@contentstack/cli-utilities 1.12.0 → 1.12.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/helpers.js +5 -1
- package/package.json +2 -2
package/lib/helpers.js
CHANGED
|
@@ -67,7 +67,10 @@ const sanitizePath = (str) => {
|
|
|
67
67
|
if (typeof str !== 'string')
|
|
68
68
|
return;
|
|
69
69
|
const decodedStr = decodeURIComponent(str);
|
|
70
|
-
return decodedStr
|
|
70
|
+
return decodedStr
|
|
71
|
+
.replace(/^([\/\\]){2,}/, './') // Normalize leading slashes/backslashes to ''
|
|
72
|
+
.replace(/[\/\\]+/g, '/') // Replace multiple slashes/backslashes with a single '/'
|
|
73
|
+
.replace(/(\.\.(\/|\\|$))+/g, ''); // Remove directory traversal (../ or ..\)
|
|
71
74
|
};
|
|
72
75
|
exports.sanitizePath = sanitizePath;
|
|
73
76
|
// To validate the UIDs of assets
|
|
@@ -132,6 +135,7 @@ const formatError = function (error) {
|
|
|
132
135
|
authorization: 'Authentication',
|
|
133
136
|
api_key: 'Stack API key',
|
|
134
137
|
uid: 'Content Type',
|
|
138
|
+
// deepcode ignore HardcodedNonCryptoSecret: The hardcoded value 'access_token' is used as a key in an error message mapping object and does not represent a sensitive secret or cryptographic key.
|
|
135
139
|
access_token: 'Delivery Token',
|
|
136
140
|
};
|
|
137
141
|
message +=
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@contentstack/cli-utilities",
|
|
3
|
-
"version": "1.12.
|
|
3
|
+
"version": "1.12.1",
|
|
4
4
|
"description": "Utilities for contentstack projects",
|
|
5
5
|
"main": "lib/index.js",
|
|
6
6
|
"types": "lib/index.d.ts",
|
|
@@ -32,7 +32,7 @@
|
|
|
32
32
|
"author": "contentstack",
|
|
33
33
|
"license": "MIT",
|
|
34
34
|
"dependencies": {
|
|
35
|
-
"@contentstack/management": "~1.
|
|
35
|
+
"@contentstack/management": "~1.22.0",
|
|
36
36
|
"@contentstack/marketplace-sdk": "^1.2.8",
|
|
37
37
|
"@oclif/core": "^4.3.0",
|
|
38
38
|
"axios": "^1.9.0",
|