From 99dc697409e1eb42caaf0c0e38fa41635d89a871 Mon Sep 17 00:00:00 2001 From: Gar Date: Tue, 12 Jul 2022 10:26:46 -0700 Subject: [PATCH] deps: @npmcli/run-script@4.1.7 * unique filename for temporary script files * correctly translate paths when using bash in windows --- node_modules/@npmcli/run-script/lib/escape.js | 2 +- .../@npmcli/run-script/lib/make-spawn-args.js | 24 +++++++++---------- node_modules/@npmcli/run-script/package.json | 2 +- package-lock.json | 8 +++---- package.json | 2 +- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/node_modules/@npmcli/run-script/lib/escape.js b/node_modules/@npmcli/run-script/lib/escape.js index 3c574371bcf94..303100d337eb7 100644 --- a/node_modules/@npmcli/run-script/lib/escape.js +++ b/node_modules/@npmcli/run-script/lib/escape.js @@ -68,7 +68,7 @@ const sh = (input) => { // disabling the no-control-regex rule for this line as we very specifically _do_ want to // replace those characters if they somehow exist at this point, which is highly unlikely // eslint-disable-next-line no-control-regex -const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x31]/g, '') +const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x1F]/g, '') module.exports = { cmd, diff --git a/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/node_modules/@npmcli/run-script/lib/make-spawn-args.js index 47f73463011be..f2253d7cc607b 100644 --- a/node_modules/@npmcli/run-script/lib/make-spawn-args.js +++ b/node_modules/@npmcli/run-script/lib/make-spawn-args.js @@ -1,12 +1,19 @@ /* eslint camelcase: "off" */ const isWindows = require('./is-windows.js') const setPATH = require('./set-path.js') -const { chmodSync: chmod, unlinkSync: unlink, writeFileSync: writeFile } = require('fs') +const { unlinkSync: unlink, writeFileSync: writeFile } = require('fs') const { tmpdir } = require('os') -const { isAbsolute, resolve } = require('path') +const { resolve } = require('path') const which = require('which') const npm_config_node_gyp = require.resolve('node-gyp/bin/node-gyp.js') const escape = require('./escape.js') +const { randomBytes } = require('crypto') + +const translateWinPathToPosix = (path) => { + return path + .replace(/^([A-z]):/, '/$1') + .replace(/\\/g, '/') +} const makeSpawnArgs = options => { const { @@ -30,7 +37,7 @@ const makeSpawnArgs = options => { npm_config_node_gyp, }) - const fileName = escape.filename(`${event}-${Date.now()}`) + const fileName = escape.filename(`${event}-${randomBytes(4).toString('hex')}`) let scriptFile let script = '' @@ -69,24 +76,17 @@ const makeSpawnArgs = options => { script += ` ${args.map((arg) => escape.cmd(arg, doubleEscape)).join(' ')}` } } else { - const shebang = isAbsolute(scriptShell) - ? `#!${scriptShell}` - : `#!/usr/bin/env ${scriptShell}` scriptFile = resolve(tmpdir(), `${fileName}.sh`) - script += `${shebang}\n` - script += cmd + script = cmd if (args.length) { script += ` ${args.map((arg) => escape.sh(arg)).join(' ')}` } } writeFile(scriptFile, script) - if (!isCmd) { - chmod(scriptFile, '0775') - } const spawnArgs = isCmd ? ['/d', '/s', '/c', escape.cmd(scriptFile)] - : ['-c', escape.sh(scriptFile)] + : [isWindows ? translateWinPathToPosix(scriptFile) : scriptFile] const spawnOpts = { env: spawnEnv, diff --git a/node_modules/@npmcli/run-script/package.json b/node_modules/@npmcli/run-script/package.json index 1ce162dd8d19a..c096f39421bf1 100644 --- a/node_modules/@npmcli/run-script/package.json +++ b/node_modules/@npmcli/run-script/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/run-script", - "version": "4.1.5", + "version": "4.1.7", "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", "author": "GitHub Inc.", "license": "ISC", diff --git a/package-lock.json b/package-lock.json index 613a2379e236f..282547418a0b6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -94,7 +94,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.5", + "@npmcli/run-script": "^4.1.7", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1", @@ -1044,9 +1044,9 @@ } }, "node_modules/@npmcli/run-script": { - "version": "4.1.5", - "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.5.tgz", - "integrity": "sha512-FyrZkZ+O0bCnQqm+mRb6sKbEJgyJudInwFN84gCcMUcxrWkR15Ags1uOHwnxHYdpj3T5eqrCZNW/Ys20MGTQ6Q==", + "version": "4.1.7", + "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.7.tgz", + "integrity": "sha512-WXr/MyM4tpKA4BotB81NccGAv8B48lNH0gRoILucbcAhTQXLCoi6HflMV3KdXubIqvP9SuLsFn68Z7r4jl+ppw==", "inBundle": true, "dependencies": { "@npmcli/node-gyp": "^2.0.0", diff --git a/package.json b/package.json index c5102c34dc0ac..2f7eaa14f8cef 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.5", + "@npmcli/run-script": "^4.1.7", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1",