Merge pull request #11422 from SCH227/patch-1

Author: uranusjr

news/11418.trivial.rst

@@ -0,0 +1 @@
+Patch non-exploitable ReDoS vulnerability in wheel_file regex

src/pip/_internal/models/wheel.py

@@ -13,8 +13,8 @@ class Wheel:
     """A wheel file"""
 
     wheel_file_re = re.compile(
-        r"""^(?P<namever>(?P<name>.+?)-(?P<ver>.*?))
-        ((-(?P<build>\d[^-]*?))?-(?P<pyver>.+?)-(?P<abi>.+?)-(?P<plat>.+?)
+        r"""^(?P<namever>(?P<name>[^\s-]+?)-(?P<ver>[^\s-]*?))
+        ((-(?P<build>\d[^-]*?))?-(?P<pyver>[^\s-]+?)-(?P<abi>[^\s-]+?)-(?P<plat>[^\s-]+?)
         \.whl|\.dist-info)$""",
         re.VERBOSE,
     )