New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
1.8.6 breaks certain existing .zip packages #2532
Comments
@sheerun I'm guessing it was the "Enable file mode preservation" feature in |
Thanks for noticing.. I've published 1.8.8 which should fix this regression. Mind to check? |
Seems to work on |
It is not release, thank you |
not -> now a |
This was referenced Apr 24, 2020
This was referenced Mar 15, 2021
This was referenced Jun 6, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@sheerun, unfortunately, looks like the security upgrade on
decompress-zip
may have had the side effect of breaking .zip archives with certain permissions set on a non-empty directory.Not sure how many packages this affects, but hit one old one in a build. Pinning bower at
v1.8.4
works around the issue.Output of
bower -v && npm -v && node -v
:Additional environment details (proxy, private registry, etc.):
both macOS and Ubuntu 16.04
Steps to reproduce the issue:
Describe the results you received:
Directories inside the archive can end up extracted without
+x
set, resulting in an access error trying to extract files inside that directory:Permissions on the
docusupport
directory in this case aredrw-r--r--
and should probably bedrwxr--r--
.Describe the results you expected:
Package installed without error.
Additional information:
bower diff v1.8.4...v1.8.6
decompress-zip diff bower/decompress-zip@867e439...v0.3.2
The text was updated successfully, but these errors were encountered: