From 177f68d0212762de018a90474baf73c02bcda43f Mon Sep 17 00:00:00 2001 From: Mark Wiemer Date: Sat, 17 Aug 2024 20:22:45 -0700 Subject: [PATCH 1/3] Update to markdown-it@^14 --- package-lock.json | 110 ++++++++++++++++++++++++++++------------------ package.json | 4 +- 2 files changed, 69 insertions(+), 45 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6156443d..7921b459 100644 --- a/package-lock.json +++ b/package-lock.json @@ -21,7 +21,7 @@ "hosted-git-info": "^4.0.2", "jsonc-parser": "^3.2.0", "leven": "^3.1.0", - "markdown-it": "^12.3.2", + "markdown-it": "^14.1.0", "mime": "^1.3.4", "minimatch": "^3.0.3", "parse-semver": "^1.1.1", @@ -60,7 +60,7 @@ "typescript": "^4.3.2" }, "engines": { - "node": ">= 16" + "node": ">= 20" }, "optionalDependencies": { "keytar": "^7.7.0" @@ -2282,11 +2282,12 @@ } }, "node_modules/linkify-it": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", - "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", + "version": "5.0.0", + "resolved": "https://registry.npmmirror.com/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", + "license": "MIT", "dependencies": { - "uc.micro": "^1.0.1" + "uc.micro": "^2.0.0" } }, "node_modules/locate-path": { @@ -2440,32 +2441,39 @@ "dev": true }, "node_modules/markdown-it": { - "version": "12.3.2", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", - "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", + "version": "14.1.0", + "resolved": "https://registry.npmmirror.com/markdown-it/-/markdown-it-14.1.0.tgz", + "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==", + "license": "MIT", "dependencies": { "argparse": "^2.0.1", - "entities": "~2.1.0", - "linkify-it": "^3.0.1", - "mdurl": "^1.0.1", - "uc.micro": "^1.0.5" + "entities": "^4.4.0", + "linkify-it": "^5.0.0", + "mdurl": "^2.0.0", + "punycode.js": "^2.3.1", + "uc.micro": "^2.1.0" }, "bin": { - "markdown-it": "bin/markdown-it.js" + "markdown-it": "bin/markdown-it.mjs" } }, "node_modules/markdown-it/node_modules/entities": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", - "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==", + "version": "4.5.0", + "resolved": "https://registry.npmmirror.com/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=0.12" + }, "funding": { "url": "https://github.com/fb55/entities?sponsor=1" } }, "node_modules/mdurl": { - "version": "1.0.1", - "resolved": "https://registry.yarnpkg.com/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4=" + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==", + "license": "MIT" }, "node_modules/mime": { "version": "1.6.0", @@ -2984,6 +2992,15 @@ "node": ">=6" } }, + "node_modules/punycode.js": { + "version": "2.3.1", + "resolved": "https://registry.npmmirror.com/punycode.js/-/punycode.js-2.3.1.tgz", + "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==", + "license": "MIT", + "engines": { + "node": ">=6" + } + }, "node_modules/qs": { "version": "6.11.0", "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", @@ -3529,9 +3546,10 @@ } }, "node_modules/uc.micro": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", - "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==" + "version": "2.1.0", + "resolved": "https://registry.npmmirror.com/uc.micro/-/uc.micro-2.1.0.tgz", + "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==", + "license": "MIT" }, "node_modules/underscore": { "version": "1.13.1", @@ -5605,11 +5623,11 @@ "integrity": "sha1-d4kd6DQGTMy6gq54QrtrFKE+1/I= sha512-qsda+H8jTaUaN/x5vzW2rzc+8Rw4TAQ/4KjB46IwK5VH+IlVeeeje/EoZRpiXvIqjFgK84QffqPztGI3VBLG1A==" }, "linkify-it": { - "version": "3.0.3", - "resolved": "https://registry.npmjs.org/linkify-it/-/linkify-it-3.0.3.tgz", - "integrity": "sha512-ynTsyrFSdE5oZ/O9GEf00kPngmOfVwazR5GKDq6EYfhlpFug3J2zybX56a2PRRpc9P+FuSoGNAwjlbDs9jJBPQ==", + "version": "5.0.0", + "resolved": "https://registry.npmmirror.com/linkify-it/-/linkify-it-5.0.0.tgz", + "integrity": "sha512-5aHCbzQRADcdP+ATqnDuhhJ/MRIqDkZX5pyjFHRRysS8vZ5AbqGEoFIb6pYHPZ+L/OC2Lc+xT8uHVVR5CAK/wQ==", "requires": { - "uc.micro": "^1.0.1" + "uc.micro": "^2.0.0" } }, "locate-path": { @@ -5735,28 +5753,29 @@ "dev": true }, "markdown-it": { - "version": "12.3.2", - "resolved": "https://registry.npmjs.org/markdown-it/-/markdown-it-12.3.2.tgz", - "integrity": "sha512-TchMembfxfNVpHkbtriWltGWc+m3xszaRD0CZup7GFFhzIgQqxIfn3eGj1yZpfuflzPvfkt611B2Q/Bsk1YnGg==", + "version": "14.1.0", + "resolved": "https://registry.npmmirror.com/markdown-it/-/markdown-it-14.1.0.tgz", + "integrity": "sha512-a54IwgWPaeBCAAsv13YgmALOF1elABB08FxO9i+r4VFk5Vl4pKokRPeX8u5TCgSsPi6ec1otfLjdOpVcgbpshg==", "requires": { "argparse": "^2.0.1", - "entities": "~2.1.0", - "linkify-it": "^3.0.1", - "mdurl": "^1.0.1", - "uc.micro": "^1.0.5" + "entities": "^4.4.0", + "linkify-it": "^5.0.0", + "mdurl": "^2.0.0", + "punycode.js": "^2.3.1", + "uc.micro": "^2.1.0" }, "dependencies": { "entities": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/entities/-/entities-2.1.0.tgz", - "integrity": "sha512-hCx1oky9PFrJ611mf0ifBLBRW8lUUVRlFolb5gWRfIELabBlbp9xZvrqZLZAs+NxFnbfQoeGd8wDkygjg7U85w==" + "version": "4.5.0", + "resolved": "https://registry.npmmirror.com/entities/-/entities-4.5.0.tgz", + "integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==" } } }, "mdurl": { - "version": "1.0.1", - "resolved": "https://registry.yarnpkg.com/mdurl/-/mdurl-1.0.1.tgz", - "integrity": "sha1-/oWy7HWlkDfyrf7BAP1sYBdhFS4=" + "version": "2.0.0", + "resolved": "https://registry.npmmirror.com/mdurl/-/mdurl-2.0.0.tgz", + "integrity": "sha512-Lf+9+2r+Tdp5wXDXC4PcIBjTDtq4UKjCPMQhKIuzpJNW0b96kVqSwW0bT7FhRSfmAiFYgP+SCRvdrDozfh0U5w==" }, "mime": { "version": "1.6.0", @@ -6141,6 +6160,11 @@ "integrity": "sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA==", "dev": true }, + "punycode.js": { + "version": "2.3.1", + "resolved": "https://registry.npmmirror.com/punycode.js/-/punycode.js-2.3.1.tgz", + "integrity": "sha512-uxFIHU0YlHYhDQtV4R9J6a52SLx28BCjT+4ieh7IGbgwVJWO+km431c4yRlREUAsAmt/uMjQUyQHNEPf0M39CA==" + }, "qs": { "version": "6.11.0", "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz", @@ -6518,9 +6542,9 @@ "dev": true }, "uc.micro": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/uc.micro/-/uc.micro-1.0.6.tgz", - "integrity": "sha512-8Y75pvTYkLJW2hWQHXxoqRgV7qb9B+9vFEtidML+7koHUFapnVJAZ6cKs+Qjz5Aw3aZWHMC6u0wJE3At+nSGwA==" + "version": "2.1.0", + "resolved": "https://registry.npmmirror.com/uc.micro/-/uc.micro-2.1.0.tgz", + "integrity": "sha512-ARDJmphmdvUk6Glw7y9DQ2bFkKBHwQHLi2lsaH6PPmz/Ka9sFOBsBluozhDltWmnv9u/cF6Rt87znRTPV+yp/A==" }, "underscore": { "version": "1.13.1", diff --git a/package.json b/package.json index 7cbf8d81..1f726be1 100644 --- a/package.json +++ b/package.json @@ -50,7 +50,7 @@ "hosted-git-info": "^4.0.2", "jsonc-parser": "^3.2.0", "leven": "^3.1.0", - "markdown-it": "^12.3.2", + "markdown-it": "^14.1.0", "mime": "^1.3.4", "minimatch": "^3.0.3", "parse-semver": "^1.1.1", @@ -95,4 +95,4 @@ "watch-files": "src/**", "spec": "src/test/**/*.ts" } -} \ No newline at end of file +} From 164eebd3e624d29966cf5bd184b39a828d29632f Mon Sep 17 00:00:00 2001 From: Sandeep Somavarapu Date: Tue, 3 Sep 2024 11:07:07 +0200 Subject: [PATCH 2/3] add verify-signature command. Fixes #1044 (#1045) --- src/main.ts | 10 +++++++++- src/package.ts | 13 +++++++++++++ 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/src/main.ts b/src/main.ts index db16380a..a08c467d 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,6 +1,6 @@ import program from 'commander'; import leven from 'leven'; -import { packageCommand, ls, Targets, generateManifest } from './package'; +import { packageCommand, ls, Targets, generateManifest, verifySignature } from './package'; import { publish, unpublish } from './publish'; import { show } from './show'; import { search } from './search'; @@ -317,6 +317,14 @@ module.exports = function (argv: string[]): void { .option('-o, --out ', 'Output the extension manifest to location (defaults to .manifest)') .action(({ packagePath, out }) => main(generateManifest(packagePath, out))); + program + .command('verify-signature') + .description('Verifies the provided signature file against the provided VSIX package and manifest.') + .requiredOption('-i, --packagePath ', 'Path to the VSIX package') + .requiredOption('-m, --manifestPath ', 'Path to the Manifest file') + .requiredOption('-s, --signaturePath ', 'Path to the Signature file') + .action(({ packagePath, manifestPath, signaturePath }) => main(verifySignature(packagePath, manifestPath, signaturePath))); + program .command('ls-publishers') .description('Lists all known publishers') diff --git a/src/package.ts b/src/package.ts index 83de1a3b..3abe9e5b 100644 --- a/src/package.ts +++ b/src/package.ts @@ -1885,6 +1885,19 @@ export function generateManifest(packageFile: string, outputFile?: string): Prom return vsceSign.generateManifest(packageFile, outputFile); } +export async function verifySignature(packageFile: string, manifestFile: string, signatureFile: string): Promise { + const sigzipPath = await createSignatureArchive(manifestFile, signatureFile); + try { + const result = await vsceSign.verify(packageFile, sigzipPath, true); + console.log(`Signature verification result: ${result.code}`); + if (result.output) { + console.log(result.output) + } + } finally { + await fs.promises.unlink(sigzipPath); + } +} + // Create a signature zip file containing the manifest and signature file export async function createSignatureArchive(manifestFile: string, signatureFile: string, outputFile?: string): Promise { return vsceSign.zip(manifestFile, signatureFile, outputFile) From a583bab97323dec778e4bdc937d5b3600fc0201d Mon Sep 17 00:00:00 2001 From: Marc Lasson Date: Tue, 3 Sep 2024 14:21:58 +0200 Subject: [PATCH 3/3] Fix typo in option hint --- src/package.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/package.ts b/src/package.ts index 3abe9e5b..95b3afe0 100644 --- a/src/package.ts +++ b/src/package.ts @@ -2019,7 +2019,7 @@ export async function printAndValidatePackagedFiles(files: IFile[], cwd: string, message += unusedIncludePatterns.map(p => ` - ${p}`).join('\n'); message += '\nRemove any include pattern which is not needed.\n'; message += `\n=> Run ${chalk.bold('vsce ls --tree')} to see all included files.\n`; - message += `=> Use ${chalk.bold('--allow-unused-files-patterns')} to skip this check`; + message += `=> Use ${chalk.bold('--allow-unused-files-pattern')} to skip this check`; util.log.error(message); process.exit(1); }