Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix new prototype pollution vulnerability
  • Loading branch information
skratchdot committed Jan 30, 2022
1 parent 577f529 commit 2d67a71
Show file tree
Hide file tree
Showing 4 changed files with 8,838 additions and 32 deletions.
4 changes: 3 additions & 1 deletion CHANGELOG.md
@@ -1,10 +1,12 @@
## Unreleased (2022-01-30)

## <small>1.0.1 (2020-07-25)</small>

- add prettier and `npm run build` ([1f34461](https://github.com/skratchdot/object-path-set/commit/1f34461))
- adding contributors ([5bf6e83](https://github.com/skratchdot/object-path-set/commit/5bf6e83))
- Bump eslint from 4.18.1 to 4.18.2 ([1756583](https://github.com/skratchdot/object-path-set/commit/1756583))
- fix prototype pollution vulnerability ([55f06d7](https://github.com/skratchdot/object-path-set/commit/55f06d7))
- formatting ([6bddc79](https://github.com/skratchdot/object-path-set/commit/6bddc79))
- formatting ([577f529](https://github.com/skratchdot/object-path-set/commit/577f529))
- rename tonic to runkit ([9c2f1ea](https://github.com/skratchdot/object-path-set/commit/9c2f1ea))
- small readme tweaks ([9750b7a](https://github.com/skratchdot/object-path-set/commit/9750b7a))
- travis runs node 6+ ([ac1969b](https://github.com/skratchdot/object-path-set/commit/ac1969b))
Expand Down
7 changes: 6 additions & 1 deletion index.js
Expand Up @@ -2,7 +2,12 @@

// https://github.com/jonschlinkert/assign-deep/commit/90bf1c551d05940898168d04066bbf15060f50cc
var isValidKey = function (key) {
return key !== '__proto__' && key !== 'constructor' && key !== 'prototype';
return (
typeof key === 'string' &&
key !== '__proto__' &&
key !== 'constructor' &&
key !== 'prototype'
);
};

var setPath = function (obj, path, value, delimiter) {
Expand Down

0 comments on commit 2d67a71

Please sign in to comment.