Comparing version 3.8.0 to 4.0.0
@@ -0,1 +1,9 @@ | ||
v4.0.0 2019-04-24 | ||
================= | ||
* [[`ceed5cbe10`](https://github.com/nodejs/node-gyp/commit/ceed5cbe10)] - **deps**: updated tar package version to 4.4.8 (Pobegaylo Maksim) [#1713](https://github.com/nodejs/node-gyp/pull/1713) | ||
* [[`374519e066`](https://github.com/nodejs/node-gyp/commit/374519e066)] - **(SEMVER-MAJOR)** Upgrade to tar v3 (isaacs) [#1212](https://github.com/nodejs/node-gyp/pull/1212) | ||
* [[`e6699d13cd`](https://github.com/nodejs/node-gyp/commit/e6699d13cd)] - **test**: fix addon test for Node.js 12 and V8 7.4 (Richard Lau) [#1705](https://github.com/nodejs/node-gyp/pull/1705) | ||
* [[`0c6bf530a0`](https://github.com/nodejs/node-gyp/commit/0c6bf530a0)] - **lib**: use print() for python version detection (GreenAddress) [#1534](https://github.com/nodejs/node-gyp/pull/1534) | ||
v3.8.0 2018-08-09 | ||
@@ -2,0 +10,0 @@ ================= |
@@ -451,3 +451,3 @@ module.exports = exports = configure | ||
checkPythonVersion: function checkPythonVersion () { | ||
var args = ['-c', 'import sys; print "%s.%s.%s" % sys.version_info[:3];'] | ||
var args = ['-c', 'import sys; print("%s.%s.%s" % sys.version_info[:3]);'] | ||
var env = extend({}, this.env) | ||
@@ -454,0 +454,0 @@ env.TERM = 'dumb' |
@@ -23,6 +23,4 @@ module.exports = exports = function (gyp, argv, callback) { | ||
, crypto = require('crypto') | ||
, zlib = require('zlib') | ||
, log = require('npmlog') | ||
, semver = require('semver') | ||
, fstream = require('fstream') | ||
, request = require('request') | ||
@@ -152,4 +150,2 @@ , mkdir = require('mkdirp') | ||
, extractCount = 0 | ||
, gunzip = zlib.createGunzip() | ||
, extracter = tar.Extract({ path: devDir, strip: 1, filter: isValid }) | ||
@@ -161,15 +157,10 @@ var contentShasums = {} | ||
// only .h header files and the gyp files get extracted | ||
function isValid () { | ||
var name = this.path.substring(devDir.length + 1) | ||
var isValid = valid(name) | ||
if (name === '' && this.type === 'Directory') { | ||
// the first directory entry is ok | ||
return true | ||
} | ||
function isValid (path, entry) { | ||
var isValid = valid(path) | ||
if (isValid) { | ||
log.verbose('extracted file from tarball', name) | ||
log.verbose('extracted file from tarball', path) | ||
extractCount++ | ||
} else { | ||
// invalid | ||
log.silly('ignoring from tarball', name) | ||
log.silly('ignoring from tarball', path) | ||
} | ||
@@ -179,12 +170,11 @@ return isValid | ||
gunzip.on('error', cb) | ||
extracter.on('error', cb) | ||
extracter.on('end', afterTarball) | ||
// download the tarball and extract! | ||
// download the tarball, gunzip and extract! | ||
if (tarPath) { | ||
var input = fs.createReadStream(tarPath) | ||
input.pipe(gunzip).pipe(extracter) | ||
return | ||
return tar.extract({ | ||
file: tarPath, | ||
strip: 1, | ||
filter: isValid, | ||
cwd: devDir | ||
}).then(afterTarball, cb) | ||
} | ||
@@ -229,3 +219,7 @@ | ||
// start unzipping and untaring | ||
req.pipe(gunzip).pipe(extracter) | ||
res.pipe(tar.extract({ | ||
strip: 1, | ||
cwd: devDir, | ||
filter: isValid | ||
}).on('close', afterTarball).on('error', cb)) | ||
}) | ||
@@ -232,0 +226,0 @@ |
@@ -14,3 +14,3 @@ { | ||
], | ||
"version": "3.8.0", | ||
"version": "4.0.0", | ||
"installVersion": 9, | ||
@@ -26,3 +26,2 @@ "author": "Nathan Rajlich <nathan@tootallnate.net> (http://tootallnate.net)", | ||
"dependencies": { | ||
"fstream": "^1.0.0", | ||
"glob": "^7.0.3", | ||
@@ -37,7 +36,7 @@ "graceful-fs": "^4.1.2", | ||
"semver": "~5.3.0", | ||
"tar": "^2.0.0", | ||
"tar": "^4.4.8", | ||
"which": "1" | ||
}, | ||
"engines": { | ||
"node": ">= 0.8.0" | ||
"node": ">= 4.0.0" | ||
}, | ||
@@ -44,0 +43,0 @@ "devDependencies": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
1611097
11
57
3159
+ Addedchownr@1.1.4(transitive)
+ Addedfs-minipass@1.2.7(transitive)
+ Addedminipass@2.9.0(transitive)
+ Addedminizlib@1.3.3(transitive)
+ Addedsafe-buffer@5.2.1(transitive)
+ Addedtar@4.4.19(transitive)
+ Addedyallist@3.1.1(transitive)
- Removedfstream@^1.0.0
- Removedblock-stream@0.0.9(transitive)
- Removedfstream@1.0.12(transitive)
- Removedtar@2.2.2(transitive)
Updatedtar@^4.4.8