mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-05-18 22:02:53 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: audit (#10475)

Browse Source 
* fix: audit

* fix: update

* fix: update
This commit is contained in:
btea
2026-01-17 19:14:02 +08:00
committed by GitHub
parent e3b35b6f37
commit 623634537d
5 changed files with 25 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
__utils__/scripts/src/copy-artifacts.ts
View File

@@ -3,7 +3,7 @@ import * as execa from 'execa'
import path from 'path'
import makeEmptyDir from 'make-empty-dir'
import stream from 'stream'
import tar from 'tar'
import * as tar from 'tar'
import { glob } from 'tinyglobby'
const repoRoot = path.join(import.meta.dirname, '../../..')

87
pnpm-lock.yaml generated
View File

@@ -679,8 +679,8 @@ catalogs:
specifier: ^7.0.0
version: 7.0.0
tar:
specifier: ^6.2.1
version: 6.2.1
specifier: ^7.5.3
version: 7.5.3
tar-stream:
specifier: ^2.2.0
version: 2.2.0
@@ -786,6 +786,7 @@ overrides:
send@<0.19.0: ^0.19.0
serve-static@<1.16.0: ^1.16.0
socks@2: ^2.8.1
tar@<=7.5.2: '>=7.5.3'
tmp@<=0.2.3: '>=0.2.4'
tough-cookie@<4.1.3: '>=4.1.3'
validator@<13.15.22: '>=13.15.22'
@@ -1173,7 +1174,7 @@ importers:
version: 3.0.0
tar:
specifier: 'catalog:'
version: 6.2.1
version: 7.5.3
tinyglobby:
specifier: 'catalog:'
version: 0.2.14
@@ -7187,7 +7188,7 @@ importers:
version: 7.0.1
tar:
specifier: 'catalog:'
version: 6.2.1
version: 7.5.3
write-yaml-file:
specifier: 'catalog:'
version: 5.0.0
@@ -11899,10 +11900,6 @@ packages:
chownr@1.1.4:
resolution: {integrity: sha512-jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==}
chownr@2.0.0:
resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==}
engines: {node: '>=10'}
chownr@3.0.0:
resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==}
engines: {node: '>=18'}
@@ -12953,10 +12950,6 @@ packages:
resolution: {integrity: sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==}
engines: {node: '>=6 <7 || >=8'}
fs-minipass@2.1.0:
resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==}
engines: {node: '>= 8'}
fs-minipass@3.0.3:
resolution: {integrity: sha512-XUBA9XClHbnJWSfBzjkm6RvPsyg3sryZt06BEQoXcF7EK/xpGaQYJgQKDJSUH5SGZ76Y7pFx1QBnXz09rU5Fbw==}
engines: {node: ^14.17.0 || ^16.13.0 || >=18.0.0}
@@ -14352,20 +14345,12 @@ packages:
resolution: {integrity: sha512-fNzuVyifolSLFL4NzpF+wEF4qrgqaaKX0haXPQEdQ7NKAN+WecoKMHV09YcuL/DHxrUsYQOK3MiuDf7Ip2OXfQ==}
engines: {node: '>=8'}
minipass@5.0.0:
resolution: {integrity: sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==}
engines: {node: '>=8'}
minipass@7.1.2:
resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==}
engines: {node: '>=16 || 14 >=14.17'}
minizlib@2.1.2:
resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==}
engines: {node: '>= 8'}
minizlib@3.0.2:
resolution: {integrity: sha512-oG62iEk+CYt5Xj2YqI5Xi9xWUeZhDI8jjQmC5oThVH5JGCTgIjr7ciJDzC7MBzYd//WvR1OTmP5Q38Q8ShQtVA==}
minizlib@3.1.0:
resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==}
engines: {node: '>= 18'}
mkdirp-classic@0.5.3:
@@ -14376,11 +14361,6 @@ packages:
engines: {node: '>=10'}
hasBin: true
mkdirp@3.0.1:
resolution: {integrity: sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==}
engines: {node: '>=10'}
hasBin: true
module-not-found-error@1.0.1:
resolution: {integrity: sha512-pEk4ECWQXV6z2zjhRZUongnLJNUeGQJ3w6OQ5ctGwD+i5o93qjRQUk2Rt6VdNeu3sEP0AB4LcfvdebpxBRVr4g==}
@@ -15841,12 +15821,8 @@ packages:
tar-stream@3.1.7:
resolution: {integrity: sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ==}
tar@6.2.1:
resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==}
engines: {node: '>=10'}
tar@7.4.3:
resolution: {integrity: sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==}
tar@7.5.3:
resolution: {integrity: sha512-ENg5JUHUm2rDD7IvKNFGzyElLXNjachNLp6RaGf4+JOgxXHkqA+gq81ZAMCUmtMtqBsoU62lcp6S27g1LCYGGQ==}
engines: {node: '>=18'}
temp-dir@2.0.0:
@@ -19720,7 +19696,7 @@ snapshots:
prebuild-install: 7.1.1
resolve: 1.22.10
stream-meter: 1.0.4
tar: 7.4.3
tar: 7.5.3
tinyglobby: 0.2.14
unzipper: 0.12.3
transitivePeerDependencies:
@@ -19750,7 +19726,7 @@ snapshots:
p-limit: 2.3.0
semver: 7.7.2
strip-ansi: 6.0.1
tar: 6.2.1
tar: 7.5.3
tinylogic: 2.0.0
treeify: 1.1.0
tslib: 2.8.1
@@ -19781,7 +19757,7 @@ snapshots:
p-limit: 2.3.0
semver: 7.7.2
strip-ansi: 6.0.1
tar: 6.2.1
tar: 7.5.3
tinylogic: 2.0.0
treeify: 1.1.0
tslib: 2.8.1
@@ -20337,7 +20313,7 @@ snapshots:
minipass-pipeline: 1.2.4
p-map: 7.0.3
ssri: 12.0.0
tar: 7.4.3
tar: 7.5.3
unique-filename: 4.0.0
cacheable-lookup@5.0.4: {}
@@ -20439,8 +20415,6 @@ snapshots:
chownr@1.1.4: {}
chownr@2.0.0: {}
chownr@3.0.0: {}
ci-info@3.9.0: {}
@@ -21621,10 +21595,6 @@ snapshots:
jsonfile: 4.0.0
universalify: 0.1.2
fs-minipass@2.1.0:
dependencies:
minipass: 3.3.6
fs-minipass@3.0.3:
dependencies:
minipass: 7.1.2
@@ -23341,7 +23311,7 @@ snapshots:
dependencies:
minipass: 7.1.2
minipass-sized: 1.0.3
minizlib: 3.0.2
minizlib: 3.1.0
optionalDependencies:
encoding: 0.1.13
@@ -23363,16 +23333,9 @@ snapshots:
minipass@4.2.8: {}
minipass@5.0.0: {}
minipass@7.1.2: {}
minizlib@2.1.2:
dependencies:
minipass: 3.3.6
yallist: 4.0.0
minizlib@3.0.2:
minizlib@3.1.0:
dependencies:
minipass: 7.1.2
@@ -23380,8 +23343,6 @@ snapshots:
mkdirp@1.0.4: {}
mkdirp@3.0.1: {}
module-not-found-error@1.0.1: {}
mri@1.2.0: {}
@@ -23492,7 +23453,7 @@ snapshots:
nopt: 8.1.0
proc-log: 5.0.0
semver: 7.7.2
tar: 7.4.3
tar: 7.5.3
which: 5.0.0
transitivePeerDependencies:
- supports-color
@@ -23507,7 +23468,7 @@ snapshots:
nopt: 8.1.0
proc-log: 5.0.0
semver: 7.7.2
tar: 7.4.3
tar: 7.5.3
tinyglobby: 0.2.14
which: 5.0.0
transitivePeerDependencies:
@@ -24974,22 +24935,12 @@ snapshots:
fast-fifo: 1.3.2
streamx: 2.22.1
tar@6.2.1:
dependencies:
chownr: 2.0.0
fs-minipass: 2.1.0
minipass: 5.0.0
minizlib: 2.1.2
mkdirp: 1.0.4
yallist: 4.0.0
tar@7.4.3:
tar@7.5.3:
dependencies:
'@isaacs/fs-minipass': 4.0.1
chownr: 3.0.0
minipass: 7.1.2
minizlib: 3.0.2
mkdirp: 3.0.1
minizlib: 3.1.0
yallist: 5.0.0
temp-dir@2.0.0: {}

4
pnpm-workspace.yaml
View File

@@ -286,7 +286,7 @@ catalog:
strip-bom: ^5.0.0
strip-comments-strings: 1.2.0
symlink-dir: ^7.0.0
tar: ^6.2.1
tar: ^7.5.3
tar-stream: ^2.2.0
tempy: 3.0.0
terminal-link: ^4.0.0
@@ -341,6 +341,7 @@ minimumReleaseAgeExclude:
- pnpm
- publish-packed@5.0.0
- run-groups@4.0.0
- tar@7.5.3
nodeVersion: 20.19.4
@@ -378,6 +379,7 @@ overrides:
send@<0.19.0: ^0.19.0
serve-static@<1.16.0: ^1.16.0
socks@2: ^2.8.1
tar@<=7.5.2: '>=7.5.3'
tmp@<=0.2.3: '>=0.2.4'
tough-cookie@<4.1.3: '>=4.1.3'
validator@<13.15.22: '>=13.15.22'

1
pnpm/package.json
View File

@@ -214,6 +214,7 @@
"send@<0.19.0": "^0.19.0",
"serve-static@<1.16.0": "^1.16.0",
"socks@2": "^2.8.1",
"tar@<=7.5.2": ">=7.5.3",
"tmp@<=0.2.3": ">=0.2.4",
"tough-cookie@<4.1.3": ">=4.1.3",
"validator@<13.15.22": ">=13.15.22",

2
releasing/plugin-commands-publishing/test/pack.ts
View File

@@ -2,7 +2,7 @@ import fs from 'fs'
import path from 'path'
import { pack } from '@pnpm/plugin-commands-publishing'
import { prepare, preparePackages, tempDir } from '@pnpm/prepare'
import tar from 'tar'
import * as tar from 'tar'
import chalk from 'chalk'
import { sync as writeYamlFile } from 'write-yaml-file'
import { filterPackagesFromDir } from '@pnpm/workspace.filter-packages-from-dir'