From dd6232817d8c86afa4eb27ec1f62278893443163 Mon Sep 17 00:00:00 2001 From: nlf Date: Mon, 27 Jun 2022 10:13:36 -0700 Subject: [PATCH] deps: @npmcli/run-script@4.1.4 --- node_modules/@npmcli/run-script/lib/escape.js | 6 ++++++ node_modules/@npmcli/run-script/lib/make-spawn-args.js | 5 +++-- node_modules/@npmcli/run-script/package.json | 6 +----- package-lock.json | 8 ++++---- package.json | 2 +- 5 files changed, 15 insertions(+), 12 deletions(-) diff --git a/node_modules/@npmcli/run-script/lib/escape.js b/node_modules/@npmcli/run-script/lib/escape.js index 5254be24bf7ab..3c574371bcf94 100644 --- a/node_modules/@npmcli/run-script/lib/escape.js +++ b/node_modules/@npmcli/run-script/lib/escape.js @@ -65,7 +65,13 @@ const sh = (input) => { return result } +// disabling the no-control-regex rule for this line as we very specifically _do_ want to +// replace those characters if they somehow exist at this point, which is highly unlikely +// eslint-disable-next-line no-control-regex +const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x31]/g, '') + module.exports = { cmd, sh, + filename, } diff --git a/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/node_modules/@npmcli/run-script/lib/make-spawn-args.js index 660588e3ee9aa..47f73463011be 100644 --- a/node_modules/@npmcli/run-script/lib/make-spawn-args.js +++ b/node_modules/@npmcli/run-script/lib/make-spawn-args.js @@ -30,6 +30,7 @@ const makeSpawnArgs = options => { npm_config_node_gyp, }) + const fileName = escape.filename(`${event}-${Date.now()}`) let scriptFile let script = '' @@ -61,7 +62,7 @@ const makeSpawnArgs = options => { const doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat') - scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.cmd`) + scriptFile = resolve(tmpdir(), `${fileName}.cmd`) script += '@echo off\n' script += cmd if (args.length) { @@ -71,7 +72,7 @@ const makeSpawnArgs = options => { const shebang = isAbsolute(scriptShell) ? `#!${scriptShell}` : `#!/usr/bin/env ${scriptShell}` - scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.sh`) + scriptFile = resolve(tmpdir(), `${fileName}.sh`) script += `${shebang}\n` script += cmd if (args.length) { diff --git a/node_modules/@npmcli/run-script/package.json b/node_modules/@npmcli/run-script/package.json index ef8b43f772de1..14e2a33baf647 100644 --- a/node_modules/@npmcli/run-script/package.json +++ b/node_modules/@npmcli/run-script/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/run-script", - "version": "4.1.3", + "version": "4.1.4", "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", "author": "GitHub Inc.", "license": "ISC", @@ -17,10 +17,6 @@ "posttest": "npm run lint", "template-oss-apply": "template-oss-apply --force" }, - "tap": { - "check-coverage": true, - "coverage-map": "map.js" - }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", "@npmcli/template-oss": "3.5.0", diff --git a/package-lock.json b/package-lock.json index 54416be8b80a3..3f55a9f38945a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -93,7 +93,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.3", + "@npmcli/run-script": "^4.1.4", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1", @@ -1042,9 +1042,9 @@ } }, "node_modules/@npmcli/run-script": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.3.tgz", - "integrity": "sha512-xb47c2KMkn6ERw2AwPPGKIITbWoXOT1yDV5rU3SYeC1vksYOodbgN0pnOptIVnRgS2e9G8R7BVDVm8lWp92unQ==", + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.4.tgz", + "integrity": "sha512-1Qk/EsHBKc40XkN1dF79ztae+ua9jEjDupU0rQgO/k+94t7eFjXGN/baRvA00aEOJuTZ4VjwlC2u+XECImJi5w==", "inBundle": true, "dependencies": { "@npmcli/node-gyp": "^2.0.0", diff --git a/package.json b/package.json index a9d84ab62ce15..4f1668ea27151 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.3", + "@npmcli/run-script": "^4.1.4", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1",