Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
  • Loading branch information
rachaelshaw committed Aug 20, 2019
1 parent f2450c7 commit a621444
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions lib/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
// ### Tue Apr 3, 2018
// I added a patch based on https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
// in order to resolve https://hackerone.com/reports/310443
// -@mikermcneil
//
// ### Mon Aug 19, 2018
// I added a patch based on https://github.com/lodash/lodash/pull/4336/files
// in order to resolve https://snyk.io/vuln/SNYK-JS-LODASH-73638
// -@rachaelshaw
//
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Expand Down Expand Up @@ -639,17 +645,18 @@

// - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
// Patched from https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a#diff-001d0647fb00f8336795faccdec19a31R1249
// and https://github.com/lodash/lodash/pull/4336/commits/a01e4fa727e7294cb7b2845570ba96b206926790
//```
/**
* Gets the value at `key`, unless `key` is "__proto__".
* Gets the value at `key`, unless `key` is "__proto__" or "constructor".
*
* @private
* @param {Object} object The object to query.
* @param {string} key The key of the property to get.
* @returns {*} Returns the property value.
*/
function safeGet(object, key) {
return key == '__proto__'
return key == '__proto__' || (key === 'constructor' && typeof object[key] === 'function')
? undefined
: object[key];
}
Expand Down

0 comments on commit a621444

Please sign in to comment.