diff options
| author | Rebecca Turner <me@re-becca.org> | 2016-08-12 01:46:55 +0300 |
|---|---|---|
| committer | Rebecca Turner <me@re-becca.org> | 2016-08-12 01:46:55 +0300 |
| commit | bf78ce5ef5d2d6e95177193cca5362dd27bff968 (patch) | |
| tree | 5ff24ad271c16594a7eda055f20472f13538c937 /node_modules/node-gyp | |
| parent | dc2c2eaf9973ece5d30c0dd57724bc6e9b65765f (diff) | |
minimatch@3.0.3
Update minimatch to 3.0.3 to get fix for ReDOS vuln.
Fixes: https://github.com/npm/npm/issues/13387
PR-URL: https://github.com/npm/npm/pull/13415
Credit: @isaacs
Diffstat (limited to 'node_modules/node-gyp')
8 files changed, 78 insertions, 67 deletions
diff --git a/node_modules/node-gyp/node_modules/minimatch/minimatch.js b/node_modules/node-gyp/node_modules/minimatch/minimatch.js index 830a27246..5b5f8cf44 100644 --- a/node_modules/node-gyp/node_modules/minimatch/minimatch.js +++ b/node_modules/node-gyp/node_modules/minimatch/minimatch.js @@ -9,6 +9,14 @@ try { var GLOBSTAR = minimatch.GLOBSTAR = Minimatch.GLOBSTAR = {} var expand = require('brace-expansion') +var plTypes = { + '!': { open: '(?:(?!(?:', close: '))[^/]*?)'}, + '?': { open: '(?:', close: ')?' }, + '+': { open: '(?:', close: ')+' }, + '*': { open: '(?:', close: ')*' }, + '@': { open: '(?:', close: ')' } +} + // any single thing other than / // don't need to escape / when using new RegExp() var qmark = '[^/]' @@ -277,7 +285,6 @@ function parse (pattern, isSub) { // ? => one single character var patternListStack = [] var negativeLists = [] - var plType var stateChar var inClass = false var reClassStart = -1 @@ -376,11 +383,12 @@ function parse (pattern, isSub) { continue } - plType = stateChar patternListStack.push({ - type: plType, + type: stateChar, start: i - 1, - reStart: re.length + reStart: re.length, + open: plTypes[stateChar].open, + close: plTypes[stateChar].close }) // negation is (?:(?!js)[^/]*) re += stateChar === '!' ? '(?:(?!(?:' : '(?:' @@ -396,24 +404,14 @@ function parse (pattern, isSub) { clearStateChar() hasMagic = true - re += ')' var pl = patternListStack.pop() - plType = pl.type // negation is (?:(?!js)[^/]*) // The others are (?:<pattern>)<type> - switch (plType) { - case '!': - negativeLists.push(pl) - re += ')[^/]*?)' - pl.reEnd = re.length - break - case '?': - case '+': - case '*': - re += plType - break - case '@': break // the default anyway + re += pl.close + if (pl.type === '!') { + negativeLists.push(pl) } + pl.reEnd = re.length continue case '|': @@ -520,7 +518,8 @@ function parse (pattern, isSub) { // Go through and escape them, taking care not to double-escape any // | chars that were already escaped. for (pl = patternListStack.pop(); pl; pl = patternListStack.pop()) { - var tail = re.slice(pl.reStart + 3) + var tail = re.slice(pl.reStart + pl.open.length) + this.debug('setting tail', re, pl) // maybe some even number of \, then maybe 1 \, followed by a | tail = tail.replace(/((?:\\{2}){0,64})(\\?)\|/g, function (_, $1, $2) { if (!$2) { @@ -537,7 +536,7 @@ function parse (pattern, isSub) { return $1 + $1 + $2 + '|' }) - this.debug('tail=%j\n %s', tail, tail) + this.debug('tail=%j\n %s', tail, tail, pl, re) var t = pl.type === '*' ? star : pl.type === '?' ? qmark : '\\' + pl.type diff --git a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/README.md b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/README.md index b0d793ed5..179392978 100644 --- a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/README.md +++ b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/README.md @@ -1,6 +1,6 @@ # brace-expansion -[Brace expansion](https://www.gnu.org/software/bash/manual/html_node/Brace-Expansion.html), +[Brace expansion](https://www.gnu.org/software/bash/manual/html_node/Brace-Expansion.html), as known from sh/bash, in JavaScript. [](http://travis-ci.org/juliangruber/brace-expansion) diff --git a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/index.js b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/index.js index abe535df3..955f27c81 100644 --- a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/index.js +++ b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/index.js @@ -66,6 +66,16 @@ function expandTop(str) { if (!str) return []; + // I don't know why Bash 4.3 does this, but it does. + // Anything starting with {} will have the first two bytes preserved + // but *only* at the top level, so {},a}b will not expand to anything, + // but a{},b}c will be expanded to [a}c,abc]. + // One could argue that this is a bug in Bash, but since the goal of + // this module is to match Bash's rules, we escape a leading {} + if (str.substr(0, 2) === '{}') { + str = '\\{\\}' + str.substr(2); + } + return expand(escapeBraces(str), true).map(unescapeBraces); } @@ -188,3 +198,4 @@ function expand(str, isTop) { return expansions; } + diff --git a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/README.md b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/README.md index d6880b2f3..08e918c0d 100644 --- a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/README.md +++ b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/README.md @@ -47,7 +47,7 @@ object with those keys: If there's no match, `undefined` will be returned. -If the `str` contains more `a` than `b` / there are unmatched pairs, the first match that was closed will be used. For example, `{{a}` will match `['{', 'a', '']`. +If the `str` contains more `a` than `b` / there are unmatched pairs, the first match that was closed will be used. For example, `{{a}` will match `['{', 'a', '']` and `{a}}` will match `['', 'a', '}']`. ### var r = balanced.range(a, b, str) @@ -56,7 +56,7 @@ array with indexes: `[ <a index>, <b index> ]`. If there's no match, `undefined` will be returned. -If the `str` contains more `a` than `b` / there are unmatched pairs, the first match that was closed will be used. For example, `{{a}` will match `[ 1, 3 ]`. +If the `str` contains more `a` than `b` / there are unmatched pairs, the first match that was closed will be used. For example, `{{a}` will match `[ 1, 3 ]` and `{a}}` will match `[0, 2]`. ## Installation diff --git a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/index.js b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/index.js index 4670f7f79..e8d858702 100644 --- a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/index.js +++ b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/index.js @@ -30,7 +30,7 @@ function range(a, b, str) { begs = []; left = str.length; - while (i < str.length && i >= 0 && ! result) { + while (i >= 0 && !result) { if (i == ai) { begs.push(i); ai = str.indexOf(a, i + 1); diff --git a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/package.json b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/package.json index 164bcc5a1..d70555d00 100644 --- a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/package.json +++ b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/node_modules/balanced-match/package.json @@ -10,24 +10,24 @@ "spec": ">=0.4.1 <0.5.0", "type": "range" }, - "/Users/zkat/Documents/code/npm/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion" + "/Users/rebecca/code/npm/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion" ] ], "_from": "balanced-match@>=0.4.1 <0.5.0", - "_id": "balanced-match@0.4.1", + "_id": "balanced-match@0.4.2", "_inCache": true, "_installable": true, - "_location": "/node-gyp/minimatch/brace-expansion/balanced-match", - "_nodeVersion": "6.0.0", + "_location": "/minimatch/brace-expansion/balanced-match", + "_nodeVersion": "4.4.7", "_npmOperationalInternal": { - "host": "packages-12-west.internal.npmjs.com", - "tmp": "tmp/balanced-match-0.4.1.tgz_1462129663650_0.39764496590942144" + "host": "packages-16-east.internal.npmjs.com", + "tmp": "tmp/balanced-match-0.4.2.tgz_1468834991581_0.6590619895141572" }, "_npmUser": { "name": "juliangruber", "email": "julian@juliangruber.com" }, - "_npmVersion": "3.8.6", + "_npmVersion": "2.15.8", "_phantomChildren": {}, "_requested": { "raw": "balanced-match@^0.4.1", @@ -39,13 +39,13 @@ "type": "range" }, "_requiredBy": [ - "/node-gyp/minimatch/brace-expansion" + "/minimatch/brace-expansion" ], - "_resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-0.4.1.tgz", - "_shasum": "19053e2e0748eadb379da6c09d455cf5e1039335", + "_resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-0.4.2.tgz", + "_shasum": "cb3f3e3c732dc0f01ee70b403f302e61d7709838", "_shrinkwrap": null, "_spec": "balanced-match@^0.4.1", - "_where": "/Users/zkat/Documents/code/npm/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion", + "_where": "/Users/rebecca/code/npm/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion", "author": { "name": "Julian Gruber", "email": "mail@juliangruber.com", @@ -57,14 +57,14 @@ "dependencies": {}, "description": "Match balanced character pairs, like \"{\" and \"}\"", "devDependencies": { - "tape": "~4.5.0" + "tape": "^4.6.0" }, "directories": {}, "dist": { - "shasum": "19053e2e0748eadb379da6c09d455cf5e1039335", - "tarball": "https://registry.npmjs.org/balanced-match/-/balanced-match-0.4.1.tgz" + "shasum": "cb3f3e3c732dc0f01ee70b403f302e61d7709838", + "tarball": "https://registry.npmjs.org/balanced-match/-/balanced-match-0.4.2.tgz" }, - "gitHead": "7004b289baaaab6a832f4901735e29d37cc2a863", + "gitHead": "57c2ea29d89a2844ae3bdcc637c6e2cbb73725e2", "homepage": "https://github.com/juliangruber/balanced-match", "keywords": [ "match", @@ -107,5 +107,5 @@ "android-browser/4.2..latest" ] }, - "version": "0.4.1" + "version": "0.4.2" } diff --git a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/package.json b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/package.json index 090c6df1e..a936f8689 100644 --- a/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/package.json +++ b/node_modules/node-gyp/node_modules/minimatch/node_modules/brace-expansion/package.json @@ -10,24 +10,24 @@ "spec": ">=1.0.0 <2.0.0", "type": "range" }, - "/Users/zkat/Documents/code/npm/node_modules/node-gyp/node_modules/minimatch" + "/Users/rebecca/code/npm/node_modules/node-gyp/node_modules/minimatch" ] ], "_from": "brace-expansion@>=1.0.0 <2.0.0", - "_id": "brace-expansion@1.1.5", + "_id": "brace-expansion@1.1.6", "_inCache": true, "_installable": true, - "_location": "/node-gyp/minimatch/brace-expansion", - "_nodeVersion": "4.4.5", + "_location": "/minimatch/brace-expansion", + "_nodeVersion": "4.4.7", "_npmOperationalInternal": { "host": "packages-16-east.internal.npmjs.com", - "tmp": "tmp/brace-expansion-1.1.5.tgz_1465989660138_0.34528115345165133" + "tmp": "tmp/brace-expansion-1.1.6.tgz_1469047715600_0.9362958471756428" }, "_npmUser": { "name": "juliangruber", "email": "julian@juliangruber.com" }, - "_npmVersion": "2.15.5", + "_npmVersion": "2.15.8", "_phantomChildren": {}, "_requested": { "raw": "brace-expansion@^1.0.0", @@ -39,13 +39,13 @@ "type": "range" }, "_requiredBy": [ - "/node-gyp/minimatch" + "/minimatch" ], - "_resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.5.tgz", - "_shasum": "f5b4ad574e2cb7ccc1eb83e6fe79b8ecadf7a526", + "_resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz", + "_shasum": "7197d7eaa9b87e648390ea61fc66c84427420df9", "_shrinkwrap": null, "_spec": "brace-expansion@^1.0.0", - "_where": "/Users/zkat/Documents/code/npm/node_modules/node-gyp/node_modules/minimatch", + "_where": "/Users/rebecca/code/npm/node_modules/node-gyp/node_modules/minimatch", "author": { "name": "Julian Gruber", "email": "mail@juliangruber.com", @@ -60,14 +60,14 @@ }, "description": "Brace expansion as known from sh/bash", "devDependencies": { - "tape": "4.5.1" + "tape": "^4.6.0" }, "directories": {}, "dist": { - "shasum": "f5b4ad574e2cb7ccc1eb83e6fe79b8ecadf7a526", - "tarball": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.5.tgz" + "shasum": "7197d7eaa9b87e648390ea61fc66c84427420df9", + "tarball": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.6.tgz" }, - "gitHead": "ff31acab078f1bb696ac4c55ca56ea24e6495fb6", + "gitHead": "791262fa06625e9c5594cde529a21d82086af5f2", "homepage": "https://github.com/juliangruber/brace-expansion", "keywords": [], "license": "MIT", @@ -109,5 +109,5 @@ "android-browser/4.2..latest" ] }, - "version": "1.1.5" + "version": "1.1.6" } diff --git a/node_modules/node-gyp/node_modules/minimatch/package.json b/node_modules/node-gyp/node_modules/minimatch/package.json index ab248d0dd..16b975354 100644 --- a/node_modules/node-gyp/node_modules/minimatch/package.json +++ b/node_modules/node-gyp/node_modules/minimatch/package.json @@ -14,20 +14,20 @@ ] ], "_from": "minimatch@>=3.0.2 <4.0.0", - "_id": "minimatch@3.0.2", + "_id": "minimatch@3.0.3", "_inCache": true, "_installable": true, - "_location": "/node-gyp/minimatch", + "_location": "/minimatch", "_nodeVersion": "4.4.4", "_npmOperationalInternal": { - "host": "packages-16-east.internal.npmjs.com", - "tmp": "tmp/minimatch-3.0.2.tgz_1466194379770_0.11417287751100957" + "host": "packages-12-west.internal.npmjs.com", + "tmp": "tmp/minimatch-3.0.3.tgz_1470678322731_0.1892083385027945" }, "_npmUser": { "name": "isaacs", "email": "i@izs.me" }, - "_npmVersion": "3.9.1", + "_npmVersion": "3.10.6", "_phantomChildren": {}, "_requested": { "raw": "minimatch@^3.0.2", @@ -39,10 +39,11 @@ "type": "range" }, "_requiredBy": [ - "/node-gyp" + "#USER", + "/" ], - "_resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.2.tgz", - "_shasum": "0f398a7300ea441e9c348c83d98ab8c9dbf9c40a", + "_resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.3.tgz", + "_shasum": "2a4e4090b96b2db06a9d7df01055a62a77c9b774", "_shrinkwrap": null, "_spec": "minimatch@^3.0.2", "_where": "/Users/rebecca/code/npm/node_modules/node-gyp", @@ -64,8 +65,8 @@ }, "directories": {}, "dist": { - "shasum": "0f398a7300ea441e9c348c83d98ab8c9dbf9c40a", - "tarball": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.2.tgz" + "shasum": "2a4e4090b96b2db06a9d7df01055a62a77c9b774", + "tarball": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.3.tgz" }, "engines": { "node": "*" @@ -73,7 +74,7 @@ "files": [ "minimatch.js" ], - "gitHead": "81edb7c763abd31ba981c87ec5e835f178786be0", + "gitHead": "eed89491bd4a4e6bc463aac0dfb5c29ef0d1dc13", "homepage": "https://github.com/isaacs/minimatch#readme", "license": "ISC", "main": "minimatch.js", @@ -94,5 +95,5 @@ "posttest": "standard minimatch.js test/*.js", "test": "tap test/*.js" }, - "version": "3.0.2" + "version": "3.0.3" } |