Comparing version 4.1.0 to 4.1.1
@@ -80,2 +80,5 @@ var isBuffer = require('is-buffer') | ||
while (key2 !== undefined) { | ||
if (key1 === '__proto__') { | ||
return | ||
} | ||
var type = Object.prototype.toString.call(recipient[key1]) | ||
@@ -82,0 +85,0 @@ var isobject = ( |
{ | ||
"name": "flat", | ||
"version": "4.1.0", | ||
"version": "4.1.1", | ||
"main": "index.js", | ||
@@ -5,0 +5,0 @@ "bin": "cli.js", |
@@ -473,2 +473,16 @@ /* globals suite test */ | ||
} | ||
test('should not pollute prototype', function () { | ||
unflatten({ | ||
'__proto__.polluted': true | ||
}); | ||
unflatten({ | ||
'prefix.__proto__.polluted': true | ||
}); | ||
unflatten({ | ||
'prefix.0.__proto__.polluted': true | ||
}); | ||
assert.notStrictEqual({}.polluted, true); | ||
}) | ||
}) | ||
@@ -475,0 +489,0 @@ |
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
21123
611
0