diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..ea821655 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Supported Versions + +This project is not under active development and is in low maintenance mode. + +## Reporting a Vulnerability + +You can email jrburke using the common gmail domain as the email host name. diff --git a/build/jslib/x.js b/build/jslib/x.js index e13ed1da..c7cf06a7 100644 --- a/build/jslib/x.js +++ b/build/jslib/x.js @@ -1,5 +1,5 @@ /** - * @license r.js 2.3.6 Copyright jQuery Foundation and other contributors. + * @license r.js 2.3.7 Copyright jQuery Foundation and other contributors. * Released under MIT license, http://github.com/requirejs/r.js/LICENSE */ @@ -19,7 +19,7 @@ var requirejs, require, define, xpcUtil; (function (console, args, readFileFunc) { var fileName, env, fs, vm, path, exec, rhinoContext, dir, nodeRequire, nodeDefine, exists, reqMain, loadedOptimizedLib, existsForNode, Cc, Ci, - version = '2.3.6', + version = '2.3.7', jsSuffixRegExp = /\.js$/, commandOption = '', useLibLoaded = {}, diff --git a/dist/r.js b/dist/r.js index 46f2864d..4112f609 100644 --- a/dist/r.js +++ b/dist/r.js @@ -1,5 +1,5 @@ /** - * @license r.js 2.3.6 Copyright jQuery Foundation and other contributors. + * @license r.js 2.3.7 Copyright jQuery Foundation and other contributors. * Released under MIT license, http://github.com/requirejs/r.js/LICENSE */ @@ -19,7 +19,7 @@ var requirejs, require, define, xpcUtil; (function (console, args, readFileFunc) { var fileName, env, fs, vm, path, exec, rhinoContext, dir, nodeRequire, nodeDefine, exists, reqMain, loadedOptimizedLib, existsForNode, Cc, Ci, - version = '2.3.6', + version = '2.3.7', jsSuffixRegExp = /\.js$/, commandOption = '', useLibLoaded = {}, @@ -248,7 +248,7 @@ var requirejs, require, define, xpcUtil; } /** vim: et:ts=4:sw=4:sts=4 - * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors. + * @license RequireJS 2.3.7 Copyright jQuery Foundation and other contributors. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE */ //Not using strict: uneven strict support in browsers, #392, and causes @@ -260,7 +260,7 @@ var requirejs, require, define, xpcUtil; (function (global, setTimeout) { var req, s, head, baseElement, dataMain, src, interactiveScript, currentlyAddingScript, mainScript, subPath, - version = '2.3.6', + version = '2.3.7', commentRegExp = /\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/mg, cjsRequireRegExp = /[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g, jsSuffixRegExp = /\.js$/, @@ -282,7 +282,8 @@ var requirejs, require, define, xpcUtil; contexts = {}, cfg = {}, globalDefQueue = [], - useInteractive = false; + useInteractive = false, + disallowedProps = ['__proto__', 'constructor']; //Could match something like ')//comment', do not lose the prefix to comment. function commentReplace(match, singlePrefix) { @@ -343,7 +344,7 @@ var requirejs, require, define, xpcUtil; function eachProp(obj, func) { var prop; for (prop in obj) { - if (hasProp(obj, prop)) { + if (hasProp(obj, prop) && disallowedProps.indexOf(prop) == -1) { if (func(obj[prop], prop)) { break; } diff --git a/require.js b/require.js index 78490f91..b49cd710 100644 --- a/require.js +++ b/require.js @@ -1,5 +1,5 @@ /** vim: et:ts=4:sw=4:sts=4 - * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors. + * @license RequireJS 2.3.7 Copyright jQuery Foundation and other contributors. * Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE */ //Not using strict: uneven strict support in browsers, #392, and causes @@ -11,7 +11,7 @@ var requirejs, require, define; (function (global, setTimeout) { var req, s, head, baseElement, dataMain, src, interactiveScript, currentlyAddingScript, mainScript, subPath, - version = '2.3.6', + version = '2.3.7', commentRegExp = /\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/mg, cjsRequireRegExp = /[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g, jsSuffixRegExp = /\.js$/, @@ -33,7 +33,8 @@ var requirejs, require, define; contexts = {}, cfg = {}, globalDefQueue = [], - useInteractive = false; + useInteractive = false, + disallowedProps = ['__proto__', 'constructor']; //Could match something like ')//comment', do not lose the prefix to comment. function commentReplace(match, singlePrefix) { @@ -94,7 +95,7 @@ var requirejs, require, define; function eachProp(obj, func) { var prop; for (prop in obj) { - if (hasProp(obj, prop)) { + if (hasProp(obj, prop) && disallowedProps.indexOf(prop) == -1) { if (func(obj[prop], prop)) { break; }