robojerk/codeql-action

Bump the npm group with 2 updates (#1819)

Browse source 
* Bump the npm group with 2 updates

Bumps the npm group with 2 updates: [eslint](https://github.com/eslint/eslint) and [eslint-plugin-import](https://github.com/import-js/eslint-plugin-import).


Updates `eslint` from 8.45.0 to 8.46.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.45.0...v8.46.0)

Updates `eslint-plugin-import` from 2.27.5 to 2.28.0
- [Release notes](https://github.com/import-js/eslint-plugin-import/releases)
- [Changelog](https://github.com/import-js/eslint-plugin-import/blob/main/CHANGELOG.md)
- [Commits](https://github.com/import-js/eslint-plugin-import/compare/v2.27.5...v2.28.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: eslint-plugin-import
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update checked-in dependencies

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This commit is contained in:
dependabot[bot] 2023-08-01 03:35:02 -07:00 committed by GitHub
parent a6b0ced86b
commit e7e35baaf0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1408 changed files with 27215 additions and 9910 deletions
Download patch file Download diff file Expand all files Collapse all files

78
node_modules/minimist/test/proto.js generated vendored
View file

@ -1,60 +1,64 @@
'use strict';
/* eslint no-proto: 0 */
var parse = require('../');
var test = require('tape');
test('proto pollution', function (t) {
var argv = parse(['--__proto__.x','123']);
t.equal({}.x, undefined);
t.equal(argv.__proto__.x, undefined);
t.equal(argv.x, undefined);
t.end();
var argv = parse(['--__proto__.x', '123']);
t.equal({}.x, undefined);
t.equal(argv.__proto__.x, undefined);
t.equal(argv.x, undefined);
t.end();
});
test('proto pollution (array)', function (t) {
var argv = parse(['--x','4','--x','5','--x.__proto__.z','789']);
t.equal({}.z, undefined);
t.deepEqual(argv.x, [4,5]);
t.equal(argv.x.z, undefined);
t.equal(argv.x.__proto__.z, undefined);
t.end();
var argv = parse(['--x', '4', '--x', '5', '--x.__proto__.z', '789']);
t.equal({}.z, undefined);
t.deepEqual(argv.x, [4, 5]);
t.equal(argv.x.z, undefined);
t.equal(argv.x.__proto__.z, undefined);
t.end();
});
test('proto pollution (number)', function (t) {
var argv = parse(['--x','5','--x.__proto__.z','100']);
t.equal({}.z, undefined);
t.equal((4).z, undefined);
t.equal(argv.x, 5);
t.equal(argv.x.z, undefined);
t.end();
var argv = parse(['--x', '5', '--x.__proto__.z', '100']);
t.equal({}.z, undefined);
t.equal((4).z, undefined);
t.equal(argv.x, 5);
t.equal(argv.x.z, undefined);
t.end();
});
test('proto pollution (string)', function (t) {
var argv = parse(['--x','abc','--x.__proto__.z','def']);
t.equal({}.z, undefined);
t.equal('...'.z, undefined);
t.equal(argv.x, 'abc');
t.equal(argv.x.z, undefined);
t.end();
var argv = parse(['--x', 'abc', '--x.__proto__.z', 'def']);
t.equal({}.z, undefined);
t.equal('...'.z, undefined);
t.equal(argv.x, 'abc');
t.equal(argv.x.z, undefined);
t.end();
});
test('proto pollution (constructor)', function (t) {
var argv = parse(['--constructor.prototype.y','123']);
t.equal({}.y, undefined);
t.equal(argv.y, undefined);
t.end();
var argv = parse(['--constructor.prototype.y', '123']);
t.equal({}.y, undefined);
t.equal(argv.y, undefined);
t.end();
});
test('proto pollution (constructor function)', function (t) {
var argv = parse(['--_.concat.constructor.prototype.y', '123']);
function fnToBeTested() {}
t.equal(fnToBeTested.y, undefined);
t.equal(argv.y, undefined);
t.end();
var argv = parse(['--_.concat.constructor.prototype.y', '123']);
function fnToBeTested() {}
t.equal(fnToBeTested.y, undefined);
t.equal(argv.y, undefined);
t.end();
});
// powered by snyk - https://github.com/backstage/backstage/issues/10343
test('proto pollution (constructor function) snyk', function (t) {
var argv = parse('--_.constructor.constructor.prototype.foo bar'.split(' '));
t.equal((function(){}).foo, undefined);
t.equal(argv.y, undefined);
t.end();
})
var argv = parse('--_.constructor.constructor.prototype.foo bar'.split(' '));
t.equal(function () {}.foo, undefined);
t.equal(argv.y, undefined);
t.end();
});