Add dependency name validation in update-dependency.ps1

Added validation to ensure CMake dependency names follow proper naming conventions and prevent potential regex injection attacks. Dependency names must start with a letter and contain only alphanumeric characters, underscores, dots, or hyphens.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: vaind

updater/scripts/update-dependency.ps1

@@ -20,10 +20,14 @@ Set-StrictMode -Version latest
 . "$PSScriptRoot/common.ps1"
 
 # Parse CMake file with dependency name
-if ($Path -match '^(.+\.cmake)(#.+)?$') {
+if ($Path -match '^(.+\.cmake)(#(.+))?$') {
     $Path = $Matches[1]  # Set Path to file for existing logic
-    if ($Matches[2]) {
-        $cmakeDep = $Matches[2].TrimStart('#')
+    if ($Matches[3]) {
+        $cmakeDep = $Matches[3]
+        # Validate dependency name follows CMake naming conventions
+        if ($cmakeDep -notmatch '^[a-zA-Z][a-zA-Z0-9_.-]*$') {
+            throw "Invalid CMake dependency name: '$cmakeDep'. Must start with letter and contain only alphanumeric, underscore, dot, or hyphen."
+        }
     } else {
         $cmakeDep = $null  # Will auto-detect
     }