Initial version

2024-11-21 08:12:27 +00:00 · 2024-11-21 08:12:27 +00:00 · f4495c4e41
commit f4495c4e41
parent eda8393b4b
10 changed files with 135 additions and 2 deletions
--- a/.forgejo/workflows/deploy.yml
+++ b/.forgejo/workflows/deploy.yml
@ -0,0 +1,60 @@
+on:
+  push:
+    branches:
+      - master
+
+
+jobs:
+  deploy:
+    runs-on: arch
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v3
+      - name: Deply if new version
+        run: |
+          echo ""
+          echo "Checking following projects:"
+          for f in *; do
+            [ -d "$f" ] && [ ! -L "$f" ] && [ ! "$f" = "base" ] && echo " * $f";
+          done
+          echo ""
+
+          echo "//registry.npmjs.org/:_authToken=${{ secrets.npmtoken }}" > ~/.npmrc
+
+          for f in *; do
+            [ ! -d "$f" ] || [ -L "$f" ] || [ "$f" = "base" ] && continue;
+
+            echo ""
+            echo "------------------------------------"
+            echo ""
+            echo "checking $f";
+            cd $f
+
+            CURR_VER="$(cat package.json | jq -r .name)_v$(cat package.json | jq -r .version)"
+            CURR_NAME="$(cat package.json | jq -r .name) v$(cat package.json | jq -r .version)"
+
+            echo "Checking https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases for name ${CURR_NAME}"
+
+            if curl -s -X GET -H "Authorization: token ${{ secrets.deploytoken }}" https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases | grep -o "\"name\":\"${CURR_NAME}\"" > /dev/null; then
+              echo "Skipping ${{ github.job }} since $CURR_NAME already exists";
+              cd ..
+              continue;
+            fi
+
+            echo "New release ${CURR_VER} found, beginning publishing"
+
+            cp ../LICENSE ./
+            cp ../README.md ./
+
+            echo "Creating ${CURR_VER} release on forgejo"
+            curl \
+              -X POST \
+              -H "Authorization: token ${{ secrets.deploytoken }}" \
+              -H "Content-Type: application/json" \
+              https://git.nfp.is/api/v1/repos/${{ github.repository }}/releases \
+              -d "{\"tag_name\":\"${CURR_VER}\",\"name\":\"${CURR_NAME}\",\"body\":\"Automatic release from CI from ${{ github.sha }} :\n\n${{ github.event.head_commit.message }}\"}" | jq
+
+            echo "Publishing new version to npm"
+            npm publish
+            cd ..
+          done
--- a/README.md
+++ b/README.md
@ -1,3 +1,6 @@
-# lodash-no-cve
+# lodash.template/lodash.pick

-Individual methods from lodash exposed except now with fixed audit
+Both of npm's `lodash.template` and `lodash.pick` have CVE that makes audit angry.
+Unfortunately neither have been updated.
+
+This package provides either of `lodash.template` or `lodash.pick` with the latest version of lodash to fix audit errors.
--- a/pick/.npmrc
+++ b/pick/.npmrc
@ -0,0 +1 @@
+package-lock=false
--- a/pick/index.d.ts
+++ b/pick/index.d.ts
@ -0,0 +1,3 @@
+import _ from 'lodash'
+
+export default _.pick
--- a/pick/index.js
+++ b/pick/index.js
@ -0,0 +1,3 @@
+const _ = require('lodash')
+
+module.exports = _.pick
--- a/pick/package.json
+++ b/pick/package.json
@ -0,0 +1,28 @@
+{
+  "name": "lodash.pick.nocve",
+  "version": "4.17.21",
+  "description": "The lodash method _.pick exported as node.js module but without cve",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://git.nfp.is/TheThing/lodash-no-cve.git"
+  },
+  "keywords": [
+    "lodash",
+    "lodash.pick"
+  ],
+  "author": "Jonatan Nilsson",
+  "license": "WTFPL",
+  "files": [
+    "index.js",
+    "index.d.ts",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "lodash": "4.17.21"
+  }
+}
--- a/template/.npmrc
+++ b/template/.npmrc
@ -0,0 +1 @@
+package-lock=false
--- a/template/index.d.ts
+++ b/template/index.d.ts
@ -0,0 +1,3 @@
+import _ from 'lodash'
+
+export default _.template
--- a/template/index.js
+++ b/template/index.js
@ -0,0 +1,3 @@
+const _ = require('lodash')
+
+module.exports = _.template
--- a/template/package.json
+++ b/template/package.json
@ -0,0 +1,28 @@
+{
+  "name": "lodash.template.nocve",
+  "version": "4.17.21",
+  "description": "The lodash method _.template exported as node.js module but without cve",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://git.nfp.is/TheThing/lodash-no-cve.git"
+  },
+  "keywords": [
+    "lodash",
+    "lodash.template"
+  ],
+  "author": "Jonatan Nilsson",
+  "license": "WTFPL",
+  "files": [
+    "index.js",
+    "index.d.ts",
+    "README.md",
+    "LICENSE"
+  ],
+  "dependencies": {
+    "lodash": "4.17.21"
+  }
+}