aboutsummaryrefslogtreecommitdiff
path: root/stdlib/source/program/aedifex
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--stdlib/source/program/aedifex/dependency/resolution.lux14
-rw-r--r--stdlib/source/program/aedifex/pom.lux2
2 files changed, 9 insertions, 7 deletions
diff --git a/stdlib/source/program/aedifex/dependency/resolution.lux b/stdlib/source/program/aedifex/dependency/resolution.lux
index 15a32959b..1e0c522b9 100644
--- a/stdlib/source/program/aedifex/dependency/resolution.lux
+++ b/stdlib/source/program/aedifex/dependency/resolution.lux
@@ -234,12 +234,14 @@
///package.dependencies
(try\map set.to_list)
(try.default (list)))
- sub_repositories (|> package
- ///package.repositories
- (try\map set.to_list)
- (try.default (list))
- (list\map new_repository)
- (list\compose repositories))]
+ ## For security reasons, it's not a good idea to allow dependencies to introduce repositories.
+ ## package_repositories (|> package
+ ## ///package.repositories
+ ## (try\map set.to_list)
+ ## (try.default (list))
+ ## (list\map new_repository))
+ ## sub_repositories (list\compose repositories package_repositories)
+ sub_repositories repositories]
[successes failures resolution] (recur sub_repositories
(#.Cons head successes)
failures
diff --git a/stdlib/source/program/aedifex/pom.lux b/stdlib/source/program/aedifex/pom.lux
index 8f1dae1ea..c5756ee97 100644
--- a/stdlib/source/program/aedifex/pom.lux
+++ b/stdlib/source/program/aedifex/pom.lux
@@ -8,7 +8,7 @@
["." try (#+ Try)]
["." exception]
["<>" parser
- ["<xml>" xml (#+ Parser)]]]
+ ["<.>" xml (#+ Parser)]]]
[data
["." name]
["." maybe ("#\." functor)]