@mintlify/prebuild 1.0.1065 → 1.0.1067

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/prebuild/update/git/getGitBlame.js +5 -3
  2. package/dist/tsconfig.build.tsbuildinfo +1 -1
  3. package/package.json +6 -6
package/dist/prebuild/update/git/getGitBlame.js CHANGED
@@ -1,6 +1,6 @@
1
- import { exec } from 'child_process';
1
+ import { execFile } from 'child_process';
2
2
  import { promisify } from 'util';
3
- const execAsync = promisify(exec);
3
+ const execFileAsync = promisify(execFile);
4
4
  /**
5
5
  * Gets git blame data for a file, returning a map of line numbers to ISO date strings.
6
6
  * Uses author-time (when the change was originally created) rather than committer-time.
@@ -16,7 +16,9 @@ export const getGitBlame = async (filePath, repoPath) => {
16
16
  : filePath;
17
17
  // Use git blame with porcelain format for easier parsing
18
18
  // --line-porcelain gives us detailed info for each line
19
- const { stdout } = await execAsync(`git blame --line-porcelain "${relativeFilePath}"`, {
19
+ // execFile avoids shell interpolation so untrusted file paths can't inject commands;
20
+ // `--` keeps paths starting with `-` from being parsed as options
21
+ const { stdout } = await execFileAsync('git', ['blame', '--line-porcelain', '--', relativeFilePath], {
20
22
  cwd: repoPath,
21
23
  maxBuffer: 10 * 1024 * 1024, // 10MB buffer for large files
22
24
  });