Support Node.js 0.10 (Revert #1059) #1074
Conversation
index.js
Outdated
| @@ -484,7 +484,7 @@ Command.prototype.parse = function(argv) { | |||
| })[0]; | |||
| } | |||
|
|
|||
| if (this._execs.has(name)) { | |||
| if (this._execs[name]) { | |||
There was a problem hiding this comment.
Previously it was the following code.
if (this._execs[name] && typeof this._execs[name] !== 'function') {The function check was deleted because it was a code when it was an Array.
reference: #249
> a = []; a['filter']
[Function: filter]
> o = {}; o['filter']
undefined
There was a problem hiding this comment.
The function check is to avoid treating built-in functions like toString as though they are subcommands, so I recommend a revert to the full previous code.
(The problem the Set was fixing was correctly handling a built-in property that is not a function, which the old code gets wrong.)
There was a problem hiding this comment.
How about === true?
> o = {}; o['toString'] === true
falseThere was a problem hiding this comment.
I was just thinking something similar! Yes. Simple and elegant.
|
test failed: #1059 (comment) |
abetomo
force-pushed
the
support_node0.10_in_v2
branch
from
931e382
to
38b29eb
Compare
|
I'll do |
|
Thanks Abetomo. (I think I used publish tag 2_x with the previous 2.x publish, but then deleted it after publish. No need to delete it though. The publish tag needs to look different than a version number because they share same namespace.) |
|
I'm sorry! If you unpublish, you cannot publish again with that version. |
|
Bumping it to 2.20.3 is fine. (No worries.) |
|
This issue was responsibly reported by the Checkmarx Application Security Research Team. It was fixed in v2.20.3 (#1074) and v3.0.2(#1056). The Checkmarx vulnerability library lists this as: https://devhub.checkmarx.com/cve-details/Cx435a6fda-ca38/ |
Pull Request
Problem
#1073
Solution
Revert #1059
ChangeLog