jtwalters · April 22, 2019 22:47
diff --git a/jquery-extend-3.4.0.js b/jquery-extend-3.4.0.js
 /**
 * For jQuery versions less than 3.4.0, this replaces the jQuery.extend
 * function with the one from jQuery 3.4.0, slightly modified (documented
 * below) to be compatible with older jQuery versions and browsers.
 *
 * This provides the Object.prototype pollution vulnerability fix to Drupal
 * installations running older jQuery versions, including the versions shipped
 * with Drupal core and https://www.drupal.org/project/jquery_update.
 *
 * @see https://github.com/jquery/jquery/pull/4333
 */

 (function (jQuery) {

 // Do not override jQuery.extend() if the jQuery version is already >=3.4.0.
 var versionParts = jQuery.fn.jquery.split('.');
 var majorVersion = parseInt(versionParts[0]);
 var minorVersion = parseInt(versionParts[1]);
 var patchVersion = parseInt(versionParts[2]);
 var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);
 if (
  (majorVersion > 3) ||
  (majorVersion === 3 && minorVersion > 4) ||
  (majorVersion === 3 && minorVersion === 4 && patchVersion > 0) ||
  (majorVersion === 3 && minorVersion === 4 && patchVersion === 0 && !isPreReleaseVersion)
 ) {
  return;
 }

 /**
 * This is almost verbatim copied from jQuery 3.4.0.
 *
 * Only two minor changes have been made:
 * - The call to isFunction() is changed to jQuery.isFunction().
 * - The two calls to Array.isArray() is changed to jQuery.isArray().
 *
 * The above two changes ensure compatibility with all older jQuery versions
 * (1.4.4 - 3.3.1) and older browser versions (e.g., IE8).
 */
 jQuery.extend = jQuery.fn.extend = function() {
  var options, name, src, copy, copyIsArray, clone,
    target = arguments[ 0 ] || {},
    i = 1,
    length = arguments.length,
    deep = false;

  // Handle a deep copy situation
  if ( typeof target === "boolean" ) {
    deep = target;

    // Skip the boolean and the target
    target = arguments[ i ] || {};
    i++;
  }

  // Handle case when target is a string or something (possible in deep copy)
  if ( typeof target !== "object" && !jQuery.isFunction( target ) ) {
    target = {};
  }

  // Extend jQuery itself if only one argument is passed
  if ( i === length ) {
    target = this;
    i--;
  }

  for ( ; i < length; i++ ) {

    // Only deal with non-null/undefined values
    if ( ( options = arguments[ i ] ) != null ) {

      // Extend the base object
      for ( name in options ) {
        copy = options[ name ];

        // Prevent Object.prototype pollution
        // Prevent never-ending loop
        if ( name === "__proto__" || target === copy ) {
          continue;
        }

        // Recurse if we're merging plain objects or arrays
        if ( deep && copy && ( jQuery.isPlainObject( copy ) ||
          ( copyIsArray = jQuery.isArray( copy ) ) ) ) {
          src = target[ name ];

          // Ensure proper type for the source value
          if ( copyIsArray && !jQuery.isArray( src ) ) {
            clone = [];
          } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) {
            clone = {};
          } else {
            clone = src;
          }
          copyIsArray = false;

          // Never move original objects, clone them
          target[ name ] = jQuery.extend( deep, clone, copy );

          // Don't bring in undefined values
        } else if ( copy !== undefined ) {
          target[ name ] = copy;
        }
      }
    }
  }

  // Return the modified object
  return target;
 };

 })(jQuery);
	/**
	* For jQuery versions less than 3.4.0, this replaces the jQuery.extend
	* function with the one from jQuery 3.4.0, slightly modified (documented
	* below) to be compatible with older jQuery versions and browsers.
	*
	* This provides the Object.prototype pollution vulnerability fix to Drupal
	* installations running older jQuery versions, including the versions shipped
	* with Drupal core and https://www.drupal.org/project/jquery_update.
	*
	* @see https://github.com/jquery/jquery/pull/4333
	*/

	(function (jQuery) {

	// Do not override jQuery.extend() if the jQuery version is already >=3.4.0.
	var versionParts = jQuery.fn.jquery.split('.');
	var majorVersion = parseInt(versionParts[0]);
	var minorVersion = parseInt(versionParts[1]);
	var patchVersion = parseInt(versionParts[2]);
	var isPreReleaseVersion = (patchVersion.toString() !== versionParts[2]);
	if (
	(majorVersion > 3) \|\|
	(majorVersion === 3 && minorVersion > 4) \|\|
	(majorVersion === 3 && minorVersion === 4 && patchVersion > 0) \|\|
	(majorVersion === 3 && minorVersion === 4 && patchVersion === 0 && !isPreReleaseVersion)
	) {
	return;
	}

	/**
	* This is almost verbatim copied from jQuery 3.4.0.
	*
	* Only two minor changes have been made:
	* - The call to isFunction() is changed to jQuery.isFunction().
	* - The two calls to Array.isArray() is changed to jQuery.isArray().
	*
	* The above two changes ensure compatibility with all older jQuery versions
	* (1.4.4 - 3.3.1) and older browser versions (e.g., IE8).
	*/
	jQuery.extend = jQuery.fn.extend = function() {
	var options, name, src, copy, copyIsArray, clone,
	target = arguments[ 0 ] \|\| {},
	i = 1,
	length = arguments.length,
	deep = false;

	// Handle a deep copy situation
	if ( typeof target === "boolean" ) {
	deep = target;

	// Skip the boolean and the target
	target = arguments[ i ] \|\| {};
	i++;
	}

	// Handle case when target is a string or something (possible in deep copy)
	if ( typeof target !== "object" && !jQuery.isFunction( target ) ) {
	target = {};
	}

	// Extend jQuery itself if only one argument is passed
	if ( i === length ) {
	target = this;
	i--;
	}

	for ( ; i < length; i++ ) {

	// Only deal with non-null/undefined values
	if ( ( options = arguments[ i ] ) != null ) {

	// Extend the base object
	for ( name in options ) {
	copy = options[ name ];

	// Prevent Object.prototype pollution
	// Prevent never-ending loop
	if ( name === "__proto__" \|\| target === copy ) {
	continue;
	}

	// Recurse if we're merging plain objects or arrays
	if ( deep && copy && ( jQuery.isPlainObject( copy ) \|\|
	( copyIsArray = jQuery.isArray( copy ) ) ) ) {
	src = target[ name ];

	// Ensure proper type for the source value
	if ( copyIsArray && !jQuery.isArray( src ) ) {
	clone = [];
	} else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) {
	clone = {};
	} else {
	clone = src;
	}
	copyIsArray = false;

	// Never move original objects, clone them
	target[ name ] = jQuery.extend( deep, clone, copy );

	// Don't bring in undefined values
	} else if ( copy !== undefined ) {
	target[ name ] = copy;
	}
	}
	}
	}

	// Return the modified object
	return target;
	};

	})(jQuery);