@apidevtools/json-schema-ref-parser 11.1.1 → 11.2.1

package/dist/lib/bundle.js

@@ -136,17 +136,17 @@ function inventory$Ref($refParent, $refKey, path, pathFromRoot, indirections, in
         }
     }
     inventory.push({
-        $ref,
-        parent: $refParent,
-        key: $refKey,
-        pathFromRoot,
-        depth,
-        file,
-        hash,
-        value: pointer.value,
-        circular: pointer.circular,
-        extended,
-        external,
+        $ref, // The JSON Reference (e.g. {$ref: string})
+        parent: $refParent, // The object that contains this $ref pointer
+        key: $refKey, // The key in `parent` that is the $ref pointer
+        pathFromRoot, // The path to the $ref pointer, from the JSON Schema root
+        depth, // How far from the JSON Schema root is this $ref pointer?
+        file, // The file that the $ref pointer resolves to
+        hash, // The hash within `file` that the $ref pointer resolves to
+        value: pointer.value, // The resolved value of the $ref pointer
+        circular: pointer.circular, // Is this $ref pointer DIRECTLY circular? (i.e. it references itself)
+        extended, // Does this $ref extend its resolved value? (i.e. it has extra properties, in addition to "$ref")
+        external, // Does this $ref pointer point to a file other than the main JSON Schema file?
         indirections, // The number of indirect references that were traversed to resolve the value
     });
     // Recursively crawl the resolved value

package/dist/lib/dereference.js

@@ -89,7 +89,7 @@ function crawl(obj, path, pathFromRoot, parents, processedObjects, dereferencedC
                         if (obj[key] !== dereferenced.value) {
                             obj[key] = dereferenced.value;
                             if (options.dereference.onDereference) {
-                                options.dereference.onDereference(value.$ref, obj[key]);
+                                options.dereference.onDereference(value.$ref, obj[key], obj, key);
                             }
                         }
                     }

package/dist/lib/normalize-args.d.ts

@@ -5,6 +5,6 @@ export default normalizeArgs;
 declare function normalizeArgs(_args: Partial<IArguments>): {
     path: string;
     schema: any;
-    options: import("./options.js").default;
+    options: any;
     callback: any;
 };

package/dist/lib/normalize-args.js

@@ -32,7 +32,12 @@ function normalizeArgs(_args) {
         schema = args[0];
         options = args[1];
     }
-    options = (0, options_js_1.getNewOptions)(options);
+    try {
+        options = (0, options_js_1.getNewOptions)(options);
+    }
+    catch (e) {
+        console.log(e);
+    }
     return {
         path,
         schema,

package/dist/lib/options.d.ts

@@ -65,10 +65,12 @@ interface $RefParserOptions {
         /**
          * Callback invoked during dereferencing.
          *
-         * @argument {string} path The path being dereferenced (ie. the `$ref` string).
-         * @argument {JSONSchemaObject} object The JSON-Schema that the `$ref` resolved to.
+         * @argument {string} path - The path being dereferenced (ie. the `$ref` string)
+         * @argument {JSONSchemaObject} value - The JSON-Schema that the `$ref` resolved to
+         * @argument {JSONSchemaObject} parent - The parent of the dereferenced object
+         * @argument {string} parentPropName - The prop name of the parent object whose value was dereferenced
          */
-        onDereference?(path: string, value: JSONSchemaObject): void;
+        onDereference?(path: string, value: JSONSchemaObject, parent?: JSONSchemaObject, parentPropName?: string): void;
         /**
          * Whether a reference should resolve relative to its directory/path, or from the cwd
          *

package/dist/lib/options.js

@@ -10,7 +10,6 @@ const text_js_1 = __importDefault(require("./parsers/text.js"));
 const binary_js_1 = __importDefault(require("./parsers/binary.js"));
 const file_js_1 = __importDefault(require("./resolvers/file.js"));
 const http_js_1 = __importDefault(require("./resolvers/http.js"));
-const lodash_clonedeep_1 = __importDefault(require("lodash.clonedeep"));
 const getDefaults = () => {
     const defaults = {
         /**
@@ -20,10 +19,10 @@ const getDefaults = () => {
          * your own implementation, or disable any parser by setting it to false.
          */
         parse: {
-            json: json_js_1.default,
-            yaml: yaml_js_1.default,
-            text: text_js_1.default,
-            binary: binary_js_1.default,
+            json: { ...json_js_1.default },
+            yaml: { ...yaml_js_1.default },
+            text: { ...text_js_1.default },
+            binary: { ...binary_js_1.default },
         },
         /**
          * Determines how JSON References will be resolved.
@@ -32,8 +31,8 @@ const getDefaults = () => {
          * your own implementation, or disable any resolver by setting it to false.
          */
         resolve: {
-            file: file_js_1.default,
-            http: http_js_1.default,
+            file: { ...file_js_1.default },
+            http: { ...http_js_1.default },
             /**
              * Determines whether external $ref pointers will be resolved.
              * If this option is disabled, then none of above resolvers will be called.
@@ -72,7 +71,7 @@ const getDefaults = () => {
             referenceResolution: "relative",
         },
     };
-    return (0, lodash_clonedeep_1.default)(defaults);
+    return defaults;
 };
 const getNewOptions = (options) => {
     const newOptions = getDefaults();
@@ -91,7 +90,8 @@ exports.getNewOptions = getNewOptions;
  */
 function merge(target, source) {
     if (isMergeable(source)) {
-        const keys = Object.keys(source);
+        // prevent prototype pollution
+        const keys = Object.keys(source).filter((key) => !["__proto__", "constructor", "prototype"].includes(key));
         for (let i = 0; i < keys.length; i++) {
             const key = keys[i];
             const sourceSetting = source[key];

package/dist/lib/parsers/yaml.js

@@ -21,7 +21,7 @@ exports.default = {
      * Parsers that don't match will be skipped, UNLESS none of the parsers match, in which case
      * every parser will be tried.
      */
-    canParse: [".yaml", ".yml", ".json"],
+    canParse: [".yaml", ".yml", ".json"], // JSON is valid YAML
     /**
      * Parses the given file as YAML
      *
@@ -32,7 +32,6 @@ exports.default = {
      * @returns
      */
     async parse(file) {
-        // eslint-disable-line require-await
         let data = file.data;
         if (Buffer.isBuffer(data)) {
             data = data.toString();

package/dist/lib/resolvers/http.js

@@ -44,7 +44,7 @@ exports.default = {
     /**
      * HTTP request timeout (in milliseconds).
      */
-    timeout: 5000,
+    timeout: 5000, // 5 seconds
     /**
      * The maximum number of HTTP redirects to follow.
      * To disable automatic following of redirects, set this to zero.

package/dist/vite.config.js

@@ -9,7 +9,6 @@ exports.default = (0, config_1.defineConfig)({
         exclude: ["**/__IGNORED__/**"],
         watch: false,
         globalSetup: isBrowser ? ["./test/fixtures/server.ts"] : undefined,
-        setupFiles: isBrowser ? ["./test/fixtures/polyfill.ts"] : undefined,
         testTimeout: 5000,
         globals: true,
         passWithNoTests: true,

package/lib/dereference.ts

@@ -107,7 +107,7 @@ function crawl(
             if (obj[key] !== dereferenced.value) {
               obj[key] = dereferenced.value;
               if (options.dereference.onDereference) {
-                options.dereference.onDereference(value.$ref, obj[key]);
+                options.dereference.onDereference(value.$ref, obj[key], obj, key);
               }
             }
           } else {

package/lib/normalize-args.ts

@@ -33,7 +33,11 @@ function normalizeArgs(_args: Partial<IArguments>) {
     options = args[1];
   }
 
-  options = getNewOptions(options);
+  try {
+    options = getNewOptions(options);
+  } catch (e) {
+    console.log(e);
+  }
 
   return {
     path,

package/lib/options.ts

@@ -4,7 +4,6 @@ import textParser from "./parsers/text.js";
 import binaryParser from "./parsers/binary.js";
 import fileResolver from "./resolvers/file.js";
 import httpResolver from "./resolvers/http.js";
-import cloneDeep from "lodash.clonedeep";
 
 import type { HTTPResolverOptions, JSONSchemaObject, Plugin, ResolverOptions } from "./types/index.js";
 
@@ -79,10 +78,12 @@ interface $RefParserOptions {
     /**
      * Callback invoked during dereferencing.
      *
-     * @argument {string} path The path being dereferenced (ie. the `$ref` string).
-     * @argument {JSONSchemaObject} object The JSON-Schema that the `$ref` resolved to.
+     * @argument {string} path - The path being dereferenced (ie. the `$ref` string)
+     * @argument {JSONSchemaObject} value - The JSON-Schema that the `$ref` resolved to
+     * @argument {JSONSchemaObject} parent - The parent of the dereferenced object
+     * @argument {string} parentPropName - The prop name of the parent object whose value was dereferenced
      */
-    onDereference?(path: string, value: JSONSchemaObject): void;
+    onDereference?(path: string, value: JSONSchemaObject, parent?: JSONSchemaObject, parentPropName?: string): void;
 
     /**
      * Whether a reference should resolve relative to its directory/path, or from the cwd
@@ -102,10 +103,10 @@ const getDefaults = () => {
      * your own implementation, or disable any parser by setting it to false.
      */
     parse: {
-      json: jsonParser,
-      yaml: yamlParser,
-      text: textParser,
-      binary: binaryParser,
+      json: { ...jsonParser },
+      yaml: { ...yamlParser },
+      text: { ...textParser },
+      binary: { ...binaryParser },
     },
 
     /**
@@ -115,8 +116,8 @@ const getDefaults = () => {
      * your own implementation, or disable any resolver by setting it to false.
      */
     resolve: {
-      file: fileResolver,
-      http: httpResolver,
+      file: { ...fileResolver },
+      http: { ...httpResolver },
 
       /**
        * Determines whether external $ref pointers will be resolved.
@@ -159,7 +160,7 @@ const getDefaults = () => {
       referenceResolution: "relative",
     },
   } as $RefParserOptions;
-  return cloneDeep(defaults);
+  return defaults;
 };
 
 export const getNewOptions = (options: DeepPartial<$RefParserOptions>): $RefParserOptions => {
@@ -180,7 +181,8 @@ export type ParserOptions = DeepPartial<$RefParserOptions>;
  */
 function merge(target: any, source: any) {
   if (isMergeable(source)) {
-    const keys = Object.keys(source);
+    // prevent prototype pollution
+    const keys = Object.keys(source).filter((key) => !["__proto__", "constructor", "prototype"].includes(key));
     for (let i = 0; i < keys.length; i++) {
       const key = keys[i];
       const sourceSetting = source[key];

package/lib/parsers/yaml.ts

@@ -33,7 +33,6 @@ export default {
    * @returns
    */
   async parse(file: FileInfo) {
-    // eslint-disable-line require-await
     let data = file.data;
     if (Buffer.isBuffer(data)) {
       data = data.toString();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apidevtools/json-schema-ref-parser",
-  "version": "11.1.1",
+  "version": "11.2.1",
   "description": "Parse, Resolve, and Dereference JSON Schema $ref pointers",
   "keywords": [
     "json",
@@ -57,7 +57,7 @@
   "scripts": {
     "prepublishOnly": "yarn build",
     "lint": "eslint lib",
-    "build": "rm -fr dist/* && tsc",
+    "build": "rimraf dist && tsc",
     "typecheck": "tsc --noEmit",
     "prettier": "prettier --write \"**/*.+(js|jsx|ts|tsx|har||json|css|md)\"",
     "test": "vitest --coverage",
@@ -67,35 +67,31 @@
     "test:watch": "vitest -w"
   },
   "devDependencies": {
-    "@types/eslint": "8.44.2",
-    "@types/js-yaml": "^4.0.6",
-    "@types/node": "^20.6.2",
-    "@typescript-eslint/eslint-plugin": "^6.7.2",
-    "@typescript-eslint/eslint-plugin-tslint": "^6.7.2",
-    "@typescript-eslint/parser": "^6.7.2",
-    "@vitest/coverage-v8": "^0.34.4",
-    "abortcontroller-polyfill": "^1.7.5",
+    "@types/eslint": "8.56.5",
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^18.19.21",
+    "@typescript-eslint/eslint-plugin": "^7.1.1",
+    "@typescript-eslint/parser": "^7.1.1",
+    "@vitest/coverage-v8": "^1.3.1",
     "cross-env": "^7.0.3",
-    "eslint": "^8.49.0",
-    "eslint-config-prettier": "^9.0.0",
+    "eslint": "^8.57.0",
+    "eslint-config-prettier": "^9.1.0",
     "eslint-config-standard": "^17.1.0",
-    "eslint-plugin-import": "^2.28.1",
-    "eslint-plugin-prettier": "^5.0.0",
+    "eslint-plugin-import": "^2.29.1",
+    "eslint-plugin-prettier": "^5.1.3",
     "eslint-plugin-promise": "^6.1.1",
-    "eslint-plugin-unused-imports": "^3.0.0",
-    "jsdom": "^22.1.0",
-    "lint-staged": "^14.0.1",
+    "eslint-plugin-unused-imports": "^3.1.0",
+    "jsdom": "^24.0.0",
     "node-fetch": "^3.3.2",
-    "prettier": "^3.0.3",
-    "typescript": "^5.2.2",
-    "vitest": "^0.34.4"
+    "prettier": "^3.2.5",
+    "rimraf": "^5.0.5",
+    "typescript": "^5.3.3",
+    "vitest": "^1.3.1"
   },
   "dependencies": {
     "@jsdevtools/ono": "^7.1.3",
-    "@types/json-schema": "^7.0.13",
-    "@types/lodash.clonedeep": "^4.5.7",
-    "js-yaml": "^4.1.0",
-    "lodash.clonedeep": "^4.5.0"
+    "@types/json-schema": "^7.0.15",
+    "js-yaml": "^4.1.0"
   },
   "release": {
     "branches": [
@@ -107,5 +103,6 @@
       "@semantic-release/npm",
       "@semantic-release/github"
     ]
-  }
+  },
+  "packageManager": "yarn@4.1.1"
 }