New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🔒 fix: CVE-2023-26115 #33
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,16 @@ | ||
/*! | ||
* word-wrap <https://github.com/jonschlinkert/word-wrap> | ||
* | ||
* Copyright (c) 2014-2017, Jon Schlinkert. | ||
* Copyright (c) 2014-2023, Jon Schlinkert. | ||
* Released under the MIT License. | ||
*/ | ||
|
||
function trimTabAndSpaces(str) { | ||
const lines = str.split('\n'); | ||
const trimmedLines = lines.map((line) => line.trimEnd()); | ||
return trimmedLines.join('\n'); | ||
} | ||
|
||
module.exports = function(str, options) { | ||
options = options || {}; | ||
if (str == null) { | ||
|
@@ -36,7 +42,7 @@ module.exports = function(str, options) { | |
}).join(newline); | ||
|
||
if (options.trim === true) { | ||
result = result.replace(/[ \t]*$/gm, ''); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I guess There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks, let me check on that. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. maybe or native better regex can be faster. need to bench to check that There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Hi @aashutoshrathi, sorry for the long delay, and thanks for the PR. I'll try to get this merged in ASAP.
Yes, let's use this pattern without the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @jonschlinkert Any update when this PR will be merged ? |
||
result = trimTabAndSpaces(result); | ||
} | ||
return result; | ||
}; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
may be using method chaining eliminates the need to create an intermediate variable ??
return str.split('\n').map(line => line.trimEnd()).join('\n');
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup! can be done. I once just need verification the approach or whether it is important or not
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
utilizing native
String.prototype.trimEnd()
would require the node-engine to be at least on version 10.0.0.Ref: String.prototype.trimEnd() - JavaScript | MDN
This should probably considered a breaking-change which requires new major version release.
Hence I would recommend to utilize custom implementation for this patch.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh! I can write
trimEnd
myself if that's the caseThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the reason mentioned by @mscheid-sf, for now let's merge in the regex I suggested in my other comment. After that I'd be happy to take another PR that replaces the regex with
.trimEnd()
(Using.trimEnd
would indeed qualify as a breaking change according to semver, and also it's generally a good practice to minimize potential for regressions when releasing patches).