mirror of
https://github.com/discourse/discourse.git
synced 2024-12-14 20:33:49 +08:00
SECURITY: Update Handlebars to 4.1
This is to address: https://www.npmjs.com/advisories/755 It is a low priority fix, as Discourse does not allow end users to input raw handlebars templates.
This commit is contained in:
parent
63dbac786f
commit
db63a8e468
|
@ -11,7 +11,7 @@
|
|||
"bootbox": "3.2.0",
|
||||
"chart.js": "2.7.3",
|
||||
"favcount": "https://github.com/chrishunt/favcount",
|
||||
"handlebars": "4.0.12",
|
||||
"handlebars": "^4.1.1",
|
||||
"highlight.js": "https://github.com/highlightjs/highlight.js",
|
||||
"htmlparser": "https://github.com/tautologistics/node-htmlparser",
|
||||
"intersection-observer": "^0.5.1",
|
||||
|
|
19
vendor/assets/javascripts/handlebars.js
vendored
19
vendor/assets/javascripts/handlebars.js
vendored
|
@ -1,7 +1,7 @@
|
|||
/**!
|
||||
|
||||
@license
|
||||
handlebars v4.0.12
|
||||
handlebars v4.1.1
|
||||
|
||||
Copyright (C) 2011-2017 by Yehuda Katz
|
||||
|
||||
|
@ -275,7 +275,7 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
|
||||
var _logger2 = _interopRequireDefault(_logger);
|
||||
|
||||
var VERSION = '4.0.12';
|
||||
var VERSION = '4.1.1';
|
||||
exports.VERSION = VERSION;
|
||||
var COMPILER_REVISION = 7;
|
||||
|
||||
|
@ -1629,8 +1629,7 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
symbols_: { "error": 2, "root": 3, "program": 4, "EOF": 5, "program_repetition0": 6, "statement": 7, "mustache": 8, "block": 9, "rawBlock": 10, "partial": 11, "partialBlock": 12, "content": 13, "COMMENT": 14, "CONTENT": 15, "openRawBlock": 16, "rawBlock_repetition_plus0": 17, "END_RAW_BLOCK": 18, "OPEN_RAW_BLOCK": 19, "helperName": 20, "openRawBlock_repetition0": 21, "openRawBlock_option0": 22, "CLOSE_RAW_BLOCK": 23, "openBlock": 24, "block_option0": 25, "closeBlock": 26, "openInverse": 27, "block_option1": 28, "OPEN_BLOCK": 29, "openBlock_repetition0": 30, "openBlock_option0": 31, "openBlock_option1": 32, "CLOSE": 33, "OPEN_INVERSE": 34, "openInverse_repetition0": 35, "openInverse_option0": 36, "openInverse_option1": 37, "openInverseChain": 38, "OPEN_INVERSE_CHAIN": 39, "openInverseChain_repetition0": 40, "openInverseChain_option0": 41, "openInverseChain_option1": 42, "inverseAndProgram": 43, "INVERSE": 44, "inverseChain": 45, "inverseChain_option0": 46, "OPEN_ENDBLOCK": 47, "OPEN": 48, "mustache_repetition0": 49, "mustache_option0": 50, "OPEN_UNESCAPED": 51, "mustache_repetition1": 52, "mustache_option1": 53, "CLOSE_UNESCAPED": 54, "OPEN_PARTIAL": 55, "partialName": 56, "partial_repetition0": 57, "partial_option0": 58, "openPartialBlock": 59, "OPEN_PARTIAL_BLOCK": 60, "openPartialBlock_repetition0": 61, "openPartialBlock_option0": 62, "param": 63, "sexpr": 64, "OPEN_SEXPR": 65, "sexpr_repetition0": 66, "sexpr_option0": 67, "CLOSE_SEXPR": 68, "hash": 69, "hash_repetition_plus0": 70, "hashSegment": 71, "ID": 72, "EQUALS": 73, "blockParams": 74, "OPEN_BLOCK_PARAMS": 75, "blockParams_repetition_plus0": 76, "CLOSE_BLOCK_PARAMS": 77, "path": 78, "dataName": 79, "STRING": 80, "NUMBER": 81, "BOOLEAN": 82, "UNDEFINED": 83, "NULL": 84, "DATA": 85, "pathSegments": 86, "SEP": 87, "$accept": 0, "$end": 1 },
|
||||
terminals_: { 2: "error", 5: "EOF", 14: "COMMENT", 15: "CONTENT", 18: "END_RAW_BLOCK", 19: "OPEN_RAW_BLOCK", 23: "CLOSE_RAW_BLOCK", 29: "OPEN_BLOCK", 33: "CLOSE", 34: "OPEN_INVERSE", 39: "OPEN_INVERSE_CHAIN", 44: "INVERSE", 47: "OPEN_ENDBLOCK", 48: "OPEN", 51: "OPEN_UNESCAPED", 54: "CLOSE_UNESCAPED", 55: "OPEN_PARTIAL", 60: "OPEN_PARTIAL_BLOCK", 65: "OPEN_SEXPR", 68: "CLOSE_SEXPR", 72: "ID", 73: "EQUALS", 75: "OPEN_BLOCK_PARAMS", 77: "CLOSE_BLOCK_PARAMS", 80: "STRING", 81: "NUMBER", 82: "BOOLEAN", 83: "UNDEFINED", 84: "NULL", 85: "DATA", 87: "SEP" },
|
||||
productions_: [0, [3, 2], [4, 1], [7, 1], [7, 1], [7, 1], [7, 1], [7, 1], [7, 1], [7, 1], [13, 1], [10, 3], [16, 5], [9, 4], [9, 4], [24, 6], [27, 6], [38, 6], [43, 2], [45, 3], [45, 1], [26, 3], [8, 5], [8, 5], [11, 5], [12, 3], [59, 5], [63, 1], [63, 1], [64, 5], [69, 1], [71, 3], [74, 3], [20, 1], [20, 1], [20, 1], [20, 1], [20, 1], [20, 1], [20, 1], [56, 1], [56, 1], [79, 2], [78, 1], [86, 3], [86, 1], [6, 0], [6, 2], [17, 1], [17, 2], [21, 0], [21, 2], [22, 0], [22, 1], [25, 0], [25, 1], [28, 0], [28, 1], [30, 0], [30, 2], [31, 0], [31, 1], [32, 0], [32, 1], [35, 0], [35, 2], [36, 0], [36, 1], [37, 0], [37, 1], [40, 0], [40, 2], [41, 0], [41, 1], [42, 0], [42, 1], [46, 0], [46, 1], [49, 0], [49, 2], [50, 0], [50, 1], [52, 0], [52, 2], [53, 0], [53, 1], [57, 0], [57, 2], [58, 0], [58, 1], [61, 0], [61, 2], [62, 0], [62, 1], [66, 0], [66, 2], [67, 0], [67, 1], [70, 1], [70, 2], [76, 1], [76, 2]],
|
||||
performAction: function anonymous(yytext, yyleng, yylineno, yy, yystate, $$, _$
|
||||
/*``*/) {
|
||||
performAction: function anonymous(yytext, yyleng, yylineno, yy, yystate, $$, _$) {
|
||||
|
||||
var $0 = $$.length - 1;
|
||||
switch (yystate) {
|
||||
|
@ -2167,11 +2166,10 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
this.begin(condition);
|
||||
} };
|
||||
lexer.options = {};
|
||||
lexer.performAction = function anonymous(yy, yy_, $avoiding_name_collisions, YY_START
|
||||
/*``*/) {
|
||||
lexer.performAction = function anonymous(yy, yy_, $avoiding_name_collisions, YY_START) {
|
||||
|
||||
function strip(start, end) {
|
||||
return yy_.yytext = yy_.yytext.substr(start, yy_.yyleng - end);
|
||||
return yy_.yytext = yy_.yytext.substring(start, yy_.yyleng - end + start);
|
||||
}
|
||||
|
||||
var YYSTATE = YY_START;
|
||||
|
@ -2208,7 +2206,7 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
if (this.conditionStack[this.conditionStack.length - 1] === 'raw') {
|
||||
return 15;
|
||||
} else {
|
||||
yy_.yytext = yy_.yytext.substr(5, yy_.yyleng - 9);
|
||||
strip(5, 9);
|
||||
return 'END_RAW_BLOCK';
|
||||
}
|
||||
|
||||
|
@ -2772,7 +2770,7 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
|
||||
function id(token) {
|
||||
if (/^\[.*\]$/.test(token)) {
|
||||
return token.substr(1, token.length - 2);
|
||||
return token.substring(1, token.length - 1);
|
||||
} else {
|
||||
return token;
|
||||
}
|
||||
|
@ -3563,6 +3561,9 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
// PUBLIC API: You can override these methods in a subclass to provide
|
||||
// alternative compiled forms for name lookup and buffering semantics
|
||||
nameLookup: function nameLookup(parent, name /* , type*/) {
|
||||
if (name === 'constructor') {
|
||||
return ['(', parent, '.propertyIsEnumerable(\'constructor\') ? ', parent, '.constructor : undefined', ')'];
|
||||
}
|
||||
if (JavaScriptCompiler.isValidJavaScriptVariableName(name)) {
|
||||
return [parent, '.', name];
|
||||
} else {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
/**!
|
||||
|
||||
@license
|
||||
handlebars v4.0.12
|
||||
handlebars v4.1.1
|
||||
|
||||
Copyright (C) 2011-2017 by Yehuda Katz
|
||||
|
||||
|
@ -207,7 +207,7 @@ return /******/ (function(modules) { // webpackBootstrap
|
|||
|
||||
var _logger2 = _interopRequireDefault(_logger);
|
||||
|
||||
var VERSION = '4.0.12';
|
||||
var VERSION = '4.1.1';
|
||||
exports.VERSION = VERSION;
|
||||
var COMPILER_REVISION = 7;
|
||||
|
||||
|
|
24
yarn.lock
24
yarn.lock
|
@ -259,13 +259,6 @@ async-limiter@~1.0.0:
|
|||
resolved "https://registry.yarnpkg.com/async-limiter/-/async-limiter-1.0.0.tgz#78faed8c3d074ab81f22b4e985d79e8738f720f8"
|
||||
integrity sha512-jp/uFnooOiO+L211eZOoSyzpOITMXx1rBITauYykG3BRYPu8h0UcxsPNB04RR5vo4Tyz3+ay17tR6JVf9qzYWg==
|
||||
|
||||
async@^2.5.0:
|
||||
version "2.6.1"
|
||||
resolved "https://registry.yarnpkg.com/async/-/async-2.6.1.tgz#b245a23ca71930044ec53fa46aa00a3e87c6a610"
|
||||
integrity sha512-fNEiL2+AZt6AlAw/29Cr0UDe4sRAHCpEHh54WMz+Bb7QfNcFw4h3loofyJpLeQs4Yx7yuqu/2dLgM5hKOs6HlQ==
|
||||
dependencies:
|
||||
lodash "^4.17.10"
|
||||
|
||||
atob@^2.1.1:
|
||||
version "2.1.2"
|
||||
resolved "https://registry.yarnpkg.com/atob/-/atob-2.1.2.tgz#6d9517eb9e030d2436666651e86bd9f6f13533c9"
|
||||
|
@ -1043,12 +1036,12 @@ graceful-fs@^4.1.2:
|
|||
resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.1.15.tgz#ffb703e1066e8a0eeaa4c8b80ba9253eeefbfb00"
|
||||
integrity sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA==
|
||||
|
||||
handlebars@4.0.12:
|
||||
version "4.0.12"
|
||||
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.0.12.tgz#2c15c8a96d46da5e266700518ba8cb8d919d5bc5"
|
||||
integrity sha512-RhmTekP+FZL+XNhwS1Wf+bTTZpdLougwt5pcgA1tuz6Jcx0fpH/7z0qd71RKnZHBCxIRBHfBOnio4gViPemNzA==
|
||||
handlebars@^4.1.1:
|
||||
version "4.1.1"
|
||||
resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.1.1.tgz#6e4e41c18ebe7719ae4d38e5aca3d32fa3dd23d3"
|
||||
integrity sha512-3Zhi6C0euYZL5sM0Zcy7lInLXKQ+YLcF/olbN010mzGQ4XVm50JeyBnMqofHh696GrciGruC7kCcApPDJvVgwA==
|
||||
dependencies:
|
||||
async "^2.5.0"
|
||||
neo-async "^2.6.0"
|
||||
optimist "^0.6.1"
|
||||
source-map "^0.6.1"
|
||||
optionalDependencies:
|
||||
|
@ -1463,7 +1456,7 @@ lodash.get@^4.4.2:
|
|||
resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99"
|
||||
integrity sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=
|
||||
|
||||
lodash@^4.17.10, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.3.0:
|
||||
lodash@^4.17.4, lodash@^4.2.0, lodash@^4.3.0:
|
||||
version "4.17.11"
|
||||
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
|
||||
integrity sha512-cQKh8igo5QUhZ7lg38DYWAxMvjSAKG0A8wGSVimP07SIUEK2UO+arSRKbRZWtelMtN5V0Hkwh5ryOto/SshYIg==
|
||||
|
@ -1657,6 +1650,11 @@ natural-compare@^1.4.0:
|
|||
resolved "https://registry.yarnpkg.com/natural-compare/-/natural-compare-1.4.0.tgz#4abebfeed7541f2c27acfb29bdbbd15c8d5ba4f7"
|
||||
integrity sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=
|
||||
|
||||
neo-async@^2.6.0:
|
||||
version "2.6.0"
|
||||
resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.0.tgz#b9d15e4d71c6762908654b5183ed38b753340835"
|
||||
integrity sha512-MFh0d/Wa7vkKO3Y3LlacqAEeHK0mckVqzDieUKTT+KGxi+zIpeVsFxymkIiRpbpDziHc290Xr9A1O4Om7otoRA==
|
||||
|
||||
nice-try@^1.0.4:
|
||||
version "1.0.5"
|
||||
resolved "https://registry.yarnpkg.com/nice-try/-/nice-try-1.0.5.tgz#a3378a7696ce7d223e88fc9b764bd7ef1089e366"
|
||||
|
|
Loading…
Reference in New Issue
Block a user