Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v2 #96

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

v2 #96

wants to merge 10 commits into from

Conversation

nikoloza
Copy link
Member

@nikoloza nikoloza commented Aug 2, 2022

No description provided.

@Nikaoto Nikaoto force-pushed the feature/v2 branch 3 times, most recently from 6b91727 to 33b9394 Compare November 11, 2022 12:37
@github-advanced-security
Copy link

You have successfully added a new CodeQL configuration /language:javascript. As part of the setup process, we have scanned this repository and found 6 existing alerts. Please check the repository Security tab to see all alerts.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 27, 2023
View reviewed changes
packages/extends/extendUtils.js Outdated
const obj = deepMergeExtend({}, elementProp)
element[e] = deepMergeExtend(obj, extendProp)
} else if (elementProp === undefined && isFunction(extendProp)) {
element[e] = extendProp

Check warning

Code scanning / CodeQL

Prototype-polluting function

Properties are copied from [extend](1) to [element](2) without guarding against prototype pollution.
packages/utils/object.js Outdated
try {
const evalProp = window.eval(`(${objProp})`) // use parentheses to convert string to function expression
stringified[prop] = evalProp
} catch (e) { if (e) stringified[prop] = objProp }

Check warning

Code scanning / CodeQL

Prototype-polluting function

Properties are copied from [obj](1) to [stringified](2) without guarding against prototype pollution.
packages/utils/object.js Outdated
stringified[prop] = evalProp
} catch (e) { if (e) stringified[prop] = objProp }
} else {
stringified[prop] = objProp

Check warning

Code scanning / CodeQL

Prototype-polluting function

Properties are copied from [obj](1) to [stringified](2) without guarding against prototype pollution.
packages/utils/object.js Fixed Show fixed Hide fixed
packages/utils/object.js Fixed Show fixed Hide fixed
packages/extends/extendUtils.js Outdated
const elementProp = element[e]
const extendProp = extend[e]
if (elementProp === undefined) {
element[e] = extendProp

Check warning

Code scanning / CodeQL

Prototype-polluting function

Properties are copied from [extend](1) to [element](2) without guarding against prototype pollution.
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 23, 2023
View reviewed changes
packages/utils/object.js Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 28, 2023
View reviewed changes
packages/utils/object.js Fixed Show fixed Hide fixed
@nikoloza nikoloza added this to the v2 prepatch milestone Apr 28, 2023
@nikoloza nikoloza mentioned this pull request Apr 28, 2023
Closed
github-advanced-security[bot]
github-advanced-security bot found potential problems May 4, 2023
View reviewed changes
packages/utils/object.js Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jun 9, 2023
View reviewed changes
packages/utils/object.js Outdated
} else if (isObject(objProp)) {
stringified[prop] = deepDestringify(objProp, stringified[prop]) // recursively call deepDestringify for nested objects
} else {
stringified[prop] = objProp

Check warning

Code scanning / CodeQL

Prototype-polluting function

Properties are copied from [obj](1) to [stringified](2) without guarding against prototype pollution.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 10, 2023
View reviewed changes
packages/utils/string.js Outdated
Comment on lines 13 to 36
return str.replace(/\{\{\s*((?:\.\.\/)+)?([^}\s]+)\s*\}\}/g, (_, parentPath, variable) => {
if (parentPath) {
const parentLevels = parentPath.split('../').filter(Boolean).length
let parentState = state
for (let i = 0; i < parentLevels; i++) {
parentState = parentState.parent
}
const value = parentState[variable.trim()]
return value ? `${value}` : ''
} else {
const value = state[variable.trim()]
return value ? `${value}` : ''
}
})

Check failure

Code scanning / CodeQL

Polynomial regular expression used on uncontrolled data

This [regular expression](1) that depends on [library input](2) may run slow on strings starting with '{{{{' and with many repetitions of '{{{{!'.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 13, 2023
View reviewed changes
packages/state/inherit.js Fixed Show fixed Hide fixed
packages/state/inherit.js Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Jul 17, 2023
View reviewed changes
packages/state/inherit.js Fixed Show fixed Hide fixed
packages/state/inherit.js Fixed Show fixed Hide fixed
dependabot bot and others added 10 commits July 18, 2023 07:38
@dependabot
Bump eslint-plugin-jest from 27.2.2 to 27.2.3
6e19a68 
Bumps [eslint-plugin-jest](https://github.com/jest-community/eslint-plugin-jest) from 27.2.2 to 27.2.3.
- [Release notes](https://github.com/jest-community/eslint-plugin-jest/releases)
- [Changelog](https://github.com/jest-community/eslint-plugin-jest/blob/main/CHANGELOG.md)
- [Commits](jest-community/eslint-plugin-jest@v27.2.2...v27.2.3)

---
updated-dependencies:
- dependency-name: eslint-plugin-jest
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump eslint from 8.44.0 to 8.45.0
bfd9b15 
Bumps [eslint](https://github.com/eslint/eslint) from 8.44.0 to 8.45.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](eslint/eslint@v8.44.0...v8.45.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump esbuild from 0.18.13 to 0.18.14
775f9e3 
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.18.13 to 0.18.14.
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.18.13...v0.18.14)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
Bump @babel/core from 7.22.8 to 7.22.9
0986f80 
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.22.8 to 7.22.9.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.9/packages/babel-core)

---
updated-dependencies:
- dependency-name: "@babel/core"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@nikoloza
Merge pull request #247 from domql/dependabot/npm_and_yarn/eslint-plu…
abe96df 
…gin-jest-27.2.3

Bump eslint-plugin-jest from 27.2.2 to 27.2.3
@nikoloza
Merge pull request #248 from domql/dependabot/npm_and_yarn/eslint-8.45.0
a6db3f1 
Bump eslint from 8.44.0 to 8.45.0
@nikoloza
Merge pull request #249 from domql/dependabot/npm_and_yarn/esbuild-0.…
6d7287e 
…18.14

Bump esbuild from 0.18.13 to 0.18.14
@nikoloza
Merge pull request #250 from domql/dependabot/npm_and_yarn/babel/core…
c58dc61 
…-7.22.9

Bump @babel/core from 7.22.8 to 7.22.9
@dependabot
Bump @babel/eslint-parser from 7.22.7 to 7.22.9
245ed6d 
Bumps [@babel/eslint-parser](https://github.com/babel/babel/tree/HEAD/eslint/babel-eslint-parser) from 7.22.7 to 7.22.9.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.22.9/eslint/babel-eslint-parser)

---
updated-dependencies:
- dependency-name: "@babel/eslint-parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@nikoloza
Merge pull request #252 from domql/dependabot/npm_and_yarn/babel/esli…
758be39 
…nt-parser-7.22.9

Bump @babel/eslint-parser from 7.22.7 to 7.22.9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2 prepatch
Development

Successfully merging this pull request may close these issues.
1 participant
@nikoloza