Comparing version 1.3.5 to 1.3.6
@@ -83,2 +83,8 @@ exports.parse = exports.decode = decode | ||
section = unsafe(match[1]) | ||
if (section === '__proto__') { | ||
// not allowed | ||
// keep parsing the section, but don't attach it. | ||
p = {} | ||
return | ||
} | ||
p = out[section] = out[section] || {} | ||
@@ -98,2 +104,3 @@ return | ||
key = key.substring(0, key.length - 2) | ||
if (key === '__proto__') return | ||
if (!p[key]) { | ||
@@ -130,2 +137,3 @@ p[key] = [] | ||
parts.forEach(function (part, _, __) { | ||
if (part === '__proto__') return | ||
if (!p[part] || typeof p[part] !== 'object') p[part] = {} | ||
@@ -132,0 +140,0 @@ p = p[part] |
@@ -5,3 +5,3 @@ { | ||
"description": "An ini encoder/decoder for node", | ||
"version": "1.3.5", | ||
"version": "1.3.6", | ||
"repository": { | ||
@@ -17,3 +17,3 @@ "type": "git", | ||
"postversion": "npm publish", | ||
"postpublish": "git push origin --all; git push origin --tags" | ||
"prepublishOnly": "git push origin --follow-tags" | ||
}, | ||
@@ -20,0 +20,0 @@ "engines": { |
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
9152
182
0