Are all properties now intended to be readonly since `v0.6.1`? Error "TypeError: Cannot assign to read only property 'OtherProperty' of object '#<Object>'" after the update

Leonidas-from-XIV / node-xml2js

XML to JavaScript object converter.

MIT License

4.84k stars 596 forks source link

Are all properties now intended to be readonly since `v0.6.1`? Error "TypeError: Cannot assign to read only property 'OtherProperty' of object '#<Object>'" after the update #689

Closed ceisele-r closed 11 months ago

ceisele-r commented 11 months ago

After updating from v0.6.0 to v0.6.1, we are facing issues like the following:

TypeError: Cannot assign to read only property 'OtherProperty' of object '#<Object>'

The issue occurs when doing something like this:

const parser = new Parser();
const data = await parser.parseStringPromise(fileXml);
data.SomeProperty.OtherProperty = ["some"]; // Error happens here

Is it intended that all properties are now readonly (/is this the result of the recent CVE fixes)? I am wondering because when looking at the diff from v0.6.0 to v0.6.1, here it seems that properties should still be defined writable.

Leonidas-from-XIV commented 11 months ago

It is definitely not meant to be like this (and that would be a breaking change), so I am indeed surprised that they are read-only. As you point out this is a fix for the recent CVE that does not rely on filtering names so I am rather surprised it breaks in such a way. Need to investigate what is going on.

Gladly accepting patches to fix this.

Leonidas-from-XIV commented 11 months ago

I figured it out, the writable attribute was mistyped. In my tests things would just silently fail instead of showing an error but they would fail indeed. I've released 0.6.2 fixing this.

ceisele-r commented 11 months ago

@Leonidas-from-XIV thanks for the super fast resolution! This makes sense, it failed for us in strict mode.