diff --git a/build/sharetribe-flex-integration-sdk-node.js b/build/sharetribe-flex-integration-sdk-node.js index 90563db..9d2d026 100644 --- a/build/sharetribe-flex-integration-sdk-node.js +++ b/build/sharetribe-flex-integration-sdk-node.js @@ -3883,6 +3883,18 @@ var validateSdkConfig = function validateSdkConfig(sdkConfig) { if (!sdkConfig.baseUrl) { throw new Error('baseUrl must be provided'); } + /* global window, console */ + + + var isBrowser = typeof window !== 'undefined' && typeof window.document !== 'undefined'; + + if (isBrowser && sdkConfig.clientSecret && !sdkConfig.dangerouslyAllowClientSecretInBrowser) { + /* eslint-disable no-console */ + console.warn('Security warning! You are using client secret in a browser. This may expose the client secret to the public.'); + console.warn('If you know what you are doing and you have secured the website by other means (e.g. HTTP basic auth), you should set the SDK configuration `dangerouslyAllowClientSecretInBrowser` to `true` to dismiss this warning.'); + console.warn('In the future SDK versions, we may change this warning to an error causing the site not to work properly, unless `dangerouslyAllowClientSecretInBrowser` is set'); + /* eslint-enable no-console */ + } return sdkConfig; }; @@ -8303,7 +8315,7 @@ function () { var undefined; /** Used as the semantic version number. */ - var VERSION = '4.17.19'; + var VERSION = '4.17.15'; /** Used as the size to enable large array optimizations. */ var LARGE_ARRAY_SIZE = 200; @@ -12010,21 +12022,8 @@ function () { * @returns {Array} Returns the new sorted array. */ function baseOrderBy(collection, iteratees, orders) { - if (iteratees.length) { - iteratees = arrayMap(iteratees, function(iteratee) { - if (isArray(iteratee)) { - return function(value) { - return baseGet(value, iteratee.length === 1 ? iteratee[0] : iteratee); - } - } - return iteratee; - }); - } else { - iteratees = [identity]; - } - var index = -1; - iteratees = arrayMap(iteratees, baseUnary(getIteratee())); + iteratees = arrayMap(iteratees.length ? iteratees : [identity], baseUnary(getIteratee())); var result = baseMap(collection, function(value, key, collection) { var criteria = arrayMap(iteratees, function(iteratee) { @@ -12281,10 +12280,6 @@ function () { var key = toKey(path[index]), newValue = value; - if (key === '__proto__' || key === 'constructor' || key === 'prototype') { - return object; - } - if (index != lastIndex) { var objValue = nested[key]; newValue = customizer ? customizer(objValue, key, nested) : undefined; @@ -12437,14 +12432,11 @@ function () { * into `array`. */ function baseSortedIndexBy(array, value, iteratee, retHighest) { - var low = 0, - high = array == null ? 0 : array.length; - if (high === 0) { - return 0; - } - value = iteratee(value); - var valIsNaN = value !== value, + + var low = 0, + high = array == null ? 0 : array.length, + valIsNaN = value !== value, valIsNull = value === null, valIsSymbol = isSymbol(value), valIsUndefined = value === undefined; @@ -13929,11 +13921,10 @@ function () { if (arrLength != othLength && !(isPartial && othLength > arrLength)) { return false; } - // Check that cyclic values are equal. - var arrStacked = stack.get(array); - var othStacked = stack.get(other); - if (arrStacked && othStacked) { - return arrStacked == other && othStacked == array; + // Assume cyclic values are equal. + var stacked = stack.get(array); + if (stacked && stack.get(other)) { + return stacked == other; } var index = -1, result = true, @@ -14095,11 +14086,10 @@ function () { return false; } } - // Check that cyclic values are equal. - var objStacked = stack.get(object); - var othStacked = stack.get(other); - if (objStacked && othStacked) { - return objStacked == other && othStacked == object; + // Assume cyclic values are equal. + var stacked = stack.get(object); + if (stacked && stack.get(other)) { + return stacked == other; } var result = true; stack.set(object, other); @@ -17480,10 +17470,6 @@ function () { * // The `_.property` iteratee shorthand. * _.filter(users, 'active'); * // => objects for ['barney'] - * - * // Combining several predicates using `_.overEvery` or `_.overSome`. - * _.filter(users, _.overSome([{ 'age': 36 }, ['age', 40]])); - * // => objects for ['fred', 'barney'] */ function filter(collection, predicate) { var func = isArray(collection) ? arrayFilter : baseFilter; @@ -18233,15 +18219,15 @@ function () { * var users = [ * { 'user': 'fred', 'age': 48 }, * { 'user': 'barney', 'age': 36 }, - * { 'user': 'fred', 'age': 30 }, + * { 'user': 'fred', 'age': 40 }, * { 'user': 'barney', 'age': 34 } * ]; * * _.sortBy(users, [function(o) { return o.user; }]); - * // => objects for [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 30]] + * // => objects for [['barney', 36], ['barney', 34], ['fred', 48], ['fred', 40]] * * _.sortBy(users, ['user', 'age']); - * // => objects for [['barney', 34], ['barney', 36], ['fred', 30], ['fred', 48]] + * // => objects for [['barney', 34], ['barney', 36], ['fred', 40], ['fred', 48]] */ var sortBy = baseRest(function(collection, iteratees) { if (collection == null) { @@ -23116,11 +23102,11 @@ function () { // Use a sourceURL for easier debugging. // The sourceURL gets injected into the source that's eval-ed, so be careful - // to normalize all kinds of whitespace, so e.g. newlines (and unicode versions of it) can't sneak in - // and escape the comment, thus injecting code that gets evaled. + // with lookup (in case of e.g. prototype pollution), and strip newlines if any. + // A newline wouldn't be a valid sourceURL anyway, and it'd enable code injection. var sourceURL = '//# sourceURL=' + (hasOwnProperty.call(options, 'sourceURL') - ? (options.sourceURL + '').replace(/\s/g, ' ') + ? (options.sourceURL + '').replace(/[\r\n]/g, ' ') : ('lodash.templateSources[' + (++templateCounter) + ']') ) + '\n'; @@ -23153,6 +23139,8 @@ function () { // If `variable` is not specified wrap a with-statement around the generated // code to add the data object to the top of the scope chain. + // Like with sourceURL, we take care to not check the option's prototype, + // as this configuration is a code injection vector. var variable = hasOwnProperty.call(options, 'variable') && options.variable; if (!variable) { source = 'with (obj) {\n' + source + '\n}\n'; @@ -23859,9 +23847,6 @@ function () { * values against any array or object value, respectively. See `_.isEqual` * for a list of supported value comparisons. * - * **Note:** Multiple values can be checked by combining several matchers - * using `_.overSome` - * * @static * @memberOf _ * @since 3.0.0 @@ -23877,10 +23862,6 @@ function () { * * _.filter(objects, _.matches({ 'a': 4, 'c': 6 })); * // => [{ 'a': 4, 'b': 5, 'c': 6 }] - * - * // Checking for several possible values - * _.filter(users, _.overSome([_.matches({ 'a': 1 }), _.matches({ 'a': 4 })])); - * // => [{ 'a': 1, 'b': 2, 'c': 3 }, { 'a': 4, 'b': 5, 'c': 6 }] */ function matches(source) { return baseMatches(baseClone(source, CLONE_DEEP_FLAG)); @@ -23895,9 +23876,6 @@ function () { * `srcValue` values against any array or object value, respectively. See * `_.isEqual` for a list of supported value comparisons. * - * **Note:** Multiple values can be checked by combining several matchers - * using `_.overSome` - * * @static * @memberOf _ * @since 3.2.0 @@ -23914,10 +23892,6 @@ function () { * * _.find(objects, _.matchesProperty('a', 4)); * // => { 'a': 4, 'b': 5, 'c': 6 } - * - * // Checking for several possible values - * _.filter(users, _.overSome([_.matchesProperty('a', 1), _.matchesProperty('a', 4)])); - * // => [{ 'a': 1, 'b': 2, 'c': 3 }, { 'a': 4, 'b': 5, 'c': 6 }] */ function matchesProperty(path, srcValue) { return baseMatchesProperty(path, baseClone(srcValue, CLONE_DEEP_FLAG)); @@ -24141,10 +24115,6 @@ function () { * Creates a function that checks if **all** of the `predicates` return * truthy when invoked with the arguments it receives. * - * Following shorthands are possible for providing predicates. - * Pass an `Object` and it will be used as an parameter for `_.matches` to create the predicate. - * Pass an `Array` of parameters for `_.matchesProperty` and the predicate will be created using them. - * * @static * @memberOf _ * @since 4.0.0 @@ -24171,10 +24141,6 @@ function () { * Creates a function that checks if **any** of the `predicates` return * truthy when invoked with the arguments it receives. * - * Following shorthands are possible for providing predicates. - * Pass an `Object` and it will be used as an parameter for `_.matches` to create the predicate. - * Pass an `Array` of parameters for `_.matchesProperty` and the predicate will be created using them. - * * @static * @memberOf _ * @since 4.0.0 @@ -24194,9 +24160,6 @@ function () { * * func(NaN); * // => false - * - * var matchesFunc = _.overSome([{ 'a': 1 }, { 'a': 2 }]) - * var matchesPropertyFunc = _.overSome([['a', 1], ['a', 2]]) */ var overSome = createOver(arraySome);