pnpm 8.7.2 → 8.7.4

package/dist/node_modules/.modules.yaml

@@ -230,7 +230,7 @@ hoistedLocations:
     - node_modules/strip-ansi-cjs
   /strip-ansi/7.1.0:
     - node_modules/strip-ansi
-  /tar/6.1.15:
+  /tar/6.2.0:
     - node_modules/tar
   /unique-filename/3.0.0:
     - node_modules/unique-filename
@@ -271,7 +271,7 @@ pendingBuilds:
   - /rimraf/3.0.2
   - /semver/7.5.4
   - /lru-cache/6.0.0
-  - /tar/6.1.15
+  - /tar/6.2.0
   - /fs-minipass/2.1.0
   - /minipass/3.3.6
   - /minipass/5.0.0
@@ -392,7 +392,7 @@ pendingBuilds:
   - /ansi-styles/6.2.1
   - /color-convert/2.0.1
   - /color-name/1.1.4
-prunedAt: Mon, 04 Sep 2023 15:02:28 GMT
+prunedAt: Tue, 05 Sep 2023 22:28:41 GMT
 publicHoistPattern:
   - '*eslint*'
   - '*prettier*'

package/dist/node_modules/.pnpm/lock.yaml

@@ -168,7 +168,7 @@ packages:
       minipass-pipeline: 1.2.4
       p-map: 4.0.0
       ssri: 10.0.5
-      tar: 6.1.15
+      tar: 6.2.0
       unique-filename: 3.0.0
     dev: false
     optional: true
@@ -688,7 +688,7 @@ packages:
       npmlog: 6.0.2
       rimraf: 3.0.2
       semver: 7.5.4
-      tar: 6.1.15
+      tar: 6.2.0
       which: 2.0.2
     transitivePeerDependencies:
       - supports-color
@@ -939,8 +939,8 @@ packages:
     dev: false
     optional: true
 
-  /tar@6.1.15:
-    resolution: {integrity: sha512-/zKt9UyngnxIT/EAGYuxaMYgOIJiP81ab9ZfkILq4oNLPFX50qyYmu7jRj9qeXoxmJHjGlbH0+cm2uy1WCs10A==}
+  /tar@6.2.0:
+    resolution: {integrity: sha512-/Wo7DcT0u5HUV486xg675HtjNd3BXZ6xDbzsCUZPt5iw8bTQ63bP0Raut3mvro9u+CUyq7YQd8Cx55fsZXxqLQ==}
     engines: {node: '>=10'}
     requiresBuild: true
     dependencies:

package/dist/node_modules/tar/lib/pack.js

@@ -79,14 +79,26 @@ const Pack = warner(class Pack extends Minipass {
 
     this.portable = !!opt.portable
     this.zip = null
-    if (opt.gzip) {
-      if (typeof opt.gzip !== 'object') {
-        opt.gzip = {}
+
+    if (opt.gzip || opt.brotli) {
+      if (opt.gzip && opt.brotli) {
+        throw new TypeError('gzip and brotli are mutually exclusive')
       }
-      if (this.portable) {
-        opt.gzip.portable = true
+      if (opt.gzip) {
+        if (typeof opt.gzip !== 'object') {
+          opt.gzip = {}
+        }
+        if (this.portable) {
+          opt.gzip.portable = true
+        }
+        this.zip = new zlib.Gzip(opt.gzip)
+      }
+      if (opt.brotli) {
+        if (typeof opt.brotli !== 'object') {
+          opt.brotli = {}
+        }
+        this.zip = new zlib.BrotliCompress(opt.brotli)
       }
-      this.zip = new zlib.Gzip(opt.gzip)
       this.zip.on('data', chunk => super.write(chunk))
       this.zip.on('end', _ => super.end())
       this.zip.on('drain', _ => this[ONDRAIN]())

package/dist/node_modules/tar/lib/parse.js

@@ -97,6 +97,16 @@ module.exports = warner(class Parser extends EE {
     this.strict = !!opt.strict
     this.maxMetaEntrySize = opt.maxMetaEntrySize || maxMetaEntrySize
     this.filter = typeof opt.filter === 'function' ? opt.filter : noop
+    // Unlike gzip, brotli doesn't have any magic bytes to identify it
+    // Users need to explicitly tell us they're extracting a brotli file
+    // Or we infer from the file extension
+    const isTBR = (opt.file && (
+        opt.file.endsWith('.tar.br') || opt.file.endsWith('.tbr')))
+    // if it's a tbr file it MIGHT be brotli, but we don't know until
+    // we look at it and verify it's not a valid tar file.
+    this.brotli = !opt.gzip && opt.brotli !== undefined ? opt.brotli
+      : isTBR ? undefined
+      : false
 
     // have to set this so that streams are ok piping into it
     this.writable = true
@@ -347,7 +357,9 @@ module.exports = warner(class Parser extends EE {
     }
 
     // first write, might be gzipped
-    if (this[UNZIP] === null && chunk) {
+    const needSniff = this[UNZIP] === null ||
+      this.brotli === undefined && this[UNZIP] === false
+    if (needSniff && chunk) {
       if (this[BUFFER]) {
         chunk = Buffer.concat([this[BUFFER], chunk])
         this[BUFFER] = null
@@ -356,15 +368,45 @@ module.exports = warner(class Parser extends EE {
         this[BUFFER] = chunk
         return true
       }
+
+      // look for gzip header
       for (let i = 0; this[UNZIP] === null && i < gzipHeader.length; i++) {
         if (chunk[i] !== gzipHeader[i]) {
           this[UNZIP] = false
         }
       }
-      if (this[UNZIP] === null) {
+
+      const maybeBrotli = this.brotli === undefined
+      if (this[UNZIP] === false && maybeBrotli) {
+        // read the first header to see if it's a valid tar file. If so,
+        // we can safely assume that it's not actually brotli, despite the
+        // .tbr or .tar.br file extension.
+        // if we ended before getting a full chunk, yes, def brotli
+        if (chunk.length < 512) {
+          if (this[ENDED]) {
+            this.brotli = true
+          } else {
+            this[BUFFER] = chunk
+            return true
+          }
+        } else {
+          // if it's tar, it's pretty reliably not brotli, chances of
+          // that happening are astronomical.
+          try {
+            new Header(chunk.slice(0, 512))
+            this.brotli = false
+          } catch (_) {
+            this.brotli = true
+          }
+        }
+      }
+
+      if (this[UNZIP] === null || (this[UNZIP] === false && this.brotli)) {
         const ended = this[ENDED]
         this[ENDED] = false
-        this[UNZIP] = new zlib.Unzip()
+        this[UNZIP] = this[UNZIP] === null
+          ? new zlib.Unzip()
+          : new zlib.BrotliDecompress()
         this[UNZIP].on('data', chunk => this[CONSUMECHUNK](chunk))
         this[UNZIP].on('error', er => this.abort(er))
         this[UNZIP].on('end', _ => {
@@ -502,6 +544,7 @@ module.exports = warner(class Parser extends EE {
         this[UNZIP].end(chunk)
       } else {
         this[ENDED] = true
+        if (this.brotli === undefined) chunk = chunk || Buffer.alloc(0)
         this.write(chunk)
       }
     }

package/dist/node_modules/tar/lib/replace.js

@@ -23,7 +23,7 @@ module.exports = (opt_, files, cb) => {
     throw new TypeError('file is required')
   }
 
-  if (opt.gzip) {
+  if (opt.gzip || opt.brotli || opt.file.endsWith('.br') || opt.file.endsWith('.tbr')) {
     throw new TypeError('cannot append to compressed archives')
   }
 

package/dist/node_modules/tar/lib/update.js

@@ -13,7 +13,7 @@ module.exports = (opt_, files, cb) => {
     throw new TypeError('file is required')
   }
 
-  if (opt.gzip) {
+  if (opt.gzip || opt.brotli || opt.file.endsWith('.br') || opt.file.endsWith('.tbr')) {
     throw new TypeError('cannot append to compressed archives')
   }
 

package/dist/node_modules/tar/package.json

@@ -2,20 +2,15 @@
   "author": "GitHub Inc.",
   "name": "tar",
   "description": "tar for node",
-  "version": "6.1.15",
+  "version": "6.2.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/isaacs/node-tar.git"
   },
   "scripts": {
     "genparse": "node scripts/generate-parse-fixtures.js",
-    "template-oss-apply": "template-oss-apply --force",
-    "lint": "eslint \"**/*.js\"",
-    "postlint": "template-oss-check",
-    "lintfix": "npm run lint -- --fix",
     "snap": "tap",
-    "test": "tap",
-    "posttest": "npm run lint"
+    "test": "tap"
   },
   "dependencies": {
     "chownr": "^2.0.0",