From e7f0c81c136a06b3e08c742b75828bf6071a2ddb Mon Sep 17 00:00:00 2001 From: Vadim Cebaniuc Date: Sat, 27 Jun 2020 19:18:52 +0300 Subject: [PATCH 01/13] Fix mistype in README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 10487a386..c340f339c 100644 --- a/README.md +++ b/README.md @@ -321,7 +321,7 @@ You can add additional formats and replace any of the formats above using [addFo The option `unknownFormats` allows changing the default behaviour when an unknown format is encountered. In this case Ajv can either fail schema compilation (default) or ignore it (default in versions before 5.0.0). You also can whitelist specific format(s) to be ignored. See [Options](#options) for details. -You can find regular expressions used for format validation and the sources that were used in [formats.js](https://github.com/ajv-validatorv/ajv/blob/master/lib/compile/formats.js). +You can find regular expressions used for format validation and the sources that were used in [formats.js](https://github.com/ajv-validator/ajv/blob/master/lib/compile/formats.js). ## Combining schemas with $ref From 0006f34ce5eab2d233154aee4b8f5715f298c030 Mon Sep 17 00:00:00 2001 From: Graham Lea Date: Tue, 30 Jun 2020 17:33:03 +1000 Subject: [PATCH 02/13] Document pre-compiled schemas for CSP in README Pre-compiled schemas are a workaround for maintaining a secure Content Security Policy (CSP) Fixes #1228 --- README.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/README.md b/README.md index c340f339c..bae892d27 100644 --- a/README.md +++ b/README.md @@ -238,6 +238,15 @@ Ajv is tested with these browsers: __Please note__: some frameworks, e.g. Dojo, may redefine global require in such way that is not compatible with CommonJS module format. In such case Ajv bundle has to be loaded before the framework and then you can use global Ajv (see issue [#234](https://github.com/ajv-validator/ajv/issues/234)). +### Ajv & Content Security Policies (CSP) + +If you're using Ajv to compile a schema (the typical use) in a browser document that is loaded with a Content Security Policy (CSP), that policy will require a `script-src` directive that includes the value `'unsafe-eval'`. +:warning: NOTE, however, that `unsafe-eval` is NOT recommended in a secure CSP[[1]](https://developer.chrome.com/extensions/contentSecurityPolicy#relaxing-eval), as it has the potential to open the document to cross-site scripting (XSS) attacks. + +In order to make use of Ajv without easing your CSP, you can [pre-compile a schema using the CLI](https://github.com/ajv-validator/ajv-cli#compile-schemas). This will transpile the schema JSON into a JavaScript file that exports a `validate` function that works simlarly to a schema compiled at runtime. +Note that the pre-compiled schemas, which are created using [ajv-pack](https://github.com/ajv-validator/ajv-pack#limitations), are not functionally equivalent to Ajv and there are known limitations. + + ## Command line interface CLI is available as a separate npm package [ajv-cli](https://github.com/ajv-validator/ajv-cli). It supports: From c581ff3dc1cc6e0acb39e16e2b0f2bcce5dc8857 Mon Sep 17 00:00:00 2001 From: Graham Lea Date: Tue, 30 Jun 2020 21:24:29 +1000 Subject: [PATCH 03/13] Clarify limitations of ajv-pack in README Fixes #1228 --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index bae892d27..7d2b1f0ea 100644 --- a/README.md +++ b/README.md @@ -238,13 +238,14 @@ Ajv is tested with these browsers: __Please note__: some frameworks, e.g. Dojo, may redefine global require in such way that is not compatible with CommonJS module format. In such case Ajv bundle has to be loaded before the framework and then you can use global Ajv (see issue [#234](https://github.com/ajv-validator/ajv/issues/234)). -### Ajv & Content Security Policies (CSP) +### Ajv and Content Security Policies (CSP) If you're using Ajv to compile a schema (the typical use) in a browser document that is loaded with a Content Security Policy (CSP), that policy will require a `script-src` directive that includes the value `'unsafe-eval'`. :warning: NOTE, however, that `unsafe-eval` is NOT recommended in a secure CSP[[1]](https://developer.chrome.com/extensions/contentSecurityPolicy#relaxing-eval), as it has the potential to open the document to cross-site scripting (XSS) attacks. In order to make use of Ajv without easing your CSP, you can [pre-compile a schema using the CLI](https://github.com/ajv-validator/ajv-cli#compile-schemas). This will transpile the schema JSON into a JavaScript file that exports a `validate` function that works simlarly to a schema compiled at runtime. -Note that the pre-compiled schemas, which are created using [ajv-pack](https://github.com/ajv-validator/ajv-pack#limitations), are not functionally equivalent to Ajv and there are known limitations. + +Note that pre-compilation of schemas is performed using [ajv-pack](https://github.com/ajv-validator/ajv-pack) and there are [some limitations to the schema features it can compile](https://github.com/ajv-validator/ajv-pack#limitations). A successfully pre-compiled schema is equivalent to the same schema compiled at runtime. ## Command line interface From 0e2c3463a28ac19b5ea8324511889540c41125fa Mon Sep 17 00:00:00 2001 From: Graham Lea Date: Tue, 30 Jun 2020 21:26:54 +1000 Subject: [PATCH 04/13] Add Contents link to CSP section Fixes #1228 --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7d2b1f0ea..29beb7286 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ ajv.addMetaSchema(require('ajv/lib/refs/json-schema-draft-04.json')); - [Getting started](#getting-started) - [Frequently Asked Questions](https://github.com/ajv-validator/ajv/blob/master/FAQ.md) - [Using in browser](#using-in-browser) + - [Ajv and Content Security Policies (CSP)](#ajv-and-content-security-policies-csp) - [Command line interface](#command-line-interface) - Validation - [Keywords](#validation-keywords) From fd64fb4c939c6f6b8d68aa4c6c57d8be8cc1994d Mon Sep 17 00:00:00 2001 From: Graham Lea Date: Tue, 30 Jun 2020 21:31:56 +1000 Subject: [PATCH 05/13] Add link to CSP section in Security section Fixes #1228 --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 29beb7286..5e502db93 100644 --- a/README.md +++ b/README.md @@ -733,6 +733,10 @@ isSchemaSecure(schema2); // true __Please note__: following all these recommendation is not a guarantee that validation of untrusted data is safe - it can still lead to some undesirable results. +##### Content Security Policies (CSP) +See [Ajv and Content Security Policies (CSP)](#ajv-and-content-security-policies-csp) + + ## ReDoS attack Certain regular expressions can lead to the exponential evaluation time even with relatively short strings. From 24d4f8fd8f812051bce521454c5152b87eb27c9c Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Tue, 30 Jun 2020 17:26:25 +0100 Subject: [PATCH 06/13] remove code post-processing --- lib/compile/util.js | 38 --------------------------- lib/dot/allOf.jst | 2 -- lib/dot/anyOf.jst | 2 -- lib/dot/contains.jst | 2 -- lib/dot/definitions.def | 6 ----- lib/dot/dependencies.jst | 2 -- lib/dot/if.jst | 2 -- lib/dot/items.jst | 2 -- lib/dot/properties.jst | 2 -- lib/dot/propertyNames.jst | 2 -- lib/dot/validate.jst | 6 ----- spec/issues/388_code_clean-up.spec.js | 28 -------------------- 12 files changed, 94 deletions(-) delete mode 100644 spec/issues/388_code_clean-up.spec.js diff --git a/lib/compile/util.js b/lib/compile/util.js index 702f6e19d..f232a6fb1 100644 --- a/lib/compile/util.js +++ b/lib/compile/util.js @@ -13,8 +13,6 @@ module.exports = { ucs2length: require('./ucs2length'), varOccurences: varOccurences, varReplace: varReplace, - cleanUpCode: cleanUpCode, - finalCleanUpCode: finalCleanUpCode, schemaHasRules: schemaHasRules, schemaHasRulesExcept: schemaHasRulesExcept, schemaUnknownRules: schemaUnknownRules, @@ -139,42 +137,6 @@ function varReplace(str, dataVar, expr) { } -var EMPTY_ELSE = /else\s*{\s*}/g - , EMPTY_IF_NO_ELSE = /if\s*\([^)]+\)\s*\{\s*\}(?!\s*else)/g - , EMPTY_IF_WITH_ELSE = /if\s*\(([^)]+)\)\s*\{\s*\}\s*else(?!\s*if)/g; -function cleanUpCode(out) { - return out.replace(EMPTY_ELSE, '') - .replace(EMPTY_IF_NO_ELSE, '') - .replace(EMPTY_IF_WITH_ELSE, 'if (!($1))'); -} - - -var ERRORS_REGEXP = /[^v.]errors/g - , REMOVE_ERRORS = /var errors = 0;|var vErrors = null;|validate.errors = vErrors;/g - , REMOVE_ERRORS_ASYNC = /var errors = 0;|var vErrors = null;/g - , RETURN_VALID = 'return errors === 0;' - , RETURN_TRUE = 'validate.errors = null; return true;' - , RETURN_ASYNC = /if \(errors === 0\) return data;\s*else throw new ValidationError\(vErrors\);/ - , RETURN_DATA_ASYNC = 'return data;' - , ROOTDATA_REGEXP = /[^A-Za-z_$]rootData[^A-Za-z0-9_$]/g - , REMOVE_ROOTDATA = /if \(rootData === undefined\) rootData = data;/; - -function finalCleanUpCode(out, async) { - var matches = out.match(ERRORS_REGEXP); - if (matches && matches.length == 2) { - out = async - ? out.replace(REMOVE_ERRORS_ASYNC, '') - .replace(RETURN_ASYNC, RETURN_DATA_ASYNC) - : out.replace(REMOVE_ERRORS, '') - .replace(RETURN_VALID, RETURN_TRUE); - } - - matches = out.match(ROOTDATA_REGEXP); - if (!matches || matches.length !== 3) return out; - return out.replace(REMOVE_ROOTDATA, ''); -} - - function schemaHasRules(schema, rules) { if (typeof schema == 'boolean') return !schema; for (var key in schema) if (rules[key]) return true; diff --git a/lib/dot/allOf.jst b/lib/dot/allOf.jst index 4c2836311..0e782fe98 100644 --- a/lib/dot/allOf.jst +++ b/lib/dot/allOf.jst @@ -30,5 +30,3 @@ {{= $closingBraces.slice(0,-1) }} {{?}} {{?}} - -{{# def.cleanUp }} diff --git a/lib/dot/anyOf.jst b/lib/dot/anyOf.jst index 086cf2b33..ea909ee62 100644 --- a/lib/dot/anyOf.jst +++ b/lib/dot/anyOf.jst @@ -39,8 +39,6 @@ } else { {{# def.resetErrors }} {{? it.opts.allErrors }} } {{?}} - - {{# def.cleanUp }} {{??}} {{? $breakOnError }} if (true) { diff --git a/lib/dot/contains.jst b/lib/dot/contains.jst index 925d2c84b..4dc996741 100644 --- a/lib/dot/contains.jst +++ b/lib/dot/contains.jst @@ -53,5 +53,3 @@ var {{=$valid}}; {{# def.resetErrors }} {{?}} {{? it.opts.allErrors }} } {{?}} - -{{# def.cleanUp }} diff --git a/lib/dot/definitions.def b/lib/dot/definitions.def index b68e064e8..162231a8e 100644 --- a/lib/dot/definitions.def +++ b/lib/dot/definitions.def @@ -112,12 +112,6 @@ #}} -{{## def.cleanUp: {{ out = it.util.cleanUpCode(out); }} #}} - - -{{## def.finalCleanUp: {{ out = it.util.finalCleanUpCode(out, $async); }} #}} - - {{## def.$data: {{ var $isData = it.opts.$data && $schema && $schema.$data diff --git a/lib/dot/dependencies.jst b/lib/dot/dependencies.jst index c41f33422..9ff68a78d 100644 --- a/lib/dot/dependencies.jst +++ b/lib/dot/dependencies.jst @@ -76,5 +76,3 @@ var missing{{=$lvl}}; {{= $closingBraces }} if ({{=$errs}} == errors) { {{?}} - -{{# def.cleanUp }} diff --git a/lib/dot/if.jst b/lib/dot/if.jst index 7ccc9b7f7..adb503612 100644 --- a/lib/dot/if.jst +++ b/lib/dot/if.jst @@ -65,8 +65,6 @@ {{# def.extraError:'if' }} } {{? $breakOnError }} else { {{?}} - - {{# def.cleanUp }} {{??}} {{? $breakOnError }} if (true) { diff --git a/lib/dot/items.jst b/lib/dot/items.jst index 8c0f5acb5..acc932a26 100644 --- a/lib/dot/items.jst +++ b/lib/dot/items.jst @@ -96,5 +96,3 @@ var {{=$valid}}; {{= $closingBraces }} if ({{=$errs}} == errors) { {{?}} - -{{# def.cleanUp }} diff --git a/lib/dot/properties.jst b/lib/dot/properties.jst index 862067e75..f3de23650 100644 --- a/lib/dot/properties.jst +++ b/lib/dot/properties.jst @@ -240,5 +240,3 @@ var {{=$nextValid}} = true; {{= $closingBraces }} if ({{=$errs}} == errors) { {{?}} - -{{# def.cleanUp }} diff --git a/lib/dot/propertyNames.jst b/lib/dot/propertyNames.jst index ee52b2151..d456ccafc 100644 --- a/lib/dot/propertyNames.jst +++ b/lib/dot/propertyNames.jst @@ -50,5 +50,3 @@ var {{=$errs}} = errors; {{= $closingBraces }} if ({{=$errs}} == errors) { {{?}} - -{{# def.cleanUp }} diff --git a/lib/dot/validate.jst b/lib/dot/validate.jst index bae653ff6..fd833a535 100644 --- a/lib/dot/validate.jst +++ b/lib/dot/validate.jst @@ -254,12 +254,6 @@ var {{=$valid}} = errors === errs_{{=$lvl}}; {{?}} -{{# def.cleanUp }} - -{{? $top }} - {{# def.finalCleanUp }} -{{?}} - {{ function $shouldUseGroup($rulesGroup) { var rules = $rulesGroup.rules; diff --git a/spec/issues/388_code_clean-up.spec.js b/spec/issues/388_code_clean-up.spec.js deleted file mode 100644 index 9a0288362..000000000 --- a/spec/issues/388_code_clean-up.spec.js +++ /dev/null @@ -1,28 +0,0 @@ -'use strict'; - -var Ajv = require('../ajv'); -var should = require('../chai').should(); - - -describe('issue #388, code clean-up not working', function() { - it('should remove assignement to rootData if it is not used', function() { - var ajv = new Ajv; - var validate = ajv.compile({ - type: 'object', - properties: { - foo: { type: 'string' } - } - }); - var code = validate.toString(); - code.match(/rootData/g).length .should.equal(1); - }); - - it('should remove assignement to errors if they are not used', function() { - var ajv = new Ajv; - var validate = ajv.compile({ - type: 'object' - }); - var code = validate.toString(); - should.equal(code.match(/[^.]errors|vErrors/g), null); - }); -}); From 65b2f7d76b190ac63a0d4e9154c712d7aa37049f Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Tue, 30 Jun 2020 19:30:48 +0100 Subject: [PATCH 07/13] validate numbers in schemas during schema compilation --- lib/dot/_limit.jst | 9 ++++++++ lib/dot/_limitItems.jst | 2 ++ lib/dot/_limitLength.jst | 2 ++ lib/dot/_limitProperties.jst | 2 ++ lib/dot/definitions.def | 7 ++++++ spec/ajv.spec.js | 44 ++++++++++++++++++++++++++++++++++++ 6 files changed, 66 insertions(+) diff --git a/lib/dot/_limit.jst b/lib/dot/_limit.jst index e10806fd3..f15218922 100644 --- a/lib/dot/_limit.jst +++ b/lib/dot/_limit.jst @@ -17,6 +17,15 @@ , $op = $isMax ? '<' : '>' , $notOp = $isMax ? '>' : '<' , $errorKeyword = undefined; + + if (!($isData || typeof $schema == 'number' || $schema === undefined)) { + throw new Error($keyword + ' must be number'); + } + if (!($isDataExcl || $schemaExcl === undefined + || typeof $schemaExcl == 'number' + || typeof $schemaExcl == 'boolean')) { + throw new Error($exclusiveKeyword + ' must be number or boolean'); + } }} {{? $isDataExcl }} diff --git a/lib/dot/_limitItems.jst b/lib/dot/_limitItems.jst index a3e078e51..741329e77 100644 --- a/lib/dot/_limitItems.jst +++ b/lib/dot/_limitItems.jst @@ -3,6 +3,8 @@ {{# def.setupKeyword }} {{# def.$data }} +{{# def.numberKeyword }} + {{ var $op = $keyword == 'maxItems' ? '>' : '<'; }} if ({{# def.$dataNotType:'number' }} {{=$data}}.length {{=$op}} {{=$schemaValue}}) { {{ var $errorKeyword = $keyword; }} diff --git a/lib/dot/_limitLength.jst b/lib/dot/_limitLength.jst index cfc8dbb01..285c66bd2 100644 --- a/lib/dot/_limitLength.jst +++ b/lib/dot/_limitLength.jst @@ -3,6 +3,8 @@ {{# def.setupKeyword }} {{# def.$data }} +{{# def.numberKeyword }} + {{ var $op = $keyword == 'maxLength' ? '>' : '<'; }} if ({{# def.$dataNotType:'number' }} {{# def.strLength }} {{=$op}} {{=$schemaValue}}) { {{ var $errorKeyword = $keyword; }} diff --git a/lib/dot/_limitProperties.jst b/lib/dot/_limitProperties.jst index da7ea776f..c4c21551a 100644 --- a/lib/dot/_limitProperties.jst +++ b/lib/dot/_limitProperties.jst @@ -3,6 +3,8 @@ {{# def.setupKeyword }} {{# def.$data }} +{{# def.numberKeyword }} + {{ var $op = $keyword == 'maxProperties' ? '>' : '<'; }} if ({{# def.$dataNotType:'number' }} Object.keys({{=$data}}).length {{=$op}} {{=$schemaValue}}) { {{ var $errorKeyword = $keyword; }} diff --git a/lib/dot/definitions.def b/lib/dot/definitions.def index 162231a8e..db4ea6f32 100644 --- a/lib/dot/definitions.def +++ b/lib/dot/definitions.def @@ -138,6 +138,13 @@ #}} +{{## def.numberKeyword: + {{? !($isData || typeof $schema == 'number') }} + {{ throw new Error($keyword + ' must be number'); }} + {{?}} +#}} + + {{## def.beginDefOut: {{ var $$outStack = $$outStack || []; diff --git a/spec/ajv.spec.js b/spec/ajv.spec.js index e3bf766b7..88cf13a74 100644 --- a/spec/ajv.spec.js +++ b/spec/ajv.spec.js @@ -512,5 +512,49 @@ describe('Ajv', function () { }); }); }); + + describe('sub-schema validation outside of definitions during compilation', function() { + it('maximum', function() { + passValidationThrowCompile({ + $ref: '#/foo', + foo: {maximum: 'bar'} + }); + }); + + it('exclusiveMaximum', function() { + passValidationThrowCompile({ + $ref: '#/foo', + foo: {exclusiveMaximum: 'bar'} + }); + }); + + it('maxItems', function() { + passValidationThrowCompile({ + $ref: '#/foo', + foo: {maxItems: 'bar'} + }); + }); + + it('maxLength', function() { + passValidationThrowCompile({ + $ref: '#/foo', + foo: {maxLength: 'bar'} + }); + }); + + it('maxProperties', function() { + passValidationThrowCompile({ + $ref: '#/foo', + foo: {maxProperties: 'bar'} + }); + }); + + function passValidationThrowCompile(schema) { + ajv.validateSchema(schema) .should.equal(true); + should.throw(function() { + ajv.compile(schema); + }); + } + }); }); }); From 1105fd5ad9afdb08656db33ba222191036870785 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Tue, 30 Jun 2020 19:56:19 +0100 Subject: [PATCH 08/13] ignore proto properties --- lib/dot/properties.jst | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/dot/properties.jst b/lib/dot/properties.jst index f3de23650..5cebb9b12 100644 --- a/lib/dot/properties.jst +++ b/lib/dot/properties.jst @@ -28,9 +28,9 @@ , $nextData = 'data' + $dataNxt , $dataProperties = 'dataProperties' + $lvl; - var $schemaKeys = Object.keys($schema || {}) + var $schemaKeys = Object.keys($schema || {}).filter(notProto) , $pProperties = it.schema.patternProperties || {} - , $pPropertyKeys = Object.keys($pProperties) + , $pPropertyKeys = Object.keys($pProperties).filter(notProto) , $aProperties = it.schema.additionalProperties , $someProperties = $schemaKeys.length || $pPropertyKeys.length , $noAdditional = $aProperties === false @@ -42,8 +42,11 @@ , $currentBaseId = it.baseId; var $required = it.schema.required; - if ($required && !(it.opts.$data && $required.$data) && $required.length < it.opts.loopRequired) + if ($required && !(it.opts.$data && $required.$data) && $required.length < it.opts.loopRequired) { var $requiredHash = it.util.toHash($required); + } + + function notProto(p) { return p !== '__proto__'; } }} From 9c009a96ab9b2289211b3ed20a0b5fad4b8defe8 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Wed, 1 Jul 2020 10:00:58 +0100 Subject: [PATCH 09/13] validate numbers in multipleOf --- lib/dot/multipleOf.jst | 2 ++ spec/ajv.spec.js | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/lib/dot/multipleOf.jst b/lib/dot/multipleOf.jst index 5f8dd33b5..6d88a456f 100644 --- a/lib/dot/multipleOf.jst +++ b/lib/dot/multipleOf.jst @@ -3,6 +3,8 @@ {{# def.setupKeyword }} {{# def.$data }} +{{# def.numberKeyword }} + var division{{=$lvl}}; if ({{?$isData}} {{=$schemaValue}} !== undefined && ( diff --git a/spec/ajv.spec.js b/spec/ajv.spec.js index 88cf13a74..118a827ad 100644 --- a/spec/ajv.spec.js +++ b/spec/ajv.spec.js @@ -549,6 +549,13 @@ describe('Ajv', function () { }); }); + it('multipleOf', function() { + passValidationThrowCompile({ + $ref: '#/foo', + foo: {maxProperties: 'bar'} + }); + }); + function passValidationThrowCompile(schema) { ajv.validateSchema(schema) .should.equal(true); should.throw(function() { From 68d72c41d5eca933404cfcf909856b61ab3b6251 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Wed, 1 Jul 2020 10:42:57 +0100 Subject: [PATCH 10/13] update regex --- lib/compile/util.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/compile/util.js b/lib/compile/util.js index f232a6fb1..5d54e2efb 100644 --- a/lib/compile/util.js +++ b/lib/compile/util.js @@ -137,6 +137,8 @@ function varReplace(str, dataVar, expr) { } + + function schemaHasRules(schema, rules) { if (typeof schema == 'boolean') return !schema; for (var key in schema) if (rules[key]) return true; @@ -215,7 +217,7 @@ function getData($data, lvl, paths) { function joinPaths (a, b) { if (a == '""') return b; - return (a + ' + ' + b).replace(/' \+ '/g, ''); + return (a + ' + ' + b).replace(/([^\\])' \+ '/g, '$1'); } From f2b1e3d2c89288561ee68d7459a41b7222cc520d Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Wed, 1 Jul 2020 11:25:30 +0100 Subject: [PATCH 11/13] whitespace --- lib/compile/util.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/compile/util.js b/lib/compile/util.js index 5d54e2efb..ef07b8c75 100644 --- a/lib/compile/util.js +++ b/lib/compile/util.js @@ -137,8 +137,6 @@ function varReplace(str, dataVar, expr) { } - - function schemaHasRules(schema, rules) { if (typeof schema == 'boolean') return !schema; for (var key in schema) if (rules[key]) return true; From 988982d3fde08e3ea074e8942442834e78c45587 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Wed, 1 Jul 2020 11:56:05 +0100 Subject: [PATCH 12/13] ignore proto properties --- lib/dot/dependencies.jst | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/dot/dependencies.jst b/lib/dot/dependencies.jst index 9ff68a78d..e4bdddec8 100644 --- a/lib/dot/dependencies.jst +++ b/lib/dot/dependencies.jst @@ -19,6 +19,7 @@ , $ownProperties = it.opts.ownProperties; for ($property in $schema) { + if ($property == '__proto__') continue; var $sch = $schema[$property]; var $deps = Array.isArray($sch) ? $propertyDeps : $schemaDeps; $deps[$property] = $sch; From d6aabb8e97029130cdb607dcd2e78a6d567e10d5 Mon Sep 17 00:00:00 2001 From: Evgeny Poberezkin <2769109+epoberezkin@users.noreply.github.com> Date: Sat, 4 Jul 2020 14:01:07 +0100 Subject: [PATCH 13/13] test: remove node 8 from travis test --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 11a0afa18..80bb5bf49 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,7 +3,6 @@ before_script: - git submodule update --init - npm install -g codeclimate-test-reporter node_js: - - 8 - 10 - 12 - 14