objection - npm Package Compare versions

Comparing version 3.0.0-alpha.4 to 3.0.0-alpha.5

lib/utils/objectUtils.js

@@ -192,3 +192,2 @@ 'use strict';
   const out = [];
-  let outIdx = 0;
 
@@ -229,2 +228,7 @@ for (let i = 0, l = arrays.length; i < l; ++i) {
     const key = path[i];
+
+    if (!isSafeKey(key)) {
+      return inputObj;
+    }
+
     let child = obj[key];
@@ -248,3 +252,7 @@
   if (path.length > 0 && isObject(obj)) {
-    obj[path[path.length - 1]] = value;
+    const key = path[path.length - 1];
+
+    if (isSafeKey(key)) {
+      obj[key] = value;
+    }
   }
@@ -259,3 +267,7 @@
   for (let i = 0, l = keys.length; i < l; ++i) {
-    out[keys[i]] = values[i];
+    const key = keys[i];
+
+    if (isSafeKey(key)) {
+      out[key] = values[i];
+    }
   }
@@ -364,2 +376,6 @@
 
+function isSafeKey(key) {
+  return isNumber(key) || (isString(key) && key !== '__proto__');
+}
+
 module.exports = {
@@ -366,0 +382,0 @@ isEmpty,

package.json

 {
   "name": "objection",
-  "version": "3.0.0-alpha.4",
+  "version": "3.0.0-alpha.5",
   "description": "An SQL-friendly ORM for Node.js",
@@ -5,0 +5,0 @@ "main": "lib/objection.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

650246

increased by0.04%

Lines of code

20159

increased by0.05%

No dependency changes