openstack
/
xstatic-js-yaml
Code Issues Proposed changes

Update package to 3.13.1.0 

Version 3.13.1 includes fixes for some security issues as:

https://www.npmjs.com/advisories/788
https://www.npmjs.com/advisories/813

Change-Id: I4684d5fc6b2d6f8fa5d16421ebbc861f78c10c64
This commit is contained in:
Alfredo Moralejo 2019-06-20 16:26:40 +02:00
parent 3e05a2a125
commit ed5ce7005b
4 changed files with 136 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.txt
View File

@ -1,5 +1,5 @@
XStatic-JS-Yaml
--------------
---------------
JS Yaml JavaScript library packaged for setuptools (easy_install) / pip.

2
setup.cfg
View File

@ -1,6 +1,6 @@
[metadata]
name = XStatic-JS-Yaml
description = JS-Yaml 3.8.1 (XStatic packaging standard)
description = JS-Yaml 3.13.1 (XStatic packaging standard)
description-file = README.rst
maintainer = xinni.ge
maintainer-email = xinni.ge@ntt.com

2
xstatic/pkg/js_yaml/__init__.py
View File

@ -11,7 +11,7 @@ NAME = __name__.split('.')[-1] # package name (e.g. 'foo' or 'foo_bar')
# please use a all-lowercase valid python
# package name
VERSION = '3.8.1' # version of the packaged files, please use the upstream
VERSION = '3.13.1' # version of the packaged files, please use the upstream
# version number
BUILD = '0' # our package build number, so we can release new builds
# with fixes for xstatic stuff.

182
xstatic/pkg/js_yaml/data/js-yaml.js
View File

@ -1,4 +1,4 @@
/* js-yaml 3.8.1 https://github.com/nodeca/js-yaml */(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.jsyaml = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
/* js-yaml 3.13.1 https://github.com/nodeca/js-yaml */(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.jsyaml = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
'use strict';
@ -208,15 +208,17 @@ function encodeHex(character) {
}
function State(options) {
this.schema = options['schema'] || DEFAULT_FULL_SCHEMA;
this.indent = Math.max(1, (options['indent'] || 2));
this.skipInvalid = options['skipInvalid'] || false;
this.flowLevel = (common.isNothing(options['flowLevel']) ? -1 : options['flowLevel']);
this.styleMap = compileStyleMap(this.schema, options['styles'] || null);
this.sortKeys = options['sortKeys'] || false;
this.lineWidth = options['lineWidth'] || 80;
this.noRefs = options['noRefs'] || false;
this.noCompatMode = options['noCompatMode'] || false;
this.schema = options['schema'] || DEFAULT_FULL_SCHEMA;
this.indent = Math.max(1, (options['indent'] || 2));
this.noArrayIndent = options['noArrayIndent'] || false;
this.skipInvalid = options['skipInvalid'] || false;
this.flowLevel = (common.isNothing(options['flowLevel']) ? -1 : options['flowLevel']);
this.styleMap = compileStyleMap(this.schema, options['styles'] || null);
this.sortKeys = options['sortKeys'] || false;
this.lineWidth = options['lineWidth'] || 80;
this.noRefs = options['noRefs'] || false;
this.noCompatMode = options['noCompatMode'] || false;
this.condenseFlow = options['condenseFlow'] || false;
this.implicitTypes = this.schema.compiledImplicit;
this.explicitTypes = this.schema.compiledExplicit;
@ -336,6 +338,12 @@ function isPlainSafeFirst(c) {
&& c !== CHAR_GRAVE_ACCENT;
}
// Determines whether block indentation indicator is required.
function needIndentIndicator(string) {
var leadingSpaceRe = /^\n* /;
return leadingSpaceRe.test(string);
}
var STYLE_PLAIN = 1,
STYLE_SINGLE = 2,
STYLE_LITERAL = 3,
@ -403,7 +411,7 @@ function chooseScalarStyle(string, singleLineOnly, indentPerLevel, lineWidth, te
? STYLE_PLAIN : STYLE_SINGLE;
}
// Edge case: block indentation indicator can only have one digit.
if (string[0] === ' ' && indentPerLevel > 9) {
if (indentPerLevel > 9 && needIndentIndicator(string)) {
return STYLE_DOUBLE;
}
// At this point we know block styles are valid.
@ -467,7 +475,7 @@ function writeScalar(state, string, level, iskey) {
// Pre-conditions: string is valid for a block scalar, 1 <= indentPerLevel <= 9.
function blockHeader(string, indentPerLevel) {
var indentIndicator = (string[0] === ' ') ? String(indentPerLevel) : '';
var indentIndicator = needIndentIndicator(string) ? String(indentPerLevel) : '';
// note the special case: the string '\n' counts as a "trailing" empty line.
var clip = string[string.length - 1] === '\n';
@ -563,11 +571,21 @@ function foldLine(line, width) {
// Escapes a double-quoted string.
function escapeString(string) {
var result = '';
var char;
var char, nextChar;
var escapeSeq;
for (var i = 0; i < string.length; i++) {
char = string.charCodeAt(i);
// Check for surrogate pairs (reference Unicode 3.0 section "3.7 Surrogates").
if (char >= 0xD800 && char <= 0xDBFF/* high surrogate */) {
nextChar = string.charCodeAt(i + 1);
if (nextChar >= 0xDC00 && nextChar <= 0xDFFF/* low surrogate */) {
// Combine the surrogate pair and store it escaped.
result += encodeHex((char - 0xD800) * 0x400 + nextChar - 0xDC00 + 0x10000);
// Advance index one extra since we already used that char here.
i++; continue;
}
}
escapeSeq = ESCAPE_SEQUENCES[char];
result += !escapeSeq && isPrintable(char)
? string[i]
@ -586,7 +604,7 @@ function writeFlowSequence(state, level, object) {
for (index = 0, length = object.length; index < length; index += 1) {
// Write only valid elements.
if (writeNode(state, level, object[index], false, false)) {
if (index !== 0) _result += ', ';
if (index !== 0) _result += ',' + (!state.condenseFlow ? ' ' : '');
_result += state.dump;
}
}
@ -607,7 +625,14 @@ function writeBlockSequence(state, level, object, compact) {
if (!compact || index !== 0) {
_result += generateNextLine(state, level);
}
_result += '- ' + state.dump;
if (state.dump && CHAR_LINE_FEED === state.dump.charCodeAt(0)) {
_result += '-';
} else {
_result += '- ';
}
_result += state.dump;
}
}
@ -626,7 +651,7 @@ function writeFlowMapping(state, level, object) {
pairBuffer;
for (index = 0, length = objectKeyList.length; index < length; index += 1) {
pairBuffer = '';
pairBuffer = state.condenseFlow ? '"' : '';
if (index !== 0) pairBuffer += ', ';
@ -639,7 +664,7 @@ function writeFlowMapping(state, level, object) {
if (state.dump.length > 1024) pairBuffer += '? ';
pairBuffer += state.dump + ': ';
pairBuffer += state.dump + (state.condenseFlow ? '"' : '') + ':' + (state.condenseFlow ? '' : ' ');
if (!writeNode(state, level, objectValue, false, false)) {
continue; // Skip this pair because of invalid value.
@ -813,13 +838,14 @@ function writeNode(state, level, object, block, compact, iskey) {
}
}
} else if (type === '[object Array]') {
var arrayLevel = (state.noArrayIndent && (level > 0)) ? level - 1 : level;
if (block && (state.dump.length !== 0)) {
writeBlockSequence(state, level, state.dump, compact);
writeBlockSequence(state, arrayLevel, state.dump, compact);
if (duplicate) {
state.dump = '&ref_' + duplicateIndex + state.dump;
}
} else {
writeFlowSequence(state, level, state.dump);
writeFlowSequence(state, arrayLevel, state.dump);
if (duplicate) {
state.dump = '&ref_' + duplicateIndex + ' ' + state.dump;
}
@ -912,6 +938,11 @@ function YAMLException(reason, mark) {
// Super constructor
Error.call(this);
this.name = 'YAMLException';
this.reason = reason;
this.mark = mark;
this.message = (this.reason || '(unknown reason)') + (this.mark ? ' ' + this.mark.toString() : '');
// Include stack trace in error object
if (Error.captureStackTrace) {
// Chrome and NodeJS
@ -920,11 +951,6 @@ function YAMLException(reason, mark) {
// FF, IE 10+ and Safari 6+. Fallback for others
this.stack = (new Error()).stack || '';
}
this.name = 'YAMLException';
this.reason = reason;
this.mark = mark;
this.message = (this.reason || '(unknown reason)') + (this.mark ? ' ' + this.mark.toString() : '');
}
@ -981,6 +1007,8 @@ var PATTERN_TAG_HANDLE = /^(?:!|!!|![a-z\-]+!)$/i;
var PATTERN_TAG_URI = /^(?:!|[^,\[\]\{\}])(?:%[0-9a-f]{2}|[0-9a-z\-#;\/\?:@&=\+\$,_\.!~\*'\(\)\[\]])*$/i;
function _class(obj) { return Object.prototype.toString.call(obj); }
function is_EOL(c) {
return (c === 0x0A/* LF */) || (c === 0x0D/* CR */);
}
@ -1037,6 +1065,7 @@ function fromDecimalCode(c) {
}
function simpleEscapeSequence(c) {
/* eslint-disable indent */
return (c === 0x30/* 0 */) ? '\x00' :
(c === 0x61/* a */) ? '\x07' :
(c === 0x62/* b */) ? '\x08' :
@ -1063,8 +1092,10 @@ function charFromCodepoint(c) {
}
// Encode UTF-16 surrogate pair
// https://en.wikipedia.org/wiki/UTF-16#Code_points_U.2B010000_to_U.2B10FFFF
return String.fromCharCode(((c - 0x010000) >> 10) + 0xD800,
((c - 0x010000) & 0x03FF) + 0xDC00);
return String.fromCharCode(
((c - 0x010000) >> 10) + 0xD800,
((c - 0x010000) & 0x03FF) + 0xDC00
);
}
var simpleEscapeCheck = new Array(256); // integer, for fast access
@ -1196,9 +1227,7 @@ function captureSegment(state, start, end, checkJson) {
_result = state.input.slice(start, end);
if (checkJson) {
for (_position = 0, _length = _result.length;
_position < _length;
_position += 1) {
for (_position = 0, _length = _result.length; _position < _length; _position += 1) {
_character = _result.charCodeAt(_position);
if (!(_character === 0x09 ||
(0x20 <= _character && _character <= 0x10FFFF))) {
@ -1235,6 +1264,31 @@ function mergeMappings(state, destination, source, overridableKeys) {
function storeMappingPair(state, _result, overridableKeys, keyTag, keyNode, valueNode, startLine, startPos) {
var index, quantity;
// The output is a plain object here, so keys can only be strings.
// We need to convert keyNode to a string, but doing so can hang the process
// (deeply nested arrays that explode exponentially using aliases).
if (Array.isArray(keyNode)) {
keyNode = Array.prototype.slice.call(keyNode);
for (index = 0, quantity = keyNode.length; index < quantity; index += 1) {
if (Array.isArray(keyNode[index])) {
throwError(state, 'nested arrays are not supported inside keys');
}
if (typeof keyNode === 'object' && _class(keyNode[index]) === '[object Object]') {
keyNode[index] = '[object Object]';
}
}
}
// Avoid code execution in load() via toString property
// (still use its own toString for arrays, timestamps,
// and whatever user schema extensions happen to have @@toStringTag)
if (typeof keyNode === 'object' && _class(keyNode) === '[object Object]') {
keyNode = '[object Object]';
}
keyNode = String(keyNode);
if (_result === null) {
@ -1947,7 +2001,7 @@ function readBlockMapping(state, nodeIndent, flowIndent) {
allowCompact = true;
} else {
throwError(state, 'incomplete explicit mapping pair; a key node is missed');
throwError(state, 'incomplete explicit mapping pair; a key node is missed; or followed by a non-tabulated empty line');
}
state.position += 1;
@ -2316,9 +2370,7 @@ function composeNode(state, parentIndent, nodeContext, allowToSeek, allowCompact
if (state.tag !== null && state.tag !== '!') {
if (state.tag === '?') {
for (typeIndex = 0, typeQuantity = state.implicitTypes.length;
typeIndex < typeQuantity;
typeIndex += 1) {
for (typeIndex = 0, typeQuantity = state.implicitTypes.length; typeIndex < typeQuantity; typeIndex += 1) {
type = state.implicitTypes[typeIndex];
// Implicit resolving is not allowed for non-scalar types, and '?'
@ -2507,6 +2559,10 @@ function loadDocuments(input, options) {
function loadAll(input, iterator, options) {
var documents = loadDocuments(input, options), index, length;
if (typeof iterator !== 'function') {
return documents;
}
for (index = 0, length = documents.length; index < length; index += 1) {
iterator(documents[index]);
}
@ -2527,7 +2583,11 @@ function load(input, options) {
function safeLoadAll(input, output, options) {
loadAll(input, output, common.extend({ schema: DEFAULT_SAFE_SCHEMA }, options));
if (typeof output === 'function') {
loadAll(input, output, common.extend({ schema: DEFAULT_SAFE_SCHEMA }, options));
} else {
return loadAll(input, common.extend({ schema: DEFAULT_SAFE_SCHEMA }, options));
}
}
@ -3099,16 +3159,27 @@ var common = require('../common');
var Type = require('../type');
var YAML_FLOAT_PATTERN = new RegExp(
'^(?:[-+]?(?:[0-9][0-9_]*)\\.[0-9_]*(?:[eE][-+][0-9]+)?' +
'|\\.[0-9_]+(?:[eE][-+][0-9]+)?' +
// 2.5e4, 2.5 and integers
'^(?:[-+]?(?:0|[1-9][0-9_]*)(?:\\.[0-9_]*)?(?:[eE][-+]?[0-9]+)?' +
// .2e4, .2
// special case, seems not from spec
'|\\.[0-9_]+(?:[eE][-+]?[0-9]+)?' +
// 20:59
'|[-+]?[0-9][0-9_]*(?::[0-5]?[0-9])+\\.[0-9_]*' +
// .inf
'|[-+]?\\.(?:inf|Inf|INF)' +
// .nan
'|\\.(?:nan|NaN|NAN))$');
function resolveYamlFloat(data) {
if (data === null) return false;
if (!YAML_FLOAT_PATTERN.test(data)) return false;
if (!YAML_FLOAT_PATTERN.test(data) ||
// Quick hack to not allow integers end with `_`
// Probably should update regexp & check speed
data[data.length - 1] === '_') {
return false;
}
return true;
}
@ -3253,7 +3324,7 @@ function resolveYamlInteger(data) {
if (ch !== '0' && ch !== '1') return false;
hasDigits = true;
}
return hasDigits;
return hasDigits && ch !== '_';
}
@ -3267,7 +3338,7 @@ function resolveYamlInteger(data) {
if (!isHexCode(data.charCodeAt(index))) return false;
hasDigits = true;
}
return hasDigits;
return hasDigits && ch !== '_';
}
// base 8
@ -3277,11 +3348,14 @@ function resolveYamlInteger(data) {
if (!isOctCode(data.charCodeAt(index))) return false;
hasDigits = true;
}
return hasDigits;
return hasDigits && ch !== '_';
}
// base 10 (except 0) or base 60
// value should not start with `_`;
if (ch === '_') return false;
for (; index < max; index++) {
ch = data[index];
if (ch === '_') continue;
@ -3292,7 +3366,8 @@ function resolveYamlInteger(data) {
hasDigits = true;
}
if (!hasDigits) return false;
// Should have digits and should not end with `_`
if (!hasDigits || ch === '_') return false;
// if !base60 - done;
if (ch !== ':') return true;
@ -3355,10 +3430,11 @@ module.exports = new Type('tag:yaml.org,2002:int', {
construct: constructYamlInteger,
predicate: isInteger,
represent: {
binary: function (object) { return '0b' + object.toString(2); },
octal: function (object) { return '0' + object.toString(8); },
decimal: function (object) { return object.toString(10); },
hexadecimal: function (object) { return '0x' + object.toString(16).toUpperCase(); }
binary: function (obj) { return obj >= 0 ? '0b' + obj.toString(2) : '-0b' + obj.toString(2).slice(1); },
octal: function (obj) { return obj >= 0 ? '0' + obj.toString(8) : '-0' + obj.toString(8).slice(1); },
decimal: function (obj) { return obj.toString(10); },
/* eslint-disable max-len */
hexadecimal: function (obj) { return obj >= 0 ? '0x' + obj.toString(16).toUpperCase() : '-0x' + obj.toString(16).toUpperCase().slice(1); }
},
defaultStyle: 'decimal',
styleAliases: {
@ -3402,7 +3478,8 @@ function resolveJavascriptFunction(data) {
if (ast.type !== 'Program' ||
ast.body.length !== 1 ||
ast.body[0].type !== 'ExpressionStatement' ||
ast.body[0].expression.type !== 'FunctionExpression') {
(ast.body[0].expression.type !== 'ArrowFunctionExpression' &&
ast.body[0].expression.type !== 'FunctionExpression')) {
return false;
}
@ -3423,7 +3500,8 @@ function constructJavascriptFunction(data) {
if (ast.type !== 'Program' ||
ast.body.length !== 1 ||
ast.body[0].type !== 'ExpressionStatement' ||
ast.body[0].expression.type !== 'FunctionExpression') {
(ast.body[0].expression.type !== 'ArrowFunctionExpression' &&
ast.body[0].expression.type !== 'FunctionExpression')) {
throw new Error('Failed to resolve function');
}
@ -3435,8 +3513,14 @@ function constructJavascriptFunction(data) {
// Esprima's ranges include the first '{' and the last '}' characters on
// function expressions. So cut them out.
if (ast.body[0].expression.body.type === 'BlockStatement') {
/*eslint-disable no-new-func*/
return new Function(params, source.slice(body[0] + 1, body[1] - 1));
}
// ES6 arrow functions can omit the BlockStatement. In that case, just return
// the body.
/*eslint-disable no-new-func*/
return new Function(params, source.slice(body[0] + 1, body[1] - 1));
return new Function(params, 'return ' + source.slice(body[0], body[1]));
}
function representJavascriptFunction(object /*, style*/) {
@ -3859,4 +3943,4 @@ var yaml = require('./lib/js-yaml.js');
module.exports = yaml;
},{"./lib/js-yaml.js":1}]},{},[])("/")
});
});