Comparing version 1.3.5 to 1.3.6
@@ -83,2 +83,8 @@ exports.parse = exports.decode = decode | ||
| section = unsafe(match[1]) | ||
| if (section === '__proto__') { | ||
| // not allowed | ||
| // keep parsing the section, but don't attach it. | ||
| p = {} | ||
| return | ||
| } | ||
| p = out[section] = out[section] || {} | ||
@@ -98,2 +104,3 @@ return | ||
| key = key.substring(0, key.length - 2) | ||
| if (key === '__proto__') return | ||
| if (!p[key]) { | ||
@@ -130,2 +137,3 @@ p[key] = [] | ||
| parts.forEach(function (part, _, __) { | ||
| if (part === '__proto__') return | ||
| if (!p[part] || typeof p[part] !== 'object') p[part] = {} | ||
@@ -132,0 +140,0 @@ p = p[part] |
@@ -5,3 +5,3 @@ { | ||
| "description": "An ini encoder/decoder for node", | ||
| "version": "1.3.5", | ||
| "version": "1.3.6", | ||
| "repository": { | ||
@@ -17,3 +17,3 @@ "type": "git", | ||
| "postversion": "npm publish", | ||
| "postpublish": "git push origin --all; git push origin --tags" | ||
| "prepublishOnly": "git push origin --follow-tags" | ||
| }, | ||
@@ -20,0 +20,0 @@ "engines": { |
Fixed alerts
Deprecated
MaintenanceThe maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2.46%
9152
- Lines of code
- increased by4.6%
182
- Number of high maintenance alerts
- decreased by-100%
0
No dependency changes