Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: node-modules/compressing
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 13d0415
Choose a base ref
...
head repository: node-modules/compressing
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1c1b725
Choose a head ref
  • 7 commits
  • 8 files changed
  • 2 contributors

Commits on Aug 9, 2025

  1. chore: start 1.x branch

    @fengmk2
    fengmk2 committed Aug 9, 2025
    Configuration menu
    Copy the full SHA
    6f936e0 View commit details
    Browse the repository at this point in the history

  2. chore: typo fix on branch

    @fengmk2
    fengmk2 committed Aug 9, 2025
    Configuration menu
    Copy the full SHA
    41a5eae View commit details
    Browse the repository at this point in the history

  3. chore: support auto merge queue 

    [skip ci]
    @fengmk2
    fengmk2 committed Aug 9, 2025
    Configuration menu
    Copy the full SHA
    f2344e7 View commit details
    Browse the repository at this point in the history

Commits on Jan 27, 2026

  1. chore: add warnning message

    @fengmk2
    fengmk2 committed Jan 27, 2026
    Configuration menu
    Copy the full SHA
    2368a03 View commit details
    Browse the repository at this point in the history

  2. chore: add permissions to auto release

    @fengmk2
    fengmk2 committed Jan 27, 2026
    Configuration menu
    Copy the full SHA
    01acc46 View commit details
    Browse the repository at this point in the history

Commits on Jan 28, 2026

  1. fix: prevent arbitrary file write via symlink extraction (#133) 

    Add path traversal and symlink escape protection to prevent malicious
TAR/TGZ archives from writing files outside the extraction directory.

- Add isPathWithinParent() validation function
- Validate all entry paths stay within destination directory
- Validate symlink targets don't escape extraction directory
- Skip malicious entries with warning messages


GHSA-cc8f-xg8v-72m3

pick from
ce1c013
    @fengmk2
    fengmk2 authored Jan 28, 2026
    Configuration menu
    Copy the full SHA
    8d16c19 View commit details
    Browse the repository at this point in the history

  2. Release 1.10.4 

    [skip ci]

## <small>1.10.4 (2026-01-28)</small>

* fix: prevent arbitrary file write via symlink extraction (#133) ([8d16c19](8d16c19)), closes [#133](#133)
* chore: add permissions to auto release ([01acc46](01acc46))
* chore: add warnning message ([2368a03](2368a03))
* chore: start 1.x branch ([6f936e0](6f936e0))
* chore: support auto merge queue ([f2344e7](f2344e7))
* chore: typo fix on branch ([41a5eae](41a5eae))
    @semantic-release-bot
    semantic-release-bot committed Jan 28, 2026
    Configuration menu
    Copy the full SHA
    1c1b725 View commit details
    Browse the repository at this point in the history
Loading