.name}';\n`;
Copy link
Copy Markdown
Contributor

@cursor cursor Bot Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unescaped interpolation of unvalidated values into generated code

Medium Severity

The switch from JSON.stringify(...) to single-quote template literal interpolation removes escaping for pkg.name, repo.owner, and repo.name — none of which are validated by validateVersion(). If any of these values contain a single quote, backslash, or other special character, the generated src/version.ts would contain broken or injectable TypeScript. The prior JSON.stringify defense-in-depth was deliberate and its corresponding tests have also been removed.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit beb6e1b. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Resolve JSON.stringify vs prettier conflict in generated src/version.ts Refactor: Extract VERSION_REGEX and validateVersion into a shared module

1 participant

@cameroncooke