diff options
| -rw-r--r-- | node_modules/@npmcli/run-script/lib/escape.js | 6 | ||||
| -rw-r--r-- | node_modules/@npmcli/run-script/lib/make-spawn-args.js | 5 | ||||
| -rw-r--r-- | node_modules/@npmcli/run-script/package.json | 6 | ||||
| -rw-r--r-- | package-lock.json | 8 | ||||
| -rw-r--r-- | package.json | 2 |
5 files changed, 15 insertions, 12 deletions
diff --git a/node_modules/@npmcli/run-script/lib/escape.js b/node_modules/@npmcli/run-script/lib/escape.js index 5254be24b..3c574371b 100644 --- a/node_modules/@npmcli/run-script/lib/escape.js +++ b/node_modules/@npmcli/run-script/lib/escape.js @@ -65,7 +65,13 @@ const sh = (input) => { return result } +// disabling the no-control-regex rule for this line as we very specifically _do_ want to +// replace those characters if they somehow exist at this point, which is highly unlikely +// eslint-disable-next-line no-control-regex +const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x31]/g, '') + module.exports = { cmd, sh, + filename, } diff --git a/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/node_modules/@npmcli/run-script/lib/make-spawn-args.js index 660588e3e..47f734630 100644 --- a/node_modules/@npmcli/run-script/lib/make-spawn-args.js +++ b/node_modules/@npmcli/run-script/lib/make-spawn-args.js @@ -30,6 +30,7 @@ const makeSpawnArgs = options => { npm_config_node_gyp, }) + const fileName = escape.filename(`${event}-${Date.now()}`) let scriptFile let script = '' @@ -61,7 +62,7 @@ const makeSpawnArgs = options => { const doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat') - scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.cmd`) + scriptFile = resolve(tmpdir(), `${fileName}.cmd`) script += '@echo off\n' script += cmd if (args.length) { @@ -71,7 +72,7 @@ const makeSpawnArgs = options => { const shebang = isAbsolute(scriptShell) ? `#!${scriptShell}` : `#!/usr/bin/env ${scriptShell}` - scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.sh`) + scriptFile = resolve(tmpdir(), `${fileName}.sh`) script += `${shebang}\n` script += cmd if (args.length) { diff --git a/node_modules/@npmcli/run-script/package.json b/node_modules/@npmcli/run-script/package.json index ef8b43f77..14e2a33ba 100644 --- a/node_modules/@npmcli/run-script/package.json +++ b/node_modules/@npmcli/run-script/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/run-script", - "version": "4.1.3", + "version": "4.1.4", "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", "author": "GitHub Inc.", "license": "ISC", @@ -17,10 +17,6 @@ "posttest": "npm run lint", "template-oss-apply": "template-oss-apply --force" }, - "tap": { - "check-coverage": true, - "coverage-map": "map.js" - }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", "@npmcli/template-oss": "3.5.0", diff --git a/package-lock.json b/package-lock.json index 54416be8b..3f55a9f38 100644 --- a/package-lock.json +++ b/package-lock.json @@ -93,7 +93,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.3", + "@npmcli/run-script": "^4.1.4", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1", @@ -1042,9 +1042,9 @@ } }, "node_modules/@npmcli/run-script": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.3.tgz", - "integrity": "sha512-xb47c2KMkn6ERw2AwPPGKIITbWoXOT1yDV5rU3SYeC1vksYOodbgN0pnOptIVnRgS2e9G8R7BVDVm8lWp92unQ==", + "version": "4.1.4", + "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.4.tgz", + "integrity": "sha512-1Qk/EsHBKc40XkN1dF79ztae+ua9jEjDupU0rQgO/k+94t7eFjXGN/baRvA00aEOJuTZ4VjwlC2u+XECImJi5w==", "inBundle": true, "dependencies": { "@npmcli/node-gyp": "^2.0.0", diff --git a/package.json b/package.json index a9d84ab62..4f1668ea2 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.3", + "@npmcli/run-script": "^4.1.4", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1", |