deepmerge
Advanced tools
Comparing version 4.1.2 to 4.2.0
@@ -0,1 +1,11 @@ | ||
# [4.2.0](https://github.com/TehShrike/deepmerge/releases/tag/v4.2.0) | ||
- Properties are now only overwritten if they exist on the target object and are enumerable. [#164](https://github.com/TehShrike/deepmerge/pull/164) | ||
Technically this could probably be a patch release since "which properties get overwritten" wasn't documented and accidentally overwriting a built-in function or some function up the property chain would almost certainly be undesirable, but it feels like a gray area, so here we are with a feature version bump. | ||
# [4.1.2](https://github.com/TehShrike/deepmerge/releases/tag/v4.1.2) | ||
- Rolled back #167 since `Object.assign` breaks ES5 support. [55067352](https://github.com/TehShrike/deepmerge/commit/55067352a92c65a6c44a5165f3387720aae1e192) | ||
# [4.1.1](https://github.com/TehShrike/deepmerge/releases/tag/v4.1.1) | ||
@@ -2,0 +12,0 @@ |
@@ -64,2 +64,15 @@ 'use strict'; | ||
// Protects from prototype poisoning and unexpected merging up the prototype chain. | ||
function propertyIsUnsafe(target, key) { | ||
try { | ||
return (key in target) // Properties are safe to merge if they don't exist in the target yet, | ||
&& !(Object.hasOwnProperty.call(target, key) // unsafe if they exist up the prototype chain, | ||
&& Object.propertyIsEnumerable.call(target, key)) // and also unsafe if they're nonenumerable. | ||
} catch (unused) { | ||
// Counterintuitively, it's safe to merge any property on a target that causes the `in` operator to throw. | ||
// This happens when trying to copy an object in the source over a plain string in the target. | ||
return false | ||
} | ||
} | ||
function mergeObject(target, source, options) { | ||
@@ -73,2 +86,6 @@ var destination = {}; | ||
getKeys(source).forEach(function(key) { | ||
if (propertyIsUnsafe(target, key)) { | ||
return | ||
} | ||
if (!options.isMergeableObject(source[key]) || !target[key]) { | ||
@@ -75,0 +92,0 @@ destination[key] = cloneUnlessOtherwiseSpecified(source[key], options); |
@@ -68,2 +68,15 @@ (function (global, factory) { | ||
// Protects from prototype poisoning and unexpected merging up the prototype chain. | ||
function propertyIsUnsafe(target, key) { | ||
try { | ||
return (key in target) // Properties are safe to merge if they don't exist in the target yet, | ||
&& !(Object.hasOwnProperty.call(target, key) // unsafe if they exist up the prototype chain, | ||
&& Object.propertyIsEnumerable.call(target, key)) // and also unsafe if they're nonenumerable. | ||
} catch (unused) { | ||
// Counterintuitively, it's safe to merge any property on a target that causes the `in` operator to throw. | ||
// This happens when trying to copy an object in the source over a plain string in the target. | ||
return false | ||
} | ||
} | ||
function mergeObject(target, source, options) { | ||
@@ -77,2 +90,6 @@ var destination = {}; | ||
getKeys(source).forEach(function(key) { | ||
if (propertyIsUnsafe(target, key)) { | ||
return | ||
} | ||
if (!options.isMergeableObject(source[key]) || !target[key]) { | ||
@@ -79,0 +96,0 @@ destination[key] = cloneUnlessOtherwiseSpecified(source[key], options); |
17
index.js
@@ -39,2 +39,15 @@ var defaultIsMergeableObject = require('is-mergeable-object') | ||
// Protects from prototype poisoning and unexpected merging up the prototype chain. | ||
function propertyIsUnsafe(target, key) { | ||
try { | ||
return (key in target) // Properties are safe to merge if they don't exist in the target yet, | ||
&& !(Object.hasOwnProperty.call(target, key) // unsafe if they exist up the prototype chain, | ||
&& Object.propertyIsEnumerable.call(target, key)) // and also unsafe if they're nonenumerable. | ||
} catch (unused) { | ||
// Counterintuitively, it's safe to merge any property on a target that causes the `in` operator to throw. | ||
// This happens when trying to copy an object in the source over a plain string in the target. | ||
return false | ||
} | ||
} | ||
function mergeObject(target, source, options) { | ||
@@ -48,2 +61,6 @@ var destination = {} | ||
getKeys(source).forEach(function(key) { | ||
if (propertyIsUnsafe(target, key)) { | ||
return | ||
} | ||
if (!options.isMergeableObject(source[key]) || !target[key]) { | ||
@@ -50,0 +67,0 @@ destination[key] = cloneUnlessOtherwiseSpecified(source[key], options) |
@@ -12,3 +12,3 @@ { | ||
], | ||
"version": "4.1.2", | ||
"version": "4.2.0", | ||
"homepage": "https://github.com/TehShrike/deepmerge", | ||
@@ -15,0 +15,0 @@ "repository": { |
30037
346