archiverjs / archiver-utils Goto Github PK
View Code? Open in Web Editor NEWutility functions for archiver
License: MIT License
utility functions for archiver
License: MIT License
I keep seeing this in my error log:
error Error: If encoding is specified then the first argument must be a string
at new Buffer (buffer.js:106:13)
at Readable.<anonymous> (../node_modules/archiver-utils/index.js:39:15)
I'm using node v6 i know they made a lot of changes/improvments with buffer
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
.github/workflows/labels.yml
actions/checkout v4
micnncim/action-label-syncer v1.3.0
.github/workflows/nodejs.yml
actions/checkout v4.1.6
actions/setup-node v4.0.2
.github/workflows/npmpublish.yml
actions/checkout v4.1.6
actions/setup-node v4.0.2
actions/checkout v4.1.6
actions/setup-node v4.0.2
.github/workflows/release-drafter.yml
release-drafter/release-drafter v6
package.json
glob ^10.0.0
graceful-fs ^4.2.0
is-stream ^2.0.1
lazystream ^1.0.0
lodash ^4.17.15
normalize-path ^3.0.0
readable-stream ^4.0.0
chai 4.4.1
mkdirp 3.0.1
mocha 10.3.0
rimraf 5.0.5
node >= 14
[email protected] depends on [email protected] package which also has a vulnerable dependency '[email protected]'.
As per 'isaacs/inflight-DEPRECATED-DO-NOT-USE#18' vulnerable dependency is being fixed in [email protected].
โ
What did you expect to see?
Cucumber lib using an updated version of glob. > 9.0.0 without any vulnerabilities
๐ฆ Which tool/library version are you using?
4.0.1
๐ฌ How could we reproduce it?
Steps to reproduce the behavior:
Install [email protected]
npm ls inflight
Observe that archiver-utils is dependent is [email protected] -> [email protected]
Line 145 in 90027da
// current version
results = results.concat(res);
// faster version
Array.prototype.push.apply(results, res);
See https://jsperf.com/javascript-array-concat-vs-push/100 for a benchmark.
The walkdir method is susceptible to maximum call stack sized exceeded errors.
Calling walkdir on my root directory as follows:
var utils = require('archiver-utils');
utils.walkdir('/', function(err, data) {
console.log('done');
})
Results in:
536379 //this count is the number of times next() was called
/Users/loehrm1/code/rueltest/node_modules/archiver-utils/index.js:149
Array.prototype.push.apply(results, res);
^
RangeError: Maximum call stack size exceeded
at /Users/loehrm1/code/rueltest/node_modules/archiver-utils/index.js:149:34
at next (/Users/loehrm1/code/rueltest/node_modules/archiver-utils/index.js:134:16)
at /Users/loehrm1/code/rueltest/node_modules/archiver-utils/index.js:151:13
at next (/Users/loehrm1/code/rueltest/node_modules/archiver-utils/index.js:134:16)
at /Users/loehrm1/code/rueltest/node_modules/archiver-utils/index.js:155:11
at Object.oncomplete (fs.js:108:15)
The version [email protected] is use module inflight, this module do not update for 7 years, in order to fix the security issue CWE-772 need to upgrade glob version to 10.3.10, please help to upgrade.
Hey, I'm running into EMFILE on line 118 of index.js.
Would it be possible to include fs-extra, graceful-fs, or something to that effect instead of native fs?
Thanks.
See: https://www.huntr.dev/bounties/e4e1393c-d590-4492-9f43-8be3f3321629/
Please upgrade the glob
dependency to at least version 7.2.1 (https://github.com/isaacs/node-glob/releases/tag/v7.2.1). Version 7.2.1 has updated the minimatch
dependency from vulnerable version 3.0.4 to mitigated version 3.1.1.
isaacs/node-glob@73feafd#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519L23
Here is my dependency resolution tree.
+-- [email protected]
| +-- [email protected]
| | `-- [email protected]
| | `-- [email protected] deduped
| `-- [email protected]
| `-- [email protected] deduped
`-- UNMET PEER DEPENDENCY [email protected]
+-- @eslint/[email protected]
| `-- [email protected] deduped
+-- @humanwhocodes/[email protected]
| `-- [email protected] deduped
`-- [email protected]
Hello,
I'm using node-archiver
quite happily but while doing my periodical dependency update procedure, I came across a transient dependency to [email protected]
which is quite outdated as v4 has been out for quite some time.
This package quite justly depends on readable-stream@4
but also depends on lazystream@1
which is the one that brings in the outdated dependency to [email protected]
An issue already exists on the lazystream project (jpommerening/node-lazystream#7) but it seems that the project has been dormant for quite some time without any progress on an eventual transfer to a new home (jpommerening/node-lazystream#3 (comment))
Do you think it would be feasible to remove the dependency to lazystream
by replacing it by something else, or integrating the functionality directly?
I am trying to archive a big file (around 3G) using npm archiver module. When I do, I run into following error message.
buffer.js:224
throw err;
^
RangeError: "size" argument must not be larger than 2147483647
at Function.Buffer.alloc (buffer.js:233:3)
at new Buffer (buffer.js:156:19)
at Readable.<anonymous> (/home/04040/hayashis/app/node-v8.12.0-linux-x64/lib/node_modules/brainlife/node_modules/archiver-utils/index.js:39:15)
at emitNone (events.js:111:20)
at Readable.emit (events.js:208:7)
at endReadableNT (/home/04040/hayashis/app/node-v8.12.0-linux-x64/lib/node_modules/brainlife/node_modules/readable-stream/lib/_stream_readable.js:1010:12)
at _combinedTickCallback (internal/process/next_tick.js:139:11)
at process._tickCallback (internal/process/next_tick.js:181:9)
Is this a limitation imposed on my OS (I am using Linux kernel 3.10.0-693.17.1.el7.x86_64).. or something I need to adjust on the node itself?
Looks like this function is dead code.
Line 21 in f70a0a3
right now, archiver-utils depends on the full lodash
module; by switching to the specialized lodash modules, we can reduce the overall node_module install size from 8.8MB to 4.2MB
When running the parent archiver
utility the following warning is printed to the console:
[DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues.
Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
The warning is about the calls new Buffer(...)
in this package.
These should be replaced by Buffer.alloc(number)
and Buffer.from(string)
instead
If the user doesn't have permission on a file/dir, utils.walkdir
results in an Uncaught TypeError
because res
is null.
if (stats && stats.isDirectory()) {
utils.walkdir(filepath, base, function(err, res) {
res.forEach(function(dirEntry) {
results.push(dirEntry);
});
next();
});
}
The latest lodash.defaults on npmjs is 4.2.0 at https://www.npmjs.com/package/lodash.defaults, which was published about 4 years ago.
There are a couple of vulnerabilities relevant to [email protected] at
Please consider to depend on lodash, instead of the specialized ones that are out of publish actually.
Could you please remove or rename one of the "homepage" keys in the package.json. The duplicate keys are causing issues with some tooling we use. Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.