From 3b719369fe94cbe2ceafe90d2fa4fcc96c5df1a1 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Jun 2025 13:26:33 +0000 Subject: [PATCH 1/4] chore(deps): update dependency hasha to v5.2.2 --- package.json | 2 +- yarn.lock | 13 ------------- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/package.json b/package.json index c6cce910fc41..fb6e15331ed7 100644 --- a/package.json +++ b/package.json @@ -165,7 +165,7 @@ "gulp-awspublish": "8.0.0", "gulp-debug": "4.0.0", "gulp-rename": "1.4.0", - "hasha": "5.0.0", + "hasha": "5.2.2", "human-interval": "1.0.0", "husky": "7.0.2", "inquirer": "8.2.4", diff --git a/yarn.lock b/yarn.lock index 58266e8e9e37..e2e471d2fc72 100644 --- a/yarn.lock +++ b/yarn.lock @@ -18521,14 +18521,6 @@ hash.js@^1.0.0, hash.js@^1.0.3: inherits "^2.0.3" minimalistic-assert "^1.0.1" -hasha@5.0.0: - version "5.0.0" - resolved "https://registry.yarnpkg.com/hasha/-/hasha-5.0.0.tgz#fdc3785caea03df29535fc8adb512c3d3a709004" - integrity sha512-PqWdhnQhq6tqD32hZv+l1e5mJHNSudjnaAzgAHfkGiU0ABN6lmbZF8abJIulQHbZ7oiHhP8yL6O910ICMc+5pw== - dependencies: - is-stream "^1.1.0" - type-fest "^0.3.0" - hasha@5.2.2: version "5.2.2" resolved "https://registry.yarnpkg.com/hasha/-/hasha-5.2.2.tgz#a48477989b3b327aea3c04f53096d816d97522a1" @@ -30870,11 +30862,6 @@ type-fest@^0.21.3: resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37" integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w== -type-fest@^0.3.0: - version "0.3.1" - resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.3.1.tgz#63d00d204e059474fe5e1b7c011112bbd1dc29e1" - integrity sha512-cUGJnCdr4STbePCgqNFbpVNCepa+kAVohJs1sLhxzdH+gnEoOd8VhbYa7pD3zZYGiURWM2xzEII3fQcRizDkYQ== - type-fest@^0.4.1: version "0.4.1" resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.4.1.tgz#8bdf77743385d8a4f13ba95f610f5ccd68c728f8" From bd357c590d5ca39631376a22eaa18a870e728b7b Mon Sep 17 00:00:00 2001 From: Jennifer Shehane Date: Thu, 12 Jun 2025 10:10:23 -0400 Subject: [PATCH 2/4] use hashs instead of copied code --- cli/lib/util.js | 24 ++---------------------- 1 file changed, 2 insertions(+), 22 deletions(-) diff --git a/cli/lib/util.js b/cli/lib/util.js index 4f7a67e88e9e..10cde59241c1 100644 --- a/cli/lib/util.js +++ b/cli/lib/util.js @@ -2,7 +2,7 @@ const _ = require('lodash') const arch = require('arch') const os = require('os') const ospath = require('ospath') -const crypto = require('crypto') +const hasha = require('hasha') const la = require('lazy-ass') const is = require('check-more-types') const tty = require('tty') @@ -30,31 +30,11 @@ const getosAsync = Promise.promisify(getos) /** * Returns SHA512 of a file - * - * Implementation lifted from https://github.com/sindresorhus/hasha - * but without bringing that dependency (since hasha is Node v8+) */ const getFileChecksum = (filename) => { la(is.unemptyString(filename), 'expected filename', filename) - const hashStream = () => { - const s = crypto.createHash('sha512') - - s.setEncoding('hex') - - return s - } - - return new Promise((resolve, reject) => { - const stream = fs.createReadStream(filename) - - stream.on('error', reject) - .pipe(hashStream()) - .on('error', reject) - .on('finish', function () { - resolve(this.read()) - }) - }) + return hasha.fromFile(filename, { algorithm: 'sha512' }) } const getFileSize = (filename) => { From 97c4476c45360aa1b96e5293261f267e79e909a7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Jun 2025 14:12:51 +0000 Subject: [PATCH 3/4] chore(deps): update dependency hasha to v5.2.2 --- package.json | 2 +- yarn.lock | 13 ------------- 2 files changed, 1 insertion(+), 14 deletions(-) diff --git a/package.json b/package.json index c6cce910fc41..fb6e15331ed7 100644 --- a/package.json +++ b/package.json @@ -165,7 +165,7 @@ "gulp-awspublish": "8.0.0", "gulp-debug": "4.0.0", "gulp-rename": "1.4.0", - "hasha": "5.0.0", + "hasha": "5.2.2", "human-interval": "1.0.0", "husky": "7.0.2", "inquirer": "8.2.4", diff --git a/yarn.lock b/yarn.lock index 58266e8e9e37..e2e471d2fc72 100644 --- a/yarn.lock +++ b/yarn.lock @@ -18521,14 +18521,6 @@ hash.js@^1.0.0, hash.js@^1.0.3: inherits "^2.0.3" minimalistic-assert "^1.0.1" -hasha@5.0.0: - version "5.0.0" - resolved "https://registry.yarnpkg.com/hasha/-/hasha-5.0.0.tgz#fdc3785caea03df29535fc8adb512c3d3a709004" - integrity sha512-PqWdhnQhq6tqD32hZv+l1e5mJHNSudjnaAzgAHfkGiU0ABN6lmbZF8abJIulQHbZ7oiHhP8yL6O910ICMc+5pw== - dependencies: - is-stream "^1.1.0" - type-fest "^0.3.0" - hasha@5.2.2: version "5.2.2" resolved "https://registry.yarnpkg.com/hasha/-/hasha-5.2.2.tgz#a48477989b3b327aea3c04f53096d816d97522a1" @@ -30870,11 +30862,6 @@ type-fest@^0.21.3: resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.21.3.tgz#d260a24b0198436e133fa26a524a6d65fa3b2e37" integrity sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w== -type-fest@^0.3.0: - version "0.3.1" - resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.3.1.tgz#63d00d204e059474fe5e1b7c011112bbd1dc29e1" - integrity sha512-cUGJnCdr4STbePCgqNFbpVNCepa+kAVohJs1sLhxzdH+gnEoOd8VhbYa7pD3zZYGiURWM2xzEII3fQcRizDkYQ== - type-fest@^0.4.1: version "0.4.1" resolved "https://registry.yarnpkg.com/type-fest/-/type-fest-0.4.1.tgz#8bdf77743385d8a4f13ba95f610f5ccd68c728f8" From aadfce60af41a1011c282e5be3937a4962cc69df Mon Sep 17 00:00:00 2001 From: Jennifer Shehane Date: Fri, 13 Jun 2025 13:32:11 -0400 Subject: [PATCH 4/4] move to dep instead of devDep --- cli/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/package.json b/cli/package.json index 6336a982a4e5..6bc9c1b46f54 100644 --- a/cli/package.json +++ b/cli/package.json @@ -46,6 +46,7 @@ "figures": "^3.2.0", "fs-extra": "^9.1.0", "getos": "^3.2.1", + "hasha": "5.2.2", "is-installed-globally": "~0.4.0", "lazy-ass": "^1.6.0", "listr2": "^3.8.3", @@ -91,7 +92,6 @@ "dependency-check": "4.1.0", "dtslint": "4.2.1", "execa-wrap": "1.4.0", - "hasha": "5.2.2", "mocha": "6.2.2", "mock-fs": "5.4.0", "mocked-env": "1.3.2",