Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-01-29 06:27:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,683 Commits 7 Branches 423 Tags
edadd452146f7e4bad4ea684e955708931d84d81
Commit Graph

2858 Commits

Author SHA1 Message Date
Ulises Gascón
edadd45214 Prevent prototype pollution on baseUnset function 
* test: add tests to prevent security regressions

* sec: prevent prototype pollution on `baseUnset` function

* chore: improve security patch

- Expand both `_.omit` & `_.unset` security tests to loop over `__proto__`, `constructor`, `prototype`
- Only block `__proto__` if not an own property
 2025-12-05 13:29:20 -05:00
Ulises Gascón
4afb725803 Add CI pipeline for Node (#6022) 
* chore: linting

* ci: add ci pipeline for Node.js

* ci: add support for Node@25

* Update .github/workflows/ci-node.yml

Co-authored-by: Jon Church <me@jonchurch.com>

---------

Co-authored-by: Jon Church <me@jonchurch.com>
 2025-10-27 06:31:52 -04:00
Benjamin Tan
f299b52f39 Bump to v4.17.21 2021-02-20 23:33:48 +08:00
Michał Lipiński
c4847ebe7d Improve performance of toNumber, trim and trimEnd on large input strings 
This prevents potential ReDoS attacks using `_.toNumber` and `_.trim*`
as potential attack vectors.

Closes #5065.
 2021-02-20 17:18:39 +08:00
Christophe Coevoet
3469357cff Prevent command injection through _.template's variable option 
Closes #5085.
 2021-02-20 16:28:01 +08:00
Benjamin Tan
ded9bc6658 Bump to v4.17.20. 2020-08-14 00:52:55 +08:00
Benjamin Tan
63150ef764 Documentation fixes. 2020-08-14 00:36:26 +08:00
Mathias Bynens
d7fbc52ee0 Bump to v4.17.19 2020-07-08 19:14:09 +02:00
Mathias Bynens
1b6c282299 Bump to v4.17.18 2020-07-08 18:04:03 +02:00
Mathias Bynens
a370ac8140 Bump to v4.17.17 2020-07-08 14:00:48 +02:00
Mathias Bynens
1144918f35 Rebuild lodash and docs 2020-07-08 10:08:29 +02:00
Jakub Mikulas
c84fe82760 fix(zipObjectDeep): prototype pollution (#4759) 2020-07-02 14:47:49 -07:00
Alex Brasetvik
e7b28ea6cb Sanitize sourceURL so it cannot affect evaled code (#4518) 2020-06-03 23:36:12 -07:00
Chinedum Ukejianya
0cec225778 Fix lodash.isEqual for circular references (#4320) (#4515) 2019-10-16 14:43:11 -07:00
Artemy Tregubenko
94c3a8133c Document matches* shorthands for over* methods (#4510) (#4514) 2019-10-13 10:54:27 -07:00
Michał Lipiński
659e8c019c Ensure orderBy will accept iteratee path arrays #4438 (#4513) 2019-10-10 13:04:37 -07:00
Graeme Yeates
602cc3f03d (4.17) Short circuit sortedIndexBy methods for empty arrays (#4497) 2019-10-04 10:23:55 -07:00
max
b281ddecc4 change documentation, show clearly how sortBy work with two iteratees (#4467) 2019-09-16 21:31:36 -07:00
John-David Dalton
b185fcee26 Rebuild lodash and docs. 2019-07-17 10:05:47 -07:00
John-David Dalton
a6fe6b1e17 Rebuild lodash and docs. 2019-07-10 06:32:17 -07:00
John-David Dalton
357e899e68 Rebuild lodash and docs. 2019-07-09 15:15:19 -07:00
John-David Dalton
e77d68121f Rebuild lodash and docs. 2019-07-09 13:34:41 -07:00
John-David Dalton
629d186579 Update OpenJS references. 2019-07-09 13:31:30 -07:00
John-David Dalton
2406eac542 Fix minified build. 2019-07-09 13:30:56 -07:00
John-David Dalton
02b3295a63 Format nit. 2019-07-09 09:34:08 -07:00
John-David Dalton
52ab48c054 Use nativeIsFinite() instead of Number.isFinite(). 2019-07-09 09:33:04 -07:00
John-David Dalton
f8dc2149f7 Whitespace nit. 2019-07-09 09:32:38 -07:00
John-David Dalton
deb65de218 Revert "perf(toNumber): use +value to convert binary/octal/hexadecimal string (#4230)" 
This reverts commit 7084300d34.
 2019-07-09 09:29:54 -07:00
Alex Brasetvik
60eb517911 Prevent prototype pollution chaining to code execution via _.template (#4355) 2019-07-09 09:09:55 -07:00
Kirill
1f8ea07746 fix: prototype pollution in _.defaultsDeep (#4336) 2019-06-24 09:17:55 -07:00
Erick Calder
e42cd97dae Fixes issue with Object prototype and the chaining syntax. [closes #4247] 2019-05-09 13:54:13 -07:00
Jeff Friesen
343456d696 Round Infinity with a precision argument returns Infinity (#4272) 
* Round Infinity with a precision argument returns Infinity

* Also making sure this is true for -Infinity
* Tested with _.round(), _.floor() and _.ceil()

* Switch to using isFinite to check if number should be rounded

* Add tests for rounding NaN now that there is an isFinite check
 2019-04-18 13:04:18 -07:00
Marc Hassan
0b8592a35c mergeWith: stack passed to customizer should always be defined (#4244) 
Summary:
If the first values encountered in the `object` in mergeWith are not objects, `stack` is undefined when passed to the `customizer`. Once the first object-ish value is encountered, `stack` gets initialized, and all further calls to `customizer` include a defined `stack`. This PR makes `stack` always defined, even before the first object-ish value is encountered.
 2019-03-21 20:54:53 -07:00
Amu
7084300d34 perf(toNumber): use +value to convert binary/octal/hexadecimal string (#4230) 2019-03-13 22:47:28 -07:00
liang feng
15b156512f cancel old timer (#4139) 2019-02-11 22:49:02 -08:00
John-David Dalton
1cb18dfada Revert "Ensure _.pick paths aren't interpolated twice. [closes #3952]" 
This reverts commit 39a7eae40d.
 2018-11-21 10:23:00 -06:00
John-David Dalton
39a7eae40d Ensure _.pick paths aren't interpolated twice. [closes #3952] 2018-09-17 22:38:33 -07:00
John-David Dalton
e0cbb4c8e6 Ensure map and set clones contain custom properties of source values. [closes #3951] 2018-09-17 22:31:34 -07:00
John-David Dalton
3ac4b261e4 Rebuild lodash and docs. 2018-09-12 10:44:01 -07:00
John-David Dalton
e5f9af5418 Remove prototype property check in safeGet(). 2018-08-31 15:22:17 -07:00
sina
79b9d20a91 Fix inconsistent merging of multiple sources to function property 2018-08-30 22:35:04 -07:00
Manuel Jasso
5c08f18d36 Prevent ReDoS 
To fix https://github.com/lodash/lodash/issues/3359, modified reHasUnicodeWord to remove an unnecessary comma which made the regex greedy, this is only a test regex and not a matching regex. Added unit tests, this now should run under 5 ms instead of over 1000 ms for huge 50k+ char words.
 2018-08-30 22:07:27 -07:00
John-David Dalton
90e6199a16 Ensure Object.prototype is not augmented by _.merge. 2018-08-30 22:06:15 -07:00
John-David Dalton
a65fd33603 Rebuild lodash and docs. 2018-04-24 15:26:43 -07:00
John-David Dalton
4680cdacc0 Rebuild lodash and docs. 2018-04-24 10:29:50 -07:00
John-David Dalton
852988e04a Use util.types to migrate DEP0103 in Node.js. 
PR: #3704
 2018-04-24 10:28:01 -07:00
John-David Dalton
ce32a89e3e Rebuild lodash and docs. 2018-02-03 22:35:25 -08:00
John-David Dalton
5e58cd216c Fix style nits. 2018-02-03 21:25:41 -08:00
John-David Dalton
5adb4ee95c Make _.defaults avoid accessing property values it doesn't need to. [closes #2983] 2018-02-03 21:25:41 -08:00
John-David Dalton
a73b92b58e Avoid using the values toString method in _.invert if it’s not a function. [closes #3260] 2018-02-03 21:25:41 -08:00