@vercel/build-utils 6.2.1 → 6.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/fs/glob.js +13 -2
- package/dist/index.js +13 -2
- package/package.json +2 -2
package/dist/fs/glob.js
CHANGED
|
@@ -32,13 +32,24 @@ async function glob(pattern, opts, mountpoint) {
|
|
|
32
32
|
const dirs = new Set();
|
|
33
33
|
const dirsWithEntries = new Set();
|
|
34
34
|
for (const relativePath of files) {
|
|
35
|
-
const
|
|
35
|
+
const absPath = path_1.default.join(options.cwd, relativePath);
|
|
36
|
+
const fsPath = normalize_path_1.normalizePath(absPath);
|
|
36
37
|
let stat = statCache[fsPath];
|
|
37
38
|
assert_1.default(stat, `statCache does not contain value for ${relativePath} (resolved to ${fsPath})`);
|
|
38
39
|
const isSymlink = symlinks[fsPath];
|
|
40
|
+
// When `follow` mode is enabled, ensure that the entry is not a symlink
|
|
41
|
+
// that points to outside of `cwd`
|
|
42
|
+
if (options.follow &&
|
|
43
|
+
(isSymlink || (await fs_extra_1.lstat(fsPath)).isSymbolicLink())) {
|
|
44
|
+
const target = await fs_extra_1.readlink(absPath);
|
|
45
|
+
const absTarget = path_1.default.resolve(path_1.default.dirname(absPath), target);
|
|
46
|
+
if (path_1.default.relative(options.cwd, absTarget).startsWith(`..${path_1.default.sep}`)) {
|
|
47
|
+
continue;
|
|
48
|
+
}
|
|
49
|
+
}
|
|
39
50
|
if (isSymlink || stat.isFile() || stat.isDirectory()) {
|
|
40
51
|
if (isSymlink) {
|
|
41
|
-
stat = await fs_extra_1.lstat(
|
|
52
|
+
stat = await fs_extra_1.lstat(absPath);
|
|
42
53
|
}
|
|
43
54
|
// Some bookkeeping to track which directories already have entries within
|
|
44
55
|
const dirname = path_1.default.dirname(relativePath);
|
package/dist/index.js
CHANGED
|
@@ -30744,13 +30744,24 @@ async function glob(pattern, opts, mountpoint) {
|
|
|
30744
30744
|
const dirs = new Set();
|
|
30745
30745
|
const dirsWithEntries = new Set();
|
|
30746
30746
|
for (const relativePath of files) {
|
|
30747
|
-
const
|
|
30747
|
+
const absPath = path_1.default.join(options.cwd, relativePath);
|
|
30748
|
+
const fsPath = normalize_path_1.normalizePath(absPath);
|
|
30748
30749
|
let stat = statCache[fsPath];
|
|
30749
30750
|
assert_1.default(stat, `statCache does not contain value for ${relativePath} (resolved to ${fsPath})`);
|
|
30750
30751
|
const isSymlink = symlinks[fsPath];
|
|
30752
|
+
// When `follow` mode is enabled, ensure that the entry is not a symlink
|
|
30753
|
+
// that points to outside of `cwd`
|
|
30754
|
+
if (options.follow &&
|
|
30755
|
+
(isSymlink || (await fs_extra_1.lstat(fsPath)).isSymbolicLink())) {
|
|
30756
|
+
const target = await fs_extra_1.readlink(absPath);
|
|
30757
|
+
const absTarget = path_1.default.resolve(path_1.default.dirname(absPath), target);
|
|
30758
|
+
if (path_1.default.relative(options.cwd, absTarget).startsWith(`..${path_1.default.sep}`)) {
|
|
30759
|
+
continue;
|
|
30760
|
+
}
|
|
30761
|
+
}
|
|
30751
30762
|
if (isSymlink || stat.isFile() || stat.isDirectory()) {
|
|
30752
30763
|
if (isSymlink) {
|
|
30753
|
-
stat = await fs_extra_1.lstat(
|
|
30764
|
+
stat = await fs_extra_1.lstat(absPath);
|
|
30754
30765
|
}
|
|
30755
30766
|
// Some bookkeeping to track which directories already have entries within
|
|
30756
30767
|
const dirname = path_1.default.dirname(relativePath);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vercel/build-utils",
|
|
3
|
-
"version": "6.2.
|
|
3
|
+
"version": "6.2.2",
|
|
4
4
|
"license": "MIT",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.js",
|
|
@@ -51,5 +51,5 @@
|
|
|
51
51
|
"typescript": "4.3.4",
|
|
52
52
|
"yazl": "2.5.1"
|
|
53
53
|
},
|
|
54
|
-
"gitHead": "
|
|
54
|
+
"gitHead": "95a4dcfb33d813f1a0ef18d766232d42c876ce69"
|
|
55
55
|
}
|