deps: tar@7.5.4

wraithgar · wraithgar · commit 32b2001f5520 · 2026-01-21T08:46:49.000-08:00
diff --git a/node_modules/tar/dist/commonjs/extract.js b/node_modules/tar/dist/commonjs/extract.js
@@ -15,13 +15,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
diff --git a/node_modules/tar/dist/commonjs/header.js b/node_modules/tar/dist/commonjs/header.js
@@ -19,13 +19,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.Header = void 0;
 const node_path_1 = require("node:path");
diff --git a/node_modules/tar/dist/commonjs/index.js b/node_modules/tar/dist/commonjs/index.js
@@ -18,13 +18,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.u = exports.types = exports.r = exports.t = exports.x = exports.c = void 0;
 __exportStar(require("./create.js"), exports);
diff --git a/node_modules/tar/dist/commonjs/list.js b/node_modules/tar/dist/commonjs/list.js
@@ -15,13 +15,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
diff --git a/node_modules/tar/dist/commonjs/normalize-unicode.js b/node_modules/tar/dist/commonjs/normalize-unicode.js
@@ -11,7 +11,11 @@ const MAX = 10000;
 const cache = new Set();
 const normalizeUnicode = (s) => {
     if (!cache.has(s)) {
-        normalizeCache[s] = s.normalize('NFD');
+        // shake out identical accents and ligatures
+        normalizeCache[s] = s
+            .normalize('NFD')
+            .toLocaleLowerCase('en')
+            .toLocaleUpperCase('en');
     }
     else {
         cache.delete(s);
diff --git a/node_modules/tar/dist/commonjs/pack.js b/node_modules/tar/dist/commonjs/pack.js
@@ -23,13 +23,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
diff --git a/node_modules/tar/dist/commonjs/path-reservations.js b/node_modules/tar/dist/commonjs/path-reservations.js
@@ -44,7 +44,7 @@ class PathReservations {
                 ['win32 parallelization disabled']
                 : paths.map(p => {
                     // don't need normPath, because we skip this entirely for windows
-                    return (0, strip_trailing_slashes_js_1.stripTrailingSlashes)((0, node_path_1.join)((0, normalize_unicode_js_1.normalizeUnicode)(p))).toLowerCase();
+                    return (0, strip_trailing_slashes_js_1.stripTrailingSlashes)((0, node_path_1.join)((0, normalize_unicode_js_1.normalizeUnicode)(p)));
                 });
         const dirs = new Set(paths.map(path => getDirs(path)).reduce((a, b) => a.concat(b)));
         this.#reservations.set(fn, { dirs, paths });
diff --git a/node_modules/tar/dist/commonjs/unpack.js b/node_modules/tar/dist/commonjs/unpack.js
@@ -20,13 +20,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
@@ -56,6 +66,7 @@ const SYMLINK = Symbol('symlink');
 const HARDLINK = Symbol('hardlink');
 const UNSUPPORTED = Symbol('unsupported');
 const CHECKPATH = Symbol('checkPath');
+const STRIPABSOLUTEPATH = Symbol('stripAbsolutePath');
 const MKDIR = Symbol('mkdir');
 const ONERROR = Symbol('onError');
 const PENDING = Symbol('pending');
@@ -239,6 +250,35 @@ class Unpack extends parse_js_1.Parser {
             this.emit('end');
         }
     }
+    // return false if we need to skip this file
+    // return true if the field was successfully sanitized
+    [STRIPABSOLUTEPATH](entry, field) {
+        const path = entry[field];
+        if (!path || this.preservePaths)
+            return true;
+        const parts = path.split('/');
+        if (parts.includes('..') ||
+            /* c8 ignore next */
+            (isWindows && /^[a-z]:\.\.$/i.test(parts[0] ?? ''))) {
+            this.warn('TAR_ENTRY_ERROR', `${field} contains '..'`, {
+                entry,
+                [field]: path,
+            });
+            // not ok!
+            return false;
+        }
+        // strip off the root
+        const [root, stripped] = (0, strip_absolute_path_js_1.stripAbsolutePath)(path);
+        if (root) {
+            // ok, but triggers warning about stripping root
+            entry[field] = String(stripped);
+            this.warn('TAR_ENTRY_INFO', `stripping ${root} from absolute ${field}`, {
+                entry,
+                [field]: path,
+            });
+        }
+        return true;
+    }
     [CHECKPATH](entry) {
         const p = (0, normalize_windows_path_js_1.normalizeWindowsPath)(entry.path);
         const parts = p.split('/');
@@ -267,25 +307,9 @@ class Unpack extends parse_js_1.Parser {
             });
             return false;
         }
-        if (!this.preservePaths) {
-            if (parts.includes('..') ||
-                /* c8 ignore next */
-                (isWindows && /^[a-z]:\.\.$/i.test(parts[0] ?? ''))) {
-                this.warn('TAR_ENTRY_ERROR', `path contains '..'`, {
-                    entry,
-                    path: p,
-                });
-                return false;
-            }
-            // strip off the root
-            const [root, stripped] = (0, strip_absolute_path_js_1.stripAbsolutePath)(p);
-            if (root) {
-                entry.path = String(stripped);
-                this.warn('TAR_ENTRY_INFO', `stripping ${root} from absolute path`, {
-                    entry,
-                    path: p,
-                });
-            }
+        if (!this[STRIPABSOLUTEPATH](entry, 'path') ||
+            !this[STRIPABSOLUTEPATH](entry, 'linkpath')) {
+            return false;
         }
         if (node_path_1.default.isAbsolute(entry.path)) {
             entry.absolute = (0, normalize_windows_path_js_1.normalizeWindowsPath)(node_path_1.default.resolve(entry.path));
diff --git a/node_modules/tar/dist/commonjs/write-entry.js b/node_modules/tar/dist/commonjs/write-entry.js
@@ -15,13 +15,23 @@ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (
 }) : function(o, v) {
     o["default"] = v;
 });
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
diff --git a/node_modules/tar/dist/esm/normalize-unicode.js b/node_modules/tar/dist/esm/normalize-unicode.js
@@ -8,7 +8,11 @@ const MAX = 10000;
 const cache = new Set();
 export const normalizeUnicode = (s) => {
     if (!cache.has(s)) {
-        normalizeCache[s] = s.normalize('NFD');
+        // shake out identical accents and ligatures
+        normalizeCache[s] = s
+            .normalize('NFD')
+            .toLocaleLowerCase('en')
+            .toLocaleUpperCase('en');
     }
     else {
         cache.delete(s);
diff --git a/node_modules/tar/dist/esm/path-reservations.js b/node_modules/tar/dist/esm/path-reservations.js
@@ -41,7 +41,7 @@ export class PathReservations {
                 ['win32 parallelization disabled']
                 : paths.map(p => {
                     // don't need normPath, because we skip this entirely for windows
-                    return stripTrailingSlashes(join(normalizeUnicode(p))).toLowerCase();
+                    return stripTrailingSlashes(join(normalizeUnicode(p)));
                 });
         const dirs = new Set(paths.map(path => getDirs(path)).reduce((a, b) => a.concat(b)));
         this.#reservations.set(fn, { dirs, paths });
diff --git a/node_modules/tar/dist/esm/unpack.js b/node_modules/tar/dist/esm/unpack.js
diff --git a/node_modules/tar/package.json b/node_modules/tar/package.json
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
