mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-05-30 03:26:43 -04:00
Code Issues Packages Projects Releases Wiki Activity
10,309 Commits 95 Branches 1,919 Tags
release/10-alias
Commit Graph

3 Commits

Author SHA1 Message Date
Zoltan Kochan
6481f6c161 fix(patching/apply-patch): reject patch paths that escape the patched directory (#11952) 
* fix(patching/apply-patch): reject patch paths that escape the patched directory

A malicious .patch file with `diff --git a/../../X` headers could otherwise
write, delete, or rename files outside the patched package as the user
running `pnpm install`.

* refactor(patching/apply-patch): narrow caught errors via util.types.isNativeError

Drops the `any`-typed catch + eslint-disable in favor of the cross-realm-safe
narrowing pattern documented in CLAUDE.md.

* refactor(patching/apply-patch): replace error helper with PatchPathEscapesError class

* chore(patching/apply-patch): reword comment to satisfy cspell
 2026-05-26 12:52:59 +02:00
Khải
cb006df38c feat(patching): apply patch to all versions (#8337) 
Related issue: #5686
 2024-08-01 15:05:15 +02:00
Zoltan Kochan
3b6930263e fix: throw a meaningful error message when applying patch fails (#6687) 
close #6683
ref #5268
ref #5278
 2023-06-19 03:51:19 +03:00