Skip to content

Commit

Permalink
Merge pull request from GHSA-8j79-hfj5-f2xm
Browse files Browse the repository at this point in the history 
0.5.3
  • Loading branch information
@mcab
mcab committed Jun 28, 2022
2 parents 498134a + 9944584 commit b5e109a
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 2 deletions.
2 changes: 1 addition & 1 deletion package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
@@ -1,6 +1,6 @@
{
"name": "underscore.deep",
"version": "0.5.2",
"version": "0.5.3",
"description": "Underscore mixins for deeply nested objects",
"main": "underscore.deep.js",
"engines": {
Expand Down
10 changes: 10 additions & 0 deletions test/deepFromFlat.coffee
View file
Expand Up @@ -20,3 +20,13 @@ describe '_.deepFromFlat', ->
_(tests).each (test) ->
it "deepens #{JSON.stringify test.input}", ->
assert.deepEqual _.deepFromFlat(test.input), test.output

it "does not merge special `Object` properties", ->
_.deepFromFlat({ "__proto__.polluted1": true })
_.deepFromFlat({ "constructor.prototype.polluted2": true })
p1 = {}.polluted1
p2 = {}.polluted2
assert.strictEqual(p1, undefined)
assert.strictEqual(p2, undefined)
delete Object.prototype.polluted1
delete Object.prototype.polluted2
1 change: 1 addition & 0 deletions underscore.deep.coffee
View file
Expand Up @@ -136,6 +136,7 @@ module.exports =
key = parts.pop()
while parts.length
part = parts.shift()
continue if part in ["__proto__", "constructor", "prototype"]
t = t[part] = t[part] or {}
t[key] = o[k]
oo
Expand Down

0 comments on commit b5e109a

Please sign in to comment.