src,permission: add multiple allow-fs-* flags#49047
Merged
nodejs-github-bot merged 7 commits intonodejs:mainfrom Aug 17, 2023
Merged
src,permission: add multiple allow-fs-* flags#49047nodejs-github-bot merged 7 commits intonodejs:mainfrom
nodejs-github-bot merged 7 commits intonodejs:mainfrom
Conversation
Collaborator
|
Review requested:
|
nodejs-github-bot
added
c++
RafaelGSS
reviewed
Aug 10, 2023
Member
RafaelGSS
left a comment
RafaelGSS
left a comment
There was a problem hiding this comment.
Can we have a test for the warning too?
Contributor
Author
@RafaelGSS We do have one https://github.com/nodejs/node/pull/49047/files#diff-5928310ee410bbccf3599140510e07ca18546548955f67505349fa1fef2d6b48R83 |
richardlau
reviewed
Aug 10, 2023
Member
richardlau
left a comment
richardlau
left a comment
There was a problem hiding this comment.
Possibly add changes metadata to the YAML blocks? e.g.
changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/49047
description: Paths delimited by comma (`,`) are no longer allowed.
doc/api/cli.md
Outdated
| * Multiple paths can be allowed using multiple `--allow-fs-read` flags. | ||
| Example `--allow-fs-read=/folder1/ --allow-fs-read=/folder1/` | ||
|
|
||
| NOTE: Paths delimited by comma (`,`) are no longer allowed. |
Member
There was a problem hiding this comment.
This could also be added as changes metadata in the YAML block above.
| * Multiple paths can be allowed using multiple `--allow-fs-read` flags. | ||
| Example `--allow-fs-read=/folder1/ --allow-fs-read=/folder1/` | ||
|
|
||
| Paths delimited by comma (`,`) are no longer allowed. |
Member
There was a problem hiding this comment.
This could also be added as changes metadata in the YAML block above.
github-actions
bot
removed
the
request-ci
Collaborator
RafaelGSS
added
the
commit-queue-squash
github-actions
bot
removed
the
request-ci
Collaborator
Member
|
It seems the machines are broken. I'll wait a bit to request another CI. |
github-actions
bot
removed
the
request-ci
This comment was marked as outdated.
This comment was marked as outdated.
github-actions
bot
removed
the
request-ci
Collaborator
Support for a single comma separates list for allow-fs-* flags is removed. Instead now multiple flags can be passed to allow multiple paths. Fixes: nodejs/security-wg#1039
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
Co-authored-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
UlisesGascon
added a commit
that referenced
this pull request
Sep 13, 2023
Notable changes: crypto: * update root certificates to NSS 3.93 (Node.js GitHub Bot) #49341 doc: * move and rename loaders section (Geoffrey Booth) #49261 * add release key for Ulises Gascon (Ulises Gascón) #49196 lib: * (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) #46391 src: * support multiple `--env-file` declarations (Yagiz Nizipli) #49542 src,permission: * add multiple allow-fs-* flags (Carlos Espa) #49047 test_runner: * (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975 PR-URL: #49592
UlisesGascon
added a commit
that referenced
this pull request
Sep 13, 2023
Notable changes: crypto: * update root certificates to NSS 3.93 (Node.js GitHub Bot) #49341 doc: * move and rename loaders section (Geoffrey Booth) #49261 * add release key for Ulises Gascon (Ulises Gascón) #49196 lib: * (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) #46391 src: * support multiple `--env-file` declarations (Yagiz Nizipli) #49542 src,permission: * add multiple allow-fs-* flags (Carlos Espa) #49047 test_runner: * (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975 PR-URL: #49592
UlisesGascon
added a commit
that referenced
this pull request
Sep 16, 2023
Notable changes: crypto: * update root certificates to NSS 3.93 (Node.js GitHub Bot) #49341 doc: * move and rename loaders section (Geoffrey Booth) #49261 * add release key for Ulises Gascon (Ulises Gascón) #49196 lib: * (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) #46391 src: * support multiple `--env-file` declarations (Yagiz Nizipli) #49542 src,permission: * add multiple allow-fs-* flags (Carlos Espa) #49047 test_runner: * (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975 PR-URL: #49592
UlisesGascon
added a commit
that referenced
this pull request
Sep 18, 2023
Notable changes: crypto: * update root certificates to NSS 3.93 (Node.js GitHub Bot) #49341 deps: * upgrade npm to 10.0.0 (npm team) #49423 * upgrade npm to 10.1.0 (npm team) #49570 doc: * move and rename loaders section (Geoffrey Booth) #49261 * add release key for Ulises Gascon (Ulises Gascón) #49196 lib: * (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) #46391 src: * support multiple `--env-file` declarations (Yagiz Nizipli) #49542 src,permission: * add multiple allow-fs-* flags (Carlos Espa) #49047 test_runner: * (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975 PR-URL: #49592
UlisesGascon
added a commit
that referenced
this pull request
Sep 18, 2023
Notable changes: crypto: * update root certificates to NSS 3.93 (Node.js GitHub Bot) #49341 deps: * upgrade npm to 10.1.0 (npm team) #49570 * upgrade npm to 10.0.0 (npm team) #49423 doc: * move and rename loaders section (Geoffrey Booth) #49261 * add release key for Ulises Gascon (Ulises Gascón) #49196 lib: * (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) #46391 src: * support multiple `--env-file` declarations (Yagiz Nizipli) #49542 src,permission: * add multiple allow-fs-* flags (Carlos Espa) #49047 test_runner: * (SEMVER-MINOR) expose location of tests (Colin Ihrig) #48975 PR-URL: #49592
UlisesGascon
added a commit
to UlisesGascon/node
that referenced
this pull request
Sep 18, 2023
Notable changes: crypto: * update root certificates to NSS 3.93 (Node.js GitHub Bot) nodejs#49341 deps: * upgrade npm to 10.1.0 (npm team) nodejs#49570 * upgrade npm to 10.0.0 (npm team) nodejs#49423 doc: * move and rename loaders section (Geoffrey Booth) nodejs#49261 * add release key for Ulises Gascon (Ulises Gascón) nodejs#49196 lib: * (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) nodejs#46391 src: * support multiple `--env-file` declarations (Yagiz Nizipli) nodejs#49542 src,permission: * add multiple allow-fs-* flags (Carlos Espa) nodejs#49047 test_runner: * (SEMVER-MINOR) expose location of tests (Colin Ihrig) nodejs#48975 PR-URL: nodejs#49592
alexfernandez
pushed a commit
to alexfernandez/node
that referenced
this pull request
Nov 1, 2023
Notable changes: crypto: * update root certificates to NSS 3.93 (Node.js GitHub Bot) nodejs#49341 deps: * upgrade npm to 10.1.0 (npm team) nodejs#49570 * upgrade npm to 10.0.0 (npm team) nodejs#49423 doc: * move and rename loaders section (Geoffrey Booth) nodejs#49261 * add release key for Ulises Gascon (Ulises Gascón) nodejs#49196 lib: * (SEMVER-MINOR) add api to detect whether source-maps are enabled (翠 / green) nodejs#46391 src: * support multiple `--env-file` declarations (Yagiz Nizipli) nodejs#49542 src,permission: * add multiple allow-fs-* flags (Carlos Espa) nodejs#49047 test_runner: * (SEMVER-MINOR) expose location of tests (Colin Ihrig) nodejs#48975 PR-URL: nodejs#49592
tniessen
added a commit
to tniessen/node
that referenced
this pull request
Nov 10, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: nodejs#48491 Refs: nodejs#49047
tniessen
added a commit
to tniessen/node
that referenced
this pull request
Nov 17, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: nodejs#48491 Refs: nodejs#49047
nodejs-github-bot
pushed a commit
that referenced
this pull request
Nov 19, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: #48491 Refs: #49047 PR-URL: #50662 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
tniessen
added a commit
to tniessen/node
that referenced
this pull request
Nov 21, 2023
targos
pushed a commit
that referenced
this pull request
Nov 23, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: #48491 Refs: #49047 PR-URL: #50662 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
martenrichter
pushed a commit
to martenrichter/node
that referenced
this pull request
Nov 26, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: nodejs#48491 Refs: nodejs#49047 PR-URL: nodejs#50662 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
martenrichter
pushed a commit
to martenrichter/node
that referenced
this pull request
Nov 26, 2023
Refs: nodejs#49047 PR-URL: nodejs#50845 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Deokjin Kim <deokjin81.kim@gmail.com>
lucshi
pushed a commit
to lucshi/node
that referenced
this pull request
Nov 27, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: nodejs#48491 Refs: nodejs#49047 PR-URL: nodejs#50662 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
lucshi
pushed a commit
to lucshi/node
that referenced
this pull request
Nov 27, 2023
Refs: nodejs#49047 PR-URL: nodejs#50845 Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Vinícius Lourenço Claro Cardoso <contact@viniciusl.com.br> Reviewed-By: Deokjin Kim <deokjin81.kim@gmail.com>
RafaelGSS
pushed a commit
that referenced
this pull request
Nov 29, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: #48491 Refs: #49047 PR-URL: #50662 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
RafaelGSS
pushed a commit
that referenced
this pull request
Nov 30, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: #48491 Refs: #49047 PR-URL: #50662 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
UlisesGascon
pushed a commit
that referenced
this pull request
Dec 11, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: #48491 Refs: #49047 PR-URL: #50662 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
UlisesGascon
pushed a commit
that referenced
this pull request
Dec 19, 2023
The use of string_view and subsequent copying to a string was supposed to be a minor optimization in 640a7918, however, since 413c16e, no string splitting occurs anymore. Therefore, we can simply pass around some references instead of using string_view or copying strings. Refs: #48491 Refs: #49047 PR-URL: #50662 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Breaking change: Support for a single comma separates list for allow-fs-* flags is removed.
This means that
Will be interpreted as a single file.
When using a single flag and including commas in said flag a warning will be emitted explaining the change.
Instead now multiple flags can be passed to allow multiple paths.
Will allow access to both paths.
Fixes: nodejs/security-wg#1039