From acec5366eb9094e670b6d1a87457634e74d6384e Mon Sep 17 00:00:00 2001
From: James Burke <jrburke@gmail.com>
Date: Thu, 3 Feb 2022 17:26:25 -0800
Subject: [PATCH 1/3] SECURITY.md
---
SECURITY.md | 9 +++++++++
1 file changed, 9 insertions(+)
create mode 100644 SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..ea821655
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+This project is not under active development and is in low maintenance mode.
+
+## Reporting a Vulnerability
+
+You can email jrburke using the common gmail domain as the email host name.
From ecc356a219b79075c562d002c21d18436482e15a Mon Sep 17 00:00:00 2001
From: James Burke <jrburke@gmail.com>
Date: Mon, 15 Jul 2024 22:26:43 -0700
Subject: [PATCH 2/3] Fixes requirejs/requirejs#1854, pollution
---
dist/r.js | 9 +++++----
require.js | 5 +++--
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/dist/r.js b/dist/r.js
index 46f2864d..ca747184 100644
--- a/dist/r.js
+++ b/dist/r.js
@@ -1,5 +1,5 @@
/**
- * @license r.js 2.3.6 Copyright jQuery Foundation and other contributors.
+ * @license r.js 2.3.6+ Tue, 16 Jul 2024 05:19:14 GMT Copyright jQuery Foundation and other contributors.
* Released under MIT license, http://github.com/requirejs/r.js/LICENSE
*/
@@ -19,7 +19,7 @@ var requirejs, require, define, xpcUtil;
(function (console, args, readFileFunc) {
var fileName, env, fs, vm, path, exec, rhinoContext, dir, nodeRequire,
nodeDefine, exists, reqMain, loadedOptimizedLib, existsForNode, Cc, Ci,
- version = '2.3.6',
+ version = '2.3.6 Tue, 16 Jul 2024 05:19:14 GMT',
jsSuffixRegExp = /\.js$/,
commandOption = '',
useLibLoaded = {},
@@ -282,7 +282,8 @@ var requirejs, require, define, xpcUtil;
contexts = {},
cfg = {},
globalDefQueue = [],
- useInteractive = false;
+ useInteractive = false,
+ disallowedProps = ['__proto__', 'constructor'];
//Could match something like ')//comment', do not lose the prefix to comment.
function commentReplace(match, singlePrefix) {
@@ -343,7 +344,7 @@ var requirejs, require, define, xpcUtil;
function eachProp(obj, func) {
var prop;
for (prop in obj) {
- if (hasProp(obj, prop)) {
+ if (hasProp(obj, prop) && disallowedProps.indexOf(prop) == -1) {
if (func(obj[prop], prop)) {
break;
}
diff --git a/require.js b/require.js
index 78490f91..acda0565 100644
--- a/require.js
+++ b/require.js
@@ -33,7 +33,8 @@ var requirejs, require, define;
contexts = {},
cfg = {},
globalDefQueue = [],
- useInteractive = false;
+ useInteractive = false,
+ disallowedProps = ['__proto__', 'constructor'];
//Could match something like ')//comment', do not lose the prefix to comment.
function commentReplace(match, singlePrefix) {
@@ -94,7 +95,7 @@ var requirejs, require, define;
function eachProp(obj, func) {
var prop;
for (prop in obj) {
- if (hasProp(obj, prop)) {
+ if (hasProp(obj, prop) && disallowedProps.indexOf(prop) == -1) {
if (func(obj[prop], prop)) {
break;
}
From 1874a29ad51a395703629e3aece5d094a791b7ea Mon Sep 17 00:00:00 2001
From: James Burke <jrburke@gmail.com>
Date: Sat, 20 Jul 2024 15:07:44 -0700
Subject: [PATCH 3/3] Rev to 2.3.7
---
build/jslib/x.js | 4 ++--
dist/r.js | 8 ++++----
require.js | 4 ++--
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/build/jslib/x.js b/build/jslib/x.js
index e13ed1da..c7cf06a7 100644
--- a/build/jslib/x.js
+++ b/build/jslib/x.js
@@ -1,5 +1,5 @@
/**
- * @license r.js 2.3.6 Copyright jQuery Foundation and other contributors.
+ * @license r.js 2.3.7 Copyright jQuery Foundation and other contributors.
* Released under MIT license, http://github.com/requirejs/r.js/LICENSE
*/
@@ -19,7 +19,7 @@ var requirejs, require, define, xpcUtil;
(function (console, args, readFileFunc) {
var fileName, env, fs, vm, path, exec, rhinoContext, dir, nodeRequire,
nodeDefine, exists, reqMain, loadedOptimizedLib, existsForNode, Cc, Ci,
- version = '2.3.6',
+ version = '2.3.7',
jsSuffixRegExp = /\.js$/,
commandOption = '',
useLibLoaded = {},
diff --git a/dist/r.js b/dist/r.js
index ca747184..4112f609 100644
--- a/dist/r.js
+++ b/dist/r.js
@@ -1,5 +1,5 @@
/**
- * @license r.js 2.3.6+ Tue, 16 Jul 2024 05:19:14 GMT Copyright jQuery Foundation and other contributors.
+ * @license r.js 2.3.7 Copyright jQuery Foundation and other contributors.
* Released under MIT license, http://github.com/requirejs/r.js/LICENSE
*/
@@ -19,7 +19,7 @@ var requirejs, require, define, xpcUtil;
(function (console, args, readFileFunc) {
var fileName, env, fs, vm, path, exec, rhinoContext, dir, nodeRequire,
nodeDefine, exists, reqMain, loadedOptimizedLib, existsForNode, Cc, Ci,
- version = '2.3.6 Tue, 16 Jul 2024 05:19:14 GMT',
+ version = '2.3.7',
jsSuffixRegExp = /\.js$/,
commandOption = '',
useLibLoaded = {},
@@ -248,7 +248,7 @@ var requirejs, require, define, xpcUtil;
}
/** vim: et:ts=4:sw=4:sts=4
- * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.
+ * @license RequireJS 2.3.7 Copyright jQuery Foundation and other contributors.
* Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE
*/
//Not using strict: uneven strict support in browsers, #392, and causes
@@ -260,7 +260,7 @@ var requirejs, require, define, xpcUtil;
(function (global, setTimeout) {
var req, s, head, baseElement, dataMain, src,
interactiveScript, currentlyAddingScript, mainScript, subPath,
- version = '2.3.6',
+ version = '2.3.7',
commentRegExp = /\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/mg,
cjsRequireRegExp = /[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g,
jsSuffixRegExp = /\.js$/,
diff --git a/require.js b/require.js
index acda0565..b49cd710 100644
--- a/require.js
+++ b/require.js
@@ -1,5 +1,5 @@
/** vim: et:ts=4:sw=4:sts=4
- * @license RequireJS 2.3.6 Copyright jQuery Foundation and other contributors.
+ * @license RequireJS 2.3.7 Copyright jQuery Foundation and other contributors.
* Released under MIT license, https://github.com/requirejs/requirejs/blob/master/LICENSE
*/
//Not using strict: uneven strict support in browsers, #392, and causes
@@ -11,7 +11,7 @@ var requirejs, require, define;
(function (global, setTimeout) {
var req, s, head, baseElement, dataMain, src,
interactiveScript, currentlyAddingScript, mainScript, subPath,
- version = '2.3.6',
+ version = '2.3.7',
commentRegExp = /\/\*[\s\S]*?\*\/|([^:"'=]|^)\/\/.*$/mg,
cjsRequireRegExp = /[^.]\s*require\s*\(\s*["']([^'"\s]+)["']\s*\)/g,
jsSuffixRegExp = /\.js$/,