npm - @bigbinary/neeto-commons-frontend - Versions diffs - 4.13.96 → 4.13.97 - Mend

@bigbinary/neeto-commons-frontend 4.13.96 → 4.13.97

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/cjs/{lodash-yQg9l0eZ.js → lodash-CAzW54WT.js} +44 -5
package/dist/cjs/lodash-CAzW54WT.js.map +1 -0
package/dist/cjs/react-utils/index.js +1 -1
package/dist/cjs/react-utils/useLocalStorage/index.js +1 -1
package/dist/cjs/react-utils/useLocalStorage/useLocalStorage.js +1 -1
package/dist/cjs/utils/captureAnalyticsEvent.js +1 -1
package/dist/cjs/utils/captureAnalyticsPageView.js +1 -1
package/dist/cjs/utils/index.js +1 -1
package/dist/cjs/utils/timezonePlugin.js +2 -0
package/dist/cjs/utils/timezonePlugin.js.map +1 -1
package/dist/{lodash-M8VRFvKw.js → lodash-BE1wh9Io.js} +44 -5
package/dist/lodash-BE1wh9Io.js.map +1 -0
package/dist/react-utils/index.js +1 -1
package/dist/react-utils/useLocalStorage/index.js +1 -1
package/dist/react-utils/useLocalStorage/useLocalStorage.js +1 -1
package/dist/utils/captureAnalyticsEvent.js +1 -1
package/dist/utils/captureAnalyticsPageView.js +1 -1
package/dist/utils/index.js +1 -1
package/dist/utils/timezonePlugin.js +2 -0
package/dist/utils/timezonePlugin.js.map +1 -1
package/package.json +3 -3
package/dist/cjs/lodash-yQg9l0eZ.js.map +0 -1
package/dist/lodash-M8VRFvKw.js.map +0 -1

package/dist/cjs/{lodash-yQg9l0eZ.js → lodash-CAzW54WT.js} RENAMED Viewed

@@ -21,7 +21,7 @@ lodash.exports;
 	  var undefined$1;
 	  /** Used as the semantic version number. */
-	  var VERSION = '4.17.21';
+	  var VERSION = '4.17.23';
 	  /** Used as the size to enable large array optimizations. */
 	  var LARGE_ARRAY_SIZE = 200;
@@ -3775,7 +3775,7 @@ lodash.exports;
 	          if (isArray(iteratee)) {
 	            return function(value) {
 	              return baseGet(value, iteratee.length === 1 ? iteratee[0] : iteratee);
-	            }
+	            };
 	          }
 	          return iteratee;
 	        });
@@ -4379,8 +4379,47 @@ lodash.exports;
 	     */
 	    function baseUnset(object, path) {
 	      path = castPath(path, object);
-	      object = parent(object, path);
-	      return object == null || delete object[toKey(last(path))];
+	      // Prevent prototype pollution, see: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
+	      var index = -1,
+	          length = path.length;
+	      if (!length) {
+	        return true;
+	      }
+	      var isRootPrimitive = object == null || (typeof object !== 'object' && typeof object !== 'function');
+	      while (++index < length) {
+	        var key = path[index];
+	        // skip non-string keys (e.g., Symbols, numbers)
+	        if (typeof key !== 'string') {
+	          continue;
+	        }
+	        // Always block "__proto__" anywhere in the path if it's not expected
+	        if (key === '__proto__' && !hasOwnProperty.call(object, '__proto__')) {
+	          return false;
+	        }
+	        // Block "constructor.prototype" chains
+	        if (key === 'constructor' &&
+	            (index + 1) < length &&
+	            typeof path[index + 1] === 'string' &&
+	            path[index + 1] === 'prototype') {
+	          // Allow ONLY when the path starts at a primitive root, e.g., _.unset(0, 'constructor.prototype.a')
+	          if (isRootPrimitive && index === 0) {
+	            continue;
+	          }
+	          return false;
+	        }
+	      }
+	      var obj = parent(object, path);
+	      return obj == null || delete obj[toKey(last(path))];
 	    }
 	    /**
@@ -17207,4 +17246,4 @@ lodash.exports;
 var lodashExports = lodash.exports;
 exports.lodashExports = lodashExports;
-//# sourceMappingURL=lodash-yQg9l0eZ.js.map
+//# sourceMappingURL=lodash-CAzW54WT.js.map