-
-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use fs.lchown rather than fs.chown and thereby fix #14 #15
Conversation
fixes the symlinks problem isaacs#3 while not causing the TOCTOU vulnerability isaacs#14 The [patch in libuv 1.21.0](https://github.com/libuv/libuv/releases/tag/v1.21.0) that undeprecates `fs.lchown` [has been incorporated in nodejs Version 10.6.0](https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V10.md#2018-07-04-version-1060-current-targos). So I specified the minimum nodejs version in `package.json` with the `engine` key: https://docs.npmjs.com/files/package.json#engines
@@ -19,5 +19,6 @@ | |||
"scripts": { | |||
"test": "tap test/*.js" | |||
}, | |||
"license": "ISC" | |||
"license": "ISC", | |||
"engines": { "node" : ">=10.6.0" } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You'll need to change the .travis.yml
to match.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe update that list to match the maintained Node versions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The job exceeded the maximum time limit for jobs, and has been terminated.
no wonder, it decided to build nodejs 10.6.0 from source !
see: https://docs.travis-ci.com/user/languages/javascript-with-nodejs/#specifying-nodejs-versions in the process: - update that list to match the maintained Node versions see: https://github.com/nodejs/Release#release-schedule - remove the constraint on the npm version (I dont' see why the default npm would not work)
Ok now the tests are running on nodejs 10.8 and we get several errors, of 3 types:
the very same 30 tests are failing on master; see: #16 |
Since this seems to get no attention from the project maintainer, is there a way to help? |
fixes the symlinks problem #3 while not causing the TOCTOU vulnerability #14
The patch in libuv 1.21.0 that undeprecates
fs.lchown
has been incorporated in nodejs Version 10.6.0.So I specified the minimum nodejs version in
package.json
with theengine
key: https://docs.npmjs.com/files/package.json#engines