Comparing version 4.17.20 to 4.17.21
@@ -48,3 +48,3 @@ /** | ||
/** Used as the semantic version number. */ | ||
var VERSION = '4.17.20'; | ||
var VERSION = '4.17.21'; | ||
@@ -51,0 +51,0 @@ /** Used to compose bitmasks for function metadata. */ |
{ | ||
"name": "lodash-es", | ||
"version": "4.17.20", | ||
"version": "4.17.21", | ||
"description": "Lodash exported as ES modules.", | ||
@@ -5,0 +5,0 @@ "keywords": "es6, modules, stdlib, util", |
import root from './_root.js'; | ||
import toString from './toString.js'; | ||
/** Used to match leading and trailing whitespace. */ | ||
/** Used to match leading whitespace. */ | ||
var reTrimStart = /^\s+/; | ||
@@ -6,0 +6,0 @@ |
@@ -1,2 +0,2 @@ | ||
# lodash-es v4.17.20 | ||
# lodash-es v4.17.21 | ||
@@ -10,2 +10,2 @@ The [Lodash](https://lodash.com/) library exported as [ES](http://www.ecma-international.org/ecma-262/6.0/) modules. | ||
See the [package source](https://github.com/lodash/lodash/tree/4.17.20-es) for more details. | ||
See the [package source](https://github.com/lodash/lodash/tree/4.17.21-es) for more details. |
@@ -13,2 +13,5 @@ import assignInWith from './assignInWith.js'; | ||
/** Error message constants. */ | ||
var INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`'; | ||
/** Used to match empty string literals in compiled template source. */ | ||
@@ -20,2 +23,14 @@ var reEmptyStringLeading = /\b__p \+= '';/g, | ||
/** | ||
* Used to validate the `validate` option in `_.template` variable. | ||
* | ||
* Forbids characters which could potentially change the meaning of the function argument definition: | ||
* - "()," (modification of function parameters) | ||
* - "=" (default value) | ||
* - "[]{}" (destructuring of function parameters) | ||
* - "/" (beginning of a comment) | ||
* - whitespace | ||
*/ | ||
var reForbiddenIdentifierChars = /[()=,{}\[\]\/\s]/; | ||
/** | ||
* Used to match | ||
@@ -215,2 +230,8 @@ * [ES template delimiters](http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components). | ||
} | ||
// Throw an error if a forbidden character was found in `variable`, to prevent | ||
// potential command injection attacks. | ||
else if (reForbiddenIdentifierChars.test(variable)) { | ||
throw new Error(INVALID_TEMPL_VAR_ERROR_TEXT); | ||
} | ||
// Cleanup code by stripping empty strings. | ||
@@ -217,0 +238,0 @@ source = (isEvaluating ? source.replace(reEmptyStringLeading, '') : source) |
@@ -0,1 +1,2 @@ | ||
import baseTrim from './_baseTrim.js'; | ||
import isObject from './isObject.js'; | ||
@@ -7,5 +8,2 @@ import isSymbol from './isSymbol.js'; | ||
/** Used to match leading and trailing whitespace. */ | ||
var reTrim = /^\s+|\s+$/g; | ||
/** Used to detect bad signed hexadecimal string values. */ | ||
@@ -60,3 +58,3 @@ var reIsBadHex = /^[-+]0x[0-9a-f]+$/i; | ||
} | ||
value = value.replace(reTrim, ''); | ||
value = baseTrim(value); | ||
var isBinary = reIsBinary.test(value); | ||
@@ -63,0 +61,0 @@ return (isBinary || reIsOctal.test(value)) |
import baseToString from './_baseToString.js'; | ||
import baseTrim from './_baseTrim.js'; | ||
import castSlice from './_castSlice.js'; | ||
@@ -8,5 +9,2 @@ import charsEndIndex from './_charsEndIndex.js'; | ||
/** Used to match leading and trailing whitespace. */ | ||
var reTrim = /^\s+|\s+$/g; | ||
/** | ||
@@ -37,3 +35,3 @@ * Removes leading and trailing whitespace or specified characters from `string`. | ||
if (string && (guard || chars === undefined)) { | ||
return string.replace(reTrim, ''); | ||
return baseTrim(string); | ||
} | ||
@@ -40,0 +38,0 @@ if (!string || !(chars = baseToString(chars))) { |
@@ -6,6 +6,4 @@ import baseToString from './_baseToString.js'; | ||
import toString from './toString.js'; | ||
import trimmedEndIndex from './_trimmedEndIndex.js'; | ||
/** Used to match leading and trailing whitespace. */ | ||
var reTrimEnd = /\s+$/; | ||
/** | ||
@@ -33,3 +31,3 @@ * Removes trailing whitespace or specified characters from `string`. | ||
if (string && (guard || chars === undefined)) { | ||
return string.replace(reTrimEnd, ''); | ||
return string.slice(0, trimmedEndIndex(string) + 1); | ||
} | ||
@@ -36,0 +34,0 @@ if (!string || !(chars = baseToString(chars))) { |
@@ -7,3 +7,3 @@ import baseToString from './_baseToString.js'; | ||
/** Used to match leading and trailing whitespace. */ | ||
/** Used to match leading whitespace. */ | ||
var reTrimStart = /^\s+/; | ||
@@ -10,0 +10,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
636080
650
19700
2