express-fileupload
Advanced tools
Comparing version 1.1.9 to 1.1.10
@@ -1,3 +0,5 @@ | ||
const INVALID_KEYS = ['__proto__', 'constructor']; | ||
const OBJECT_PROTOTYPE_KEYS = Object.getOwnPropertyNames(Object.prototype); | ||
const ARRAY_PROTOTYPE_KEYS = Object.getOwnPropertyNames(Array.prototype); | ||
module.exports = function(data){ | ||
@@ -22,3 +24,4 @@ if (!data || data.length < 1) return {}; | ||
// Ensure we don't allow prototype pollution | ||
if (INVALID_KEYS.includes(k)) { | ||
const IN_ARRAY_PROTOTYPE = ARRAY_PROTOTYPE_KEYS.includes(k) && Array.isArray(current); | ||
if (OBJECT_PROTOTYPE_KEYS.includes(k) || IN_ARRAY_PROTOTYPE) { | ||
continue; | ||
@@ -36,3 +39,5 @@ } | ||
return d; | ||
}; | ||
}; |
{ | ||
"name": "express-fileupload", | ||
"version": "1.1.9", | ||
"version": "1.1.10", | ||
"author": "Richard Girges <richardgirges@gmail.com>", | ||
@@ -5,0 +5,0 @@ "description": "Simple express file upload middleware that wraps around Busboy", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
1212903
2247
0