[core] Custom deepmerge implementation

[oliviertassinari]

Give a try. I'm curious about the bundle size reduction. I guess, 500 B.

Closes #17981.

[mui-pr-bot]

@material-ui/core: parsed: -0.46% 😍, gzip: -0.52% 😍
@material-ui/lab: parsed: -1.10% 😍, gzip: -1.05% 😍
@material-ui/styles: parsed: -1.90% 😍, gzip: -1.66% 😍
@material-ui/system: parsed: -6.02% 😍, gzip: -7.02% 😍

Details of bundle changes.

Comparing: cdc4b98...5ace5ab

bundle	Size Change	Size	Gzip Change	Gzip
Tooltip	▼ -1.59 kB (-1.60% )	97.5 kB	▼ -497 B (-1.58% )	30.9 kB
@material-ui/core	▼ -1.59 kB (-0.46% )	346 kB	▼ -496 B (-0.52% )	94.7 kB
TablePagination	▼ -1.59 kB (-1.14% )	138 kB	▼ -485 B (-1.19% )	40.3 kB
IconButton	▼ -1.59 kB (-2.09% )	74.4 kB	▼ -484 B (-2.05% )	23.2 kB
Fab	▼ -1.59 kB (-2.07% )	75.1 kB	▼ -481 B (-2.02% )	23.3 kB
ListItem	▼ -1.59 kB (-2.06% )	75.4 kB	▼ -481 B (-2.00% )	23.5 kB
ButtonBase	▼ -1.59 kB (-2.15% )	72.2 kB	▼ -480 B (-2.08% )	22.6 kB
MenuItem	▼ -1.59 kB (-2.04% )	76.4 kB	▼ -479 B (-1.97% )	23.8 kB
Popover	▼ -1.59 kB (-1.92% )	81 kB	▼ -477 B (-1.87% )	25 kB
Collapse	▼ -1.59 kB (-2.34% )	66.3 kB	▼ -476 B (-2.27% )	20.5 kB
TextField	▼ -1.59 kB (-1.31% )	120 kB	▼ -475 B (-1.34% )	35 kB
OutlinedInput	▼ -1.59 kB (-2.16% )	72.1 kB	▼ -473 B (-2.07% )	22.4 kB
StepIcon	▼ -1.59 kB (-2.46% )	63.1 kB	▼ -472 B (-2.35% )	19.6 kB
Backdrop	▼ -1.59 kB (-2.35% )	66.2 kB	▼ -471 B (-2.26% )	20.4 kB
MenuList	▼ -1.59 kB (-2.41% )	64.4 kB	▼ -471 B (-2.29% )	20.1 kB
FilledInput	▼ -1.59 kB (-2.17% )	71.5 kB	▼ -470 B (-2.08% )	22.2 kB
FormControl	▼ -1.59 kB (-2.47% )	62.7 kB	▼ -470 B (-2.36% )	19.4 kB
Select	▼ -1.59 kB (-1.41% )	111 kB	▼ -470 B (-1.40% )	33.1 kB
Input	▼ -1.59 kB (-2.21% )	70.5 kB	▼ -469 B (-2.09% )	22 kB
Typography	▼ -1.59 kB (-2.50% )	62.1 kB	▼ -469 B (-2.37% )	19.3 kB
InputBase	▼ -1.59 kB (-2.26% )	68.6 kB	▼ -468 B (-2.13% )	21.5 kB
Paper	▼ -1.59 kB (-2.55% )	60.8 kB	▼ -466 B (-2.41% )	18.9 kB
FormLabel	▼ -1.59 kB (-2.51% )	61.7 kB	▼ -464 B (-2.38% )	19.1 kB
SvgIcon	▼ -1.59 kB (-2.52% )	61.5 kB	▼ -463 B (-2.36% )	19.1 kB
List	▼ -1.59 kB (-2.55% )	60.8 kB	▼ -460 B (-2.38% )	18.9 kB
Checkbox	▼ -1.59 kB (-1.95% )	80 kB	▼ -500 B (-1.95% )	25.1 kB
Dialog	▼ -1.59 kB (-1.93% )	80.8 kB	▼ -495 B (-1.94% )	25.1 kB
CssBaseline	▼ -1.59 kB (-2.76% )	56 kB	▼ -483 B (-2.69% )	17.5 kB
Radio	▼ -1.59 kB (-1.93% )	80.9 kB	▼ -480 B (-1.85% )	25.4 kB
Drawer	▼ -1.59 kB (-1.88% )	82.7 kB	▼ -478 B (-1.83% )	25.6 kB
@material-ui/lab	▼ -1.59 kB (-1.10% )	143 kB	▼ -472 B (-1.05% )	44.6 kB
StepButton	▼ -1.59 kB (-1.93% )	80.6 kB	▼ -471 B (-1.83% )	25.3 kB
Menu	▼ -1.59 kB (-1.80% )	86.6 kB	▼ -465 B (-1.68% )	27.2 kB
Switch	▼ -1.59 kB (-1.97% )	79.2 kB	▼ -465 B (-1.85% )	24.7 kB
Hidden	▼ -1.59 kB (-2.40% )	64.5 kB	▼ -464 B (-2.25% )	20.2 kB
SpeedDial	▼ -1.59 kB (-1.85% )	84.3 kB	▼ -464 B (-1.72% )	26.5 kB
SwipeableDrawer	▼ -1.59 kB (-1.75% )	89 kB	▼ -464 B (-1.65% )	27.6 kB
Snackbar	▼ -1.59 kB (-2.06% )	75.6 kB	▼ -462 B (-1.92% )	23.5 kB
TableSortLabel	▼ -1.59 kB (-2.06% )	75.6 kB	▼ -462 B (-1.89% )	23.9 kB
SpeedDialAction	▼ -1.59 kB (-1.38% )	113 kB	▼ -461 B (-1.27% )	35.9 kB
TreeItem	▼ -1.59 kB (-2.16% )	71.8 kB	▼ -461 B (-2.00% )	22.6 kB
ToggleButton	▼ -1.59 kB (-2.09% )	74.4 kB	▼ -460 B (-1.92% )	23.5 kB
ExpansionPanel	▼ -1.59 kB (-2.23% )	69.5 kB	▼ -456 B (-2.06% )	21.7 kB
Tab	▼ -1.59 kB (-2.08% )	74.6 kB	▼ -456 B (-1.89% )	23.6 kB
ExpansionPanelSummary	▼ -1.59 kB (-2.04% )	76.3 kB	▼ -455 B (-1.86% )	24 kB
CardActionArea	▼ -1.59 kB (-2.12% )	73.3 kB	▼ -454 B (-1.92% )	23.1 kB
BottomNavigationAction	▼ -1.59 kB (-2.11% )	73.8 kB	▼ -452 B (-1.90% )	23.3 kB
CardMedia	▼ -1.59 kB (-2.55% )	60.8 kB	▼ -449 B (-2.30% )	19.1 kB
Slider	▼ -1.59 kB (-2.11% )	73.8 kB	▼ -449 B (-1.89% )	23.3 kB
Button	▼ -1.59 kB (-2.00% )	77.7 kB	▼ -448 B (-1.83% )	24.1 kB
ButtonGroup	▼ -1.59 kB (-2.47% )	62.6 kB	▼ -448 B (-2.24% )	19.5 kB
ListItemText	▼ -1.59 kB (-2.44% )	63.4 kB	▼ -448 B (-2.20% )	19.9 kB
Rating	▼ -1.59 kB (-2.27% )	68.3 kB	▼ -448 B (-2.01% )	21.8 kB
BottomNavigation	▼ -1.59 kB (-2.54% )	60.8 kB	▼ -447 B (-2.30% )	19 kB
StepConnector	▼ -1.59 kB (-2.53% )	61.1 kB	▼ -447 B (-2.28% )	19.2 kB
TableCell	▼ -1.59 kB (-2.48% )	62.5 kB	▼ -447 B (-2.23% )	19.6 kB
AppBar	▼ -1.59 kB (-2.48% )	62.3 kB	▼ -446 B (-2.24% )	19.5 kB
Box	▼ -1.59 kB (-2.24% )	69.2 kB	▼ -446 B (-2.09% )	20.9 kB
StepContent	▼ -1.59 kB (-2.30% )	67.4 kB	▼ -446 B (-2.08% )	21 kB
DialogTitle	▼ -1.59 kB (-2.47% )	62.7 kB	▼ -445 B (-2.21% )	19.7 kB
Divider	▼ -1.59 kB (-2.54% )	61 kB	▼ -445 B (-2.27% )	19.1 kB
NativeSelect	▼ -1.59 kB (-2.08% )	74.8 kB	▼ -445 B (-1.86% )	23.5 kB
Skeleton	▼ -1.59 kB (-2.54% )	60.9 kB	▼ -445 B (-2.28% )	19.1 kB
SnackbarContent	▼ -1.59 kB (-2.41% )	64.2 kB	▼ -445 B (-2.16% )	20.1 kB
Tabs	▼ -1.59 kB (-1.86% )	83.7 kB	▼ -445 B (-1.64% )	26.7 kB
InputAdornment	▼ -1.59 kB (-2.44% )	63.5 kB	▼ -444 B (-2.17% )	20 kB
Link	▼ -1.59 kB (-2.38% )	65 kB	▼ -444 B (-2.11% )	20.6 kB
RadioGroup	▼ -1.59 kB (-2.51% )	61.7 kB	▼ -444 B (-2.25% )	19.3 kB
SpeedDialIcon	▼ -1.59 kB (-2.46% )	63 kB	▼ -444 B (-2.20% )	19.8 kB
StepLabel	▼ -1.59 kB (-2.32% )	67 kB	▼ -444 B (-2.07% )	21 kB
Breadcrumbs	▼ -1.59 kB (-2.34% )	66.4 kB	▼ -443 B (-2.08% )	20.8 kB
DialogContent	▼ -1.59 kB (-2.55% )	60.6 kB	▼ -443 B (-2.28% )	19 kB
GridList	▼ -1.59 kB (-2.54% )	60.9 kB	▼ -443 B (-2.27% )	19.1 kB
Icon	▼ -1.59 kB (-2.53% )	61.2 kB	▼ -443 B (-2.26% )	19.1 kB
LinearProgress	▼ -1.59 kB (-2.43% )	63.7 kB	▼ -443 B (-2.18% )	19.8 kB
TableBody	▼ -1.59 kB (-2.56% )	60.5 kB	▼ -443 B (-2.29% )	18.9 kB
TableRow	▼ -1.59 kB (-2.54% )	60.9 kB	▼ -443 B (-2.27% )	19.1 kB
Card	▼ -1.59 kB (-2.53% )	61.3 kB	▼ -442 B (-2.26% )	19.2 kB
FormHelperText	▼ -1.59 kB (-2.51% )	61.7 kB	▼ -442 B (-2.24% )	19.3 kB
GridListTileBar	▼ -1.59 kB (-2.51% )	61.6 kB	▼ -442 B (-2.24% )	19.3 kB
Table	▼ -1.59 kB (-2.54% )	61 kB	▼ -442 B (-2.26% )	19.1 kB
Avatar	▼ -1.59 kB (-2.53% )	61.1 kB	▼ -441 B (-2.25% )	19.2 kB
CardContent	▼ -1.59 kB (-2.56% )	60.4 kB	▼ -441 B (-2.28% )	18.9 kB
FormGroup	▼ -1.59 kB (-2.56% )	60.4 kB	▼ -441 B (-2.28% )	18.9 kB
ListItemSecondaryAction	▼ -1.59 kB (-2.56% )	60.4 kB	▼ -441 B (-2.28% )	18.9 kB
TableHead	▼ -1.59 kB (-2.56% )	60.5 kB	▼ -441 B (-2.28% )	18.9 kB
Badge	▼ -1.59 kB (-2.43% )	63.8 kB	▼ -440 B (-2.18% )	19.7 kB
CardActions	▼ -1.59 kB (-2.56% )	60.5 kB	▼ -440 B (-2.27% )	18.9 kB
CardHeader	▼ -1.59 kB (-2.44% )	63.5 kB	▼ -440 B (-2.16% )	20 kB
DialogActions	▼ -1.59 kB (-2.56% )	60.5 kB	▼ -440 B (-2.27% )	18.9 kB
DialogContentText	▼ -1.59 kB (-2.48% )	62.5 kB	▼ -440 B (-2.20% )	19.6 kB
Grid	▼ -1.59 kB (-2.44% )	63.5 kB	▼ -440 B (-2.17% )	19.9 kB
InputLabel	▼ -1.59 kB (-2.44% )	63.5 kB	▼ -440 B (-2.18% )	19.8 kB
Step	▼ -1.59 kB (-2.54% )	61 kB	▼ -440 B (-2.25% )	19.1 kB
TableFooter	▼ -1.59 kB (-2.56% )	60.5 kB	▼ -440 B (-2.28% )	18.9 kB
Chip	▼ -1.59 kB (-2.25% )	69 kB	▼ -439 B (-2.02% )	21.3 kB
CircularProgress	▼ -1.59 kB (-2.48% )	62.5 kB	▼ -439 B (-2.18% )	19.7 kB
ExpansionPanelActions	▼ -1.59 kB (-2.56% )	60.5 kB	▼ -439 B (-2.27% )	18.9 kB
ExpansionPanelDetails	▼ -1.59 kB (-2.56% )	60.4 kB	▼ -439 B (-2.28% )	18.9 kB
FormControlLabel	▼ -1.59 kB (-2.42% )	63.9 kB	▼ -439 B (-2.14% )	20.1 kB
ListItemAvatar	▼ -1.59 kB (-2.56% )	60.5 kB	▼ -439 B (-2.27% )	18.9 kB
ListItemIcon	▼ -1.59 kB (-2.55% )	60.6 kB	▼ -439 B (-2.26% )	19 kB
Toolbar	▼ -1.59 kB (-2.55% )	60.7 kB	▼ -439 B (-2.26% )	19 kB
ListSubheader	▼ -1.59 kB (-2.53% )	61.2 kB	▼ -438 B (-2.23% )	19.2 kB
MobileStepper	▼ -1.59 kB (-2.34% )	66.2 kB	▼ -437 B (-2.08% )	20.6 kB
Container	▼ -1.59 kB (-2.52% )	61.6 kB	▼ -434 B (-2.21% )	19.2 kB
Stepper	▼ -1.59 kB (-2.45% )	63.3 kB	▼ -434 B (-2.14% )	19.9 kB
ToggleButtonGroup	▼ -1.59 kB (-2.51% )	61.6 kB	▼ -432 B (-2.18% )	19.3 kB
TreeView	▼ -1.59 kB (-2.41% )	64.4 kB	▼ -429 B (-2.08% )	20.2 kB
GridListTile	▼ -1.59 kB (-2.49% )	62.1 kB	▼ -427 B (-2.15% )	19.5 kB
@material-ui/core[umd]	▼ -1.43 kB (-0.46% )	305 kB	▼ -413 B (-0.47% )	87.9 kB
Grow	▼ -1.04 kB (-4.40% )	22.6 kB	▼ -448 B (-5.49% )	7.72 kB
Slide	▼ -1.04 kB (-4.13% )	24.1 kB	▼ -467 B (-5.38% )	8.21 kB
Zoom	▼ -1.04 kB (-4.48% )	22.1 kB	▼ -451 B (-5.60% )	7.61 kB
Fade	▼ -1.04 kB (-4.49% )	22 kB	▼ -447 B (-5.55% )	7.6 kB
styles/createMuiTheme	▼ -1.02 kB (-6.26% )	15.2 kB	▼ -433 B (-7.47% )	5.36 kB
@material-ui/styles	▼ -986 B (-1.90% )	50.8 kB	▼ -260 B (-1.66% )	15.4 kB
@material-ui/system	▼ -946 B (-6.02% )	14.8 kB	▼ -307 B (-7.02% )	4.07 kB
docs.main	▲ +515 B (+0.09% )	600 kB	▼ -19 B (-0.01% )	191 kB
RootRef	--	4.43 kB	▼ -4 B (-0.24% )	1.67 kB
useMediaQuery	--	2.49 kB	▼ -3 B (-0.29% )	1.05 kB
Modal	--	14.2 kB	▼ -2 B (-0.04% )	4.97 kB
Popper	--	28.3 kB	▲ +2 B (+0.02% )	10.2 kB
ClickAwayListener	--	3.85 kB	▲ +1 B (+0.06% )	1.55 kB
TextareaAutosize	--	5.06 kB	▲ +1 B (+0.05% )	2.11 kB
colorManipulator	--	3.83 kB	--	1.52 kB
docs.landing	--	54.8 kB	--	14.5 kB
NoSsr	--	2.19 kB	--	1.04 kB
Portal	--	2.87 kB	--	1.29 kB

Generated by 🚫 dangerJS against 5ace5ab

[oliviertassinari]

Performance seems to be better too.

[eps1lon]

This is vulnerable to prototype pollution which is prevented in deepmerge.

[oliviertassinari]

What do you mean by prototype pollution? Should we add a test case about it? The aim of this new module is to support simple objects deep merge.

[eps1lon]

What do you mean by prototype pollution? Should we add a test case about it? The aim of this new module is to support simple objects deep merge.

There are several CVEs out there describing this security issue. Since this is a public function and we don't sanitize the passed theme and don't control the environment we need to address it.

Wide range of source:
https://medium.com/node-modules/what-is-prototype-pollution-and-why-is-it-such-a-big-deal-2dd8d89a93c
https://snyk.io/blog/after-three-years-of-silence-a-new-jquery-prototype-pollution-vulnerability-emerges-once-again/
https://www.reddit.com/r/programming/comments/7xxqx1/prototype_pollution_attack/

[oliviertassinari]

@eps1lon Thanks for the resources. I'm adding a test case, well spotted. { clone: false } reproduces the issue.

updated