Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use native fs #13

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Use native fs #13

wants to merge 2 commits into from

Conversation

LC43
Copy link

@LC43 LC43 commented Jan 20, 2020

  • Drop fsPath and use native node fs functions
  • Update change log and bump as minor release

fsPath has a known vulnerability and had no updates from a long time. This PR will revert the dependency added to fix recursive writes while updating the call with the native functions.

Note that this requires a node version > 11.5 where these asynchronous functions where introduced. Set as >=12 to use the LTS versions.

I don't think this breaks backward compatibility but does require a newer version of node.

Testing

I ran the existing tests and it worked. I didn't expect the image to have a different md5, but there wasn't actually a image to start.

On my own tests, it was successful in creating recursively many directories and replacing the target.

@LC43
Drop fsPath and use native node fs functions
08475cc 
fsPath has a known vulnerability and had no updates from a long time. This PR will revert the dependency added to fix recursive writes while updating the call with the native functions.

Note that this requires a node version > 11.5 where these asynchronous  functions where introduced. Set as >=12 to use the LTS versions.
@LC43
Update change log and bump as minor release
52de92f 
I don't think this breaks backward compatibility but does require a newer version of node.
LC43 added a commit to LC43/gulp-version-number that referenced this pull request Jan 20, 2020
@LC43
Update gulp
8e1f199 
gulp is used as dev dependency to run the tests. I had no issues running the tests with the newest version, using the latest gulp-cli version and node.

This removes the remaining vulnerabilities from this package. See shinate#13.
@LC43 LC43 mentioned this pull request Jan 20, 2020
Open
@LC43 LC43 changed the title Fix/use native fs Use native fs Jan 20, 2020
@LC43 LC43 mentioned this pull request Jan 20, 2020
Open
neonsunlight
neonsunlight approved these changes Apr 17, 2020
View reviewed changes
Copy link

@neonsunlight neonsunlight left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello! @shinate please merge this PR, if you can. Thank you in advance!

@nemanjapetrovic
Copy link

Hi @shinate ,

can you please merge this PR? Thanks you in advance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@neonsunlight neonsunlight neonsunlight approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LC43 @nemanjapetrovic @neonsunlight