4 changed files with 112 additions and 19 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/nodemon-v2.0.3-bundled.tar.gz
+SOURCES/nodemon-v2.0.20-bundled.tar.gz
--- a/.nodejs-nodemon.metadata
+++ b/.nodejs-nodemon.metadata
@ -1 +1 @@
-a515df94af26b438ffbf4d914259f16a03cc7c15 SOURCES/nodemon-v2.0.3-bundled.tar.gz
+f558d7dc37c745ca2983daebe6868df6ee46c00a SOURCES/nodemon-v2.0.20-bundled.tar.gz
--- a/SOURCES/0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch
+++ b/SOURCES/0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch
@ -0,0 +1,63 @@
 From 03b97db840718e36aaa091f95a98a0b81764093b Mon Sep 17 00:00:00 2001
 From: Takayuki Sato <sttk.xslet@gmail.com>
 Date: Tue, 20 Jul 2021 14:46:33 +0900
 Subject: [PATCH] deps(glob-parent): Resolve ReDoS vulnerability from
 CVE-2021-35065 (#49)
 Signed-off-by: rpm-build <rpm-build>
 ---
 node_modules/glob-parent/index.js | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)
 diff --git a/node_modules/glob-parent/index.js b/node_modules/glob-parent/index.js
 index 09e257e..b182190 100644
 --- a/node_modules/glob-parent/index.js
 +++ b/node_modules/glob-parent/index.js
@@ -6,7 +6,6 @@ var isWin32 = require('os').platform() === 'win32';
 var slash = '/';
 var backslash = /\\/g;
 -var enclosure = /[\{\[].*[\}\]]$/;
 var globby = /(^|[^\\])([\{\[]|\([^\)]+$)/;
 var escaped = /\\([\!\*\?\|\[\]\(\)\{\}])/g;
@@ -25,7 +24,7 @@ module.exports = function globParent(str, opts) {
   }
   // special case for strings ending in enclosure containing path separator
 -  if (enclosure.test(str)) {
 +  if (isEnclosure(str)) {
     str += slash;
   }
@@ -40,3 +39,27 @@ module.exports = function globParent(str, opts) {
   // remove escape chars and return result
   return str.replace(escaped, '$1');
 };
 +
 +
 +function isEnclosure(str) {
 +  var lastChar = str.slice(-1)
 +
 +  var enclosureStart;
 +  switch (lastChar) {
 +    case '}':
 +      enclosureStart = '{';
 +      break;
 +    case ']':
 +      enclosureStart = '[';
 +      break;
 +    default:
 +      return false;
 +  }
 +
 +  var foundIndex = str.indexOf(enclosureStart);
 +  if (foundIndex < 0) {
 +    return false;
 +  }
 +
 +  return str.slice(foundIndex + 1, -1).includes(slash);
 +}
 -- 
 2.39.2
--- a/SPECS/nodejs-nodemon.spec
+++ b/SPECS/nodejs-nodemon.spec
@ -5,13 +5,15 @@
 %global enable_tests 0
 Name:          nodejs-%{npm_name}
-Version:       2.0.3
+Version:       2.0.20
-Release:       1%{?dist}
+Release:       3%{?dist}
 Summary:       Simple monitor script for use during development of a node.js app
 License:       MIT
-URL:           https://github.com/remy/nodemon
+URL:           https://www.npmjs.com/package/nodemon
 Source0:       %{npm_name}-v%{version}-bundled.tar.gz
 Patch1:        0001-deps-glob-parent-Resolve-ReDoS-vulnerability-from-CV.patch
 BuildRequires: nodejs-devel
 BuildRequires: nodejs-packaging
 BuildRequires: npm
@ -47,7 +49,7 @@ replacement wrapper for node, think of it as replacing the word "node"
 on the command line when you run your script.
 %prep
-%setup -q -n %{npm_name}-%{version}
+%autosetup -p1 -n package
 %build
@ -56,14 +58,11 @@ on the command line when you run your script.
 %install
 mkdir -p %{buildroot}%{nodejs_sitelib}/%{npm_name}
-cp -pr doc bin lib package.json website node_modules %{buildroot}%{nodejs_sitelib}/%{npm_name}
+cp -pr doc bin lib package.json node_modules %{buildroot}%{nodejs_sitelib}/%{npm_name}
 mkdir -p %{buildroot}%{_bindir}
 ln -sf %{nodejs_sitelib}/%{npm_name}/bin/nodemon.js %{buildroot}%{_bindir}/nodemon
 #%%nodejs_symlink_deps
 %if 0%{?enable_tests}
 %check
 %nodejs_symlink_deps --check
@ -71,14 +70,45 @@ npm run test
 %endif
 %files
-%doc CODE_OF_CONDUCT.md doc faq.md README.md
+%doc doc README.md
 %{nodejs_sitelib}/%{npm_name}
 %{_bindir}/nodemon
 %changelog
 * Mon Mar 06 2023 Jan Staněk <jstanek@redhat.com> - 2.0.20-3
 - Backport fix for CVE-2021-35065
  Resolves: CVE-2021-35065
 * Mon Dec 12 2022 Jan Staněk <jstanek@redhat.com> - 2.0.20-2
 - Record remaining CVEs fixed by current rebase
  Resolves: CVE-2021-44906
 * Wed Nov 09 2022 Jan Staněk <jstanek@redhat.com> - 2.0.20-1
 - Rebase to 2.0.20
  Resolves: CVE-2022-3517
 * Wed Aug 03 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.19-2
 - Switched from autosetup
 - Removed CODE_OF_CONDUCT.md and faq.md which is not present in npmjs package, might switch to GH sources in the future
 - Resolves: RHBZ#2108140
 * Mon Jul 25 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.19-1
 - Rebase to 2.0.19
 - Resolves CVE-2022-33987
 - Resolves: RHBZ#2108140
 * Tue Nov 30 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.15-1
 - Resolves: RHBZ#1991322, RHBZ#1948030
 - Resolves CVE-2020-28469
 - Rebase to newest version
 - Change source to npmjs.com
 * Tue May 11 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.7-1
 - Resolves: RHBZ#1953991
 - Update to 2.0.7 to resolve CVE-2020-28469
 * Wed May 06 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 2.0.3-1
- Resolves: RHBZ#1920692, RHBZ#1804236, RHBZ#1803247
+- Updated
 - Rebase to 2.0.3
 * Mon Aug 13 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.18.3-1
 - Resolves: #1615413
`@ -1 +1 @@`
	`SOURCES/nodemon-v2.0.3-bundled.tar.gz`	`SOURCES/nodemon-v2.0.20-bundled.tar.gz`
`@ -1 +1 @@`
	`a515df94af26b438ffbf4d914259f16a03cc7c15 SOURCES/nodemon-v2.0.3-bundled.tar.gz`	`f558d7dc37c745ca2983daebe6868df6ee46c00a SOURCES/nodemon-v2.0.20-bundled.tar.gz`