From 442d1557b879a8a4bd76f441f72a17bfb71cf05f Mon Sep 17 00:00:00 2001 From: Eduardo Julian Date: Sat, 17 Jul 2021 22:48:54 -0400 Subject: Now allowing compilers to generate custom-named outputs. --- stdlib/source/program/aedifex/dependency/resolution.lux | 14 ++++++++------ stdlib/source/program/aedifex/pom.lux | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) (limited to 'stdlib/source/program') diff --git a/stdlib/source/program/aedifex/dependency/resolution.lux b/stdlib/source/program/aedifex/dependency/resolution.lux index 15a32959b..1e0c522b9 100644 --- a/stdlib/source/program/aedifex/dependency/resolution.lux +++ b/stdlib/source/program/aedifex/dependency/resolution.lux @@ -234,12 +234,14 @@ ///package.dependencies (try\map set.to_list) (try.default (list))) - sub_repositories (|> package - ///package.repositories - (try\map set.to_list) - (try.default (list)) - (list\map new_repository) - (list\compose repositories))] + ## For security reasons, it's not a good idea to allow dependencies to introduce repositories. + ## package_repositories (|> package + ## ///package.repositories + ## (try\map set.to_list) + ## (try.default (list)) + ## (list\map new_repository)) + ## sub_repositories (list\compose repositories package_repositories) + sub_repositories repositories] [successes failures resolution] (recur sub_repositories (#.Cons head successes) failures diff --git a/stdlib/source/program/aedifex/pom.lux b/stdlib/source/program/aedifex/pom.lux index 8f1dae1ea..c5756ee97 100644 --- a/stdlib/source/program/aedifex/pom.lux +++ b/stdlib/source/program/aedifex/pom.lux @@ -8,7 +8,7 @@ ["." try (#+ Try)] ["." exception] ["<>" parser - ["" xml (#+ Parser)]]] + ["<.>" xml (#+ Parser)]]] [data ["." name] ["." maybe ("#\." functor)] -- cgit v1.2.3