@forcecalendar/core 2.1.7 → 2.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/core/state/StateManager.js +7 -0
  2. package/package.json +1 -1
package/core/state/StateManager.js CHANGED
@@ -102,6 +102,13 @@ export class StateManager {
102
102
  updates = updates(oldState);
103
103
  }
104
104
 
105
+ // Sanitize keys to prevent prototype pollution
106
+ if (updates && typeof updates === 'object') {
107
+ delete updates.__proto__;
108
+ delete updates.constructor;
109
+ delete updates.prototype;
110
+ }
111
+
105
112
  // Create new state with updates
106
113
  const newState = {
107
114
  ...oldState,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@forcecalendar/core",
3
- "version": "2.1.7",
3
+ "version": "2.1.8",
4
4
  "type": "module",
5
5
  "private": false,
6
6
  "description": "A modern, lightweight, framework-agnostic calendar engine optimized for Salesforce",