Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

4.17 #5233

Closed
wants to merge 83 commits into from
Closed

4.17 #5233

Changes from 1 commit
Commits
Show all changes
83 commits
Select commit Hold shift + click to select a range
5a3ff73
Ensure `cloneByPath` preserves uncloneable values. [closes #3203]
jdalton Jun 14, 2017
d8e069c
Avoid merging properties on to __proto__ objects.
jdalton Jan 31, 2018
b8c719d
Fix cloneDeep with circularly dependent Sets/Maps. [closes #3122]
jdalton Feb 2, 2018
7cb477a
Use `new` to create the array clone.
jdalton Feb 2, 2018
45ac7f3
Support symbols in property paths of `set`. [closes #3189]
jdalton Feb 2, 2018
20c5307
stringToPath: avoid shadowing variable. (#3226)
jdalton Feb 2, 2018
f831977
Avoid shadowing `result` in `remainingWait`. (#3280)
jdalton Feb 2, 2018
7167a78
Replacing a regex in `stringToPath` with a quick character code check…
jdalton Feb 3, 2018
dac890a
Enable _.words to detect ordinals in compound words. [closes #3561]
jdalton Feb 3, 2018
a1b5305
Add 4.17.5 branch to travis.
jdalton Feb 3, 2018
a73b92b
Avoid using the values toString method in _.invert if it’s not a func…
jdalton Feb 3, 2018
5adb4ee
Make _.defaults avoid accessing property values it doesn't need to. […
jdalton Feb 3, 2018
5e58cd2
Fix style nits.
jdalton Feb 3, 2018
ce32a89
Rebuild lodash and docs.
jdalton Feb 3, 2018
97e9edc
Bump to v4.17.5.
jdalton Feb 3, 2018
852988e
Use util.types to migrate DEP0103 in Node.js.
jdalton Apr 24, 2018
4680cda
Rebuild lodash and docs.
jdalton Apr 24, 2018
b002100
Bump to v4.17.9.
jdalton Apr 24, 2018
a65fd33
Rebuild lodash and docs.
jdalton Apr 24, 2018
67389a8
Bump to v4.17.10.
jdalton Apr 24, 2018
90e6199
Ensure Object.prototype is not augmented by _.merge.
jdalton Aug 31, 2018
5c08f18
Prevent ReDoS
manuel-jasso Aug 28, 2018
6e62e1e
Cleanup ReDoS test.
jdalton Aug 31, 2018
79b9d20
Fix inconsistent merging of multiple sources to function property
sinaabadi Jun 20, 2018
278c6dd
Cleanup _.merge tests for function properties.
jdalton Aug 31, 2018
2de676f
Ensure placeholder properties are set for fp.convert() results. [clos…
jdalton Aug 31, 2018
e5f9af5
Remove prototype property check in safeGet().
jdalton Aug 31, 2018
d8ddc1a
Add test for indirectly merging `Object` properties.
jdalton Aug 31, 2018
552f94a
Lint nits.
jdalton Aug 31, 2018
eaa9f36
Commit package-lock.json.
jdalton Aug 31, 2018
3ac4b26
Rebuild lodash and docs.
jdalton Sep 12, 2018
0843bd4
Bump to v4.17.11.
jdalton Sep 12, 2018
e0cbb4c
Ensure map and set clones contain custom properties of source values.…
jdalton Sep 18, 2018
39a7eae
Ensure _.pick paths aren't interpolated twice. [closes #3952]
jdalton Sep 18, 2018
1cb18df
Revert "Ensure _.pick paths aren't interpolated twice. [closes #3952]"
jdalton Nov 21, 2018
bda6f27
Update wording of fp wiki template for method spread rule exceptions.
jdalton Dec 5, 2018
15b1565
cancel old timer (#4139)
anhulife Feb 12, 2019
7084300
perf(toNumber): use +value to convert binary/octal/hexadecimal string…
gu-xionghong Mar 14, 2019
0b8592a
mergeWith: stack passed to customizer should always be defined (#4244)
mhassan1 Mar 22, 2019
343456d
Round Infinity with a precision argument returns Infinity (#4272)
jefffriesen Apr 18, 2019
e42cd97
Fixes issue with Object prototype and the chaining syntax. [closes #4…
ekkis May 9, 2019
1f8ea07
fix: prototype pollution in _.defaultsDeep (#4336)
Kirill89 Jun 24, 2019
60eb517
Prevent prototype pollution chaining to code execution via _.template…
alexbrasetvik Jul 9, 2019
deb65de
Revert "perf(toNumber): use +value to convert binary/octal/hexadecima…
jdalton Jul 9, 2019
f8dc214
Whitespace nit.
jdalton Jul 9, 2019
52ab48c
Use nativeIsFinite() instead of Number.isFinite().
jdalton Jul 9, 2019
02b3295
Format nit.
jdalton Jul 9, 2019
8f4d3eb
Update deps.
jdalton Jul 9, 2019
29e2584
Fix style:test lint nits.
jdalton Jul 9, 2019
53838a3
Fix tests in older browsers.
jdalton Jul 9, 2019
17a34bc
Fix test bootstrap for core build.
jdalton Jul 9, 2019
2406eac
Fix minified build.
jdalton Jul 9, 2019
629d186
Update OpenJS references.
jdalton Jul 9, 2019
e77d681
Rebuild lodash and docs.
jdalton Jul 9, 2019
fd9a062
Bump to v4.17.12.
jdalton Jul 9, 2019
357e899
Rebuild lodash and docs.
jdalton Jul 9, 2019
e371828
Bump to v4.17.13.
jdalton Jul 9, 2019
a6fe6b1
Rebuild lodash and docs.
jdalton Jul 10, 2019
be87d30
Bump to v4.17.14.
jdalton Jul 10, 2019
b185fce
Rebuild lodash and docs.
jdalton Jul 17, 2019
ddfd9b1
Bump to v4.17.15.
jdalton Jul 17, 2019
b281dde
change documentation, show clearly how sortBy work with two iteratees…
theGABS Sep 17, 2019
602cc3f
(4.17) Short circuit sortedIndexBy methods for empty arrays (#4497)
megawac Oct 4, 2019
659e8c0
Ensure `orderBy` will accept iteratee path arrays #4438 (#4513)
falsyvalues Oct 10, 2019
94c3a81
Document matches* shorthands for over* methods (#4510) (#4514)
arty-name Oct 13, 2019
0cec225
Fix lodash.isEqual for circular references (#4320) (#4515)
cukejianya Oct 16, 2019
e7b28ea
Sanitize sourceURL so it cannot affect evaled code (#4518)
alexbrasetvik Jun 4, 2020
c84fe82
fix(zipObjectDeep): prototype pollution (#4759)
JackuB Jul 2, 2020
3a3b0fd
Bump to v4.17.16
mathiasbynens Jul 8, 2020
1144918
Rebuild lodash and docs
mathiasbynens Jul 8, 2020
a370ac8
Bump to v4.17.17
mathiasbynens Jul 8, 2020
1b6c282
Bump to v4.17.18
mathiasbynens Jul 8, 2020
2e1c0f2
Add npm-package
mathiasbynens Jul 8, 2020
d7fbc52
Bump to v4.17.19
mathiasbynens Jul 8, 2020
aa816b3
Remove `/npm-package`.
bnjmnt4n Jul 26, 2020
5d046f3
Re-enable Travis tests on `4.17` branch.
bnjmnt4n Jul 26, 2020
846e434
Temporarily use a custom fork of `lodash-cli`.
bnjmnt4n Jul 26, 2020
00f0f62
test.js: Remove trailing comma.
bnjmnt4n Jul 26, 2020
63150ef
Documentation fixes.
bnjmnt4n Aug 13, 2020
ded9bc6
Bump to v4.17.20.
bnjmnt4n Aug 13, 2020
3469357
Prevent command injection through `_.template`'s `variable` option
stof Feb 17, 2021
c4847eb
Improve performance of `toNumber`, `trim` and `trimEnd` on large inpu…
falsyvalues Jan 26, 2021
f299b52
Bump to v4.17.21
bnjmnt4n Feb 20, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Cleanup ReDoS test.
  • Loading branch information
@jdalton
jdalton committed Aug 31, 2018
commit 6e62e1e8df7b907beaa37a3182752d310314589f
24 changes: 12 additions & 12 deletions test/test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25359,21 +25359,21 @@
assert.deepEqual(actual, [['a'], ['b'], ['c']]);
});

var maxMs = 5;
QUnit.test(`should take less than ${maxMs} ms to prevent ReDoS`, function(assert) {
assert.expect(3);
QUnit.test('should prevent ReDoS', function(assert) {
assert.expect(2);

var hugeWordLen = 50000;
var hugeWord = 'A'.repeat(hugeWordLen);
var startTime = Date.now();
assert.deepEqual(_.words(hugeWord+'AeiouAreVowels'), [hugeWord, 'Aeiou', 'Are', 'Vowels']);
assert.deepEqual(_.words(hugeWord+'ÆiouAreVowels'), [hugeWord, 'Æiou', 'Are', 'Vowels']);
var endTime = Date.now();
var timeSpent = endTime - startTime;
var largeWordLen = 50000,
largeWord = 'A'.repeat(largeWordLen),
maxMs = 1000,
startTime = lodashStable.now();

assert.ok(timeSpent < maxMs, `operation took ${timeSpent} ms`);
});
assert.deepEqual(_.words(largeWord + 'ÆiouAreVowels'), [largeWord, 'Æiou', 'Are', 'Vowels']);

var endTime = lodashStable.now(),
timeSpent = endTime - startTime;

assert.ok(timeSpent < maxMs, 'operation took ' + timeSpent + 'ms');
});
}());

/*--------------------------------------------------------------------------*/
Expand Down