From ecde4d232d18cf2dba6c1a6b76810332abff736f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 22:31:19 +0000 Subject: [PATCH 1/2] Bump cross-spawn from 7.0.3 to 7.0.6 in the npm_and_yarn group Bumps the npm_and_yarn group with 1 update: [cross-spawn](https://github.com/moxystudio/node-cross-spawn). Updates `cross-spawn` from 7.0.3 to 7.0.6 - [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md) - [Commits](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6) --- updated-dependencies: - dependency-name: cross-spawn dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] --- package-lock.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/package-lock.json b/package-lock.json index ef1c0e621e..f2cbb144f8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2697,8 +2697,9 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "license": "MIT", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", From db6788195b646f87b3d1c616b0c14a6d5b7fa9a6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 22:32:42 +0000 Subject: [PATCH 2/2] Update checked-in dependencies --- node_modules/.package-lock.json | 5 +- node_modules/cross-spawn/CHANGELOG.md | 130 -------------------- node_modules/cross-spawn/README.md | 13 +- node_modules/cross-spawn/lib/enoent.js | 2 +- node_modules/cross-spawn/lib/util/escape.js | 6 +- node_modules/cross-spawn/package.json | 4 +- 6 files changed, 13 insertions(+), 147 deletions(-) delete mode 100644 node_modules/cross-spawn/CHANGELOG.md diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json index 2b992ad6e4..543ae8d273 100644 --- a/node_modules/.package-lock.json +++ b/node_modules/.package-lock.json @@ -2629,8 +2629,9 @@ } }, "node_modules/cross-spawn": { - "version": "7.0.3", - "license": "MIT", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", diff --git a/node_modules/cross-spawn/CHANGELOG.md b/node_modules/cross-spawn/CHANGELOG.md deleted file mode 100644 index d07c9e5c31..0000000000 --- a/node_modules/cross-spawn/CHANGELOG.md +++ /dev/null @@ -1,130 +0,0 @@ -# Changelog - -All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. - -### [7.0.3](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.2...v7.0.3) (2020-05-25) - - -### Bug Fixes - -* detect path key based on correct environment ([#133](https://github.com/moxystudio/node-cross-spawn/issues/133)) ([159e7e9](https://github.com/moxystudio/node-cross-spawn/commit/159e7e9785e57451cba034ae51719f97135074ae)) - -### [7.0.2](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.1...v7.0.2) (2020-04-04) - - -### Bug Fixes - -* fix worker threads in Node >=11.10.0 ([#132](https://github.com/moxystudio/node-cross-spawn/issues/132)) ([6c5b4f0](https://github.com/moxystudio/node-cross-spawn/commit/6c5b4f015814a6c4f6b33230dfd1a860aedc0aaf)) - -### [7.0.1](https://github.com/moxystudio/node-cross-spawn/compare/v7.0.0...v7.0.1) (2019-10-07) - - -### Bug Fixes - -* **core:** support worker threads ([#127](https://github.com/moxystudio/node-cross-spawn/issues/127)) ([cfd49c9](https://github.com/moxystudio/node-cross-spawn/commit/cfd49c9)) - -## [7.0.0](https://github.com/moxystudio/node-cross-spawn/compare/v6.0.5...v7.0.0) (2019-09-03) - - -### ⚠ BREAKING CHANGES - -* drop support for Node.js < 8 - -* drop support for versions below Node.js 8 ([#125](https://github.com/moxystudio/node-cross-spawn/issues/125)) ([16feb53](https://github.com/moxystudio/node-cross-spawn/commit/16feb53)) - - -## [6.0.5](https://github.com/moxystudio/node-cross-spawn/compare/v6.0.4...v6.0.5) (2018-03-02) - - -### Bug Fixes - -* avoid using deprecated Buffer constructor ([#94](https://github.com/moxystudio/node-cross-spawn/issues/94)) ([d5770df](https://github.com/moxystudio/node-cross-spawn/commit/d5770df)), closes [/nodejs.org/api/deprecations.html#deprecations_dep0005](https://github.com//nodejs.org/api/deprecations.html/issues/deprecations_dep0005) - - - - -## [6.0.4](https://github.com/moxystudio/node-cross-spawn/compare/v6.0.3...v6.0.4) (2018-01-31) - - -### Bug Fixes - -* fix paths being incorrectly normalized on unix ([06ee3c6](https://github.com/moxystudio/node-cross-spawn/commit/06ee3c6)), closes [#90](https://github.com/moxystudio/node-cross-spawn/issues/90) - - - - -## [6.0.3](https://github.com/moxystudio/node-cross-spawn/compare/v6.0.2...v6.0.3) (2018-01-23) - - - - -## [6.0.2](https://github.com/moxystudio/node-cross-spawn/compare/v6.0.1...v6.0.2) (2018-01-23) - - - - -## [6.0.1](https://github.com/moxystudio/node-cross-spawn/compare/v6.0.0...v6.0.1) (2018-01-23) - - - - -# [6.0.0](https://github.com/moxystudio/node-cross-spawn/compare/5.1.0...6.0.0) (2018-01-23) - - -### Bug Fixes - -* fix certain arguments not being correctly escaped or causing batch syntax error ([900cf10](https://github.com/moxystudio/node-cross-spawn/commit/900cf10)), closes [#82](https://github.com/moxystudio/node-cross-spawn/issues/82) [#51](https://github.com/moxystudio/node-cross-spawn/issues/51) -* fix commands as posix relatixe paths not working correctly, e.g.: `./my-command` ([900cf10](https://github.com/moxystudio/node-cross-spawn/commit/900cf10)) -* fix `options` argument being mutated ([900cf10](https://github.com/moxystudio/node-cross-spawn/commit/900cf10)) -* fix commands resolution when PATH was actually Path ([900cf10](https://github.com/moxystudio/node-cross-spawn/commit/900cf10)) - - -### Features - -* improve compliance with node's ENOENT errors ([900cf10](https://github.com/moxystudio/node-cross-spawn/commit/900cf10)) -* improve detection of node's shell option support ([900cf10](https://github.com/moxystudio/node-cross-spawn/commit/900cf10)) - - -### Chores - -* upgrade tooling -* upgrate project to es6 (node v4) - - -### BREAKING CHANGES - -* remove support for older nodejs versions, only `node >= 4` is supported - - - -## [5.1.0](https://github.com/moxystudio/node-cross-spawn/compare/5.0.1...5.1.0) (2017-02-26) - - -### Bug Fixes - -* fix `options.shell` support for NodeJS [v4.8](https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0) - - - -## [5.0.1](https://github.com/moxystudio/node-cross-spawn/compare/5.0.0...5.0.1) (2016-11-04) - - -### Bug Fixes - -* fix `options.shell` support for NodeJS v7 - - - -# [5.0.0](https://github.com/moxystudio/node-cross-spawn/compare/4.0.2...5.0.0) (2016-10-30) - - -## Features - -* add support for `options.shell` -* improve parsing of shebangs by using [`shebang-command`](https://github.com/kevva/shebang-command) module - - -## Chores - -* refactor some code to make it more clear -* update README caveats diff --git a/node_modules/cross-spawn/README.md b/node_modules/cross-spawn/README.md index c4a4da8447..1ed9252b51 100644 --- a/node_modules/cross-spawn/README.md +++ b/node_modules/cross-spawn/README.md @@ -1,24 +1,17 @@ # cross-spawn -[![NPM version][npm-image]][npm-url] [![Downloads][downloads-image]][npm-url] [![Build Status][travis-image]][travis-url] [![Build status][appveyor-image]][appveyor-url] [![Coverage Status][codecov-image]][codecov-url] [![Dependency status][david-dm-image]][david-dm-url] [![Dev Dependency status][david-dm-dev-image]][david-dm-dev-url] +[![NPM version][npm-image]][npm-url] [![Downloads][downloads-image]][npm-url] [![Build Status][ci-image]][ci-url] [![Build status][appveyor-image]][appveyor-url] [npm-url]:https://npmjs.org/package/cross-spawn [downloads-image]:https://img.shields.io/npm/dm/cross-spawn.svg [npm-image]:https://img.shields.io/npm/v/cross-spawn.svg -[travis-url]:https://travis-ci.org/moxystudio/node-cross-spawn -[travis-image]:https://img.shields.io/travis/moxystudio/node-cross-spawn/master.svg +[ci-url]:https://github.com/moxystudio/node-cross-spawn/actions/workflows/ci.yaml +[ci-image]:https://github.com/moxystudio/node-cross-spawn/actions/workflows/ci.yaml/badge.svg [appveyor-url]:https://ci.appveyor.com/project/satazor/node-cross-spawn [appveyor-image]:https://img.shields.io/appveyor/ci/satazor/node-cross-spawn/master.svg -[codecov-url]:https://codecov.io/gh/moxystudio/node-cross-spawn -[codecov-image]:https://img.shields.io/codecov/c/github/moxystudio/node-cross-spawn/master.svg -[david-dm-url]:https://david-dm.org/moxystudio/node-cross-spawn -[david-dm-image]:https://img.shields.io/david/moxystudio/node-cross-spawn.svg -[david-dm-dev-url]:https://david-dm.org/moxystudio/node-cross-spawn?type=dev -[david-dm-dev-image]:https://img.shields.io/david/dev/moxystudio/node-cross-spawn.svg A cross platform solution to node's spawn and spawnSync. - ## Installation Node.js version 8 and up: diff --git a/node_modules/cross-spawn/lib/enoent.js b/node_modules/cross-spawn/lib/enoent.js index 14df9b623d..da33471369 100644 --- a/node_modules/cross-spawn/lib/enoent.js +++ b/node_modules/cross-spawn/lib/enoent.js @@ -24,7 +24,7 @@ function hookChildProcess(cp, parsed) { // the command exists and emit an "error" instead // See https://github.com/IndigoUnited/node-cross-spawn/issues/16 if (name === 'exit') { - const err = verifyENOENT(arg1, parsed, 'spawn'); + const err = verifyENOENT(arg1, parsed); if (err) { return originalEmit.call(cp, 'error', err); diff --git a/node_modules/cross-spawn/lib/util/escape.js b/node_modules/cross-spawn/lib/util/escape.js index b0bb84c3a1..7bf2905cd0 100644 --- a/node_modules/cross-spawn/lib/util/escape.js +++ b/node_modules/cross-spawn/lib/util/escape.js @@ -15,15 +15,17 @@ function escapeArgument(arg, doubleEscapeMetaChars) { arg = `${arg}`; // Algorithm below is based on https://qntm.org/cmd + // It's slightly altered to disable JS backtracking to avoid hanging on specially crafted input + // Please see https://github.com/moxystudio/node-cross-spawn/pull/160 for more information // Sequence of backslashes followed by a double quote: // double up all the backslashes and escape the double quote - arg = arg.replace(/(\\*)"/g, '$1$1\\"'); + arg = arg.replace(/(?=(\\+?)?)\1"/g, '$1$1\\"'); // Sequence of backslashes followed by the end of the string // (which will become a double quote later): // double up all the backslashes - arg = arg.replace(/(\\*)$/, '$1$1'); + arg = arg.replace(/(?=(\\+?)?)\1$/, '$1$1'); // All other backslashes occur literally diff --git a/node_modules/cross-spawn/package.json b/node_modules/cross-spawn/package.json index 232ff97e04..24b2eb4c99 100644 --- a/node_modules/cross-spawn/package.json +++ b/node_modules/cross-spawn/package.json @@ -1,6 +1,6 @@ { "name": "cross-spawn", - "version": "7.0.3", + "version": "7.0.6", "description": "Cross platform child_process#spawn and child_process#spawnSync", "keywords": [ "spawn", @@ -65,7 +65,7 @@ "lint-staged": "^9.2.5", "mkdirp": "^0.5.1", "rimraf": "^3.0.0", - "standard-version": "^7.0.0" + "standard-version": "^9.5.0" }, "engines": { "node": ">= 8"