npm - git-watchtower - Versions diffs - 1.10.20 → 1.11.1 - Mend

git-watchtower 1.10.20 → 1.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/bin/git-watchtower.js CHANGED Viewed

@@ -2531,7 +2531,7 @@ function setupKeyboardInput() {
       if (key === '\r' || key === '\n') {
         const selectedIdx = store.get('updateModalSelectedIndex') || 0;
         if (selectedIdx === 0) {
-          // Update now — run npm i -g git-watchtower
+          // Update & restart — run npm i -g git-watchtower, then re-exec
           store.setState({ updateInProgress: true });
           render();
           const { spawn } = require('child_process');
@@ -2544,8 +2544,8 @@ function setupKeyboardInput() {
             store.setState({ updateInProgress: false, updateModalVisible: false, updateModalSelectedIndex: 0 });
             if (code === 0) {
               store.setState({ updateAvailable: null });
-              addLog('Successfully updated git-watchtower! Restart to use new version.', 'update');
-              showFlash('Updated! Restart to use new version.');
+              addLog('Successfully updated git-watchtower! Restarting...', 'update');
+              restartProcess();
             } else {
               addLog(`Update failed (exit code ${code}). Run manually: npm i -g git-watchtower`, 'error');
               showFlash('Update failed. Try manually: npm i -g git-watchtower');
@@ -2987,6 +2987,36 @@ async function handleWebAction(action, payload) {
           }
         }
         break;
+      case 'checkUpdate':
+        if (payload && payload.install) {
+          store.setState({ updateInProgress: true });
+          render();
+          const { spawn: spawnUpdate } = require('child_process');
+          const updateChild = spawnUpdate('npm', ['i', '-g', 'git-watchtower'], {
+            stdio: 'ignore',
+            detached: false,
+          });
+          updateChild.on('close', (code) => {
+            store.setState({ updateInProgress: false });
+            if (code === 0) {
+              store.setState({ updateAvailable: null });
+              sendResult(true, 'Updated! Restarting...');
+              addLog('Successfully updated git-watchtower! Restarting...', 'update');
+              restartProcess();
+            } else {
+              sendResult(false, `Update failed (exit code ${code})`);
+              addLog(`Update failed (exit code ${code}). Run manually: npm i -g git-watchtower`, 'error');
+              render();
+            }
+          });
+          updateChild.on('error', (err2) => {
+            store.setState({ updateInProgress: false });
+            sendResult(false, err2.message);
+            addLog(`Update failed: ${err2.message}`, 'error');
+            render();
+          });
+        }
+        break;
     }
   } catch (err) {
     addLog(`Web action error: ${err.message}`, 'error');
@@ -3121,6 +3151,47 @@ function stopWebDashboard() {
   return wasPort;
 }
+// ============================================================================
+// Restart after update
+// ============================================================================
+/**
+ * Restart the process after a successful update by re-execing with the same
+ * arguments. Cleans up terminal state and spawns a replacement process,
+ * then exits the current one.
+ */
+function restartProcess() {
+  // Restore terminal state
+  write(ansi.showCursor);
+  write(ansi.restoreScreen);
+  restoreTerminalTitle();
+  if (process.stdin.isTTY) process.stdin.setRawMode(false);
+  // Stop server, watcher, polling
+  if (fileWatcher) fileWatcher.close();
+  if (pollIntervalId) clearTimeout(pollIntervalId);
+  if (SERVER_MODE === 'command') stopServerProcess();
+  else if (SERVER_MODE === 'static') {
+    clients.forEach(client => client.end());
+    clients.clear();
+  }
+  stopWebDashboard();
+  console.log('\n♻ Restarting git-watchtower...\n');
+  const { spawn: spawnChild } = require('child_process');
+  const child = spawnChild(process.argv[0], process.argv.slice(1), {
+    stdio: 'inherit',
+    detached: false,
+  });
+  child.on('error', () => {
+    console.error('Failed to restart. Please run git-watchtower manually.');
+    process.exit(1);
+  });
+  // Forward the child's exit code when it finishes
+  child.on('close', (code) => process.exit(code || 0));
+}
 // ============================================================================
 // Shutdown
 // ============================================================================

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "git-watchtower",
-  "version": "1.10.20",
+  "version": "1.11.1",
   "description": "Terminal-based Git branch monitor with activity sparklines and optional dev server with live reload",
   "main": "bin/git-watchtower.js",
   "bin": {

package/src/server/web-ui/js.js CHANGED Viewed

@@ -968,7 +968,7 @@ ${pureFnBlock}
     } else {
       html += '<div class="confirm-actions">';
       html += '<button class="confirm-btn" id="update-dismiss">Dismiss</button>';
-      html += '<button class="confirm-btn primary" id="update-install">Update Now</button>';
+      html += '<button class="confirm-btn primary" id="update-install">Update &amp; Restart</button>';
       html += '</div>';
     }
     document.getElementById('update-content').innerHTML = html;

package/src/ui/renderer.js CHANGED Viewed

@@ -1485,7 +1485,7 @@ function renderUpdateModal(state, write) {
   const updateCmd = 'npm i -g git-watchtower';
   const options = [
-    'Update now',
+    'Update & restart',
     'Show update command',
   ];
   const selectedIdx = state.updateModalSelectedIndex || 0;

package/src/utils/browser.js CHANGED Viewed

@@ -5,6 +5,22 @@
 const { execFile } = require('child_process');
+/**
+ * Validate that a string is a safe URL to pass to OS open commands.
+ * Rejects URLs containing shell metacharacters that could lead to
+ * command injection when passed through cmd.exe on Windows.
+ * @param {string} url
+ * @returns {boolean}
+ */
+function isSafeUrl(url) {
+  if (!url || typeof url !== 'string') return false;
+  // Must start with http://, https://, or file://
+  if (!/^https?:\/\/|^file:\/\//i.test(url)) return false;
+  // Reject shell metacharacters that cmd.exe would interpret
+  if (/[&|<>^"!%]/.test(url)) return false;
+  return true;
+}
 /**
  * Open a URL in the user's default browser.
  * Cross-platform: macOS (open), Windows (start), Linux (xdg-open).
@@ -13,6 +29,13 @@ const { execFile } = require('child_process');
  * @param {function} [onError] - Optional error callback (receives Error)
  */
 function openInBrowser(url, onError) {
+  if (!isSafeUrl(url)) {
+    if (onError) {
+      onError(new Error(`Refusing to open unsafe URL: ${url}`));
+    }
+    return;
+  }
   const platform = process.platform;
   let command;
   let args;
@@ -22,7 +45,7 @@ function openInBrowser(url, onError) {
     args = [url];
   } else if (platform === 'win32') {
     // On Windows, 'start' is a shell built-in, so we must use cmd.exe.
-    // The URL is passed as a separate argument, not interpolated into a string.
+    // URL is validated above to reject shell metacharacters.
     command = 'cmd.exe';
     args = ['/c', 'start', '', url];
   } else {
@@ -37,4 +60,4 @@ function openInBrowser(url, onError) {
   });
 }
-module.exports = { openInBrowser };
+module.exports = { openInBrowser, isSafeUrl };