dojo - npm Package Compare versions
Comparing version 1.11.12 to 1.11.13
@@ -82,3 +82,3 @@ define(["../global", "../has", "./config", "require", "module"], function(global, has, config, require, module){ | ||
| var rev = "$Rev: ae6240e6 $".match(/[0-9a-f]{7,}/); | ||
| var rev = "$Rev: 64f5f46e $".match(/[0-9a-f]{7,}/); | ||
| dojo.version = { | ||
@@ -96,3 +96,3 @@ // summary: | ||
| major: 1, minor: 11, patch: 12, flag: "", | ||
| major: 1, minor: 11, patch: 13, flag: "", | ||
| revision: rev ? rev[0] : NaN, | ||
@@ -99,0 +99,0 @@ toString: function(){ |
@@ -34,2 +34,6 @@ define(["./kernel", "../has", "../sniff"], function(dojo, has){ | ||
| var p = parts[i]; | ||
| // Fix for prototype pollution CVE-2021-23450 | ||
| if (p === '__proto__' || p === 'constructor') { | ||
| return; | ||
| } | ||
| if(!(p in context)){ | ||
@@ -36,0 +40,0 @@ if(create){ |
| { | ||
| "name": "dojo", | ||
| "version": "1.11.12", | ||
| "version": "1.11.13", | ||
| "directories": { | ||
@@ -14,3 +14,3 @@ "lib": "." | ||
| "sinon": "1.12.2", | ||
| "dojo": "1.11.12" | ||
| "dojo": "1.11.13" | ||
| }, | ||
@@ -17,0 +17,0 @@ "main": "main", |
@@ -65,2 +65,16 @@ define([ | ||
| assert.deepEqual(test, { foo: { bar: 'test' } }); | ||
| // CVE-2021-23450 tests | ||
| // Test that you can't set fields on Object.prototype itself. | ||
| const obj = {}; | ||
| lang.setObject("__proto__.vuln", "polluted!", obj); | ||
| assert.isUndefined("anything".vuln); | ||
| // Test that you can't set fields on Object.constructor itself. | ||
| lang.setObject("constructor.vuln", "polluted!", obj); | ||
| assert.isUndefined("anything".constructor.vuln); | ||
| // Test that you can still set normal fields in an obj. | ||
| lang.setObject("foo.bar", "value for normal field", obj); | ||
| assert.strictEqual(obj.foo.bar, "value for normal field"); | ||
| }, | ||
@@ -67,0 +81,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.01%
4626680
- Lines of code
- increased by0.01%
137611