From f39f64133a00bb516730a25823087415c3791b87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 16 Jan 2026 21:21:41 +0000 Subject: [PATCH 1/2] build(deps-dev): bump tar from 6.2.1 to 7.5.3 Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.1 to 7.5.3. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-tar/compare/v6.2.1...v7.5.3) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.3 dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- package.json | 2 +- pnpm-lock.yaml | 91 ++++++++++++++++++++++++-------------------------- 2 files changed, 44 insertions(+), 49 deletions(-) diff --git a/package.json b/package.json index f1cad517..b50833e0 100644 --- a/package.json +++ b/package.json @@ -66,7 +66,7 @@ "source-map-support": "^0.5.20", "split": "1.0.1", "string-length": "3.1.0", - "tar": "6.2.1", + "tar": "7.5.3", "tmp": "0.2.4", "typescript": "^5.7.2", "typescript-eslint": "^8.18.2", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index f992f69f..f96807b5 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -181,8 +181,8 @@ importers: specifier: 3.1.0 version: 3.1.0 tar: - specifier: 6.2.1 - version: 6.2.1 + specifier: 7.5.3 + version: 7.5.3 tmp: specifier: 0.2.4 version: 0.2.4 @@ -335,6 +335,10 @@ packages: resolution: {integrity: sha512-cjQ7ZlQ0Mv3b47hABuTevyTuYN4i+loJKGeV9flcCgIK37cCXRh+L1bd3iBHlynerhQ7BhCkn2BPbQUL+rGqFg==} engines: {node: '>=6.9.0'} + '@babel/code-frame@7.28.6': + resolution: {integrity: sha512-JYgintcMjRiCvS8mMECzaEn+m3PfoQiyqukOMCCVQtoJGYJw8j/8LBJEiqkHLkfwCcs74E3pbAUFNg7d9VNJ+Q==} + engines: {node: '>=6.9.0'} + '@babel/compat-data@7.28.5': resolution: {integrity: sha512-6uFXyCayocRbqhZOB+6XcuZbkMNimwfVGFji8CTZnCzOHVGvDqzvitu1re2AU5LROliz7eQPhB8CpAMvnx9EjA==} engines: {node: '>=6.9.0'} @@ -804,6 +808,10 @@ packages: resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} + '@isaacs/fs-minipass@4.0.1': + resolution: {integrity: sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==} + engines: {node: '>=18.0.0'} + '@jridgewell/gen-mapping@0.3.13': resolution: {integrity: sha512-2kkt/7niJ6MgEPxF0bYdQ6etZaA+fQvDcLKckhy1yIQOzaoKjBBjSj63/aLVjYE3qhRt5dvM+uUyfCg6UKCBbA==} @@ -1868,9 +1876,9 @@ packages: resolution: {integrity: sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==} engines: {node: '>= 8.10.0'} - chownr@2.0.0: - resolution: {integrity: sha512-bIomtDF5KGpdogkLd9VspvFzk9KfpyyGlS8YFVZl7TGPBHL5snIOnxeshwVgPteQ9b4Eydl+pVbIyE1DcvCWgQ==} - engines: {node: '>=10'} + chownr@3.0.0: + resolution: {integrity: sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==} + engines: {node: '>=18'} ci-info@2.0.0: resolution: {integrity: sha512-5tK7EtrZ0N+OLFMthtqOj4fI2Jeb88C4CAZPu25LDVUgXJ0A3Js4PMGqrn0JU1W0Mh1/Z8wZzYPxqUrXeBboCQ==} @@ -2180,10 +2188,6 @@ packages: forwarded-parse@2.1.2: resolution: {integrity: sha512-alTFZZQDKMporBH77856pXgzhEzaUVmLCDk+egLgIgHst3Tpndzz8MnKe+GzRJRfvVdn69HhpW7cmXzvtLvJAw==} - fs-minipass@2.1.0: - resolution: {integrity: sha512-V/JgOLFCS+R6Vcq0slCuaeWEdNC3ouDlJMNIsacH2VtALiu9mV4LPrHc5cDl8k5aw6J8jwgWWpiTo5RYhmIzvg==} - engines: {node: '>= 8'} - fs.realpath@1.0.0: resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} @@ -2529,25 +2533,17 @@ packages: minimist@1.2.8: resolution: {integrity: sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==} - minipass@3.3.6: - resolution: {integrity: sha512-DxiNidxSEK+tHG6zOIklvNOwm3hvCrbUrdtzY74U6HKTJxvIDfOUL5W5P2Ghd3DTkhhKPYGqeNUIh5qcM4YBfw==} - engines: {node: '>=8'} - minipass@4.2.8: resolution: {integrity: sha512-fNzuVyifolSLFL4NzpF+wEF4qrgqaaKX0haXPQEdQ7NKAN+WecoKMHV09YcuL/DHxrUsYQOK3MiuDf7Ip2OXfQ==} engines: {node: '>=8'} - minipass@5.0.0: - resolution: {integrity: sha512-3FnjYuehv9k6ovOEbyOswadCDPX1piCfhV8ncmYtHOjuPwylVWsghTLo7rabjC3Rx5xD4HDx8Wm1xnMF7S5qFQ==} - engines: {node: '>=8'} - minipass@7.1.2: resolution: {integrity: sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==} engines: {node: '>=16 || 14 >=14.17'} - minizlib@2.1.2: - resolution: {integrity: sha512-bAxsR8BVfj60DWXHE3u30oHzfl4G7khkSuPW+qvpd7jFRHm7dLxOjUk1EHACJ/hxLY8phGJ0YhYHZo7jil7Qdg==} - engines: {node: '>= 8'} + minizlib@3.1.0: + resolution: {integrity: sha512-KZxYo1BUkWD2TVFLr0MQoM8vUUigWD3LlD83a/75BqC+4qE0Hb1Vo5v1FgcfaNXvfXzr+5EhQ6ing/CaBijTlw==} + engines: {node: '>= 18'} mkdirp@0.5.6: resolution: {integrity: sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==} @@ -2927,9 +2923,9 @@ packages: resolution: {integrity: sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==} engines: {node: '>= 0.4'} - tar@6.2.1: - resolution: {integrity: sha512-DZ4yORTwrbTj/7MZYq2w+/ZFdI6OZ/f9SFHR+71gIVUZhOQPHzVCLpvRnPgyaMpfWxxk/4ONva3GQSyNIKRv6A==} - engines: {node: '>=10'} + tar@7.5.3: + resolution: {integrity: sha512-ENg5JUHUm2rDD7IvKNFGzyElLXNjachNLp6RaGf4+JOgxXHkqA+gq81ZAMCUmtMtqBsoU62lcp6S27g1LCYGGQ==} + engines: {node: '>=18'} teeny-request@9.0.0: resolution: {integrity: sha512-resvxdc6Mgb7YEThw6G6bExlXKkv6+YbuzGg9xuXxSgxJF7Ozs+o8Y9+2R3sArdWdW8nOokoQb1yrpFB0pQK2g==} @@ -3191,8 +3187,9 @@ packages: yallist@3.1.1: resolution: {integrity: sha512-a4UGQaWPH59mOXUYnAG2ewncQS4i4F43Tv3JoAM+s2VDAmS9NsK8GpDMLrCHPksFT7h3K6TOoUNn2pb7RoXx4g==} - yallist@4.0.0: - resolution: {integrity: sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==} + yallist@5.0.0: + resolution: {integrity: sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==} + engines: {node: '>=18'} yargs-parser@22.0.0: resolution: {integrity: sha512-rwu/ClNdSMpkSrUb+d6BRsSkLUq1fmfsY6TOpYzTwvwkg1/NRG85KBy3kq++A8LKQwX6lsu+aWad+2khvuXrqw==} @@ -3608,6 +3605,12 @@ snapshots: js-tokens: 4.0.0 picocolors: 1.1.1 + '@babel/code-frame@7.28.6': + dependencies: + '@babel/helper-validator-identifier': 7.28.5 + js-tokens: 4.0.0 + picocolors: 1.1.1 + '@babel/compat-data@7.28.5': {} '@babel/core@7.28.5': @@ -3977,6 +3980,10 @@ snapshots: wrap-ansi: 8.1.0 wrap-ansi-cjs: wrap-ansi@7.0.0 + '@isaacs/fs-minipass@4.0.1': + dependencies: + minipass: 7.1.2 + '@jridgewell/gen-mapping@0.3.13': dependencies: '@jridgewell/sourcemap-codec': 1.5.5 @@ -5272,7 +5279,7 @@ snapshots: optionalDependencies: fsevents: 2.3.3 - chownr@2.0.0: {} + chownr@3.0.0: {} ci-info@2.0.0: {} @@ -5622,10 +5629,6 @@ snapshots: forwarded-parse@2.1.2: {} - fs-minipass@2.1.0: - dependencies: - minipass: 3.3.6 - fs.realpath@1.0.0: {} fsevents@2.3.3: @@ -5977,20 +5980,13 @@ snapshots: minimist@1.2.8: {} - minipass@3.3.6: - dependencies: - yallist: 4.0.0 - minipass@4.2.8: {} - minipass@5.0.0: {} - minipass@7.1.2: {} - minizlib@2.1.2: + minizlib@3.1.0: dependencies: - minipass: 3.3.6 - yallist: 4.0.0 + minipass: 7.1.2 mkdirp@0.5.6: dependencies: @@ -6356,14 +6352,13 @@ snapshots: supports-preserve-symlinks-flag@1.0.0: {} - tar@6.2.1: + tar@7.5.3: dependencies: - chownr: 2.0.0 - fs-minipass: 2.1.0 - minipass: 5.0.0 - minizlib: 2.1.2 - mkdirp: 1.0.4 - yallist: 4.0.0 + '@isaacs/fs-minipass': 4.0.1 + chownr: 3.0.0 + minipass: 7.1.2 + minizlib: 3.1.0 + yallist: 5.0.0 teeny-request@9.0.0: dependencies: @@ -6421,7 +6416,7 @@ snapshots: tslint@5.16.0(typescript@5.9.3): dependencies: - '@babel/code-frame': 7.27.1 + '@babel/code-frame': 7.28.6 builtin-modules: 1.1.1 chalk: 2.4.2 commander: 2.20.3 @@ -6625,7 +6620,7 @@ snapshots: yallist@3.1.1: {} - yallist@4.0.0: {} + yallist@5.0.0: {} yargs-parser@22.0.0: {} From c965820f02474b35b834841688fbe1ba98e28bc0 Mon Sep 17 00:00:00 2001 From: Burak Yigit Kaya Date: Mon, 19 Jan 2026 13:29:41 +0000 Subject: [PATCH 2/2] fix: Update tar import for v7 compatibility tar v7 removed default exports and only provides named exports. Changed from 'import tar from tar' to 'import * as tar from tar'. Also improved test normalization to filter Node.js deprecation warnings before hash normalization to prevent test flakiness. --- src/__tests__/prepare-dry-run.e2e.test.ts | 11 +++++---- src/utils/system.ts | 28 +++++++++++++---------- 2 files changed, 22 insertions(+), 17 deletions(-) diff --git a/src/__tests__/prepare-dry-run.e2e.test.ts b/src/__tests__/prepare-dry-run.e2e.test.ts index 0cbef199..05cd7291 100644 --- a/src/__tests__/prepare-dry-run.e2e.test.ts +++ b/src/__tests__/prepare-dry-run.e2e.test.ts @@ -119,6 +119,12 @@ function normalizeOutput(output: string): string { // Remove ANSI color codes // eslint-disable-next-line no-control-regex -- Need to match ANSI escape sequences .replace(/\x1b\[[0-9;]*m/g, '') + // Remove node deprecation warnings (must be before hash normalization) + .replace(/\(node:\d+\)[^\n]*DeprecationWarning[^\n]*\n?/g, '') + .replace(/\(node:\d+\)[^\n]*\n/g, '') + .replace(/\(Use `node --trace-warnings.*\n/g, '') + .replace(/\(Use `node --trace-deprecation.*\n/g, '') + .replace(/Support for loading ES Module.*\n/g, '') // Normalize temp directory paths .replace(/\/tmp\/craft-[a-z0-9-]+/g, '/tmp/craft-XXXXX') // Normalize commit hashes (7-40 hex chars) @@ -129,11 +135,6 @@ function normalizeOutput(output: string): string { .replace(/craft-dry-run-[a-f0-9]+/g, 'craft-dry-run-XXXXX') // Normalize line counts that might vary .replace(/@@ -\d+,\d+ \+\d+,\d+ @@/g, '@@ -X,Y +X,Y @@') - // Remove node warnings and experimental warnings - .replace(/\(node:\d+\)[^\n]*\n/g, '') - .replace(/\(Use `node --trace-warnings.*\n/g, '') - .replace(/\(Use `node --trace-deprecation.*\n/g, '') - .replace(/Support for loading ES Module.*\n/g, '') // Normalize PID references .replace(/node:\d+/g, 'node:PID') // Normalize branch names (main vs master) diff --git a/src/utils/system.ts b/src/utils/system.ts index 3de18fef..e3b5077a 100644 --- a/src/utils/system.ts +++ b/src/utils/system.ts @@ -3,7 +3,7 @@ import { createHash, Hash } from 'crypto'; import * as fs from 'fs'; import * as path from 'path'; import split from 'split'; -import tar from 'tar'; +import * as tar from 'tar'; import extract from 'extract-zip'; import { logger } from '../logger'; @@ -62,10 +62,10 @@ function processError( args?: string[], options?: any, stdout?: string, - stderr?: string + stderr?: string, ): Error { const error = new Error( - `Process "${command}" errored with code ${code}\n\nSTDOUT: ${stdout}\n\nSTDERR:${stderr}` + `Process "${command}" errored with code ${code}\n\nSTDOUT: ${stdout}\n\nSTDERR:${stderr}`, ) as any; error.code = code; error.args = args; @@ -84,7 +84,7 @@ function processError( */ export function replaceEnvVariable( arg: string, - env: Record + env: Record, ): string { if (!env || !arg || arg[0] !== '$') { return arg; @@ -131,12 +131,16 @@ export async function spawnProcess( command: string, args: string[] = [], options: SpawnOptions = {}, - spawnProcessOptions: SpawnProcessOptions = {} + spawnProcessOptions: SpawnProcessOptions = {}, ): Promise { const argsString = args.map(arg => `"${arg}"`).join(' '); // Allow spawning in worktree mode (isolated environment) or when explicitly enabled - if (isDryRun() && !spawnProcessOptions.enableInDryRunMode && !isInWorktreeMode()) { + if ( + isDryRun() && + !spawnProcessOptions.enableInDryRunMode && + !isInWorktreeMode() + ) { logger.info('[dry-run] Not spawning process:', `${command} ${argsString}`); return undefined; } @@ -160,7 +164,7 @@ export async function spawnProcess( // Do a shell-like replacement of arguments that look like environment variables const processedArgs = args.map(arg => - replaceEnvVariable(arg, { ...process.env, ...options.env }) + replaceEnvVariable(arg, { ...process.env, ...options.env }), ); // Allow child to accept input (use 'pipe' for stdin if we need to write to it) @@ -219,7 +223,7 @@ export async function calculateChecksum( algorithm?: HashAlgorithm; /** Hash format */ format?: HashOutputFormat; - } + }, ): Promise { const { algorithm = HashAlgorithm.SHA256, format = HashOutputFormat.Hex } = options || {}; @@ -267,7 +271,7 @@ function getPotentialPaths(fileName: string): string[] { .replace(/"/g, '') .split(path.delimiter) .map(chunk => - envExt.split(path.delimiter).map(ext => path.join(chunk, fileName + ext)) + envExt.split(path.delimiter).map(ext => path.join(chunk, fileName + ext)), ) .reduce((a, b) => a.concat(b)); } @@ -330,7 +334,7 @@ export function checkExecutableIsPresent(name: string): void { */ export async function extractSourcesFromTarStream( stream: NodeJS.ReadableStream, - dir: string + dir: string, ): Promise { return new Promise((resolve, reject) => { try { @@ -356,7 +360,7 @@ export async function extractSourcesFromTarStream( */ export async function extractZipArchive( filePath: string, - dir: string + dir: string, ): Promise { await extract(filePath, { dir: dir }); } @@ -373,7 +377,7 @@ export async function extractZipArchive( export function catchKeyboardInterrupt(maxTimeDiff = 1000): void { if (process.env.CRAFT_CATCH_KEYBOARD_INTERRUPT !== '1') { logger.debug( - 'Catching Ctrl-C is disabled by default. See https://github.com/getsentry/craft/issues/21' + 'Catching Ctrl-C is disabled by default. See https://github.com/getsentry/craft/issues/21', ); return; }