vm2 - npm Package Compare versions

Comparing version 3.9.15 to 3.9.16

CHANGELOG.md

@@ -0,1 +1,5 @@
+v3.9.16 (2023-04-11)
+--------------------
+[fix] Security fix (see https://github.com/patriksimek/vm2/issues/516).
+
 v3.9.15 (2023-04-06)
@@ -2,0 +6,0 @@ --------------------

lib/transformer.js

@@ -121,3 +121,3 @@
 						order: TO_RIGHT,
-						code: `catch($tmpname){try{throw ${INTERNAL_STATE_NAME}.handleException($tmpname);}`
+						coder: () => `catch(${tmpname}){try{throw(${tmpname}=${INTERNAL_STATE_NAME}.handleException(${tmpname}));}`
 					});
@@ -128,3 +128,3 @@ insertions.push({
 						order: TO_LEFT,
-						code: `}`
+						coder: () => `}`
 					});
@@ -139,3 +139,3 @@ } else {
 							order: TO_LEFT,
-							code: `${name}=${INTERNAL_STATE_NAME}.handleException(${name});`
+							coder: () => `${name}=${INTERNAL_STATE_NAME}.handleException(${name});`
 						});
@@ -150,3 +150,3 @@ }
 				order: TO_LEFT,
-				code: INTERNAL_STATE_NAME + '.wrapWith('
+				coder: () => INTERNAL_STATE_NAME + '.wrapWith('
 			});
@@ -157,3 +157,3 @@ insertions.push({
 				order: TO_RIGHT,
-				code: ')'
+				coder: () => ')'
 			});
@@ -173,3 +173,3 @@ } else if (nodeType === 'Identifier') {
 				order: TO_RIGHT,
-				code: INTERNAL_STATE_NAME + '.'
+				coder: () => INTERNAL_STATE_NAME + '.'
 			});
@@ -195,3 +195,3 @@ }
 		const change = insertions[i];
-		ncode += code.substring(curr, change.pos) + change.code.replace(/\$tmpname/g, tmpname);
+		ncode += code.substring(curr, change.pos) + change.coder();
 		curr = change.pos;
@@ -198,0 +198,0 @@ }

package.json

@@ -16,3 +16,3 @@ {
   ],
-  "version": "3.9.15",
+  "version": "3.9.16",
   "main": "index.js",
@@ -19,0 +19,0 @@ "sideEffects": false,

No alert changes

Improved metrics

Total package byte prevSize

212987

increased by0.07%

No dependency changes