luciano/diff2html
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #217 from rtfpessoa/fix-merge-vuln

Browse source 
fix: Remove lodash.merge for merge
This commit is contained in:
Rodrigo Fernandes 2019-05-08 23:45:05 +01:00 committed by GitHub
commit a8a7147f50
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
package.json
View file

@ -56,7 +56,7 @@
"dependencies": {
"diff": "^4.0.1",
"hogan.js": "^3.0.2",
"lodash.merge": "^4.6.1",
"merge": "^1.2.1",
"whatwg-fetch": "^3.0.0"
},
"devDependencies": {

6
src/utils.js
View file

@ -6,7 +6,7 @@
*/
(function() {
var merge = require('lodash.merge');
var merge = require('merge');
function Utils() {
}
@ -41,9 +41,7 @@
};
Utils.prototype.safeConfig = function(cfg, defaultConfig) {
var newCfg = {};
merge(newCfg, defaultConfig, cfg);
return newCfg;
return merge.recursive(true, defaultConfig, cfg);
};
module.exports.Utils = new Utils();

10
yarn.lock
View file

@ -2227,11 +2227,6 @@ lodash.memoize@~3.0.3:
resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-3.0.4.tgz#2dcbd2c287cbc0a55cc42328bd0c736150d53e3f"
integrity sha1-LcvSwofLwKVcxCMovQxzYVDVPj8=
lodash.merge@^4.6.1:
version "4.6.1"
resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.1.tgz#adc25d9cb99b9391c59624f379fbba60d7111d54"
integrity sha512-AOYza4+Hf5z1/0Hztxpm2/xiPZgi/cjMqdnKTUWTBSKchJlxXXuUSxCCl8rJlf4g6yww/j6mA8nC8Hw/EZWxKQ==
lodash@^4.17.11, lodash@^4.17.4:
version "4.17.11"
resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.11.tgz#b39ea6229ef607ecd89e2c8df12536891cac9b8d"
@ -2291,6 +2286,11 @@ merge2@^1.2.3:
resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.2.3.tgz#7ee99dbd69bb6481689253f018488a1b902b0ed5"
integrity sha512-gdUU1Fwj5ep4kplwcmftruWofEFt6lfpkkr3h860CXbAB9c3hGb55EOL2ali0Td5oebvW0E1+3Sr+Ur7XfKpRA==
merge@^1.2.1:
version "1.2.1"
resolved "https://registry.yarnpkg.com/merge/-/merge-1.2.1.tgz#38bebf80c3220a8a487b6fcfb3941bb11720c145"
integrity sha512-VjFo4P5Whtj4vsLzsYBu5ayHhoHJ0UqNm7ibvShmbmoz7tGi0vXaoJbGdB+GmDMLUdg8DpQXEIeVDAe8MaABvQ==
micromatch@^3.1.10, micromatch@^3.1.4:
version "3.1.10"
resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-3.1.10.tgz#70859bc95c9840952f359a068a3fc49f9ecfac23"