From 38e5b71b4f2e1535c1ace049aae9fc73774375b5 Mon Sep 17 00:00:00 2001 From: inimaz <49730431+inimaz@users.noreply.github.com> Date: Wed, 16 Jul 2025 21:04:49 +0200 Subject: [PATCH 1/4] fix: update dependencies --- package.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 5c9f92f..a1bf0a2 100644 --- a/package.json +++ b/package.json @@ -9,19 +9,19 @@ "license": "MIT", "repository": "pillarjs/resolve-path", "dependencies": { - "http-errors": "~1.6.3", - "path-is-absolute": "1.0.1" + "http-errors": "2.0.0", + "path-is-absolute": "2.0.0" }, "devDependencies": { - "eslint": "5.16.0", + "eslint": "^9.31.0", "eslint-config-standard": "12.0.0", - "eslint-plugin-import": "2.14.0", - "eslint-plugin-markdown": "1.0.0", + "eslint-plugin-import": "2.32.0", + "eslint-plugin-markdown": "^5.1.0", "eslint-plugin-node": "8.0.1", "eslint-plugin-promise": "4.0.1", "eslint-plugin-standard": "4.0.0", "istanbul": "0.4.5", - "mocha": "2.5.3" + "mocha": "^11.7.1" }, "files": [ "HISTORY.md", From 1e51d2c2c19fa38cb25b93342cae124b3c98cd8f Mon Sep 17 00:00:00 2001 From: inimaz <93inigo93@gmail.com> Date: Thu, 24 Jul 2025 14:27:06 +0200 Subject: [PATCH 2/4] add ci for node 23 and 24 --- .github/workflows/ci.yml | 217 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 217 insertions(+) create mode 100644 .github/workflows/ci.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..0ace2fe --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,217 @@ +name: ci + +on: +- pull_request +- push + +jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + name: + - Node.js 0.8 + - Node.js 0.10 + - Node.js 0.12 + - Node.js 4.x + - Node.js 5.x + - Node.js 6.x + - Node.js 7.x + - Node.js 8.x + - Node.js 9.x + - Node.js 10.x + - Node.js 11.x + - Node.js 12.x + - Node.js 13.x + - Node.js 14.x + - Node.js 15.x + - Node.js 16.x + - Node.js 17.x + - Node.js 18.x + - Node.js 19.x + - Node.js 20.x + - Node.js 21.x + - Node.js 22.x + - Node.js 23.x + - Node.js 24.x + + include: + - name: Node.js 0.8 + node-version: "0.8" + npm-i: mocha@2.5.3 + npm-rm: nyc + + - name: Node.js 0.10 + node-version: "0.10" + npm-i: mocha@3.5.3 nyc@10.3.2 + npm-rm: nyc + + - name: Node.js 0.12 + node-version: "0.12" + npm-i: mocha@3.5.3 nyc@10.3.2 + npm-rm: nyc + + - name: Node.js 4.x + node-version: "4" + npm-i: mocha@5.2.0 nyc@11.9.0 + npm-rm: nyc + + - name: Node.js 5.x + node-version: "5" + npm-i: mocha@5.2.0 nyc@11.9.0 + npm-rm: nyc + + - name: Node.js 6.x + node-version: "6" + npm-i: mocha@6.2.3 nyc@14.1.1 + npm-rm: nyc + + - name: Node.js 7.x + node-version: "7" + npm-i: mocha@6.2.3 nyc@14.1.1 + npm-rm: nyc + + - name: Node.js 8.x + node-version: "8" + npm-i: mocha@7.2.0 nyc@14.1.1 + npm-rm: nyc + + - name: Node.js 9.x + node-version: "9" + npm-i: mocha@7.2.0 nyc@14.1.1 + npm-rm: nyc + + - name: Node.js 10.x + node-version: "10" + npm-i: mocha@8.4.0 + npm-rm: nyc + + - name: Node.js 11.x + node-version: "11" + npm-i: mocha@8.4.0 + npm-rm: nyc + + - name: Node.js 12.x + node-version: "12" + + - name: Node.js 13.x + node-version: "13" + + - name: Node.js 14.x + node-version: "14" + + - name: Node.js 15.x + node-version: "15" + + - name: Node.js 16.x + node-version: "16" + + - name: Node.js 17.x + node-version: "17" + + - name: Node.js 18.x + node-version: "18" + + - name: Node.js 19.x + node-version: "19" + + - name: Node.js 20.x + node-version: "20" + + - name: Node.js 21.x + node-version: "21" + + - name: Node.js 22.x + node-version: "22" + + - name: Node.js 23.x + node-version: "23" + + - name: Node.js 24.x + node-version: "24" + + steps: + - uses: actions/checkout@v4 + + - name: Configure npm + run: | + if [[ "$(npm config get package-lock)" == "true" ]]; then + npm config set package-lock false + else + npm config set shrinkwrap false + fi + - name: Setup Node.js version-specific dependencies + shell: bash + run: | + # eslint for linting + # - remove on Node.js < 12 + if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 12 ]]; then + node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \ + grep -E '^eslint(-|$)' | \ + sort -r | \ + xargs -n1 npm rm --silent --save-dev + fi + - name: Remove npm module(s) ${{ matrix.npm-rm }} + run: npm rm --silent --save-dev ${{ matrix.npm-rm }} + if: matrix.npm-rm != '' + + - name: Install npm module(s) ${{ matrix.npm-i }} + run: npm install --save-dev ${{ matrix.npm-i }} + if: matrix.npm-i != '' + + - name: Install Node.js dependencies + run: npm install + + - name: List environment + id: list_env + shell: bash + run: | + echo "node@$(node -v)" + echo "npm@$(npm -v)" + npm -s ls ||: + (npm -s ls --depth=0 ||:) | awk -F'[ @]' 'NR>1 && $2 { print $2 "=" $3 }' >> "$GITHUB_OUTPUT" + - name: Run tests + shell: bash + run: | + if npm -ps ls nyc | grep -q nyc; then + npm run test-ci + else + npm test + fi + - name: Lint code + if: steps.list_env.outputs.eslint != '' + run: npm run lint + + - name: Collect code coverage + if: steps.list_env.outputs.nyc != '' + run: | + mv ./coverage "./${{ matrix.node-version }}" + mkdir ./coverage + mv "./${{ matrix.node-version }}" "./coverage/${{ matrix.node-version }}" + - name: Upload code coverage + uses: actions/upload-artifact@v3 + with: + name: coverage + path: ./coverage + retention-days: 1 + + coverage: + needs: test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install lcov + shell: bash + run: sudo apt-get -y install lcov + - name: Collect coverage reports + uses: actions/download-artifact@v3 + with: + name: coverage + path: ./coverage + - name: Merge coverage reports + shell: bash + run: find ./coverage -name lcov.info -exec printf '-a %q\n' {} \; | xargs lcov -o ./coverage/lcov.info + - name: Upload coverage report + uses: coverallsapp/github-action@master + with: + github-token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From eb133ee8397a788c59d15fe57618b76e6be0c2f6 Mon Sep 17 00:00:00 2001 From: inimaz <93inigo93@gmail.com> Date: Thu, 24 Jul 2025 14:33:17 +0200 Subject: [PATCH 3/4] update history.md --- HISTORY.md | 102 +++++++++++++++++++++++++---------------------------- 1 file changed, 49 insertions(+), 53 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 68fa6e8..bcee7f0 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,74 +1,70 @@ -unreleased -========== +# unreleased - * deps: http-errors@~1.6.3 - - deps: depd@~1.1.2 - - deps: setprototypeof@1.1.0 - - deps: statuses@'>= 1.4.0 < 2' +- deps: http-errors@2.0.0 +- deps: path-is-absolute@2.0.0 +- devdeps: eslint@^9.31.0 +- devdeps: eslint-plugin-import@2.32.0 +- devdeps: eslint-plugin-markdown@^5.1.0 +- devdeps: mocha@^11.7. -1.4.0 / 2018-02-13 -================== +- deps: http-errors@~1.6.3 + - deps: depd@~1.1.2 + - deps: setprototypeof@1.1.0 + - deps: statuses@'>= 1.4.0 < 2' - * Fix resolving paths with certain special characters - * deps: http-errors@~1.6.2 - - Make `message` property enumerable for `HttpError`s - - deps: depd@1.1.1 - - deps: setprototypeof@1.0.3 +# 1.4.0 / 2018-02-13 -1.3.3 / 2016-11-14 -================== +- Fix resolving paths with certain special characters +- deps: http-errors@~1.6.2 + - Make `message` property enumerable for `HttpError`s + - deps: depd@1.1.1 + - deps: setprototypeof@1.0.3 - * deps: path-is-absolute@1.0.1 +# 1.3.3 / 2016-11-14 -1.3.2 / 2016-06-17 -================== +- deps: path-is-absolute@1.0.1 - * deps: http-errors@~1.5.0 - - Use `setprototypeof` module to replace `__proto__` setting - - deps: inherits@2.0.1 - - deps: statuses@'>= 1.3.0 < 2' - - perf: enable strict mode +# 1.3.2 / 2016-06-17 -1.3.1 / 2016-02-28 -================== +- deps: http-errors@~1.5.0 + - Use `setprototypeof` module to replace `__proto__` setting + - deps: inherits@2.0.1 + - deps: statuses@'>= 1.3.0 < 2' + - perf: enable strict mode - * deps: http-errors@~1.4.0 +# 1.3.1 / 2016-02-28 -1.3.0 / 2015-06-15 -================== +- deps: http-errors@~1.4.0 - * Use `path-is-absolute` to better detect absolute paths - * perf: enable strict mode - * perf: skip a variable reassignment +# 1.3.0 / 2015-06-15 -1.2.2 / 2015-02-16 -================== +- Use `path-is-absolute` to better detect absolute paths +- perf: enable strict mode +- perf: skip a variable reassignment - * deps: http-errors@~1.3.1 - - Construct errors using defined constructors from `createError` - - Fix error names that are not identifiers - - Set a meaningful `name` property on constructed errors +# 1.2.2 / 2015-02-16 -1.2.1 / 2015-01-19 -================== +- deps: http-errors@~1.3.1 + - Construct errors using defined constructors from `createError` + - Fix error names that are not identifiers + - Set a meaningful `name` property on constructed errors - * Fix root path disclosure +# 1.2.1 / 2015-01-19 -1.2.0 / 2015-01-05 -================== +- Fix root path disclosure - * Change error to 403 Forbidden when outside root - * Fix argument type errors to be consistent - * Fix path traversal vulnerability - * Use `http-errors` module directly +# 1.2.0 / 2015-01-05 -1.1.0 / 2014-12-27 -================== +- Change error to 403 Forbidden when outside root +- Fix argument type errors to be consistent +- Fix path traversal vulnerability +- Use `http-errors` module directly - * Resolve the root path argument - * Use `http-assert` module +# 1.1.0 / 2014-12-27 -1.0.0 / 2014-03-23 -================== +- Resolve the root path argument +- Use `http-assert` module - * Initial release +# 1.0.0 / 2014-03-23 + +- Initial release From 86543d3cffeb2472ea1be65114c88986a9f24a74 Mon Sep 17 00:00:00 2001 From: inimaz <93inigo93@gmail.com> Date: Thu, 24 Jul 2025 15:15:37 +0200 Subject: [PATCH 4/4] fix: leave history format and update ci version --- .github/workflows/ci.yml | 2 +- HISTORY.md | 104 +++++++++++++++++++++------------------ 2 files changed, 56 insertions(+), 50 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0ace2fe..ccfcd85 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -189,7 +189,7 @@ jobs: mkdir ./coverage mv "./${{ matrix.node-version }}" "./coverage/${{ matrix.node-version }}" - name: Upload code coverage - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: coverage path: ./coverage diff --git a/HISTORY.md b/HISTORY.md index bcee7f0..bea139a 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,70 +1,76 @@ -# unreleased +unreleased +========== -- deps: http-errors@2.0.0 -- deps: path-is-absolute@2.0.0 -- devdeps: eslint@^9.31.0 -- devdeps: eslint-plugin-import@2.32.0 -- devdeps: eslint-plugin-markdown@^5.1.0 -- devdeps: mocha@^11.7. + * deps: http-errors@2.0.0 + * deps: path-is-absolute@2.0.0 + * deps: http-errors@~1.6.3 + - deps: depd@~1.1.2 + - deps: setprototypeof@1.1.0 + - deps: statuses@'>= 1.4.0 < 2' -- deps: http-errors@~1.6.3 - - deps: depd@~1.1.2 - - deps: setprototypeof@1.1.0 - - deps: statuses@'>= 1.4.0 < 2' +1.4.0 / 2018-02-13 +================== -# 1.4.0 / 2018-02-13 + * Fix resolving paths with certain special characters + * deps: http-errors@~1.6.2 + - Make `message` property enumerable for `HttpError`s + - deps: depd@1.1.1 + - deps: setprototypeof@1.0.3 -- Fix resolving paths with certain special characters -- deps: http-errors@~1.6.2 - - Make `message` property enumerable for `HttpError`s - - deps: depd@1.1.1 - - deps: setprototypeof@1.0.3 +1.3.3 / 2016-11-14 +================== -# 1.3.3 / 2016-11-14 + * deps: path-is-absolute@1.0.1 -- deps: path-is-absolute@1.0.1 +1.3.2 / 2016-06-17 +================== -# 1.3.2 / 2016-06-17 + * deps: http-errors@~1.5.0 + - Use `setprototypeof` module to replace `__proto__` setting + - deps: inherits@2.0.1 + - deps: statuses@'>= 1.3.0 < 2' + - perf: enable strict mode -- deps: http-errors@~1.5.0 - - Use `setprototypeof` module to replace `__proto__` setting - - deps: inherits@2.0.1 - - deps: statuses@'>= 1.3.0 < 2' - - perf: enable strict mode +1.3.1 / 2016-02-28 +================== -# 1.3.1 / 2016-02-28 + * deps: http-errors@~1.4.0 -- deps: http-errors@~1.4.0 +1.3.0 / 2015-06-15 +================== -# 1.3.0 / 2015-06-15 + * Use `path-is-absolute` to better detect absolute paths + * perf: enable strict mode + * perf: skip a variable reassignment -- Use `path-is-absolute` to better detect absolute paths -- perf: enable strict mode -- perf: skip a variable reassignment +1.2.2 / 2015-02-16 +================== -# 1.2.2 / 2015-02-16 + * deps: http-errors@~1.3.1 + - Construct errors using defined constructors from `createError` + - Fix error names that are not identifiers + - Set a meaningful `name` property on constructed errors -- deps: http-errors@~1.3.1 - - Construct errors using defined constructors from `createError` - - Fix error names that are not identifiers - - Set a meaningful `name` property on constructed errors +1.2.1 / 2015-01-19 +================== -# 1.2.1 / 2015-01-19 + * Fix root path disclosure -- Fix root path disclosure +1.2.0 / 2015-01-05 +================== -# 1.2.0 / 2015-01-05 + * Change error to 403 Forbidden when outside root + * Fix argument type errors to be consistent + * Fix path traversal vulnerability + * Use `http-errors` module directly -- Change error to 403 Forbidden when outside root -- Fix argument type errors to be consistent -- Fix path traversal vulnerability -- Use `http-errors` module directly +1.1.0 / 2014-12-27 +================== -# 1.1.0 / 2014-12-27 + * Resolve the root path argument + * Use `http-assert` module -- Resolve the root path argument -- Use `http-assert` module +1.0.0 / 2014-03-23 +================== -# 1.0.0 / 2014-03-23 - -- Initial release + * Initial release \ No newline at end of file