Comparing version 3.2.3 to 3.2.4
@@ -0,4 +1,8 @@ | ||
3.2.4 / 2021-02-12 | ||
================== | ||
* fix(utils): make clone() only copy own properties Automattic/mongoose#9876 | ||
3.2.3 / 2020-12-10 | ||
================== | ||
* fix(utils): avoid copying special properties like `__proto__` when merging and cloning | ||
* fix(utils): avoid copying special properties like `__proto__` when merging and cloning. Fix CVE-2020-35149 | ||
@@ -5,0 +9,0 @@ 3.2.2 / 2019-09-22 |
@@ -71,5 +71,4 @@ 'use strict'; | ||
var val; | ||
var k; | ||
for (k in obj) { | ||
for (const k of Object.keys(obj)) { | ||
// Not technically prototype pollution because this wouldn't merge properties | ||
@@ -299,9 +298,3 @@ // onto `Object.prototype`, but avoid properties like __proto__ as a precaution. | ||
exports.keys = Object.keys || function(obj) { | ||
var keys = []; | ||
for (var k in obj) if (obj.hasOwnProperty(k)) { | ||
keys.push(k); | ||
} | ||
return keys; | ||
}; | ||
exports.keys = Object.keys; | ||
@@ -308,0 +301,0 @@ /** |
{ | ||
"name": "mquery", | ||
"version": "3.2.3", | ||
"version": "3.2.4", | ||
"description": "Expressive query building for MongoDB", | ||
@@ -5,0 +5,0 @@ "main": "lib/mquery.js", |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
247333
6325