@rhinostone/swig 1.4.4 → 1.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/.changes/v1.4.5.md +10 -0
  2. package/.github/workflows/ci.yml +19 -0
  3. package/HISTORY.md +11 -0
  4. package/README.md +2 -2
  5. package/ROADMAP.md +39 -0
  6. package/bin/swig.js +5 -3
  7. package/dist/swig.js +1 -1
  8. package/lib/swig.js +2 -2
  9. package/package.json +3 -6
package/.changes/v1.4.5.md ADDED
@@ -0,0 +1,10 @@
1
+ [1.4.5](https://github.com/gina-io/swig/tree/v1.4.5) / 2026-04-10
2
+ -----------------------------------------------------------------
3
+
4
+ * **Added** GitHub Actions CI workflow (lint + test on PRs and pushes)
5
+
6
+ * **Added** Public roadmap (`ROADMAP.md`)
7
+
8
+ * **Changed** Clean up legacy `paularmstrong` references in documentation
9
+
10
+ * **Security** Replace `optimist` with `yargs` in CLI, removing `minimist` from the production dependency tree entirely (CVE-2021-44906 fully resolved)
package/.github/workflows/ci.yml ADDED
@@ -0,0 +1,19 @@
1
+ name: CI
2
+
3
+ on:
4
+ push:
5
+ branches: [develop, master]
6
+ pull_request:
7
+ branches: [develop, master]
8
+
9
+ jobs:
10
+ lint-and-test:
11
+ runs-on: ubuntu-latest
12
+ steps:
13
+ - uses: actions/checkout@v4
14
+ - uses: actions/setup-node@v4
15
+ with:
16
+ node-version: 20
17
+ - run: npm install --depth=100 --loglevel=error
18
+ - run: make lint
19
+ - run: make test
package/HISTORY.md CHANGED
@@ -1,3 +1,14 @@
1
+ [1.4.5](https://github.com/gina-io/swig/tree/v1.4.5) / 2026-04-10
2
+ -----------------------------------------------------------------
3
+
4
+ * **Added** GitHub Actions CI workflow (lint + test on PRs and pushes)
5
+
6
+ * **Added** Public roadmap (`ROADMAP.md`)
7
+
8
+ * **Changed** Clean up legacy `paularmstrong` references in documentation
9
+
10
+ * **Security** Replace `optimist` with `yargs` in CLI, removing `minimist` from the production dependency tree entirely (CVE-2021-44906 fully resolved)
11
+
1
12
  [1.4.4](https://github.com/gina-io/swig/tree/v1.4.4) / 2026-04-10
2
13
  -----------------------------------------------------------------
3
14
 
package/README.md CHANGED
@@ -1,7 +1,7 @@
1
1
  Swig
2
2
  ====
3
3
 
4
- [![NPM version](http://img.shields.io/npm/v/@rhinostone/swig.svg?style=flat)](https://www.npmjs.org/package/@rhinostone/swig) [![NPM Downloads](http://img.shields.io/npm/dm/@rhinostone/swig.svg?style=flat)](https://www.npmjs.org/package/@rhinostone/swig)
4
+ [![CI](https://github.com/gina-io/swig/actions/workflows/ci.yml/badge.svg?branch=develop)](https://github.com/gina-io/swig/actions/workflows/ci.yml) [![NPM version](http://img.shields.io/npm/v/@rhinostone/swig.svg?style=flat)](https://www.npmjs.org/package/@rhinostone/swig) [![NPM Downloads](http://img.shields.io/npm/dm/@rhinostone/swig.svg?style=flat)](https://www.npmjs.org/package/@rhinostone/swig)
5
5
 
6
6
  > **Maintained fork.** This is [gina-io/swig](https://github.com/gina-io/swig), a maintained fork of the abandoned [paularmstrong/swig](https://github.com/paularmstrong/swig). Security fixes and critical bug fixes land here; no new features are planned. The original project has not had a release since 2014.
7
7
 
@@ -33,7 +33,7 @@ Installation
33
33
  Documentation
34
34
  -------------
35
35
 
36
- API reference is generated from [JSDoc](http://usejsdoc.org) comments inline in `lib/swig.js`, `lib/filters.js`, `lib/tags/`, and `lib/loaders/`. Run `make docs` to build and preview the static documentation site locally.
36
+ API reference is generated from [JSDoc](https://jsdoc.app) comments inline in `lib/swig.js`, `lib/filters.js`, `lib/tags/`, and `lib/loaders/`. Run `make docs` to build and preview the static documentation site locally.
37
37
 
38
38
  Basic Example
39
39
  -------------
package/ROADMAP.md ADDED
@@ -0,0 +1,39 @@
1
+ # Roadmap
2
+
3
+ Planned work for `@rhinostone/swig`. Updated each release.
4
+
5
+ For bug reports and feature requests, file an issue at [gina-io/swig](https://github.com/gina-io/swig/issues).
6
+
7
+ ---
8
+
9
+ ## v1.5.0 (next)
10
+
11
+ | Status | Item |
12
+ | --- | --- |
13
+ | Planned | Investigate replacing external deps with internal modules |
14
+ | Planned | Full security audit of dependency tree, template pipeline, and CLI argv flow |
15
+
16
+ ---
17
+
18
+ ## Completed
19
+
20
+ ### v1.4.5 (April 2026)
21
+
22
+ - Replace `optimist` with `yargs` in CLI, removing `minimist` from the production dependency tree entirely (CVE-2021-44906 fully resolved)
23
+ - Clean up legacy `paularmstrong` references in documentation
24
+ - GitHub Actions CI workflow (lint + test on PRs and pushes)
25
+ - Public roadmap (`ROADMAP.md`)
26
+
27
+ ### v1.4.4 (April 2026)
28
+
29
+ - Block `__proto__`/`constructor`/`prototype` in templates (CVE-2023-25345)
30
+ - Replace `nodelint` with ESLint v8
31
+ - Fix pre-commit hook (exit-code gates, mocha failure detection)
32
+ - Fix mocha `.bin` shim (silent on Node >= 18)
33
+ - Loosen `tests/bin/bin.test.js` fixtures for modern V8
34
+ - Replace `uglify-js` with `terser` in the Makefile build target
35
+ - Update install/require references to `@rhinostone/swig`
36
+
37
+ ### v1.4.3 (April 2026)
38
+
39
+ - Pin `minimist` to `^1.2.8` via npm `overrides` (CVE-2021-44906)
package/bin/swig.js CHANGED
@@ -2,7 +2,7 @@
2
2
  /*jslint es5: true */
3
3
 
4
4
  var swig = require('../index'),
5
- optimist = require('optimist'),
5
+ yargs = require('yargs'),
6
6
  fs = require('fs'),
7
7
  path = require('path'),
8
8
  filters = require('../lib/filters'),
@@ -11,7 +11,7 @@ var swig = require('../index'),
11
11
 
12
12
  var command,
13
13
  wrapstart = 'var tpl = ',
14
- argv = optimist
14
+ argv = yargs
15
15
  .usage('\n Usage:\n' +
16
16
  ' $0 compile [files] [options]\n' +
17
17
  ' $0 run [files] [options]\n' +
@@ -43,7 +43,7 @@ var command,
43
43
  .default('method-name', 'tpl')
44
44
  .check(function (argv) {
45
45
  if (argv.v) {
46
- return;
46
+ return true;
47
47
  }
48
48
 
49
49
  if (!argv._.length) {
@@ -62,6 +62,8 @@ var command,
62
62
  if (argv['method-name'] !== 'tpl') {
63
63
  argv['wrap-start'] = 'var ' + argv['method-name'] + ' = ';
64
64
  }
65
+
66
+ return true;
65
67
  })
66
68
  .argv,
67
69
  ctx = {},
package/dist/swig.js CHANGED
@@ -2290,7 +2290,7 @@ exports.setDefaultTZOffset = function (offset) {
2290
2290
  * Create a new, separate Swig compile/render environment.
2291
2291
  *
2292
2292
  * @example
2293
- * var swig = require('swig');
2293
+ * var swig = require('@rhinostone/swig');
2294
2294
  * var myswig = new swig.Swig({varControls: ['<%=', '%>']});
2295
2295
  * myswig.render('Tacos are <%= tacos =>!', { locals: { tacos: 'delicious' }});
2296
2296
  * // => Tacos are delicious!
package/lib/swig.js CHANGED
@@ -8,11 +8,11 @@ var utils = require('./utils'),
8
8
  /**
9
9
  * Swig version number as a string.
10
10
  * @example
11
- * if (swig.version === "1.4.4") { ... }
11
+ * if (swig.version === "1.4.5") { ... }
12
12
  *
13
13
  * @type {String}
14
14
  */
15
- exports.version = "1.4.4";
15
+ exports.version = "1.4.5";
16
16
 
17
17
  /**
18
18
  * Swig Options Object. This object can be passed to many of the API-level Swig methods to control various aspects of the engine. All keys are optional.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rhinostone/swig",
3
- "version": "1.4.4",
3
+ "version": "1.4.5",
4
4
  "description": "A simple, powerful, and extendable templating engine for node.js and browsers, similar to Django, Jinja2, and Twig.",
5
5
  "keywords": [
6
6
  "template",
@@ -21,11 +21,8 @@
21
21
  "Rhinostone <contact@gina.io>"
22
22
  ],
23
23
  "dependencies": {
24
- "optimist": "~0.6",
25
- "uglify-js": "~2.4"
26
- },
27
- "overrides": {
28
- "minimist": "^1.2.8"
24
+ "uglify-js": "~2.4",
25
+ "yargs": "~3.32"
29
26
  },
30
27
  "devDependencies": {
31
28
  "blanket": "~1.1",