Use Perl regular expressions for version check (#21)

* Update axios version check

Use Perl regular expressions to check semantic versioning other than 0.21.1
`(?!0\\.21\\.1)(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?`
Cf. https://regex101.com/r/vkijKf/1/

* Update Step 3 instructions to reflect axios update

* Update minimist version check

Use Perl regular expressions to check semantic versioning other than 1.2.5

* Update names of action-check-file steps

* Update copyright year in README.md

* Commit suggestion in 2-dependabot-alerts.yml

any number of WS characters

Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>

* Tolerate `[\ \\n\\r\\t]` after `:`

See: https://www.json.org/json-en.html

* Escape `.` to `\\.`

* Negative lookbehind for any patch before

`1\\.2\\.[0-5]`
`0\\.21\\.[01]`

---------

Co-authored-by: Kevin Heis <heiskr@users.noreply.github.com>

.github/steps/3-dependabot-security.md

@@ -11,7 +11,7 @@ We manually created the pull request for the `Prototype Pollution in minimist` a
 ### :keyboard: Activity: Enable and trigger Dependabot security updates
 
 1. Navigate to the `Settings` tab, select `Code security and analysis`, and enable the `Dependabot security updates`.
-1. Navigate to the `Pull requests` repository tab and select the newly created pull request titled **Bump axios from 0.21.1 to 0.21.2 in /code/src/AttendeeSite**.
+1. Navigate to the `Pull requests` repository tab and select the newly created pull request that updates axios from version 0.21.1 to a patched version.
    - You may need to wait 30-60 seconds.
 1. Click the `Merge pull request` button.
 1. Click `Confirm merge`.

.github/workflows/1-dependency-graph.yml

@@ -53,11 +53,11 @@ jobs:
         uses: actions/checkout@v4
 
       # Verify the learner added the file contents.
-      - name: Check workflow contents, jobs
+      - name: Check package-lock.json
         uses: skills/action-check-file@v1
         with:
           file: "code/src/AttendeeSite/package-lock.json"
-          search: "1.14.1"
+          search: "1\\.14\\.1"
 
       # In README.md, switch step 1 for step 2.
       - name: Update to step 2

.github/workflows/2-dependabot-alerts.yml

@@ -55,18 +55,18 @@ jobs:
           fetch-depth: 0 # Let's get all the branches.
 
       # Verify the PR updated package.json.
-      - name: Check package.json
+      - name: Check package.json for minimist version other than 1.2.5
         uses: skills/action-check-file@v1
         with:
           file: "code/src/AttendeeSite/package.json"
-          search: "1.2.6"
+          search: "\"minimist\":[\ \\n\\r\\t]*\"\\^(?!1\\.2\\.[0-5])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?\""
 
       # Verify the PR updated package-lock.json.
-      - name: Check package.json
+      - name: Check package-lock.json for minimist version other than 1.2.5
         uses: skills/action-check-file@v1
         with:
           file: "code/src/AttendeeSite/package-lock.json"
-          search: "1.2.6"
+          search: "minimist-(?!1\\.2\\.[0-5])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?"
 
       # In README.md, switch step 2 for step 3.
       - name: Update to step 3

.github/workflows/3-dependabot-security.yml

@@ -55,18 +55,18 @@ jobs:
           fetch-depth: 0 # Let's get all the branches.
 
       # Verify the PR added the dependabot changes.
-      - name: Check package for axios version 1.6.0
+      - name: Check package.json for axios version other than 0.21.1
         uses: skills/action-check-file@v1
         with:
           file: "code/src/AttendeeSite/package.json"
-          search: "1.6.0"
+          search: "\"axios\":[\ \\n\\r\\t]*\"\\^(?!0\\.21\\.[01])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?\""
 
       # Verify the PR added the dependabot changes.
-      - name: Check package-lock for axios version 1.6.0
+      - name: Check package-lock.json for axios version other than 0.21.1
         uses: skills/action-check-file@v1
         with:
           file: "code/src/AttendeeSite/package-lock.json"
-          search: "1.6.0"
+          search: "axios-(?!0\\.21\\.[01])(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)\\.(0|[1-9][0-9]*)(?:-((?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?"
 
       # In README.md, switch step 3 for step 4.
       - name: Update to step 4

.github/workflows/4-dependabot-versions.yml

@@ -57,7 +57,7 @@ jobs:
           fetch-depth: 0 # Let's get all the branches.
 
       # Verify the learner added the file contents.
-      - name: Check workflow contents, jobs
+      - name: Check dependabot.yml
         uses: skills/action-check-file@v1
         with:
           file: ".github/dependabot.yml"

README.md

@@ -69,6 +69,6 @@ In this course, you will:
 
 Get help: [Post in our discussion board](https://github.com/skills/.github/discussions) • [Review the GitHub status page](https://www.githubstatus.com/)
 
-© 2023 GitHub • [Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md) • [MIT License](https://gh.io/mit)
+© 2024 GitHub • [Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/code_of_conduct.md) • [MIT License](https://gh.io/mit)
 
 </footer>