minimatch
Advanced tools
Comparing version 6.1.8 to 6.1.9
@@ -281,2 +281,4 @@ "use strict"; | ||
else { | ||
// do this swap BEFORE the reduce, so that we can turn a string | ||
// of **/*/**/* into */*/**/** and then reduce the **'s into one | ||
for (const parts of rawGlobParts) { | ||
@@ -296,5 +298,13 @@ let swapped; | ||
this.globParts = rawGlobParts.map(parts => parts.reduce((set, part) => { | ||
if (part !== '**' || set[set.length - 1] !== '**') { | ||
set.push(part); | ||
const prev = set[set.length - 1]; | ||
if (part === '**' && prev === '**') { | ||
return set; | ||
} | ||
if (part === '..') { | ||
if (prev && prev !== '..' && prev !== '.' && prev !== '**') { | ||
set.pop(); | ||
return set; | ||
} | ||
} | ||
set.push(part); | ||
return set; | ||
@@ -301,0 +311,0 @@ }, [])); |
@@ -269,2 +269,4 @@ export const minimatch = (p, pattern, options = {}) => { | ||
else { | ||
// do this swap BEFORE the reduce, so that we can turn a string | ||
// of **/*/**/* into */*/**/** and then reduce the **'s into one | ||
for (const parts of rawGlobParts) { | ||
@@ -284,5 +286,13 @@ let swapped; | ||
this.globParts = rawGlobParts.map(parts => parts.reduce((set, part) => { | ||
if (part !== '**' || set[set.length - 1] !== '**') { | ||
set.push(part); | ||
const prev = set[set.length - 1]; | ||
if (part === '**' && prev === '**') { | ||
return set; | ||
} | ||
if (part === '..') { | ||
if (prev && prev !== '..' && prev !== '.' && prev !== '**') { | ||
set.pop(); | ||
return set; | ||
} | ||
} | ||
set.push(part); | ||
return set; | ||
@@ -289,0 +299,0 @@ }, [])); |
@@ -5,3 +5,3 @@ { | ||
"description": "a glob matcher in javascript", | ||
"version": "6.1.8", | ||
"version": "6.1.9", | ||
"repository": { | ||
@@ -8,0 +8,0 @@ "type": "git", |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
176798
2340
6