Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No shelljs and dependency refresh #33

Merged
merged 8 commits into from
Sep 12, 2020
Merged

No shelljs and dependency refresh #33

merged 8 commits into from
Sep 12, 2020

Conversation

AdrieanKhisbe
Copy link
Owner

huntr-helper and others added 8 commits September 12, 2020 05:14
@Mik317 @JamieSlome
Replacing shell.exec by child_process.execFile 🐚 (#31)
1504a35 
Security Fix for Command Injection submitted.

* [FIX] RCE using execFile()
* [FIX] RCE removing shelljs.exec()

note: some adjustements will come in following commits

Co-authored-by: Michele Romano <33063403+Mik317@users.noreply.github.com>
Co-authored-by: Jamie Slome <jamie@418sec.com>
@AdrieanKhisbe
Update travis-ci links from org to com 🖇️
b6cc720 
Migration from legacy travis was done on 12/09/2020
@AdrieanKhisbe
Rework travis configuration as multistage build 🧑‍🔧
bd79356
@AdrieanKhisbe
Rework tests port #31/1504a35 changes 🔧
2ab5eba
@AdrieanKhisbe
Eliminate split/join hocus pocus for npm args computation 🧙
0867f1c
@AdrieanKhisbe
Remove shelljs as dependency 🌊
f72ef39 
now that #31 replace it with built in child_process.execFile
@AdrieanKhisbe
Update packages that still support node8 📤
7814d13
@AdrieanKhisbe
Perform npm update & audit fix 🔋
6b0b3f9
@AdrieanKhisbe AdrieanKhisbe added Refactoring 🛠️ Better code incoming Dependencies 🔋 Update, Add or remove dependecies labels Sep 12, 2020
@AdrieanKhisbe AdrieanKhisbe self-assigned this Sep 12, 2020
@codecov
Copy link

codecov bot commented Sep 12, 2020

Codecov Report

❗ No coverage uploaded for pull request base (master@652ae44). Click here to learn what that means.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master      #33   +/-   ##
=========================================
  Coverage          ?   98.29%           
=========================================
  Files             ?        8           
  Lines             ?      293           
  Branches          ?       60           
=========================================
  Hits              ?      288           
  Misses            ?        4           
  Partials          ?        1
Impacted Files Coverage Δ
src/install.js 95.37% <100.00%> (ø)
src/npm-utils.js 100.00% <100.00%> (ø)
src/index.js 100.00% <0.00%> (ø)
src/core.js 100.00% <0.00%> (ø)
src/fake-spinner.js 100.00% <0.00%> (ø)
src/install-predicates.js 100.00% <0.00%> (ø)
src/cli-views.js 100.00% <0.00%> (ø)
src/fetch-package-stats.js 100.00% <0.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 652ae44...6b0b3f9. Read the comment docs.

@AdrieanKhisbe AdrieanKhisbe merged commit 1ccc139 into master Sep 12, 2020
@AdrieanKhisbe AdrieanKhisbe deleted the no-shelljs-and-dependency-refresh branch September 12, 2020 08:05
AdrieanKhisbe added a commit that referenced this pull request Sep 12, 2020
@AdrieanKhisbe
doc: update CHANGELOG with latest changes from #33 📜
08a6643
@AdrieanKhisbe
Copy link
Owner Author

Released as v0.14.9 [1ab4c05]

@soimon soimon mentioned this pull request Dec 3, 2020
Merged
@AdrieanKhisbe AdrieanKhisbe mentioned this pull request Dec 7, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@AdrieanKhisbe AdrieanKhisbe

Labels
Dependencies 🔋 Update, Add or remove dependecies Refactoring 🛠️ Better code incoming
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@AdrieanKhisbe