lodash
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎_baseTrim.js‎
Lines changed: 19 additions & 0 deletions b/‎_baseTrim.js‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎_trimmedEndIndex.js‎
Lines changed: 19 additions & 0 deletions b/‎_trimmedEndIndex.js‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎lodash.default.js‎
Lines changed: 1 addition & 1 deletion b/‎lodash.default.js‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎parseInt.js‎
Lines changed: 1 addition & 1 deletion b/‎parseInt.js‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎template.js‎
Lines changed: 21 additions & 0 deletions b/‎template.js‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎toNumber.js‎
Lines changed: 2 additions & 4 deletions b/‎toNumber.js‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎trim.js‎
Lines changed: 2 additions & 4 deletions b/‎trim.js‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎trimEnd.js‎
Lines changed: 2 additions & 4 deletions b/‎trimEnd.js‎
Lines changed: 2 additions & 4 deletions
@@ -1,4 +1,4 @@
-# lodash-es v4.17.20
+# lodash-es v4.17.21
 
 The [Lodash](https://lodash.com/) library exported as [ES](http://www.ecma-international.org/ecma-262/6.0/) modules.
 
@@ -7,4 +7,4 @@ Generated using [lodash-cli](https://www.npmjs.com/package/lodash-cli):
 $ lodash modularize exports=es -o ./
 ```
 
-See the [package source](https://github.com/lodash/lodash/tree/4.17.20-es) for more details.
+See the [package source](https://github.com/lodash/lodash/tree/4.17.21-es) for more details.
@@ -0,0 +1,19 @@
+import trimmedEndIndex from './_trimmedEndIndex.js';
+
+/** Used to match leading whitespace. */
+var reTrimStart = /^\s+/;
+
+/**
+ * The base implementation of `_.trim`.
+ *
+ * @private
+ * @param {string} string The string to trim.
+ * @returns {string} Returns the trimmed string.
+ */
+function baseTrim(string) {
+  return string
+    ? string.slice(0, trimmedEndIndex(string) + 1).replace(reTrimStart, '')
+    : string;
+}
+
+export default baseTrim;
@@ -0,0 +1,19 @@
+/** Used to match a single whitespace character. */
+var reWhitespace = /\s/;
+
+/**
+ * Used by `_.trim` and `_.trimEnd` to get the index of the last non-whitespace
+ * character of `string`.
+ *
+ * @private
+ * @param {string} string The string to inspect.
+ * @returns {number} Returns the index of the last non-whitespace character.
+ */
+function trimmedEndIndex(string) {
+  var index = string.length;
+
+  while (index-- && reWhitespace.test(string.charAt(index))) {}
+  return index;
+}
+
+export default trimmedEndIndex;
@@ -45,7 +45,7 @@ import toInteger from './toInteger.js';
 import lodash from './wrapperLodash.js';
 
 /** Used as the semantic version number. */
-var VERSION = '4.17.20';
+var VERSION = '4.17.21';
 
 /** Used to compose bitmasks for function metadata. */
 var WRAP_BIND_KEY_FLAG = 2;
 
@@ -1,6 +1,6 @@
 {
   "name": "lodash-es",
-  "version": "4.17.20",
+  "version": "4.17.21",
   "description": "Lodash exported as ES modules.",
   "keywords": "es6, modules, stdlib, util",
   "homepage": "https://lodash.com/custom-builds",
 
@@ -1,7 +1,7 @@
 import root from './_root.js';
 import toString from './toString.js';
 
-/** Used to match leading and trailing whitespace. */
+/** Used to match leading whitespace. */
 var reTrimStart = /^\s+/;
 
 /* Built-in method references for those with the same name as other `lodash` methods. */
 
@@ -10,11 +10,26 @@ import reInterpolate from './_reInterpolate.js';
 import templateSettings from './templateSettings.js';
 import toString from './toString.js';
 
+/** Error message constants. */
+var INVALID_TEMPL_VAR_ERROR_TEXT = 'Invalid `variable` option passed into `_.template`';
+
 /** Used to match empty string literals in compiled template source. */
 var reEmptyStringLeading = /\b__p \+= '';/g,
     reEmptyStringMiddle = /\b(__p \+=) '' \+/g,
     reEmptyStringTrailing = /(__e\(.*?\)|\b__t\)) \+\n'';/g;
 
+/**
+ * Used to validate the `validate` option in `_.template` variable.
+ *
+ * Forbids characters which could potentially change the meaning of the function argument definition:
+ * - "()," (modification of function parameters)
+ * - "=" (default value)
+ * - "[]{}" (destructuring of function parameters)
+ * - "/" (beginning of a comment)
+ * - whitespace
+ */
+var reForbiddenIdentifierChars = /[()=,{}\[\]\/\s]/;
+
 /**
  * Used to match
  * [ES template delimiters](http://ecma-international.org/ecma-262/7.0/#sec-template-literal-lexical-components).
@@ -210,6 +225,12 @@ function template(string, options, guard) {
   if (!variable) {
     source = 'with (obj) {\n' + source + '\n}\n';
   }
+  // Throw an error if a forbidden character was found in `variable`, to prevent
+  // potential command injection attacks.
+  else if (reForbiddenIdentifierChars.test(variable)) {
+    throw new Error(INVALID_TEMPL_VAR_ERROR_TEXT);
+  }
+
   // Cleanup code by stripping empty strings.
   source = (isEvaluating ? source.replace(reEmptyStringLeading, '') : source)
     .replace(reEmptyStringMiddle, '$1')
 
@@ -1,12 +1,10 @@
+import baseTrim from './_baseTrim.js';
 import isObject from './isObject.js';
 import isSymbol from './isSymbol.js';
 
 /** Used as references for various `Number` constants. */
 var NAN = 0 / 0;
 
-/** Used to match leading and trailing whitespace. */
-var reTrim = /^\s+|\s+$/g;
-
 /** Used to detect bad signed hexadecimal string values. */
 var reIsBadHex = /^[-+]0x[0-9a-f]+$/i;
 
@@ -56,7 +54,7 @@ function toNumber(value) {
   if (typeof value != 'string') {
     return value === 0 ? value : +value;
   }
-  value = value.replace(reTrim, '');
+  value = baseTrim(value);
   var isBinary = reIsBinary.test(value);
   return (isBinary || reIsOctal.test(value))
     ? freeParseInt(value.slice(2), isBinary ? 2 : 8)
 
@@ -1,13 +1,11 @@
 import baseToString from './_baseToString.js';
+import baseTrim from './_baseTrim.js';
 import castSlice from './_castSlice.js';
 import charsEndIndex from './_charsEndIndex.js';
 import charsStartIndex from './_charsStartIndex.js';
 import stringToArray from './_stringToArray.js';
 import toString from './toString.js';
 
-/** Used to match leading and trailing whitespace. */
-var reTrim = /^\s+|\s+$/g;
-
 /**
  * Removes leading and trailing whitespace or specified characters from `string`.
  *
@@ -33,7 +31,7 @@ var reTrim = /^\s+|\s+$/g;
 function trim(string, chars, guard) {
   string = toString(string);
   if (string && (guard || chars === undefined)) {
-    return string.replace(reTrim, '');
+    return baseTrim(string);
   }
   if (!string || !(chars = baseToString(chars))) {
     return string;
 
@@ -3,9 +3,7 @@ import castSlice from './_castSlice.js';
 import charsEndIndex from './_charsEndIndex.js';
 import stringToArray from './_stringToArray.js';
 import toString from './toString.js';
-
-/** Used to match leading and trailing whitespace. */
-var reTrimEnd = /\s+$/;
+import trimmedEndIndex from './_trimmedEndIndex.js';
 
 /**
  * Removes trailing whitespace or specified characters from `string`.
@@ -29,7 +27,7 @@ var reTrimEnd = /\s+$/;
 function trimEnd(string, chars, guard) {
   string = toString(string);
   if (string && (guard || chars === undefined)) {
-    return string.replace(reTrimEnd, '');
+    return string.slice(0, trimmedEndIndex(string) + 1);
   }
   if (!string || !(chars = baseToString(chars))) {
     return string;
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "lodash-es",`
`3`		`- "version": "4.17.20",`
	`3`	`+ "version": "4.17.21",`
`4`	`4`	`"description": "Lodash exported as ES modules.",`
`5`	`5`	`"keywords": "es6, modules, stdlib, util",`
`6`	`6`	`"homepage": "https://lodash.com/custom-builds",`