Compare commits

...

3 Commits

Author SHA1 Message Date
Vallie Joseph 19d5d6138b updating release info 2022-12-07 18:49:57 +00:00
Vallie Joseph aee8700cae replacing exec with execFile for security 2022-12-07 18:19:23 +00:00
Vallie Joseph b56e7fcd67 testing commit 2022-12-07 18:11:37 +00:00
3 changed files with 5 additions and 4 deletions
+2
View File
@@ -1,5 +1,7 @@
# @actions/io Releases # @actions/io Releases
### 1.1.3
- [Fixed a security bug where we used child_proccess.exec instead of execFile for windows](https://github.com/actions/toolkit/pull/1255)
### 1.1.2 ### 1.1.2
- Update `lockfileVersion` to `v2` in `package-lock.json [#1020](https://github.com/actions/toolkit/pull/1020) - Update `lockfileVersion` to `v2` in `package-lock.json [#1020](https://github.com/actions/toolkit/pull/1020)
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"name": "@actions/io", "name": "@actions/io",
"version": "1.1.2", "version": "1.1.3",
"description": "Actions io lib", "description": "Actions io lib",
"keywords": [ "keywords": [
"github", "github",
+2 -3
View File
@@ -4,7 +4,6 @@ import * as path from 'path'
import {promisify} from 'util' import {promisify} from 'util'
import * as ioUtil from './io-util' import * as ioUtil from './io-util'
const exec = promisify(childProcess.exec)
const execFile = promisify(childProcess.execFile) const execFile = promisify(childProcess.execFile)
/** /**
@@ -129,11 +128,11 @@ export async function rmRF(inputPath: string): Promise<void> {
try { try {
const cmdPath = ioUtil.getCmdPath() const cmdPath = ioUtil.getCmdPath()
if (await ioUtil.isDirectory(inputPath, true)) { if (await ioUtil.isDirectory(inputPath, true)) {
await exec(`${cmdPath} /s /c "rd /s /q "%inputPath%""`, { await execFile(`${cmdPath} /s /c "rd /s /q "%inputPath%""`, {
env: {inputPath} env: {inputPath}
}) })
} else { } else {
await exec(`${cmdPath} /s /c "del /f /a "%inputPath%""`, { await execFile(`${cmdPath} /s /c "del /f /a "%inputPath%""`, {
env: {inputPath} env: {inputPath}
}) })
} }