From 5d78971df2775bdcc5921516bc40fa91930ffa4b Mon Sep 17 00:00:00 2001
From: Nathan Ernst <nathan.ernst@gmail.com>
Date: Sun, 16 Feb 2025 14:51:49 -0600
Subject: [PATCH] address deprecation warning in tarfile.TarFile.extract all in
 Python >= 3.12: explicitly set filter='data' to prevent writing files via
 '..' or absolute paths in the source tarfile

---
 nodeenv.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/nodeenv.py b/nodeenv.py
index bccdfee..cd3bc9e 100644
--- a/nodeenv.py
+++ b/nodeenv.py
@@ -636,7 +636,10 @@ def download_node_src(node_url, src_dir, args):
             for member in members(archive)
             if re.match(rexp_string, member_name(member)) is None
         ]
-        archive.extractall(src_dir, extract_list)
+        if sys.version_info >= (3, 12):
+            archive.extractall(src_dir, extract_list, filter="data")
+        else:
+            archive.extractall(src_dir, extract_list)
 
 
 def urlopen(url):