express-fileupload - npm Package Compare versions

Comparing version 1.1.9 to 1.1.10

lib/processNested.js

@@ -1,3 +0,5 @@
-const INVALID_KEYS = ['__proto__', 'constructor'];
+const OBJECT_PROTOTYPE_KEYS = Object.getOwnPropertyNames(Object.prototype);
+const ARRAY_PROTOTYPE_KEYS = Object.getOwnPropertyNames(Array.prototype);
 
+
 module.exports = function(data){
@@ -22,3 +24,4 @@ if (!data || data.length < 1) return {};
       // Ensure we don't allow prototype pollution
-      if (INVALID_KEYS.includes(k)) {
+      const IN_ARRAY_PROTOTYPE = ARRAY_PROTOTYPE_KEYS.includes(k) && Array.isArray(current);
+      if (OBJECT_PROTOTYPE_KEYS.includes(k) || IN_ARRAY_PROTOTYPE) {
         continue;
@@ -36,3 +39,5 @@ }
   
+  
+  
   return d;
-};
+};

package.json

 {
   "name": "express-fileupload",
-  "version": "1.1.9",
+  "version": "1.1.10",
   "author": "Richard Girges <richardgirges@gmail.com>",
@@ -5,0 +5,0 @@ "description": "Simple express file upload middleware that wraps around Busboy",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1212903

increased by0.02%

Lines of code

2247

increased by0.13%

Number of medium maintenance alerts

0

decreased by-100%

No dependency changes