fix: security and reliability improvements#322
Open
ianhandy wants to merge 269 commits intoextrabacon:masterfrom
Open
fix: security and reliability improvements#322ianhandy wants to merge 269 commits intoextrabacon:masterfrom
ianhandy wants to merge 269 commits intoextrabacon:masterfrom
Conversation
terminate() function
use python3 binary on unix systems
…ssary code in run
Update example in README.md
update node&python version
No point in -u here because we are getting the print results at the end of the program
Remove bad -u
Removes [hawk](https://github.com/mozilla/hawk). It's no longer used after updating ancestor dependency [request-json](https://github.com/hackervents/request-json). These dependencies need to be updated together. Removes `hawk` Updates `request-json` from 0.6.3 to 0.6.5 - [Release notes](https://github.com/hackervents/request-json/releases) - [Commits](https://github.com/hackervents/request-json/commits) --- updated-dependencies: - dependency-name: hawk dependency-type: indirect - dependency-name: request-json dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…yarn/hawk-and-request-json--removed Bump hawk and request-json
feat: add format
already the default
…e-22-test ci(appveyor): add Node.js 22 to test matrix
- Fix runString() using tmpdir reference instead of tmpdir() call (fixes extrabacon#320) - Replace exec() with execFile() to prevent command injection in checkSyntaxFile, getVersion, and getVersionSync - Add temp file cleanup in runString() and checkSyntax() via .finally() - Replace custom extend() with Object.assign - Re-enable getVersion/getVersionSync tests (were disabled since extrabacon#158) - Add GitHub Actions CI matrix (Node 18/20/22, Python 3.10/3.12, 3 OSes) - Update minimum Node.js engine from 0.10 to 16
f206f6c to
2feabe6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
I'm interested in helping maintain this project (ref #290). This PR demonstrates the kind of improvements I'd bring:
runString()temp path bug —tmpdirwas used as a reference instead oftmpdir(), writing temp files to the wrong location (fixes the issue in Fix runString temp path to use tmpdir() and add regression test #320)checkSyntaxFile,getVersion, andgetVersionSyncusedexec()with string interpolation, which is unsafe. Replaced withexecFile()which passes args as an arrayrunString()andcheckSyntax()now clean up their temp.pyfiles via.finally()extend()helper withObject.assign, updated minimum Node.js from 0.10 to 16All 45 tests passing (43 existing + 2 re-enabled).
Test plan