search

mattphillips / deep-object-diff

Deep diffs two objects, including nested structures of arrays and objects, and returns the difference. ❄️
https://www.npmjs.com/package/deep-object-diff
MIT License
1.05k stars 89 forks source link

Prevent prototype pollution of returned diff object #87

Closed mattphillips closed 1 year ago

mattphillips commented 1 year ago

Fixes #85

codecov-commenter commented 1 year ago

Codecov Report

Base: 100.00% // Head: 100.00% // No change to project coverage :thumbsup:

Coverage data is based on head (55f9c3c) compared to base (ba84464). Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #87 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 7 7 Lines 109 102 -7 Branches 36 36 ========================================= - Hits 109 102 -7 ``` | [Impacted Files](https://codecov.io/gh/mattphillips/deep-object-diff/pull/87?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matt+Phillips) | Coverage Δ | | |---|---|---| | [src/added.js](https://codecov.io/gh/mattphillips/deep-object-diff/pull/87/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matt+Phillips#diff-c3JjL2FkZGVkLmpz) | `100.00% <100.00%> (ø)` | | | [src/deleted.js](https://codecov.io/gh/mattphillips/deep-object-diff/pull/87/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matt+Phillips#diff-c3JjL2RlbGV0ZWQuanM=) | `100.00% <100.00%> (ø)` | | | [src/diff.js](https://codecov.io/gh/mattphillips/deep-object-diff/pull/87/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matt+Phillips#diff-c3JjL2RpZmYuanM=) | `100.00% <100.00%> (ø)` | | | [src/updated.js](https://codecov.io/gh/mattphillips/deep-object-diff/pull/87/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matt+Phillips#diff-c3JjL3VwZGF0ZWQuanM=) | `100.00% <100.00%> (ø)` | | | [src/utils.js](https://codecov.io/gh/mattphillips/deep-object-diff/pull/87/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matt+Phillips#diff-c3JjL3V0aWxzLmpz) | `100.00% <100.00%> (ø)` | | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matt+Phillips). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Matt+Phillips)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.

Retr02332 commented 1 year ago

Since the library was the one who executed the vulnerable action, it must be the one who validates the prototype. Therefore, if it is a security flaw.

Thank you very much for fixing this problem.