chore: upgrade tap@21 #8085
chore: upgrade tap@21 #8085
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -70,7 +70,7 @@ | |||
| | |||
| t.ok(PJ_CALLED.endsWith('/pkg')) | |||
| t.strictSame(RUN_SCRIPT_EXEC, 'shell-command') | |||
| t.match(output, /Exploring \{CWD\}\/[\w-_/]+\nType 'exit' or \^D when finished/) | |||
| t.match(output, /Exploring \{CWD\}\/(.+)+\nType 'exit' or \^D when finished/) | |||
Check failure
Code scanning / CodeQL
Inefficient regular expression High test
Show autofix suggestion Hide autofix suggestion
Copilot Autofix
AI 9 months ago
To fix the problem, we need to modify the regular expression to remove the ambiguity that causes exponential backtracking. Specifically, we can replace the .+ pattern with a more specific pattern that avoids ambiguity. In this case, we can use [^/]+ to match one or more characters that are not a forward slash, which aligns with the intended use of the regular expression.
- Modify the regular expression on line 73 to use
[^/]+instead of.+. - Ensure that the new pattern still matches the intended strings without causing performance issues.
| @@ -72,3 +72,3 @@ | ||
| t.strictSame(RUN_SCRIPT_EXEC, 'shell-command') | ||
| t.match(output, /Exploring \{CWD\}\/(.+)+\nType 'exit' or \^D when finished/) | ||
| t.match(output, /Exploring \{CWD\}\/([^/]+)+\nType 'exit' or \^D when finished/) | ||
| }) |
| @@ -83,7 +83,7 @@ | |||
| | |||
| t.ok(PJ_CALLED.endsWith('/pkg')) | |||
| t.strictSame(RUN_SCRIPT_EXEC, 'shell-command') | |||
| t.match(output, /Exploring \{CWD\}\/[\w-_/]+\nType 'exit' or \^D when finished/) | |||
| t.match(output, /Exploring \{CWD\}\/(.+)+\nType 'exit' or \^D when finished/) | |||
Check failure
Code scanning / CodeQL
Inefficient regular expression High test
Show autofix suggestion Hide autofix suggestion
Copilot Autofix
AI 9 months ago
To fix the problem, we need to modify the regular expression to remove the nested quantifiers that cause exponential backtracking. The best way to do this is to replace (.+)+ with a more specific pattern that avoids ambiguity. In this case, we can use ([^/]+) to match one or more characters that are not a forward slash, which achieves the same goal without the risk of catastrophic backtracking.
| @@ -72,3 +72,3 @@ | ||
| t.strictSame(RUN_SCRIPT_EXEC, 'shell-command') | ||
| t.match(output, /Exploring \{CWD\}\/(.+)+\nType 'exit' or \^D when finished/) | ||
| t.match(output, /Exploring \{CWD\}\/([^/]+)\nType 'exit' or \^D when finished/) | ||
| }) | ||
| @@ -85,3 +85,3 @@ | ||
| t.strictSame(RUN_SCRIPT_EXEC, 'shell-command') | ||
| t.match(output, /Exploring \{CWD\}\/(.+)+\nType 'exit' or \^D when finished/) | ||
| t.match(output, /Exploring \{CWD\}\/([^/]+)\nType 'exit' or \^D when finished/) | ||
| |
| the core cli tests are passing but these aren't represented now in their own |
1 participant
apart of: npm/statusboard#913
Outline of Changes (all of these don't need to be in this PR and can be broken down individually)
t.mocktot.mockRequiretap.excludein package.jsonnode_modulesis dirty and needs updates fromnpa(should be in another pr)./node_modules/minipass/dist/commonjs/index.js.mapchecked in to run correctly.mapfiles withinnode_modules, currently we don't check in.md,.ts, and.map(should be in another pr)