pnpm 8.15.6 → 8.15.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -181,7 +181,7 @@ hoistedLocations:
|
|
|
181
181
|
- node_modules/string_decoder
|
|
182
182
|
strip-ansi@6.0.1:
|
|
183
183
|
- node_modules/strip-ansi
|
|
184
|
-
tar@6.2.
|
|
184
|
+
tar@6.2.1:
|
|
185
185
|
- node_modules/tar
|
|
186
186
|
unique-filename@2.0.1:
|
|
187
187
|
- node_modules/unique-filename
|
|
@@ -206,9 +206,9 @@ included:
|
|
|
206
206
|
injectedDeps: {}
|
|
207
207
|
layoutVersion: 5
|
|
208
208
|
nodeLinker: hoisted
|
|
209
|
-
packageManager: pnpm@9.
|
|
209
|
+
packageManager: pnpm@9.1.0-0
|
|
210
210
|
pendingBuilds: []
|
|
211
|
-
prunedAt: Mon,
|
|
211
|
+
prunedAt: Mon, 29 Apr 2024 23:45:28 GMT
|
|
212
212
|
publicHoistPattern:
|
|
213
213
|
- '*eslint*'
|
|
214
214
|
- '*prettier*'
|
|
@@ -217,3 +217,4 @@ registries:
|
|
|
217
217
|
skipped: []
|
|
218
218
|
storeDir: /home/runner/setup-pnpm/node_modules/.bin/store/v3
|
|
219
219
|
virtualStoreDir: .pnpm
|
|
220
|
+
virtualStoreDirMaxLength: 120
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
lockfileVersion: '
|
|
1
|
+
lockfileVersion: '9.0'
|
|
2
2
|
|
|
3
3
|
settings:
|
|
4
4
|
autoInstallPeers: true
|
|
@@ -58,6 +58,7 @@ overrides:
|
|
|
58
58
|
tough-cookie@<4.1.3: '>=4.1.3'
|
|
59
59
|
ts-api-utils: 1.0.0
|
|
60
60
|
socks: 2.7.3
|
|
61
|
+
tar@6: ^6.2.1
|
|
61
62
|
|
|
62
63
|
importers:
|
|
63
64
|
|
|
@@ -413,8 +414,8 @@ packages:
|
|
|
413
414
|
resolution: {integrity: sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==}
|
|
414
415
|
engines: {node: '>=8'}
|
|
415
416
|
|
|
416
|
-
tar@6.2.
|
|
417
|
-
resolution: {integrity: sha512
|
|
417
|
+
tar@6.2.1:
|
|
418
|
+
resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==}
|
|
418
419
|
engines: {node: '>=10'}
|
|
419
420
|
|
|
420
421
|
unique-filename@2.0.1:
|
|
@@ -530,7 +531,7 @@ snapshots:
|
|
|
530
531
|
promise-inflight: 1.0.1
|
|
531
532
|
rimraf: 3.0.2
|
|
532
533
|
ssri: 9.0.1
|
|
533
|
-
tar: 6.2.
|
|
534
|
+
tar: 6.2.1
|
|
534
535
|
unique-filename: 2.0.1
|
|
535
536
|
transitivePeerDependencies:
|
|
536
537
|
- bluebird
|
|
@@ -794,7 +795,7 @@ snapshots:
|
|
|
794
795
|
npmlog: 6.0.2
|
|
795
796
|
rimraf: 3.0.2
|
|
796
797
|
semver: 7.5.4
|
|
797
|
-
tar: 6.2.
|
|
798
|
+
tar: 6.2.1
|
|
798
799
|
which: 2.0.2
|
|
799
800
|
transitivePeerDependencies:
|
|
800
801
|
- bluebird
|
|
@@ -911,7 +912,7 @@ snapshots:
|
|
|
911
912
|
ansi-regex: 5.0.1
|
|
912
913
|
optional: true
|
|
913
914
|
|
|
914
|
-
tar@6.2.
|
|
915
|
+
tar@6.2.1:
|
|
915
916
|
dependencies:
|
|
916
917
|
chownr: 2.0.0
|
|
917
918
|
fs-minipass: 2.1.0
|
|
@@ -48,6 +48,7 @@ const crypto = require('crypto')
|
|
|
48
48
|
const getFlag = require('./get-write-flag.js')
|
|
49
49
|
const platform = process.env.TESTING_TAR_FAKE_PLATFORM || process.platform
|
|
50
50
|
const isWindows = platform === 'win32'
|
|
51
|
+
const DEFAULT_MAX_DEPTH = 1024
|
|
51
52
|
|
|
52
53
|
// Unlinks on Windows are not atomic.
|
|
53
54
|
//
|
|
@@ -181,6 +182,12 @@ class Unpack extends Parser {
|
|
|
181
182
|
this.processGid = (this.preserveOwner || this.setOwner) && process.getgid ?
|
|
182
183
|
process.getgid() : null
|
|
183
184
|
|
|
185
|
+
// prevent excessively deep nesting of subfolders
|
|
186
|
+
// set to `Infinity` to remove this restriction
|
|
187
|
+
this.maxDepth = typeof opt.maxDepth === 'number'
|
|
188
|
+
? opt.maxDepth
|
|
189
|
+
: DEFAULT_MAX_DEPTH
|
|
190
|
+
|
|
184
191
|
// mostly just for testing, but useful in some cases.
|
|
185
192
|
// Forcibly trigger a chown on every entry, no matter what
|
|
186
193
|
this.forceChown = opt.forceChown === true
|
|
@@ -238,13 +245,13 @@ class Unpack extends Parser {
|
|
|
238
245
|
}
|
|
239
246
|
|
|
240
247
|
[CHECKPATH] (entry) {
|
|
248
|
+
const p = normPath(entry.path)
|
|
249
|
+
const parts = p.split('/')
|
|
250
|
+
|
|
241
251
|
if (this.strip) {
|
|
242
|
-
const parts = normPath(entry.path).split('/')
|
|
243
252
|
if (parts.length < this.strip) {
|
|
244
253
|
return false
|
|
245
254
|
}
|
|
246
|
-
entry.path = parts.slice(this.strip).join('/')
|
|
247
|
-
|
|
248
255
|
if (entry.type === 'Link') {
|
|
249
256
|
const linkparts = normPath(entry.linkpath).split('/')
|
|
250
257
|
if (linkparts.length >= this.strip) {
|
|
@@ -253,11 +260,21 @@ class Unpack extends Parser {
|
|
|
253
260
|
return false
|
|
254
261
|
}
|
|
255
262
|
}
|
|
263
|
+
parts.splice(0, this.strip)
|
|
264
|
+
entry.path = parts.join('/')
|
|
265
|
+
}
|
|
266
|
+
|
|
267
|
+
if (isFinite(this.maxDepth) && parts.length > this.maxDepth) {
|
|
268
|
+
this.warn('TAR_ENTRY_ERROR', 'path excessively deep', {
|
|
269
|
+
entry,
|
|
270
|
+
path: p,
|
|
271
|
+
depth: parts.length,
|
|
272
|
+
maxDepth: this.maxDepth,
|
|
273
|
+
})
|
|
274
|
+
return false
|
|
256
275
|
}
|
|
257
276
|
|
|
258
277
|
if (!this.preservePaths) {
|
|
259
|
-
const p = normPath(entry.path)
|
|
260
|
-
const parts = p.split('/')
|
|
261
278
|
if (parts.includes('..') || isWindows && /^[a-z]:\.\.$/i.test(parts[0])) {
|
|
262
279
|
this.warn('TAR_ENTRY_ERROR', `path contains '..'`, {
|
|
263
280
|
entry,
|