Skip to content
This repository has been archived by the owner on Feb 9, 2022. It is now read-only.

Commit

Permalink
Vulnerability warning in glob-parent fix.
Browse files Browse the repository at this point in the history
  • Loading branch information
GiantVlad authored and Uladzimir Sadkou committed Jan 16, 2022
1 parent d65b6bd commit 7f66cba
Show file tree
Hide file tree
Showing 3 changed files with 38 additions and 33 deletions.
18 changes: 10 additions & 8 deletions .pinyarn.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ const config = {
"7dvv4UhJhdhbXSKkcGnjCNtUBFznY1vDhx4"
]
],
"yarnUrl": "https://api.github.com/repos/yarnpkg/berry/actions/artifacts/87004054/zip"
"yarnUrl": "https://api.github.com/repos/yarnpkg/berry/actions/artifacts/143600162/zip"
};

const getUrlHash = url => crypto.createHash('sha256').update(url).digest('hex').substring(0, 8);
Expand Down Expand Up @@ -123,11 +123,13 @@ if (CURRENT_YARN_URL_HASH !== YARN_URL_HASH) {
}

for (const plugin of PLUGIN_LIST) {
const pluginUrl = config.pluginUrls[plugin];
const pluginPath = path.join(PLUGIN_DIR, '@yarnpkg', `plugin-${plugin}-${getUrlHash(pluginUrl)}.cjs`)
if (!fs.existsSync(pluginPath)) {
fs.mkdirSync(path.join(PLUGIN_DIR, '@yarnpkg'), { recursive: true });
promises.push(downloadFile(pluginPath, pluginUrl));
const pluginUrl = (config.pluginUrls || {})[plugin];
if (pluginUrl) {
const pluginPath = path.join(PLUGIN_DIR, '@yarnpkg', `plugin-${plugin}-${getUrlHash(pluginUrl)}.cjs`)
if (!fs.existsSync(pluginPath)) {
fs.mkdirSync(path.join(PLUGIN_DIR, '@yarnpkg'), { recursive: true });
promises.push(downloadFile(pluginPath, pluginUrl));
}
}
}

Expand All @@ -138,8 +140,8 @@ if (PLUGIN_LIST.length === 0) {
const entries = fs.readdirSync(path.join(PLUGIN_DIR, '@yarnpkg'));
for (const entry of entries) {
const [,plugin, pluginHash] = entry.match(/plugin-(.*?)(?:-)?([0-9a-f]{8})?\.cjs/);
const pluginUrl = config.pluginUrls[plugin];
if (!PLUGIN_LIST.includes(plugin) || getUrlHash(pluginUrl) !== pluginHash)
const pluginUrl = (config.pluginUrls || {})[plugin];
if (pluginUrl && (!PLUGIN_LIST.includes(plugin) || getUrlHash(pluginUrl) !== pluginHash))
fs.unlinkSync(path.join(PLUGIN_DIR, '@yarnpkg', entry));
}
}
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@
"@babel/runtime-corejs2": "^7.0.0",
"chalk": "^2.4.2",
"chokidar": "^3.5.2",
"glob-parent": "5.1.0",
"glob-parent": "5.1.2",
"globby": "^10.0.1",
"interpret": "^1.2.0",
"is-glob": "^4.0.1",
Expand Down
51 changes: 27 additions & 24 deletions yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# Manual changes might be lost - proceed with caution!

__metadata:
version: 4
version: 5
cacheKey: 8c0

"@babel/cli@npm:^7.0.0":
Expand Down Expand Up @@ -48,7 +48,7 @@ __metadata:
languageName: node
linkType: hard

"@babel/core@npm:7.15.0, @babel/core@npm:^7.0.0":
"@babel/core@npm:^7.0.0":
version: 7.15.0
resolution: "@babel/core@npm:7.15.0"
dependencies:
Expand Down Expand Up @@ -2009,6 +2009,15 @@ __metadata:
languageName: node
linkType: hard

"acorn@npm:^8.5.0":
version: 8.7.0
resolution: "acorn@npm:8.7.0"
bin:
acorn: bin/acorn
checksum: 8168e567c2f0b9fb7a418d2651b4b614326a0814b4937ebddee0f5e5e25ddd6320aec0c20d3a67efd97a02d836cc7f9e5c84befe3daeeea68ed89a48ee8f7a5d
languageName: node
linkType: hard

"agent-base@npm:6, agent-base@npm:^6.0.2":
version: 6.0.2
resolution: "agent-base@npm:6.0.2"
Expand Down Expand Up @@ -5750,6 +5759,7 @@ fsevents@^1.0.0:
bindings: ^1.5.0
nan: ^2.12.1
checksum: 4427ff08db9ee7327f2c3ad58ec56f9096a917eed861bfffaa2e2be419479cdf37d00750869ab9ecbf5f59f32ad999bd59577d73fc639193e6c0ce52bb253e02
conditions: os=darwin
languageName: node
linkType: hard

Expand All @@ -5759,7 +5769,7 @@ fsevents@^1.0.0:
dependencies:
bindings: ^1.5.0
nan: ^2.12.1
checksum: e3e3389b60217c52126f200fbcfa980de2b84aa705705f5b6a8f8eed3422cc2d36ec3c29fceb2ce95c03cdaa11bbb8a85c91da2d136b3b056a0c4fafed739e7c
conditions: os=darwin
languageName: node
linkType: hard

Expand All @@ -5768,7 +5778,7 @@ fsevents@^1.0.0:
resolution: "fsevents@patch:fsevents@npm%3A2.1.3#~builtin<compat/fsevents>::version=2.1.3&hash=18f3a7"
dependencies:
node-gyp: latest
checksum: 85def63b000fb8aadc68e59434cefa5f7596eb3681e97381bee394e8b3ff85c68dc3c2797b845a89d261d81df538b0d807b14722da3f62c58dba1b3533810278
conditions: os=darwin
languageName: node
linkType: hard

Expand All @@ -5777,7 +5787,7 @@ fsevents@^1.0.0:
resolution: "fsevents@patch:fsevents@npm%3A2.3.2#~builtin<compat/fsevents>::version=2.3.2&hash=18f3a7"
dependencies:
node-gyp: latest
checksum: f9fcd7a9f17027137f4c25aafd18a7eb1b5521a673f8e913b93521693409dc67581517a98b0e4b55bfa0ca45beb90d630e0c4532af465cb26d812f96fd98b7e0
conditions: os=darwin
languageName: node
linkType: hard

Expand All @@ -5787,6 +5797,7 @@ fsevents@~2.1.1:
dependencies:
node-gyp: latest
checksum: 87b5933c5e01d17883f5c6d8c84146dc12c75e7f349b465c9e41fb4efe9992cfc6f527e30ef5f96bc24f19ca36d9e7414c0fe2dcd519f6d7649c0668efe12556
conditions: os=darwin
languageName: node
linkType: hard

Expand All @@ -5796,6 +5807,7 @@ fsevents@~2.3.2:
dependencies:
node-gyp: latest
checksum: be78a3efa3e181cda3cf7a4637cb527bcebb0bd0ea0440105a3bb45b86f9245b307dc10a2507e8f4498a7d4ec349d1910f4d73e4d4495b16103106e07eee735b
conditions: os=darwin
languageName: node
linkType: hard

Expand Down Expand Up @@ -6248,12 +6260,12 @@ fsevents@~2.3.2:
languageName: node
linkType: hard

"glob-parent@npm:5.1.0":
version: 5.1.0
resolution: "glob-parent@npm:5.1.0"
"glob-parent@npm:5.1.2, glob-parent@npm:^5.0.0, glob-parent@npm:^5.1.2, glob-parent@npm:~5.1.0, glob-parent@npm:~5.1.2":
version: 5.1.2
resolution: "glob-parent@npm:5.1.2"
dependencies:
is-glob: ^4.0.1
checksum: 50dfc6a5879fb2b3650ea844a3c7cdc53569167bb21ad9353619ceb51a77dc5b8c85bbbe6e670436f78f0ea3d4ebb8509375ccdf17a79b39d01021b553d2c111
checksum: cab87638e2112bee3f839ef5f6e0765057163d39c66be8ec1602f3823da4692297ad4e972de876ea17c44d652978638d2fd583c6713d0eb6591706825020c9ee
languageName: node
linkType: hard

Expand All @@ -6266,15 +6278,6 @@ fsevents@~2.3.2:
languageName: node
linkType: hard

"glob-parent@npm:^5.0.0, glob-parent@npm:^5.1.2, glob-parent@npm:~5.1.0, glob-parent@npm:~5.1.2":
version: 5.1.2
resolution: "glob-parent@npm:5.1.2"
dependencies:
is-glob: ^4.0.1
checksum: cab87638e2112bee3f839ef5f6e0765057163d39c66be8ec1602f3823da4692297ad4e972de876ea17c44d652978638d2fd583c6713d0eb6591706825020c9ee
languageName: node
linkType: hard

"glob-to-regexp@npm:^0.4.1":
version: 0.4.1
resolution: "glob-to-regexp@npm:0.4.1"
Expand Down Expand Up @@ -8262,7 +8265,7 @@ fsevents@~2.3.2:
languageName: node
linkType: hard

"listr@npm:0.14.3, listr@npm:^0.14.3":
"listr@npm:^0.14.3":
version: 0.14.3
resolution: "listr@npm:0.14.3"
dependencies:
Expand Down Expand Up @@ -9314,7 +9317,7 @@ fsevents@~2.3.2:
gitbook-plugin-github: ^2.0.0
gitbook-plugin-prism: ^2.0.0
glob: 7.1.4
glob-parent: 5.1.0
glob-parent: 5.1.2
globby: ^10.0.1
interpret: ^1.2.0
is-glob: ^4.0.1
Expand Down Expand Up @@ -11995,18 +11998,18 @@ [email protected]:

"resolve@patch:[email protected]#~builtin<compat/resolve>":
version: 1.1.7
resolution: "resolve@patch:resolve@npm%3A1.1.7#~builtin<compat/resolve>::version=1.1.7&hash=d4691f"
resolution: "resolve@patch:resolve@npm%3A1.1.7#~builtin<compat/resolve>::version=1.1.7&hash=07638b"
checksum: f4f1471423d600a10944785222fa7250237ed8c98aa6b1e1f4dc0bb3dbfbcafcaac69a2ed23cd1f6f485ed23e7c939894ac1978284e4163754fade8a05358823
languageName: node
linkType: hard

"resolve@patch:resolve@^1.0.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.10.0#~builtin<compat/resolve>, resolve@patch:resolve@^1.14.2#~builtin<compat/resolve>, resolve@patch:resolve@^1.20.0#~builtin<compat/resolve>":
version: 1.20.0
resolution: "resolve@patch:resolve@npm%3A1.20.0#~builtin<compat/resolve>::version=1.20.0&hash=d4691f"
resolution: "resolve@patch:resolve@npm%3A1.20.0#~builtin<compat/resolve>::version=1.20.0&hash=07638b"
dependencies:
is-core-module: ^2.2.0
path-parse: ^1.0.6
checksum: 83cc25c0516cd17925bec5047d04561a183de66d02f64c267e268652242a95da4c40240ba9f85e9706ba686349fdd0b535a6c72213db8f85561ea25b8fa4899f
checksum: b6a5345d1f015cebba11dffa6a1982b39fe9ef42ed86ed832e51bd01c10817666df6d7b11579bc88664f5d57f2a5fe073a7f46b4e72a3efe7ed0cb450ee786da
languageName: node
linkType: hard

Expand Down Expand Up @@ -13749,7 +13752,7 @@ typescript@^3.8.3:

"typescript@patch:typescript@^3.8.3#~builtin<compat/typescript>":
version: 3.9.10
resolution: "typescript@patch:typescript@npm%3A3.9.10#~builtin<compat/typescript>::version=3.9.10&hash=6454cb"
resolution: "typescript@patch:typescript@npm%3A3.9.10#~builtin<compat/typescript>::version=3.9.10&hash=de8f8a"
bin:
tsc: bin/tsc
tsserver: bin/tsserver
Expand Down

0 comments on commit 7f66cba

Please sign in to comment.