Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use fs.lchown rather than fs.chown and thereby fix #14 #15

Closed
wants to merge 5 commits into from
Closed

use fs.lchown rather than fs.chown and thereby fix #14 #15

wants to merge 5 commits into from

Commits on Aug 10, 2018

  1. use fs.lchown rather than fs.chown and thereby fix isaacs#14 

    fixes the symlinks problem isaacs#3 while not causing the TOCTOU vulnerability isaacs#14

The [patch in libuv 1.21.0](https://github.com/libuv/libuv/releases/tag/v1.21.0) that undeprecates `fs.lchown` [has been incorporated in nodejs Version 10.6.0](https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V10.md#2018-07-04-version-1060-current-targos).

So I specified the minimum nodejs version in `package.json` with the `engine` key: https://docs.npmjs.com/files/package.json#engines
    Paolo Greppi committed Aug 10, 2018
    Configuration menu
    Copy the full SHA
    3bd6861 View commit details
    Browse the repository at this point in the history

  2. update travis to match the supported nodejs version 

    see: https://docs.travis-ci.com/user/languages/javascript-with-nodejs/#specifying-nodejs-versions

in the process:
- update that list to match the maintained Node versions
  see: https://github.com/nodejs/Release#release-schedule
- remove the constraint on the npm version (I dont' see why the default npm would not work)
    Paolo Greppi committed Aug 10, 2018
    Configuration menu
    Copy the full SHA
    fbc1254 View commit details
    Browse the repository at this point in the history

Commits on Aug 11, 2018

  1. update travis to use a docker image with node 10.8 preinstalled 

    references:
- https://www.jeffgeerling.com/blog/2018/how-i-test-ansible-configuration-on-7-different-oses-docker
- https://hub.docker.com/_/node/
    Paolo Greppi committed Aug 11, 2018
    Configuration menu
    Copy the full SHA
    0cdeb99 View commit details
    Browse the repository at this point in the history

  2. fix docker/travis config

    Paolo Greppi committed Aug 11, 2018
    Configuration menu
    Copy the full SHA
    ddf0a82 View commit details
    Browse the repository at this point in the history

  3. docker unknown shorthand flag -w

    Paolo Greppi committed Aug 11, 2018
    Configuration menu
    Copy the full SHA
    63409f9 View commit details
    Browse the repository at this point in the history