deepmerge
Advanced tools
Comparing version 4.1.2 to 4.2.0
@@ -0,1 +1,11 @@ | ||
| # [4.2.0](https://github.com/TehShrike/deepmerge/releases/tag/v4.2.0) | ||
| - Properties are now only overwritten if they exist on the target object and are enumerable. [#164](https://github.com/TehShrike/deepmerge/pull/164) | ||
| Technically this could probably be a patch release since "which properties get overwritten" wasn't documented and accidentally overwriting a built-in function or some function up the property chain would almost certainly be undesirable, but it feels like a gray area, so here we are with a feature version bump. | ||
| # [4.1.2](https://github.com/TehShrike/deepmerge/releases/tag/v4.1.2) | ||
| - Rolled back #167 since `Object.assign` breaks ES5 support. [55067352](https://github.com/TehShrike/deepmerge/commit/55067352a92c65a6c44a5165f3387720aae1e192) | ||
| # [4.1.1](https://github.com/TehShrike/deepmerge/releases/tag/v4.1.1) | ||
@@ -2,0 +12,0 @@ |
@@ -64,2 +64,15 @@ 'use strict'; | ||
| // Protects from prototype poisoning and unexpected merging up the prototype chain. | ||
| function propertyIsUnsafe(target, key) { | ||
| try { | ||
| return (key in target) // Properties are safe to merge if they don't exist in the target yet, | ||
| && !(Object.hasOwnProperty.call(target, key) // unsafe if they exist up the prototype chain, | ||
| && Object.propertyIsEnumerable.call(target, key)) // and also unsafe if they're nonenumerable. | ||
| } catch (unused) { | ||
| // Counterintuitively, it's safe to merge any property on a target that causes the `in` operator to throw. | ||
| // This happens when trying to copy an object in the source over a plain string in the target. | ||
| return false | ||
| } | ||
| } | ||
| function mergeObject(target, source, options) { | ||
@@ -73,2 +86,6 @@ var destination = {}; | ||
| getKeys(source).forEach(function(key) { | ||
| if (propertyIsUnsafe(target, key)) { | ||
| return | ||
| } | ||
| if (!options.isMergeableObject(source[key]) || !target[key]) { | ||
@@ -75,0 +92,0 @@ destination[key] = cloneUnlessOtherwiseSpecified(source[key], options); |
@@ -68,2 +68,15 @@ (function (global, factory) { | ||
| // Protects from prototype poisoning and unexpected merging up the prototype chain. | ||
| function propertyIsUnsafe(target, key) { | ||
| try { | ||
| return (key in target) // Properties are safe to merge if they don't exist in the target yet, | ||
| && !(Object.hasOwnProperty.call(target, key) // unsafe if they exist up the prototype chain, | ||
| && Object.propertyIsEnumerable.call(target, key)) // and also unsafe if they're nonenumerable. | ||
| } catch (unused) { | ||
| // Counterintuitively, it's safe to merge any property on a target that causes the `in` operator to throw. | ||
| // This happens when trying to copy an object in the source over a plain string in the target. | ||
| return false | ||
| } | ||
| } | ||
| function mergeObject(target, source, options) { | ||
@@ -77,2 +90,6 @@ var destination = {}; | ||
| getKeys(source).forEach(function(key) { | ||
| if (propertyIsUnsafe(target, key)) { | ||
| return | ||
| } | ||
| if (!options.isMergeableObject(source[key]) || !target[key]) { | ||
@@ -79,0 +96,0 @@ destination[key] = cloneUnlessOtherwiseSpecified(source[key], options); |
17
index.js
@@ -39,2 +39,15 @@ var defaultIsMergeableObject = require('is-mergeable-object') | ||
| // Protects from prototype poisoning and unexpected merging up the prototype chain. | ||
| function propertyIsUnsafe(target, key) { | ||
| try { | ||
| return (key in target) // Properties are safe to merge if they don't exist in the target yet, | ||
| && !(Object.hasOwnProperty.call(target, key) // unsafe if they exist up the prototype chain, | ||
| && Object.propertyIsEnumerable.call(target, key)) // and also unsafe if they're nonenumerable. | ||
| } catch (unused) { | ||
| // Counterintuitively, it's safe to merge any property on a target that causes the `in` operator to throw. | ||
| // This happens when trying to copy an object in the source over a plain string in the target. | ||
| return false | ||
| } | ||
| } | ||
| function mergeObject(target, source, options) { | ||
@@ -48,2 +61,6 @@ var destination = {} | ||
| getKeys(source).forEach(function(key) { | ||
| if (propertyIsUnsafe(target, key)) { | ||
| return | ||
| } | ||
| if (!options.isMergeableObject(source[key]) || !target[key]) { | ||
@@ -50,0 +67,0 @@ destination[key] = cloneUnlessOtherwiseSpecified(source[key], options) |
@@ -12,3 +12,3 @@ { | ||
| ], | ||
| "version": "4.1.2", | ||
| "version": "4.2.0", | ||
| "homepage": "https://github.com/TehShrike/deepmerge", | ||
@@ -15,0 +15,0 @@ "repository": { |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by10.91%
30037
- Lines of code
- increased by14.95%
346
No dependency changes