@metamask/utils - npm Package Compare versions

Comparing version 6.0.0 to 6.0.1

CHANGELOG.md

@@ -9,2 +9,6 @@ # Changelog
 
+## [6.0.1]
+### Fixed
+- Strip `__proto__` and `constructor` JSON properties in `getSafeJson` ([#105](https://github.com/MetaMask/utils/pull/105))
+
 ## [6.0.0]
@@ -154,3 +158,4 @@ ### Changed
 
-[Unreleased]: https://github.com/MetaMask/utils/compare/v6.0.0...HEAD
+[Unreleased]: https://github.com/MetaMask/utils/compare/v6.0.1...HEAD
+[6.0.1]: https://github.com/MetaMask/utils/compare/v6.0.0...v6.0.1
 [6.0.0]: https://github.com/MetaMask/utils/compare/v5.0.2...v6.0.0
@@ -157,0 +162,0 @@ [5.0.2]: https://github.com/MetaMask/utils/compare/v5.0.1...v5.0.2

dist/json.js

@@ -37,3 +37,9 @@ "use strict";
     (0, assert_1.assertStruct)(value, exports.UnsafeJsonStruct);
-    return JSON.parse(JSON.stringify(value));
+    return JSON.parse(JSON.stringify(value, (propKey, propValue) => {
+        // Strip __proto__ and constructor properties to prevent prototype pollution.
+        if (propKey === '__proto__' || propKey === 'constructor') {
+            return undefined;
+        }
+        return propValue;
+    }));
 });
@@ -40,0 +46,0 @@ /**

package.json

 {
   "name": "@metamask/utils",
-  "version": "6.0.0",
+  "version": "6.0.1",
   "description": "Various JavaScript/TypeScript utilities of wide relevance to the MetaMask codebase",
@@ -5,0 +5,0 @@ "homepage": "https://github.com/MetaMask/utils#readme",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

723582

increased by0.12%

Lines of code

6839

increased by0.09%

No dependency changes