s2/minifyfromhtml
1
0
Fork 0
mirror of https://github.com/S2-/minifyfromhtml.git synced 2025-08-02 20:00:05 +02:00
Code Issues Releases Wiki Activity

update packages to latest version

Browse Source
This commit is contained in:
s2
2022-08-20 18:51:33 +02:00
parent 09663a35a5
commit 806ebf9a57
4513 changed files with 366205 additions and 92512 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
node_modules/minimist/index.js generated vendored
View File

@@ -70,7 +70,7 @@ module.exports = function (args, opts) {
var o = obj;
for (var i = 0; i < keys.length-1; i++) {
var key = keys[i];
if (key === '__proto__') return;
if (isConstructorOrProto(o, key)) return;
if (o[key] === undefined) o[key] = {};
if (o[key] === Object.prototype || o[key] === Number.prototype
|| o[key] === String.prototype) o[key] = {};
@@ -79,7 +79,7 @@ module.exports = function (args, opts) {
}
var key = keys[keys.length - 1];
if (key === '__proto__') return;
if (isConstructorOrProto(o, key)) return;
if (o === Object.prototype || o === Number.prototype
|| o === String.prototype) o = {};
if (o === Array.prototype) o = [];
@@ -243,3 +243,7 @@ function isNumber (x) {
return /^[-+]?(?:\d+(?:\.\d*)?|\.\d+)(e[-+]?\d+)?$/.test(x);
}
function isConstructorOrProto (obj, key) {
return key === 'constructor' && typeof obj[key] === 'function' || key === '__proto__';
}

30
node_modules/minimist/package.json generated vendored
View File

@@ -1,31 +1,27 @@
{
"_args": [
[
"minimist@1.2.5",
"D:\\Projects\\minifyfromhtml"
]
],
"_from": "minimist@1.2.5",
"_id": "minimist@1.2.5",
"_from": "minimist@^1.2.2",
"_id": "minimist@1.2.6",
"_inBundle": false,
"_integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==",
"_integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
"_location": "/minimist",
"_phantomChildren": {},
"_requested": {
"type": "version",
"type": "range",
"registry": true,
"raw": "minimist@1.2.5",
"raw": "minimist@^1.2.2",
"name": "minimist",
"escapedName": "minimist",
"rawSpec": "1.2.5",
"rawSpec": "^1.2.2",
"saveSpec": null,
"fetchSpec": "1.2.5"
"fetchSpec": "^1.2.2"
},
"_requiredBy": [
"#USER",
"/"
],
"_resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz",
"_spec": "1.2.5",
"_resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
"_shasum": "8637a5b759ea0d6e98702cfb3a9283323c93af44",
"_spec": "minimist@^1.2.2",
"_where": "D:\\Projects\\minifyfromhtml",
"author": {
"name": "James Halliday",
@@ -35,6 +31,8 @@
"bugs": {
"url": "https://github.com/substack/minimist/issues"
},
"bundleDependencies": false,
"deprecated": false,
"description": "parse argument options",
"devDependencies": {
"covert": "^1.0.0",
@@ -72,5 +70,5 @@
"opera/12"
]
},
"version": "1.2.5"
"version": "1.2.6"
}

5
node_modules/minimist/readme.markdown generated vendored
View File

@@ -34,7 +34,10 @@ $ node example/parse.js -x 3 -y 4 -n5 -abc --beep=boop foo bar baz
Previous versions had a prototype pollution bug that could cause privilege
escalation in some circumstances when handling untrusted user input.
Please use version 1.2.3 or later: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Please use version 1.2.6 or later:
* https://security.snyk.io/vuln/SNYK-JS-MINIMIST-2429795 (version <=1.2.5)
* https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 (version <=1.2.3)
# methods

16
node_modules/minimist/test/proto.js generated vendored
View File

@@ -42,3 +42,19 @@ test('proto pollution (constructor)', function (t) {
t.equal(argv.y, undefined);
t.end();
});
test('proto pollution (constructor function)', function (t) {
var argv = parse(['--_.concat.constructor.prototype.y', '123']);
function fnToBeTested() {}
t.equal(fnToBeTested.y, undefined);
t.equal(argv.y, undefined);
t.end();
});
// powered by snyk - https://github.com/backstage/backstage/issues/10343
test('proto pollution (constructor function) snyk', function (t) {
var argv = parse('--_.constructor.constructor.prototype.foo bar'.split(' '));
t.equal((function(){}).foo, undefined);
t.equal(argv.y, undefined);
t.end();
})