Merge pull request #342 from Kashoo/340-lodash

Issue 340: Address lodash security vulnerability

CHANGELOG.md

@@ -5,6 +5,9 @@ This project adheres to [Semantic Versioning](http://semver.org/). All notable c
 ### Fixed
 - [#338](https://github.com/Kashoo/synctos/issues/338): The `mustNotBeMissing` and `mustNotBeNull` constraints do not behave as expected
 
+### Security
+- [340](https://github.com/Kashoo/synctos/issues/340): Security vulnerability in lodash dev dependency
+
 ### Deprecated
 - `mustNotBeMissing` constraint
 - `mustNotBeNull` constraint

lib/commander/VERSION

@@ -1 +1 @@
-2.18.0
+2.19.0

lib/commander/index.js

@@ -580,9 +580,9 @@ Command.prototype.executeSubCommand = function(argv, args, unknown) {
   proc.on('close', process.exit.bind(process));
   proc.on('error', function(err) {
     if (err.code === 'ENOENT') {
-      console.error('%s(1) does not exist, try --help', bin);
+      console.error('error: %s(1) does not exist, try --help', bin);
     } else if (err.code === 'EACCES') {
-      console.error('%s(1) not executable. try chmod or run with root', bin);
+      console.error('error: %s(1) not executable. try chmod or run with root', bin);
     }
     process.exit(1);
   });
@@ -792,9 +792,7 @@ Command.prototype.opts = function() {
  */
 
 Command.prototype.missingArgument = function(name) {
-  console.error();
-  console.error("  error: missing required argument `%s'", name);
-  console.error();
+  console.error("error: missing required argument `%s'", name);
   process.exit(1);
 };
 
@@ -807,13 +805,11 @@ Command.prototype.missingArgument = function(name) {
  */
 
 Command.prototype.optionMissingArgument = function(option, flag) {
-  console.error();
   if (flag) {
-    console.error("  error: option `%s' argument missing, got `%s'", option.flags, flag);
+    console.error("error: option `%s' argument missing, got `%s'", option.flags, flag);
   } else {
-    console.error("  error: option `%s' argument missing", option.flags);
+    console.error("error: option `%s' argument missing", option.flags);
   }
-  console.error();
   process.exit(1);
 };
 
@@ -826,9 +822,7 @@ Command.prototype.optionMissingArgument = function(option, flag) {
 
 Command.prototype.unknownOption = function(flag) {
   if (this._allowUnknownOption) return;
-  console.error();
-  console.error("  error: unknown option `%s'", flag);
-  console.error();
+  console.error("error: unknown option `%s'", flag);
   process.exit(1);
 };
 
@@ -840,9 +834,7 @@ Command.prototype.unknownOption = function(flag) {
  */
 
 Command.prototype.variadicArgNotLast = function(name) {
-  console.error();
-  console.error("  error: variadic arguments must be last `%s'", name);
-  console.error();
+  console.error("error: variadic arguments must be last `%s'", name);
   process.exit(1);
 };
 
@@ -1053,7 +1045,7 @@ Command.prototype.optionHelp = function() {
   // Append the help information
   return this.options.map(function(option) {
     return pad(option.flags, width) + '  ' + option.description +
-      ((option.bool && option.defaultValue !== undefined) ? ' (default: ' + option.defaultValue + ')' : '');
+      ((option.bool && option.defaultValue !== undefined) ? ' (default: ' + JSON.stringify(option.defaultValue) + ')' : '');
   }).concat([pad('-h, --help', width) + '  ' + 'output usage information'])
     .join('\n');
 };
@@ -1073,7 +1065,6 @@ Command.prototype.commandHelp = function() {
 
   return [
     'Commands:',
-    '',
     commands.map(function(cmd) {
       var desc = cmd[1] ? '  ' + cmd[1] : '';
       return (desc ? pad(cmd[0], width) : cmd[0]) + desc;
@@ -1124,7 +1115,6 @@ Command.prototype.helpInformation = function() {
 
   var options = [
     'Options:',
-    '',
     '' + this.optionHelp().replace(/^/gm, '  '),
     ''
   ];

lib/indent.js/LICENSE.md → lib/indent.js/LICENSE

@@ -1,7 +1,7 @@
 The MIT License (MIT)
 =====================
 
-Copyright © `2017` `Zeb Zhao`
+Copyright © 2018 Zeb Zhao
 
 Permission is hereby granted, free of charge, to any person
 obtaining a copy of this software and associated documentation
@@ -22,4 +22,4 @@ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
+OTHER DEALINGS IN THE SOFTWARE.

lib/indent.js/VERSION

@@ -1 +1 @@
-0.3.2
+0.3.4

lib/indent.js/indent.js

@@ -10,6 +10,25 @@
 var indent = (function (root) {
   var rulesCache = {};
 
+  function map(array, predicate) {
+    var i, results = [];
+    for (i=0; i<array.length; i++) {
+      results.push(predicate(array[i], i, array));
+    }
+    return results;
+  }
+
+  function some(array, predicate) {
+    var i, result;
+    for (i=0; i<array.length; i++) {
+      result = predicate(array[i], i, array);
+      if (result) {
+        return result;
+      }
+    }
+    return false;
+  }
+
   function filterRules(language, rules, excludes) {
     if (rulesCache[language])
       return rulesCache[language];
@@ -32,6 +51,7 @@ var indent = (function (root) {
   }
 
   var NEW_LINE_REGEX = /\r*\n/;
+  var HTML_TAG_RULES = ["tag", "void-tags", "html-tag"];
 
   /**
    * Soft dedent: this type of dedent has the opposite effect and will actually indent every line
@@ -48,6 +68,7 @@ var indent = (function (root) {
    * $matchBeginning - match at beginning of line only
    * $languages - used to filter by language later
    * $lineOffset - added to the line field when rule is applied
+   * $excludeIf - used to exclude rule matching if any of these rules are active
    * $lastRule - used to continue a previous rule
    * $newScope - used to determine if rule creates a new scope, used for lastRule
    *
@@ -57,7 +78,7 @@ var indent = (function (root) {
    */
   var MASTER_RULES = [
     {
-      $languages: "html",
+      $languages: "js html",
       $name: "comment",
       $startPatterns: [/\<\!\-\-/],
       $endPatterns: [/\-\-\>/],
@@ -73,7 +94,7 @@ var indent = (function (root) {
       $consumeEndMatch: true
     },
     {
-      $languages: "html",
+      $languages: "js html",
       $name: "void-tags",
       $startPatterns: [
         /\<(area|base|br|col|command|embed|hr|img|input|keygen|link|menuitem|meta|param|source|track|wbr)/i],
@@ -135,10 +156,10 @@ var indent = (function (root) {
       $consumeEndMatch: true
     },
     {
-      $languages: "html",
+      $languages: "js html",
       $name: "tag",
       $startPatterns: [function (string, rule, state) {
-        var re = /<([A-Za-z0-9\-]+)/;
+        var re = /<([A-Za-z][A-Za-z0-9\-\.]*)/;
         var match = string.match(re);
         if (match) {
           state.openingTag = match[1];
@@ -151,7 +172,7 @@ var indent = (function (root) {
         }
       }],
       $endPatterns: [function (string, rule, state) {
-        var re = new RegExp("</" + state.openingTag + ">", "i");
+        var re = new RegExp("<\/" + state.openingTag + ">|\\s\/>", "i");
         var match = string.match(re);
         if (match) {
           return {
@@ -228,16 +249,18 @@ var indent = (function (root) {
       $consumeEndMatch: true
     },
     {
-      $languages: "html",
+      $languages: "js html",
       $name: "quotes",
+      $excludeIf: HTML_TAG_RULES,
       $startPatterns: [/"/],
       $endPatterns: [/"/, NEW_LINE_REGEX],
       $ignoreRules: true,
       $consumeEndMatch: true
     },
     {
-      $languages: "html",
+      $languages: "js html",
       $name: "quotes",
+      $excludeIf: HTML_TAG_RULES,
       $startPatterns: [/'/],
       $endPatterns: [/'/, NEW_LINE_REGEX],
       $ignoreRules: true,
@@ -381,6 +404,7 @@ var indent = (function (root) {
     {
       $languages: "js",
       $name: "=",
+      $excludeIf: HTML_TAG_RULES,
       $startPatterns: [/=/],
       $endPatterns: [/[,;\)\]}]/, NEW_LINE_REGEX]
     },
@@ -598,10 +622,16 @@ var indent = (function (root) {
 
       var lastMatch = lastMatches[lastMatches.length - 1];
       var lastRuleInScope = lastMatch ? lastMatch.rule.$name : '';
+      var activeRules =  map(activeMatches, function (match) {
+        return match.rule.$name;
+      }).join('\n');  // Use \n as a special delimiter for rule names
 
       for (var rule, r = 0; r < rules.length; r++) {
         rule = rules[r];
-        if (!rule.$lastRule ||
+        if (rule.$excludeIf && some(rule.$excludeIf, function (excludeRule) {
+            return activeRules.indexOf(excludeRule) != -1;
+          })) {
+        } else if (!rule.$lastRule ||
             (lastRuleInScope && rule.$lastRule.indexOf(lastRuleInScope) !== -1)
         ) {
           match = searchAny(string, rule.$startPatterns, rule);

lib/joi/LICENSE

@@ -2,7 +2,7 @@
 Joi
 ===
 
-Copyright (c) 2012-2017, Project contributors
+Copyright (c) 2012-2018, Project contributors
 Copyright (c) 2012-2014, Walmart
 All rights reserved.
 

lib/joi/VERSION

@@ -1 +1 @@
-13.7.0
+14.3.1