dojo - npm Package Compare versions

Comparing version 1.10.9 to 1.10.10

_base/Color.js

@@ -148,6 +148,6 @@ define(["./kernel", "./lang", "./array", "./config"], function(dojo, lang, ArrayUtil, config){
 		var t = obj || new Color();
-		ArrayUtil.forEach(["r", "g", "b", "a"], function(x){
-			t[x] = start[x] + (end[x] - start[x]) * weight;
-			if(x != "a"){ t[x] = Math.round(t[x]); }
-		});
+		t.r = Math.round(start.r + (end.r - start.r) * weight);
+		t.g = Math.round(start.g + (end.g - start.g) * weight);
+		t.b = Math.round(start.b + (end.b - start.b) * weight);
+		t.a = start.a + (end.a - start.a) * weight;
 		return t.sanitize();	// Color
@@ -154,0 +154,0 @@ };

_base/kernel.js

@@ -82,3 +82,3 @@ define(["../global", "../has", "./config", "require", "module"], function(global, has, config, require, module){
 
-	var rev = "$Rev: bce476b $".match(/[0-9a-f]{7,}/);
+	var rev = "$Rev: 48cb00f2 $".match(/[0-9a-f]{7,}/);
 	dojo.version = {
@@ -96,3 +96,3 @@ // summary:
 
-		major: 1, minor: 10, patch: 9, flag: "",
+		major: 1, minor: 10, patch: 10, flag: "",
 		revision: rev ? rev[0] : NaN,
@@ -99,0 +99,0 @@ toString: function(){

_base/loader.js

@@ -321,15 +321,7 @@ define(["./kernel", "../has", "require", "module", "../json", "./lang", "./array"], function(dojo, has, require, thisModule, json, lang, array) {
 
-		// the following regex is taken from 1.6. It is a very poor technique to remove comments and
-		// will fail in some cases; for example, consider the code...
+		// The following regex matches all comments and strings, with the strings in the capturing group.
+		// Replacing all matches with "$1" will remove comments and keep strings.
 		//
-		//	  var message = "Category-1 */* Category-2";
-		//
-		// The regex that follows will see a /* comment and trash the code accordingly. In fact, there are all
-		// kinds of cases like this with strings and regexs that will cause this design to fail miserably.
-		//
-		// Alternative regex designs exist that will result in less-likely failures, but will still fail in many cases.
-		// The only solution guaranteed 100% correct is to parse the code and that seems overkill for this
-		// backcompat/unbuilt-xdomain layer. In the end, since it's been this way for a while, we won't change it.
-		// See the opening paragraphs of Chapter 7 or ECME-262 which describes the lexical abiguity further.
-		removeCommentRe = /(\/\*([\s\S]*?)\*\/|\/\/(.*)$)/mg,
+		// It accounts for single quotes, double quotes, backslashes (line continuations and escaped characters), and template strings.
+		removeCommentRe = /\/\/.*|\/\*[\s\S]*?\*\/|("(?:\\.|[^"])*"|'(?:\\.|[^'])*'|`(?:\\.|[^`])*`)/mg,
 
@@ -364,8 +356,3 @@ syncLoaderApiRe = /(^|\s)dojo\.(loadInit|require|provide|requireLocalization|requireIf|requireAfterIf|platformRequire)\s*\(/mg,
 			// noCommentText may be provided by a build app with comments extracted by a better method than regex (hopefully)
-			noCommentText = noCommentText || text.replace(removeCommentRe, function(match){
-				// remove iff the detected comment has text that looks like a sync loader API application; this helps by
-				// removing as little as possible, minimizing the changes the janky regex will kill the module
-				syncLoaderApiRe.lastIndex = amdLoaderApiRe.lastIndex = 0;
-				return (syncLoaderApiRe.test(match) || amdLoaderApiRe.test(match)) ? "" : match;
-			});
+			noCommentText = noCommentText || text.replace(removeCommentRe, "$1");
 
@@ -372,0 +359,0 @@ // find and extract all dojo.loadInit applications

_base/xhr.js

@@ -342,16 +342,16 @@ define([
 		// set up the query params
-		var miArgs = [{}];
+		var miArgs = {};
 
 		if(formObject){
 			// potentially over-ride url-provided params w/ form values
-			miArgs.push(formObject);
+			lang.mixin(miArgs, formObject);
 		}
 		if(args.content){
 			// stuff in content over-rides what's set by form
-			miArgs.push(args.content);
+			lang.mixin(miArgs, args.content);
 		}
 		if(args.preventCache){
-			miArgs.push({"dojo.preventCache": new Date().valueOf()});
+			miArgs["dojo.preventCache"] = new Date().valueOf();
 		}
-		ioArgs.query = ioq.objectToQuery(lang.mixin.apply(null, miArgs));
+		ioArgs.query = ioq.objectToQuery(miArgs);
 
@@ -358,0 +358,0 @@ // .. and the real work of getting the deferred in order, etc.

html.js

@@ -303,3 +303,3 @@ define(["./_base/kernel", "./_base/lang", "./_base/array", "./_base/declare", "./dom", "./dom-construct", "./parser"],
 						}, function(e){
-							self._onError('Content', e, "Error parsing in _ContentSetter#" + this.id);
+							self._onError('Content', e, "Error parsing in _ContentSetter#" + self.id);
 						});
@@ -306,0 +306,0 @@ }catch(e){

package.json

 {
 	"name": "dojo",
-	"version":"1.10.9",
+	"version": "1.10.10",
 	"directories": {
@@ -5,0 +5,0 @@ "lib": "."

promise/all.js

 define([
 	"../_base/array",
+	"../_base/lang",
 	"../Deferred",
 	"../when"
-], function(array, Deferred, when){
+], function(array, lang, Deferred, when){
 	"use strict";
@@ -30,3 +31,3 @@
 		var object, array;
-		if(objectOrArray instanceof Array){
+		if(lang.isArray(objectOrArray)){
 			array = objectOrArray;
@@ -33,0 +34,0 @@ }else if(objectOrArray && typeof objectOrArray === "object"){

request/iframe.js

@@ -14,6 +14,7 @@ define([
 	'../_base/window',
-	'../NodeList-dom'/*=====,
-	'../request',
-	'../_base/declare' =====*/
-], function(module, require, watch, util, handlers, lang, ioQuery, query, has, dom, domConstruct, win/*=====, NodeList, request, declare =====*/){
+	// NodeList enhancement modules;
+	// must be loaded (but no reference needed)
+	'../NodeList-dom',
+        '../NodeList-manipulate'
+], function(module, require, watch, util, handlers, lang, ioQuery, query, has, dom, domConstruct, win){
 	var mid = module.id.replace(/[\/\.\-]/g, '_'),
@@ -216,6 +217,12 @@ onload = mid + '_onload';
 						}else{
-							if(!formNode[x]){
+							// Explicitly search for nodes in the dom tree
+							// using formNode[x] may access attributes of the
+							// form node itself, e.g. formNode['action']
+							var n = query("input[name='"+x+"']", formNode);
+
+							// Not found if indexOf == -1
+							if(n.indexOf() == -1){
 								createInput(x, val);
 							}else{
-								formNode[x].value = val;
+								n.val(val);
 							}
@@ -222,0 +229,0 @@ }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4363840

increased by43.09%

Number of package files

1140

increased by79.81%

Lines of code

121159

increased by15.42%

Worsened metrics

Number of low supply chain risk alerts

76

increased by90%

No dependency changes