braces has a high severity bug

[Zanaxhir]

braces is Used by copy-template-dir and has an high severity bug

Path: svgtofont > copy-template-dir > readdirp > micromatch > braces Bug-Report: https://github.com/advisories/GHSA-grv7-fg5c-xmjg

[jaywcjlove]

@Zanaxhir I upgraded the dependencies, and now the 'braces' package is no longer available.

[Zanaxhir]

now I get the following error:

    throw new ERR_INVALID_ARG_TYPE(name, 'string', value);
    ^

TypeError [ERR_INVALID_ARG_TYPE]: The "path" argument must be of type string. Received undefined
    at new NodeError (node:internal/errors:399:5)
    at validateString (node:internal/validators:163:11)
    at Object.basename (node:path:1309:5)
    at /app/node_modules/@tsbb/copy-template-dir/index.js:59:28
    at /app/node_modules/run-parallel/index.js:46:7
    at Array.forEach (<anonymous>)
    at runParallel (/app/node_modules/run-parallel/index.js:45:11)
    at ReaddirpStream.<anonymous> (/app/node_modules/@tsbb/copy-template-dir/index.js:45:7)
    at ReaddirpStream.f (/app/node_modules/once/once.js:25:25)
    at ReaddirpStream.onend (/app/node_modules/end-of-stream/index.js:36:27) {
  code: 'ERR_INVALID_ARG_TYPE'
}

[Be-Mann]

We have exactly the same error with version 4.2.1

[jaywcjlove]

@Zanaxhir @Be-Mann Could you provide a reproducible example of the error? I have not encountered the error during local testing, and it did not appear in the CI either.

[Zanaxhir]

Maybe it's because we use templates. here is the config and the script call:

  "scripts": {
   "font": "svgtofont --sources src/generated/svg/images --output public/assets/font --fontName $VUE_APP_NAME'__font'"
  },
  "svgtofont": {
    "css": {
      "cssPath": "#{$host}/assets/font/",
      "output": "src/generated/svg/font",
      "include": ".*\\.scss",
      "fontSize": false
    },
    "styleTemplates": "src/svg",
    "outSVGReact": false
  },

And the Template:

@font-face {font-family: "{{fontname}}";
  src: url('{{cssPath}}{{fontname}}.eot?t={{timestamp}}'); /* IE9*/
  src: url('{{cssPath}}{{fontname}}.eot?t={{timestamp}}#iefix') format('embedded-opentype'), /* IE6-IE8 */
  url("{{cssPath}}{{fontname}}.woff2?t={{timestamp}}") format("woff2"),
  url("{{cssPath}}{{fontname}}.woff?t={{timestamp}}") format("woff"),
  url('{{cssPath}}{{fontname}}.ttf?t={{timestamp}}') format('truetype'), /* chrome, firefox, opera, Safari, Android, iOS 4.2+*/
  url('{{cssPath}}{{fontname}}.svg?t={{timestamp}}#{{fontname}}') format('svg'); /* iOS 4.1- */
}

@mixin iconFont() {
    font-family: '{{fontname}}' !important;
    font-style: normal;
    -webkit-font-smoothing: antialiased;
    -moz-osx-font-smoothing: grayscale;
}

[class^="{{prefix}}-"], [class*=" {{prefix}}-"] {
  @include iconFont;
  {{fontSize}}
}

{{cssString}}
{{cssToVars}}

[Zanaxhir]

Ok, I tested with reduced config. Same error.

  "scripts": {
   "font": "svgtofont --sources src/generated/svg/images --output public/assets/font"
  },
  "svgtofont": {
    "css": {
      "cssPath": "#{$host}/assets/font/",
      "output": "src/generated/svg/font",
      "fontSize": false
    },
    "styleTemplates": "src/svg"
  },

Node Version is 'Node.js v18.16.0'

[Zanaxhir]

New Node-Version new Error

SvgToFont:CLI:ERR: [Error: EISDIR: illegal operation on a directory, open '/app/public/assets/font/SVG.tpl'] {
  errno: -21,
  code: 'EISDIR',
  syscall: 'open',
  path: '/app/public/assets/font/SVG.tpl'
}
done!
/app/node_modules/svgtofont/lib/utils.js:269
            createdFiles = createdFiles.map(filePath => {
                                        ^

TypeError: Cannot read properties of undefined (reading 'map')
    at /app/node_modules/svgtofont/lib/utils.js:269:41
    at /app/node_modules/@tsbb/copy-template-dir/index.js:46:25
    at end (/app/node_modules/run-parallel/index.js:21:15)
    at done (/app/node_modules/run-parallel/index.js:25:10)
    at each (/app/node_modules/run-parallel/index.js:31:7)
    at /app/node_modules/run-parallel/index.js:46:37
    at /app/node_modules/@tsbb/copy-template-dir/node_modules/pump/index.js:73:7
    at f (/app/node_modules/once/once.js:25:25)
    at WriteStream.<anonymous> (/app/node_modules/@tsbb/copy-template-dir/node_modules/pump/index.js:29:21)
    at WriteStream.f (/app/node_modules/once/once.js:25:25)

Node.js v18.20.3

Conflict with a template of an svg-Vue-Component-Generator, but the template is in another directory. All Files in 'public/assets/font' are generated by the font script. This Error is not triggered if styleTemplates removed from config. Workaround: I moved the styleTemplates to a subdirectory

[jaywcjlove]

@Zanaxhir Create a repository, let me run and take a look.

Like this: https://github.com/jaywcjlove/svgtofont/tree/master/test/example

[ilearnio]

Having the same error with bun or node v16.20.2 & npm v8.19.4. Fresh install, no configs, just a CLI command

[jaywcjlove]

@Zanaxhir @ilearnio copy-template-dir dependency has been upgraded to readdirp@v3, but it now requires at least Node.js 18+.

[marcos-castrillo]

For anybody still getting the same error, from the documentation of copy-template-dir:

templateDir: The directory that holds the templates. Filenames prepended with a will have it removed when copying. Dotfiles need to be prepended with a . Files and filenames are populated with variables using the {{varName}} syntax.

I had to prepend the template name with an underscore: from iconfont.less.template to _iconfont.less.template in my case.