diff options
Diffstat (limited to 'stdlib/source/program')
-rw-r--r-- | stdlib/source/program/aedifex/dependency/resolution.lux | 14 | ||||
-rw-r--r-- | stdlib/source/program/aedifex/pom.lux | 2 |
2 files changed, 9 insertions, 7 deletions
diff --git a/stdlib/source/program/aedifex/dependency/resolution.lux b/stdlib/source/program/aedifex/dependency/resolution.lux index 15a32959b..1e0c522b9 100644 --- a/stdlib/source/program/aedifex/dependency/resolution.lux +++ b/stdlib/source/program/aedifex/dependency/resolution.lux @@ -234,12 +234,14 @@ ///package.dependencies (try\map set.to_list) (try.default (list))) - sub_repositories (|> package - ///package.repositories - (try\map set.to_list) - (try.default (list)) - (list\map new_repository) - (list\compose repositories))] + ## For security reasons, it's not a good idea to allow dependencies to introduce repositories. + ## package_repositories (|> package + ## ///package.repositories + ## (try\map set.to_list) + ## (try.default (list)) + ## (list\map new_repository)) + ## sub_repositories (list\compose repositories package_repositories) + sub_repositories repositories] [successes failures resolution] (recur sub_repositories (#.Cons head successes) failures diff --git a/stdlib/source/program/aedifex/pom.lux b/stdlib/source/program/aedifex/pom.lux index 8f1dae1ea..c5756ee97 100644 --- a/stdlib/source/program/aedifex/pom.lux +++ b/stdlib/source/program/aedifex/pom.lux @@ -8,7 +8,7 @@ ["." try (#+ Try)] ["." exception] ["<>" parser - ["<xml>" xml (#+ Parser)]]] + ["<.>" xml (#+ Parser)]]] [data ["." name] ["." maybe ("#\." functor)] |