fix: ensure path resolve is safe · nuxt/devtools@1fabb49

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,8 @@ export function setupAssetsRPC({ nuxt, ensureDevAuthToken, refresh, options }: N`
`47`	`47`	`for (const { layerDir, files } of dirs) {`
`48`	`48`	`for (const path of files) {`
`49`	`49`	`const filePath = resolve(layerDir, path)`
	`50`	`+if (!filePath.startsWith(layerDir))`
	`51`	`+continue`
`50`	`52`	`const stat = await fsp.lstat(filePath)`
`51`	`53`	`const fullPath = join(baseURL, path)`
`52`	`54`
`@@ -109,6 +111,8 @@ export function setupAssetsRPC({ nuxt, ensureDevAuthToken, refresh, options }: N`
`109`	`111`	`return await Promise.all(`
`110`	`112`	`files.map(async ({ path, content, encoding, override }) => {`
`111`	`113`	`let finalPath = resolve(baseDir, path)`
	`114`	`+if (!finalPath.startsWith(baseDir))`
	`115`	+throw new Error(`File ${path} is not allowed to upload, it's outside of the public directory`)
`112`	`116`
`113`	`117`	`const { ext } = parse(finalPath)`
`114`	`118`	`if (extensions !== '*') {`