Merge pull request #4 from squirro/oleh/update-e2e-tests2

[SQ-24305] Update lib & apply patch to don't use `with` for template evaluation

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+tidelift: "npm/underscore"
+patreon: juliangonggrijp
+github: [jgonggrijp]

.github/config/codeql.yml

@@ -0,0 +1,6 @@
+paths:
+  - 'modules/**'
+  - 'test/**'
+  - 'test-treeshake/**'
+  - 'rollup*.js'
+  - 'index.html'

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,78 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+    paths:
+      - 'modules/**'
+      - 'test/**'
+      - 'test-treeshake/**'
+      - 'rollup*.js'
+      - 'index.html'
+  schedule:
+    - cron: '16 8 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at
+        # https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+        config-file: ./.github/config/codeql.yml
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3

.gitignore

@@ -6,4 +6,6 @@ node_modules
 nyc_output
 coverage
 test-treeshake/*-umd.js
-docs/underscore.js
+amd
+cjs
+/underscore-node-*-pre*

.travis.yml

@@ -1,31 +1,38 @@
 language: node_js
 sudo: false
-node_js:
-  - "4.9.1"
-  - "6.14.1"
-  - "8.11.1"
-  - "9.11.1"
-matrix:
+jobs:
   include:
-    - node_js: "4.0"
-      env: BROWSER=true
+    - node_js: 8
+      env:
+        - DOWNGRADE=true
+        - EXTRA=false
+    - node_js: 12
+      env:
+        - DOWNGRADE=false
+        - EXTRA=false
+    - node_js: 16
+      env:
+        - DOWNGRADE=false
+        - EXTRA=true
 before_install:
-  - npm install -g [email protected]
-  - npm install -g karma-cli
+  - "[ $EXTRA = false ] || npm install -g karma-cli"
 before_script:
-  - npm install karma-sauce-launcher
-  - export DISPLAY=:99.0
-  - sh -e /etc/init.d/xvfb start
+  - "[ $EXTRA = false ] || npm install karma-sauce-launcher"
+  - "[ $DOWNGRADE = false ] || npm install rollup@1"
 script:
-  - npm test
-  - "[ $BROWSER == false ] || npm run test-browser"
-  - "[ $BROWSER == false ] || karma start karma.conf-sauce.js"
+  - "[ $EXTRA = false ] || npm run lint"
+  - npm run prepare-tests
+  - "[ $EXTRA = false ] || npm run build-umd"
+  - "[ $EXTRA = false ] || npm run build-esm"
+  - "[ $EXTRA = false ] || npm run doc"
+  - "[ $EXTRA = true ] || npm run test-node"
+  - "[ $EXTRA = false ] || npm run coveralls"
+  - "[ $EXTRA = false ] || npm run test-browser"
+  - "[ $EXTRA = false ] || karma start karma.conf-sauce.js"
 notifications:
   email: false
 env:
   global:
   - NPM_CONFIG_PROGRESS="false"
   - secure: bDZSBQfqr21hCayjcZ20IxrV6+XGhxQPFIfwWqEKLrF93Gu8LLVjZRxXE/mE8I8N4Z5WtDNb4ZHrm/TTzmcPa5MuHgIxEdknQCncobH8oimwc83SHwEPk6okeNKl39VlCjvvnmoe/V/KpnknuYn3Rqghtl/Uv9KLpCwskwjTtcw=
   - secure: SRECgXuwcZTcD3GVxTS2bYNgRyye4vq6BLrV2PH9FyNenowsKQR2EwlC/dppc1Q8NWMgv79J/R96q9JOFh+mEH9L5dlBb2yhnGH8amVeM/ChAJHT/F8YktKM453uVpz5fR00QcCQDDUOx6Pvx374ID0OKNpWKAkQBWA9mPTsLnE=
-  # matrix: BROWSER=false
-after_success: npm run coveralls

CONTRIBUTING.md

@@ -2,12 +2,19 @@
 
 * This project adheres to a [code of conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.
 
+* Please do not open a ticket to report a security issue. Consult the [security policy](SECURITY.md) on what to do instead.
+
 * Before you open a ticket or send a pull request, [search](https://github.com/jashkenas/underscore/issues) for previous discussions about the same feature or issue. Add to the earlier ticket if you find one.
 
 * If you're proposing a new feature, make sure it isn't already implemented in [Underscore-Contrib](https://github.com/documentcloud/underscore-contrib).
 
+* When contributing code, make sure that you edit the source code in the `modules/` directory. Also, run `npm install` before committing any changes to ensure that our commit hooks can do their work.
+
 * Before sending a pull request for a feature, be sure to have [tests](https://underscorejs.org/test/).
 
 * Use the same coding style as the rest of the [codebase](https://github.com/jashkenas/underscore/blob/master/modules/index.js).
 
-* In your pull request, do not add documentation or re-build the minified `underscore-min.js` file. We'll do those things before cutting a new release.
+* In your pull request, do not add documentation or re-build the minified `underscore-umd-min.js` file. We'll do those things before cutting a new release.
+
+### "Help, cloning fails with `fatal: fsck error in packed object`"
+This error is caused by zero-padded file modes in the commit history. As fixing this is highly destructive, we suggest ignoring these warnings. The simplest way is to instruct git to do so when cloning. For example, to clone from `jashkenas/underscore`, run the following command: `git clone --config transfer.fsckobjects=false [email protected]:jashkenas/underscore.git`. If cloning from a different user or organization, replace `jashkenas` with their name in the previous command.

LICENSE

@@ -1,5 +1,4 @@
-Copyright (c) 2009-2020 Jeremy Ashkenas, DocumentCloud and Investigative
-Reporters & Editors
+Copyright (c) 2009-2022 Jeremy Ashkenas, Julian Gonggrijp, and DocumentCloud and Investigative Reporters & Editors
 
 Permission is hereby granted, free of charge, to any person
 obtaining a copy of this software and associated documentation

README.md

@@ -15,7 +15,8 @@ without extending any core JavaScript objects.
 For Docs, License, Tests, and pre-packed downloads, see:
 https://underscorejs.org
 
-For support and questions, please use
+For support and questions, please consult
+our [security policy](SECURITY.md),
 [the gitter channel](https://gitter.im/jashkenas/underscore)
 or [stackoverflow](https://stackoverflow.com/search?q=underscore.js)
 
@@ -25,4 +26,9 @@ https://github.com/documentcloud
 Many thanks to our contributors:
 https://github.com/jashkenas/underscore/contributors
 
+You can support the project by donating on
+[Patreon](https://patreon.com/juliangonggrijp).
+Enterprise coverage is available as part of the
+[Tidelift Subscription](https://tidelift.com/subscription/pkg/npm-underscore?utm_source=npm-underscore&utm_medium=referral&utm_campaign=enterprise).
+
 This project adheres to a [code of conduct](CODE_OF_CONDUCT.md). By participating, you are expected to uphold this code.

SECURITY.md

@@ -0,0 +1,38 @@
+# Security Policy
+
+## Supported Versions
+
+We currently support the following versions of Underscore with security updates:
+
+- the latest commit on the `master` branch (published as "edge" on the
+  [project website][website]);
+- the 1.x release tagged as [latest][npm-latest] on npm;
+- any release tagged as [preview][npm-preview] on npm, if present.
+
+[website]: https://underscorejs.org
+[npm-latest]: https://www.npmjs.com/package/underscore/v/latest
+[npm-preview]: https://www.npmjs.com/package/underscore/v/preview
+
+## Reporting a Vulnerability
+
+Please report security issues by sending an email to
+[email protected] and [email protected].
+
+Do __not__ submit an issue ticket or pull request or otherwise publicly
+disclose the issue.
+
+After receiving your email, we will respond as soon as possible and indicate
+what we plan to do.
+
+## Disclosure policy
+
+After confirming a vulnerability, we will generally release a security update
+as soon as possible, including the minimum amount of information required for
+software maintainers and system administrators to assess the urgency of the
+update for their particular situation.
+
+We postpone the publication of any further details such as code comments,
+tests, commit history and diffs, in order to enable a substantial share of the
+users to install the security fix before this time.
+
+Upon publication of full details, we will credit the reporter if the reporter wishes to be publicly identified.

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "underscore",
-  "main": "underscore.js",
+  "main": "underscore-umd.js",
   "keywords": ["util", "functional", "server", "client", "browser"],
   "ignore" : ["docs", "test", "*.yml", "CNAME", "index.html", "favicon.ico", "CONTRIBUTING.md", ".*", "package.json", "karma.*"]
 }

docs/linked-esm.jst

@@ -0,0 +1,108 @@
+<% /*
+  This is an extended version of the resources/parallel/docco.jst that is
+  bundled with Docco 0.8.0.
+  The license of the original file is available over here:
+  https://github.com/jashkenas/docco/blob/master/LICENSE.
+  The extension adds hyperlinking to javascript import statements.
+*/ %>
+<!DOCTYPE html>
+
+<html>
+<head>
+  <title><%= title %></title>
+  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+  <meta name="viewport" content="width=device-width, target-densitydpi=160dpi, initial-scale=1.0; maximum-scale=1.0; user-scalable=0;">
+  <link rel="stylesheet" media="all" href="<%= css %>" />
+</head>
+<body>
+  <div id="container">
+    <div id="background"></div>
+    <% if (sources.length > 1) { %>
+      <ul id="jump_to">
+        <li>
+          <a class="large" href="javascript:void(0);">Jump To &hellip;</a>
+          <a class="small" href="javascript:void(0);">+</a>
+          <div id="jump_wrapper">
+          <div id="jump_page_wrapper">
+            <div id="jump_page">
+              <% for (var i=0, l=sources.length; i<l; i++) { %>
+                <% var source = sources[i]; %>
+                <a class="source" href="<%= relative(destination(source)) %>">
+                  <%= source %>
+                </a>
+              <% } %>
+            </div>
+          </div>
+        </li>
+      </ul>
+    <% } %>
+    <ul class="sections">
+        <% if (!hasTitle) { %>
+          <li id="title">
+              <div class="annotation">
+                  <h1><%= title %></h1>
+              </div>
+          </li>
+        <% } %>
+        <% for (var i=0, l=sections.length; i<l; i++) { %>
+        <% var section = sections[i]; %>
+        <li id="section-<%= i + 1 %>">
+            <div class="annotation">
+              <% heading = section.docsHtml.match(/^\s*<(h\d)>/) %>
+              <div class="pilwrap <%= heading ? 'for-' + heading[1] : '' %>">
+                <a class="pilcrow" href="#section-<%= i + 1 %>">&#182;</a>
+              </div>
+              <%= section.docsHtml %>
+            </div>
+            <% if (section.codeText.replace(/\s/gm, '') != '') { %>
+            <div class="content"><%= section.codeHtml %></div>
+            <% } %>
+        </li>
+        <% } %>
+    </ul>
+  </div>
+  <% /* Start of hyperlinking extension */ %>
+  <script src="https://code.jquery.com/jquery-3.4.1.min.js"></script>
+  <script>
+    // We run a script at page load to inject the links after the fact.
+    // It would be more elegant to do this at page generation time, but
+    // unfortunately the docco infrastructure doesn't support this very well.
+    // Highlighted code is passed along as an unparsed HTML string, which would
+    // make this very tricky. In the script below, we exploit the fact that the
+    // HTML has already been parsed by the browser.
+    (function() {
+      // Define a regex for stripping the .html extension from anchor hrefs.
+      var extPattern = /\.html$/;
+      // Collect all module paths that we have an HTML page for.
+      var moduleMap = {};
+      $('#jump_page a.source').each(function() {
+        // Fortunately, translating anchor hrefs to ES module paths is easy,
+        // because both systems work relative to the current file by default.
+        var href = $(this).attr('href');
+        var path = href.replace(extPattern, '').split('/');
+        if (path[0] !== '..') path.unshift('.');
+        var normPath = path.join('/');
+        // Support both paths with and without extension.
+        moduleMap[normPath] = moduleMap[normPath + '.js'] = href;
+      });
+      // Find all 'from' keywords followed by a string (ES6 import statements).
+      $('.hljs-keyword').filter(function() {
+        var text = $(this).text();
+        return text === 'from' || text === 'import';
+      }).next('.hljs-string').each(function() {
+        // Finally, for each of these strings, replace it by a link if we have
+        // a matching HTML page.
+        var text = $(this).text();
+        var quote = text[0];
+        var path = text.slice(1, -1);
+        var matchingDoc = moduleMap[path];
+        if (!matchingDoc) return;
+        $(this).html(
+          quote + '<a href="' + matchingDoc + '">' + path + '</a>' + quote
+        );
+      });
+    }());
+  </script>
+  <% /* End of hyperlinking extension */ %>
+</body>
+</html>