Compare commits

..

3 Commits

Author SHA1 Message Date
Vallie Joseph 19d5d6138b updating release info 2022-12-07 18:49:57 +00:00
Vallie Joseph aee8700cae replacing exec with execFile for security 2022-12-07 18:19:23 +00:00
Vallie Joseph b56e7fcd67 testing commit 2022-12-07 18:11:37 +00:00
4 changed files with 5 additions and 13 deletions
+1 -1
View File
@@ -221,7 +221,7 @@ console.log(`We can even get context data, like the repo: ${context.repo.repo}`)
## Contributing
We welcome contributions. See [how to contribute](.github/CONTRIBUTING.md).
hi
## Code of Conduct
See [our code of conduct](CODE_OF_CONDUCT.md).
+2
View File
@@ -1,5 +1,7 @@
# @actions/io Releases
### 1.1.3
- [Fixed a security bug where we used child_proccess.exec instead of execFile for windows](https://github.com/actions/toolkit/pull/1255)
### 1.1.2
- Update `lockfileVersion` to `v2` in `package-lock.json [#1020](https://github.com/actions/toolkit/pull/1020)
+2 -2
View File
@@ -1,12 +1,12 @@
{
"name": "@actions/io",
"version": "1.1.3",
"version": "1.1.2",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "@actions/io",
"version": "1.1.3",
"version": "1.1.2",
"license": "MIT"
}
}
-10
View File
@@ -4,8 +4,6 @@ import * as path from 'path'
import {promisify} from 'util'
import * as ioUtil from './io-util'
// const exec = promisify(childProcess.exec)
// const fork = promisify(childProcess.fork)
const execFile = promisify(childProcess.execFile)
/**
@@ -132,18 +130,10 @@ export async function rmRF(inputPath: string): Promise<void> {
if (await ioUtil.isDirectory(inputPath, true)) {
await execFile(`${cmdPath} /s /c "rd /s /q "%inputPath%""`, {
env: {inputPath}
}).catch(err => {
// if you try to delete a file that doesn't exist, desired result is achieved
// other errors are valid
if (err.code !== 'ENOENT') throw err
})
} else {
await execFile(`${cmdPath} /s /c "del /f /a "%inputPath%""`, {
env: {inputPath}
}).catch(err => {
// if you try to delete a file that doesn't exist, desired result is achieved
// other errors are valid
if (err.code !== 'ENOENT') throw err
})
}
} catch (err) {