diff --git a/lib/utils.js b/lib/utils.js index ea7c4c4..9a89db2 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -35,7 +35,7 @@ function applyParams(command, params) { return command.replace(/\{\{(\w+)\}\}/g, (match, key) => { if (!(key in params)) return match; const val = String(params[key]).trim(); - if (!/^[a-zA-Z0-9._:@\-\/]+$/.test(val)) { + if (!/^[a-zA-Z0-9._:@/-]+$/.test(val)) { throw new Error(`Unsafe value for workflow parameter "${key}"`); } return val; diff --git a/package-lock.json b/package-lock.json index 8551750..b36cc65 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4107,10 +4107,9 @@ "dev": true }, "node_modules/path-to-regexp": { - "version": "8.3.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.3.0.tgz", - "integrity": "sha512-7jdwVIRtsP8MYpdXSwOS0YdD0Du+qOoF/AEPIt88PcCFrZCzx41oxku1jD88hZBwbNUIEfpqvuhjFaMAqMTWnA==", - "license": "MIT", + "version": "8.4.2", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz", + "integrity": "sha512-qRcuIdP69NPm4qbACK+aDogI5CBDMi1jKe0ry5rSQJz8JVLsC7jV8XpiJjGRLLol3N+R5ihGYcrPLTno6pAdBA==", "funding": { "type": "opencollective", "url": "https://opencollective.com/express" @@ -4294,10 +4293,9 @@ ] }, "node_modules/qs": { - "version": "6.14.0", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", - "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", - "license": "BSD-3-Clause", + "version": "6.15.1", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.15.1.tgz", + "integrity": "sha512-6YHEFRL9mfgcAvql/XhwTvf5jKcOiiupt2FiJxHkiX1z4j7WL8J/jRHYLluORvc1XxB5rV20KoeK00gVJamspg==", "dependencies": { "side-channel": "^1.1.0" }, diff --git a/tests/.eslintrc.json b/tests/.eslintrc.json new file mode 100644 index 0000000..0e0299d --- /dev/null +++ b/tests/.eslintrc.json @@ -0,0 +1,7 @@ +{ + "env": { + "node": true, + "jest": true, + "es2021": true + } +}