Mirrors/lodash
1
0
Fork 0
mirror of https://github.com/whoisclebs/lodash.git synced 2026-01-29 06:27:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
87a677c811dfbb37a14b93d935fa1a87bbf8d151
lodash/_baseClone.js
John-David Dalton 87a677c811 Update lodash-amd to v4.17.21 + edadd45 (#6064) 
* Fix prototype pollution in _.set and related functions

Prevents setting dangerous properties (__proto__, constructor, prototype)
that could lead to prototype pollution vulnerabilities.

* Fix command injection vulnerability in _.template

- Add validation for the variable option to prevent injection attacks
- Improve sourceURL whitespace normalization to prevent code injection

* Fix cyclic value comparison in _.isEqual

Properly checks both directions when comparing cyclic values to ensure
correct equality comparisons for circular references.

* Improve _.sortBy and _.orderBy performance and array handling

- Add early return for empty arrays in sorted index operations
- Improve array iteratee handling to support nested property paths
- Add missing keysIn import in baseClone

* Refactor _.trim, _.trimEnd, and _.trimStart implementations

Extract shared trim logic into reusable utilities (_baseTrim, _trimmedEndIndex)
for better code organization and consistency. Update related functions
(toNumber, parseInt) to use new utilities. Improve comment accuracy.

* Add documentation for predicate composition with _.overEvery and _.overSome

Enhance documentation to show how _.matches and _.matchesProperty can be
combined using _.overEvery and _.overSome for more powerful filtering.
Add examples demonstrating shorthand predicate syntax.

* Bump to v4.17.21

* Fix prototype pollution in _.unset and _.omit

Prevent prototype pollution on baseUnset function by:
- Blocking "__proto__" if not an own property
- Blocking "constructor.prototype" chains (except when starting at primitive root)
- Skipping non-string keys

See: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg

* Update JSDoc documentation to align with main branch

- Fix sortBy example ages (40 -> 30) for correct sort order demonstration
- Fix _setCacheHas return type (number -> boolean)
2025-12-10 17:03:07 -05:00

150 lines
5.5 KiB
JavaScript
Raw Blame History

define(['./_Stack', './_arrayEach', './_assignValue', './_baseAssign', './_baseAssignIn', './_cloneBuffer', './_copyArray', './_copySymbols', './_copySymbolsIn', './_getAllKeys', './_getAllKeysIn', './_getTag', './_initCloneArray', './_initCloneByTag', './_initCloneObject', './isArray', './isBuffer', './isMap', './isObject', './isSet', './keys', './keysIn'], function(Stack, arrayEach, assignValue, baseAssign, baseAssignIn, cloneBuffer, copyArray, copySymbols, copySymbolsIn, getAllKeys, getAllKeysIn, getTag, initCloneArray, initCloneByTag, initCloneObject, isArray, isBuffer, isMap, isObject, isSet, keys, keysIn) {
/** Used as a safe reference for `undefined` in pre-ES5 environments. */
var undefined;
/** Used to compose bitmasks for cloning. */
var CLONE_DEEP_FLAG = 1,
CLONE_FLAT_FLAG = 2,
CLONE_SYMBOLS_FLAG = 4;
/** `Object#toString` result references. */
var argsTag = '[object Arguments]',
arrayTag = '[object Array]',
boolTag = '[object Boolean]',
dateTag = '[object Date]',
errorTag = '[object Error]',
funcTag = '[object Function]',
genTag = '[object GeneratorFunction]',
mapTag = '[object Map]',
numberTag = '[object Number]',
objectTag = '[object Object]',
regexpTag = '[object RegExp]',
setTag = '[object Set]',
stringTag = '[object String]',
symbolTag = '[object Symbol]',
weakMapTag = '[object WeakMap]';
var arrayBufferTag = '[object ArrayBuffer]',
dataViewTag = '[object DataView]',
float32Tag = '[object Float32Array]',
float64Tag = '[object Float64Array]',
int8Tag = '[object Int8Array]',
int16Tag = '[object Int16Array]',
int32Tag = '[object Int32Array]',
uint8Tag = '[object Uint8Array]',
uint8ClampedTag = '[object Uint8ClampedArray]',
uint16Tag = '[object Uint16Array]',
uint32Tag = '[object Uint32Array]';
/** Used to identify `toStringTag` values supported by `_.clone`. */
var cloneableTags = {};
cloneableTags[argsTag] = cloneableTags[arrayTag] =
cloneableTags[arrayBufferTag] = cloneableTags[dataViewTag] =
cloneableTags[boolTag] = cloneableTags[dateTag] =
cloneableTags[float32Tag] = cloneableTags[float64Tag] =
cloneableTags[int8Tag] = cloneableTags[int16Tag] =
cloneableTags[int32Tag] = cloneableTags[mapTag] =
cloneableTags[numberTag] = cloneableTags[objectTag] =
cloneableTags[regexpTag] = cloneableTags[setTag] =
cloneableTags[stringTag] = cloneableTags[symbolTag] =
cloneableTags[uint8Tag] = cloneableTags[uint8ClampedTag] =
cloneableTags[uint16Tag] = cloneableTags[uint32Tag] = true;
cloneableTags[errorTag] = cloneableTags[funcTag] =
cloneableTags[weakMapTag] = false;
/**
* The base implementation of `_.clone` and `_.cloneDeep` which tracks
* traversed objects.
*
* @private
* @param {*} value The value to clone.
* @param {boolean} bitmask The bitmask flags.
* 1 - Deep clone
* 2 - Flatten inherited properties
* 4 - Clone symbols
* @param {Function} [customizer] The function to customize cloning.
* @param {string} [key] The key of `value`.
* @param {Object} [object] The parent object of `value`.
* @param {Object} [stack] Tracks traversed objects and their clone counterparts.
* @returns {*} Returns the cloned value.
*/
function baseClone(value, bitmask, customizer, key, object, stack) {
var result,
isDeep = bitmask & CLONE_DEEP_FLAG,
isFlat = bitmask & CLONE_FLAT_FLAG,
isFull = bitmask & CLONE_SYMBOLS_FLAG;
if (customizer) {
result = object ? customizer(value, key, object, stack) : customizer(value);
}
if (result !== undefined) {
return result;
}
if (!isObject(value)) {
return value;
}
var isArr = isArray(value);
if (isArr) {
result = initCloneArray(value);
if (!isDeep) {
return copyArray(value, result);
}
} else {
var tag = getTag(value),
isFunc = tag == funcTag || tag == genTag;
if (isBuffer(value)) {
return cloneBuffer(value, isDeep);
}
if (tag == objectTag || tag == argsTag || (isFunc && !object)) {
result = (isFlat || isFunc) ? {} : initCloneObject(value);
if (!isDeep) {
return isFlat
? copySymbolsIn(value, baseAssignIn(result, value))
: copySymbols(value, baseAssign(result, value));
}
} else {
if (!cloneableTags[tag]) {
return object ? value : {};
}
result = initCloneByTag(value, tag, isDeep);
}
}
// Check for circular references and return its corresponding clone.
stack || (stack = new Stack);
var stacked = stack.get(value);
if (stacked) {
return stacked;
}
stack.set(value, result);
if (isSet(value)) {
value.forEach(function(subValue) {
result.add(baseClone(subValue, bitmask, customizer, subValue, value, stack));
});
} else if (isMap(value)) {
value.forEach(function(subValue, key) {
result.set(key, baseClone(subValue, bitmask, customizer, key, value, stack));
});
}
var keysFunc = isFull
? (isFlat ? getAllKeysIn : getAllKeys)
: (isFlat ? keysIn : keys);
var props = isArr ? undefined : keysFunc(value);
arrayEach(props || value, function(subValue, key) {
if (props) {
key = subValue;
subValue = value[key];
}
// Recursively populate clone (susceptible to call stack limits).
assignValue(result, key, baseClone(subValue, bitmask, customizer, key, value, stack));
});
return result;
}
return baseClone;
});
Reference in New Issue View Git Blame Copy Permalink