nw-builder 4.11.2 → 4.11.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +7 -7
- package/src/get/index.js +1 -0
- package/src/get/verify.js +7 -2
- package/src/util.js +2 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "nw-builder",
|
|
3
|
-
"version": "4.11.
|
|
3
|
+
"version": "4.11.4",
|
|
4
4
|
"description": "Build NW.js desktop applications for MacOS, Windows and Linux.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"NW.js",
|
|
@@ -51,12 +51,12 @@
|
|
|
51
51
|
"demo:cli": "nwbuild --mode run ./src ./app/**"
|
|
52
52
|
},
|
|
53
53
|
"devDependencies": {
|
|
54
|
-
"@eslint/js": "^9.
|
|
55
|
-
"@vitest/coverage-v8": "^2.1.
|
|
54
|
+
"@eslint/js": "^9.12.0",
|
|
55
|
+
"@vitest/coverage-v8": "^2.1.2",
|
|
56
56
|
"base-volta-off-of-nwjs": "^1.0.5",
|
|
57
|
-
"eslint": "^9.
|
|
58
|
-
"eslint-plugin-jsdoc": "^50.3.
|
|
59
|
-
"globals": "^15.
|
|
57
|
+
"eslint": "^9.12.0",
|
|
58
|
+
"eslint-plugin-jsdoc": "^50.3.2",
|
|
59
|
+
"globals": "^15.11.0",
|
|
60
60
|
"nw": "^0.92.0",
|
|
61
61
|
"selenium-webdriver": "^4.25.0",
|
|
62
62
|
"vitest": "^2.0.4"
|
|
@@ -68,7 +68,7 @@
|
|
|
68
68
|
"glob": "^11.0.0",
|
|
69
69
|
"node-gyp": "^10.2.0",
|
|
70
70
|
"plist": "^3.1.0",
|
|
71
|
-
"resedit": "^2.0.
|
|
71
|
+
"resedit": "^2.0.3",
|
|
72
72
|
"semver": "^7.6.3",
|
|
73
73
|
"tar": "^7.4.3",
|
|
74
74
|
"yauzl-promise": "^4.0.0"
|
package/src/get/index.js
CHANGED
package/src/get/verify.js
CHANGED
|
@@ -11,10 +11,11 @@ import util from '../util.js';
|
|
|
11
11
|
* @param {string} shaUrl - URL to get the shasum text file from.
|
|
12
12
|
* @param {string} shaOut - File path to shasum text file.
|
|
13
13
|
* @param {string} cacheDir - File path to cache directory.
|
|
14
|
+
* @param {ffmpeg} ffmpeg - Toggle between community (true) and official (false) ffmpeg binary
|
|
14
15
|
* @throws {Error}
|
|
15
16
|
* @returns {Promise<boolean>} - Returns true if the checksums match.
|
|
16
17
|
*/
|
|
17
|
-
export default async function verify(shaUrl, shaOut, cacheDir) {
|
|
18
|
+
export default async function verify(shaUrl, shaOut, cacheDir, ffmpeg) {
|
|
18
19
|
const shaOutExists = await util.fileExists(shaOut);
|
|
19
20
|
|
|
20
21
|
if (shaOutExists === false) {
|
|
@@ -38,7 +39,11 @@ export default async function verify(shaUrl, shaOut, cacheDir) {
|
|
|
38
39
|
hash.update(fileBuffer);
|
|
39
40
|
const generatedSha = hash.digest('hex');
|
|
40
41
|
if (storedSha !== generatedSha) {
|
|
41
|
-
|
|
42
|
+
if (filePath.includes('ffmpeg') && ffmpeg) {
|
|
43
|
+
console.warn(`The generated shasum for the community ffmpeg at ${filePath} is ${generatedSha}. The integrity of this file should be manually verified.`);
|
|
44
|
+
} else {
|
|
45
|
+
throw new Error(`SHA256 checksums do not match. The file ${filePath} expected shasum is ${storedSha} but the actual shasum is ${generatedSha}.`);
|
|
46
|
+
}
|
|
42
47
|
}
|
|
43
48
|
}
|
|
44
49
|
}
|
package/src/util.js
CHANGED
|
@@ -202,6 +202,8 @@ export const parse = async (options, pkg) => {
|
|
|
202
202
|
|
|
203
203
|
options.app = options.app ?? {};
|
|
204
204
|
options.app.name = options.app.name ?? pkg.name;
|
|
205
|
+
/* Remove special and control characters from app.name to mitigate potential path traversal. */
|
|
206
|
+
options.app.name = options.app.name.replace(/[<>:"/\\|?*\u0000-\u001F]/g, '');
|
|
205
207
|
options.app.icon = options.app.icon ?? undefined;
|
|
206
208
|
|
|
207
209
|
// TODO(#737): move this out
|