From f4495c4e414dd5162df6f2d9123d85201bbee629 Mon Sep 17 00:00:00 2001 From: Jonatan Nilsson Date: Thu, 21 Nov 2024 08:12:27 +0000 Subject: [PATCH] Initial version --- .forgejo/workflows/deploy.yml | 60 +++++++++++++++++++++++++++++++++++ README.md | 7 ++-- pick/.npmrc | 1 + pick/index.d.ts | 3 ++ pick/index.js | 3 ++ pick/package.json | 28 ++++++++++++++++ template/.npmrc | 1 + template/index.d.ts | 3 ++ template/index.js | 3 ++ template/package.json | 28 ++++++++++++++++ 10 files changed, 135 insertions(+), 2 deletions(-) create mode 100644 .forgejo/workflows/deploy.yml create mode 100644 pick/.npmrc create mode 100644 pick/index.d.ts create mode 100644 pick/index.js create mode 100644 pick/package.json create mode 100644 template/.npmrc create mode 100644 template/index.d.ts create mode 100644 template/index.js create mode 100644 template/package.json diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml new file mode 100644 index 0000000..e6c0ae9 --- /dev/null +++ b/.forgejo/workflows/deploy.yml @@ -0,0 +1,60 @@ +on: + push: + branches: + - master + + +jobs: + deploy: + runs-on: arch + steps: + - name: Check out repository code + uses: actions/checkout@v3 + - name: Deply if new version + run: | + echo "" + echo "Checking following projects:" + for f in *; do + [ -d "$f" ] && [ ! -L "$f" ] && [ ! "$f" = "base" ] && echo " * $f"; + done + echo "" + + echo "//registry.npmjs.org/:_authToken=${{ secrets.npmtoken }}" > ~/.npmrc + + for f in *; do + [ ! -d "$f" ] || [ -L "$f" ] || [ "$f" = "base" ] && continue; + + echo "" + echo "------------------------------------" + echo "" + echo "checking $f"; + cd $f + + CURR_VER="$(cat package.json | jq -r .name)_v$(cat package.json | jq -r .version)" + CURR_NAME="$(cat package.json | jq -r .name) v$(cat package.json | jq -r .version)" + + echo "Checking https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases for name ${CURR_NAME}" + + if curl -s -X GET -H "Authorization: token ${{ secrets.deploytoken }}" https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases | grep -o "\"name\":\"${CURR_NAME}\"" > /dev/null; then + echo "Skipping ${{ github.job }} since $CURR_NAME already exists"; + cd .. + continue; + fi + + echo "New release ${CURR_VER} found, beginning publishing" + + cp ../LICENSE ./ + cp ../README.md ./ + + echo "Creating ${CURR_VER} release on forgejo" + curl \ + -X POST \ + -H "Authorization: token ${{ secrets.deploytoken }}" \ + -H "Content-Type: application/json" \ + https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases \ + -d "{\"tag_name\":\"${CURR_VER}\",\"name\":\"${CURR_NAME}\",\"body\":\"Automatic release from CI from ${{ github.sha }} :\n\n${{ github.event.head_commit.message }}\"}" | jq + + echo "Publishing new version to npm" + npm publish + cd .. + done diff --git a/README.md b/README.md index fd0bd36..afa4fe5 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,6 @@ -# lodash-no-cve +# lodash.template/lodash.pick -Individual methods from lodash exposed except now with fixed audit \ No newline at end of file +Both of npm's `lodash.template` and `lodash.pick` have CVE that makes audit angry. +Unfortunately neither have been updated. + +This package provides either of `lodash.template` or `lodash.pick` with the latest version of lodash to fix audit errors. diff --git a/pick/.npmrc b/pick/.npmrc new file mode 100644 index 0000000..9cf9495 --- /dev/null +++ b/pick/.npmrc @@ -0,0 +1 @@ +package-lock=false \ No newline at end of file diff --git a/pick/index.d.ts b/pick/index.d.ts new file mode 100644 index 0000000..e914dfa --- /dev/null +++ b/pick/index.d.ts @@ -0,0 +1,3 @@ +import _ from 'lodash' + +export default _.pick diff --git a/pick/index.js b/pick/index.js new file mode 100644 index 0000000..30f4267 --- /dev/null +++ b/pick/index.js @@ -0,0 +1,3 @@ +const _ = require('lodash') + +module.exports = _.pick diff --git a/pick/package.json b/pick/package.json new file mode 100644 index 0000000..9081771 --- /dev/null +++ b/pick/package.json @@ -0,0 +1,28 @@ +{ + "name": "lodash.pick.nocve", + "version": "4.17.21", + "description": "The lodash method _.pick exported as node.js module but without cve", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "repository": { + "type": "git", + "url": "https://git.nfp.is/TheThing/lodash-no-cve.git" + }, + "keywords": [ + "lodash", + "lodash.pick" + ], + "author": "Jonatan Nilsson", + "license": "WTFPL", + "files": [ + "index.js", + "index.d.ts", + "README.md", + "LICENSE" + ], + "dependencies": { + "lodash": "4.17.21" + } +} diff --git a/template/.npmrc b/template/.npmrc new file mode 100644 index 0000000..9cf9495 --- /dev/null +++ b/template/.npmrc @@ -0,0 +1 @@ +package-lock=false \ No newline at end of file diff --git a/template/index.d.ts b/template/index.d.ts new file mode 100644 index 0000000..b29d716 --- /dev/null +++ b/template/index.d.ts @@ -0,0 +1,3 @@ +import _ from 'lodash' + +export default _.template diff --git a/template/index.js b/template/index.js new file mode 100644 index 0000000..f185c15 --- /dev/null +++ b/template/index.js @@ -0,0 +1,3 @@ +const _ = require('lodash') + +module.exports = _.template diff --git a/template/package.json b/template/package.json new file mode 100644 index 0000000..7d2f2f8 --- /dev/null +++ b/template/package.json @@ -0,0 +1,28 @@ +{ + "name": "lodash.template.nocve", + "version": "4.17.21", + "description": "The lodash method _.template exported as node.js module but without cve", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "repository": { + "type": "git", + "url": "https://git.nfp.is/TheThing/lodash-no-cve.git" + }, + "keywords": [ + "lodash", + "lodash.template" + ], + "author": "Jonatan Nilsson", + "license": "WTFPL", + "files": [ + "index.js", + "index.d.ts", + "README.md", + "LICENSE" + ], + "dependencies": { + "lodash": "4.17.21" + } +}