Merge branch 'release/1.7.2'

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: weekly
+    time: "04:00"
+  open-pull-requests-limit: 10

.github/workflows/nodejs.yml

@@ -0,0 +1,29 @@
+name: CI-test
+
+on:
+  push:
+    branches: '*'
+  pull_request:
+    branches: '*'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [12.x, 14.x, 15.x]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Test with Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v1
+      with:
+        node-version: ${{ matrix.node-version }}
+    - run: npx yarn install --frozen-lockfile
+    - run: npx prettier src/*.js --list-different || (echo 'Please correct file formatting using `yarn format` and try again.' && exit 1) 
+    - run: npx yarn test
+
+
+

.gitignore

@@ -8,3 +8,4 @@ test/test251.xlsx
 .versions
 .npm/
 package-lock.json
+dist/

CHANGELOG.md

@@ -1,4 +1,34 @@
-# Changelog
+# Changelog
+
+
+# 1.7.1 (2021-03-06)
+
+- Bump: Use semver properly so problem fixes can be roled out as fast as possilbe. 
+
+
+
+## 0.7.1 (2021-03-05)
+
+- Bump: Update lodash dependency
+
+
+## 0.7.0 (2021-03-03)
+
+- Fix: Code injection vulnerability processing literals
+- Fix: Return empty results in group by when input is empty #927
+
+
+
+### 0.6.5 (11.11.2020)
+
+- Fix: Do not include null in COUNT or AVG fixes #1251
+
+
+### 0.6.4 (24.09.2020)
+
+- Add: String and Number objects supported as values
+- Add: `JOIN USING` now supports String and Number objects 
+- Fix: File naming when exporting to Exel
 
 
 ### 0.6.2 (31.05.2020)
@@ -105,7 +135,7 @@
 * Fix: missing ORDER BY direction when calling toString on AST (#970)
 * Fix: Converting the syntax tree back to SQL with multple joins (#972)
 
-### 0.4.4 "Alsowm" (03.012.2017)
+### 0.4.4 "Alsowm" (03.12.2017)
 
 * Better: Better usage via unpkg.com
 * Better: Better usage via jsdelivr.com

CONTRIBUTING.md

@@ -15,7 +15,7 @@ For you to edit the source please do the following:
 - Run `npm test` to verify only the new test fails
 - Implement your contributions in `src/`
 - Run `npm test` and verify all tests are OK
-- Commit changes to git and push to your forked repo (including the `dist/` folder)
+- Commit changes to git and push to your forked repo
 - Click "Create Pull-request" when looking at your forked repo on Github
 
 _Please note that `npm test` will compile from `src/` and overwrite `dist/` before running all tests_ 

README.md

@@ -1,9 +1,13 @@
+<h2>
+Please use version 1.x as prior versions has a security flaw if you use user generated data to concat your SQL strings instead of providing them as a parameters to AlaSQL. 
+</h2>
+
 _AlaSQL is an open source project used on more than two million page views per month - and we appreciate any and all contributions we can get. [Please help out](https://github.com/agershun/alasql/labels/Please%20help%20out%21)._
 
 _Have a question? Ask on [Stack Overflow](http://stackoverflow.com/questions/ask?tags=AlaSQL) using the "alasql" tag._
 
 
-[![Build Status](https://travis-ci.org/agershun/alasql.svg?branch=develop)](https://travis-ci.org/agershun/alasql)
+[![CI-test](https://github.com/agershun/alasql/workflows/CI-test/badge.svg)](https://github.com/agershun/alasql/actions)
 [![NPM downloads](http://img.shields.io/npm/dm/alasql.svg?style=flat&label=npm%20downloads)](https://npm-stat.com/charts.html?package=alasql)
 [![OPEN open source software](https://img.shields.io/badge/Open--OSS-%E2%9C%94-brightgreen.svg)](http://open-oss.com)
 [![Release](https://img.shields.io/github/release/agershun/alasql.svg?label=Last%20release&a)](https://www.npmjs.com/package/alasql)
@@ -23,6 +27,8 @@ _Have a question? Ask on [Stack Overflow](http://stackoverflow.com/questions/ask
 <h2 align="center"><a href="http://alasql.org"><img src="https://cloud.githubusercontent.com/assets/1063454/19309516/94f8007e-9085-11e6-810f-62fd60b42185.png" alt="AlaSQL logo" styl="max-width:80%"/></a>
 </h2>
 
+
+
 AlaSQL - _( [à la](http://en.wiktionary.org/wiki/%C3%A0_la) [SQL](http://en.wikipedia.org/wiki/SQL) ) [ælæ ɛskju:ɛl]_ - is an open source SQL database for JavaScript with a strong focus on query speed and data source flexibility for both relational data and schemaless data.  It works in the web browser, Node.js, and mobile apps.
 
 This library is designed for:
@@ -116,7 +122,7 @@ For the browser: include [alasql.min.js](https://cdn.jsdelivr.net/npm/alasql)
 
 
 ```html
-<script src="https://cdn.jsdelivr.net/npm/alasql@0.6"></script>
+<script src="https://cdn.jsdelivr.net/npm/alasql@1.7"></script>
 ```
 
 

bin/alaserver.js

@@ -8,21 +8,23 @@
 var alasql = require('alasql');
 var http = require('http');
 var url = require('url');
-var port = (process.argv[2] || 1337)|0;
-if(!port) {
-	throw new Error('Wrong port number '+process.argv[3]);
+var port = (process.argv[2] || 1337) | 0;
+if (!port) {
+	throw new Error('Wrong port number ' + process.argv[3]);
 }
 
-http.createServer(function (req, res) {
-	var sql = decodeURI(url.parse(req.url).search).substr(1);
-	var a = '';
-	try {
-		a = alasql(sql);
-	} catch(err) {
-		a = err.toString();
-	};
-  	res.writeHead(200, {'Content-Type': 'application/json'});
-  	res.end(JSON.stringify(a));
-}).listen(port, '127.0.0.1');
+http
+	.createServer(function (req, res) {
+		var sql = decodeURI(url.parse(req.url).search).substr(1);
+		var a = '';
+		try {
+			a = alasql(sql);
+		} catch (err) {
+			a = err.toString();
+		}
+		res.writeHead(200, {'Content-Type': 'application/json'});
+		res.end(JSON.stringify(a));
+	})
+	.listen(port, '127.0.0.1');
 
-console.log('Server running at http://127.0.0.1:'+port+'/');
+console.log('Server running at http://127.0.0.1:' + port + '/');

bin/alasql-cli.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
- //
+//
 // Command line interface for Alasql
 // Version: 0.2.2
 // Date: 28.07.2015
@@ -12,39 +12,46 @@ let fs = require('fs');
 let stdin = process.openStdin();
 let yargs = require('yargs')
 	.strict()
-	.usage('AlaSQL command-line utility (version ' + alasql.version + ')\n\nUsage: $0 [options] [sql] [params]')
+	.usage(
+		'AlaSQL command-line utility (version ' +
+			alasql.version +
+			')\n\nUsage: $0 [options] [sql] [params]'
+	)
 
-.example('$0 "sql-statement"', 'Run SQL statement and output result as JSON')
+	.example('$0 "sql-statement"', 'Run SQL statement and output result as JSON')
 	.example('')
-	.example('$0 \'value of select 2+?\' 40', 'Outputs 42')
+	.example("$0 'value of select 2+?' 40", 'Outputs 42')
 	.example('')
-	.example('$0 \'select count(*) from txt()\' < city.txt', 'Count lines in city.txt')
+	.example("$0 'select count(*) from txt()' < city.txt", 'Count lines in city.txt')
 	.example('')
-	.example('$0 \'select * into xlsx("city.xlsx") from txt("city.txt")\'', 'Convert from txt to xlsx')
+	.example(
+		'$0 \'select * into xlsx("city.xlsx") from txt("city.txt")\'',
+		'Convert from txt to xlsx'
+	)
 	.example('')
 	.example('$0 --file file.sql France 1960', 'Run SQL from file with 2 parameters')
 
-.version('v', 'Echo AlaSQL version', alasql.version)
+	.version('v', 'Echo AlaSQL version', alasql.version)
 	.alias('v', 'version')
 
-.boolean('m')
+	.boolean('m')
 	.describe('m', 'Minify json output')
 	.alias('m', 'minify')
 
-.describe('f', 'Load SQL from file')
+	.describe('f', 'Load SQL from file')
 	.alias('f', 'file')
 	.nargs('f', 1)
 	.normalize('f')
 
-.help('h')
+	.help('h')
 	.alias('h', 'help')
 
-.epilog('\nMore information about the library: www.alasql.org')
+	.epilog('\nMore information about the library: www.alasql.org');
 
 let argv = yargs.argv;
 let sql = '';
 let params = [];
-let pipedData = ''
+let pipedData = '';
 stdin.on('data', function (chunk) {
 	pipedData += chunk;
 });
@@ -67,7 +74,6 @@ if (argv.f) {
 
 	sql = fs.readFileSync(argv.f, 'utf8').toString();
 	execute(sql, argv._);
-
 } else {
 	sql = argv._.shift() || '';
 
@@ -90,33 +96,37 @@ stdin.on('end', function () {
  * @returns {null} Result will be printet to console.log
  */
 function execute(sql, params) {
-
 	if (0 === sql.trim().length) {
-		console.error("\nNo SQL to process\n");
+		console.error('\nNo SQL to process\n');
 		yargs.showHelp();
 		process.exit(1);
 	}
 
 	for (var i = 1; i < params.length; i++) {
 		var a = params[i];
 		if (a[0] !== '"' && a[0] !== "'") {
-			if (+a == a) { // jshint ignore:line
+			if (+a == a) {
+				// jshint ignore:line
 				params[i] = +a;
 			}
 		}
 	}
 
-	alasql.promise(sql, params)
+	alasql
+		.promise(sql, params)
 		.then(function (res) {
 			if (!alasql.options.stdout) {
 				console.log(formatOutput(res));
 			}
 			process.exit(0);
-		}).catch(function (err) {
+		})
+		.catch(function (err) {
 			let errorJsonObj = JSON.parse(JSON.stringify(err, Object.getOwnPropertyNames(err)));
-			console.error(formatOutput({
-				error: errorJsonObj
-			}));
+			console.error(
+				formatOutput({
+					error: errorJsonObj,
+				})
+			);
 			process.exit(1);
 		});
 }
@@ -138,7 +148,6 @@ function isDirectory(filePath) {
 	return isDir;
 }
 
-
 /**
  * Format output
  *

bower.json

@@ -57,5 +57,5 @@
 		"bin",
 		"lib"
 	],
-	"version": "0.6.2"
+	"version": "1.7.2"
 }

console/style.css

@@ -1,11 +1,11 @@
 body {
-  font-family: arial;
-  font-size: 0.9em;
-  padding: 1%;
+	font-family: arial;
+	font-size: 0.9em;
+	padding: 1%;
 }
 
-#myprompt{
-  width: 80%;
-  font-size: 1.3em;
-  font-family: Consolas,Monaco, monospace;
+#myprompt {
+	width: 80%;
+	font-size: 1.3em;
+	font-family: Consolas, Monaco, monospace;
 }