Skip to content

fix: fix file descriptor leak#62

Merged
gmaclennan merged 3 commits intomainfrom
fix/file-descriptor-leak
Feb 17, 2026
Merged

fix: fix file descriptor leak#62
gmaclennan merged 3 commits intomainfrom
fix/file-descriptor-leak

Conversation

@gmaclennan
Copy link
Member

@gmaclennan gmaclennan commented Feb 17, 2026

A bug in yauzl-promise was resulting in file descriptor leaks when trying to open an invalid zip file. This fix patches yauzl-promise and adds it as a bundled dependency so that the patch is included in the tarball.

@gmaclennan gmaclennan enabled auto-merge (squash) February 17, 2026 11:11
@gmaclennan gmaclennan self-assigned this Feb 17, 2026
@socket-security
Copy link

socket-security bot commented Feb 17, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedpatch-package@​8.0.19710010082100

View full report

@gmaclennan gmaclennan merged commit 65a5c1c into main Feb 17, 2026
11 checks passed
@gmaclennan gmaclennan deleted the fix/file-descriptor-leak branch February 17, 2026 11:23
gmaclennan added a commit that referenced this pull request Feb 17, 2026
@gmaclennan
Merge branch 'main' into chore/sharp-image-tests
0a5cb55 
* main:
  feat: optimize order of entries (#37)
  fix: fix file descriptor leak (#62)
  Release v4.0.1 (#61)
  fix: serve with parameter in base (#60)
  Release v4.0.0 (#59)
  Revert "Release v4.0.0 (#53)" (#58)
  chore: add test for server base path (#56)
  chore: add missing package.json fields (#54)
  Release v4.0.0 (#53)
  chore: fix issues with release workflow (#50)
  feat!: simplified server (#52)
  chore: use npm trusted publishing with OIDC (#49)
  Release v3.0.0 (#46)
  feat!: introduce dual publishing (#45)
  Release v2.2.1 (#44)
  fix: fix types exports locations (#43)
gmaclennan added a commit that referenced this pull request Feb 17, 2026
@gmaclennan
Merge branch 'main' into ac/fix-commander-extra-typings-usage
62d7e0d 
* main:
  chore: use sharp for test image generation (#42)
  feat: optimize order of entries (#37)
  fix: fix file descriptor leak (#62)
  Release v4.0.1 (#61)
  fix: serve with parameter in base (#60)
  Release v4.0.0 (#59)
  Revert "Release v4.0.0 (#53)" (#58)
  chore: add test for server base path (#56)
  chore: add missing package.json fields (#54)
  Release v4.0.0 (#53)
  chore: fix issues with release workflow (#50)
  feat!: simplified server (#52)
  chore: use npm trusted publishing with OIDC (#49)
@optic-release-automation optic-release-automation bot mentioned this pull request Feb 17, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@gmaclennan gmaclennan

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gmaclennan