@naturalcycles/nodejs-lib 15.106.1 → 15.106.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -47,6 +47,8 @@ export function mergeJsonSchemaObjects(schema1, schema2) {
|
|
|
47
47
|
const s1 = schema1;
|
|
48
48
|
const s2 = schema2;
|
|
49
49
|
// Merge `properties`
|
|
50
|
+
// Not vulnerable to prototype pollution: writes to s1.properties (a nested object),
|
|
51
|
+
// where __proto__ assignment only changes that object's prototype, not Object.prototype.
|
|
50
52
|
Object.entries(s2.properties).forEach(([k, v]) => {
|
|
51
53
|
s1.properties[k] = v;
|
|
52
54
|
});
|
|
@@ -600,6 +600,7 @@ const TIMEZONES_FROM_WIKI = [
|
|
|
600
600
|
'WET',
|
|
601
601
|
'Zulu',
|
|
602
602
|
];
|
|
603
|
+
// oxlint-disable-next-line no-restricted-globals
|
|
603
604
|
const TIMEZONES_FROM_JS = Intl.supportedValuesOf('timeZone');
|
|
604
605
|
/**
|
|
605
606
|
* A complicated merge of timezones from the underlying Javascript engine
|
package/package.json
CHANGED
|
@@ -55,6 +55,8 @@ export function mergeJsonSchemaObjects<T1 extends AnyObject, T2 extends AnyObjec
|
|
|
55
55
|
const s2 = schema2 as any
|
|
56
56
|
|
|
57
57
|
// Merge `properties`
|
|
58
|
+
// Not vulnerable to prototype pollution: writes to s1.properties (a nested object),
|
|
59
|
+
// where __proto__ assignment only changes that object's prototype, not Object.prototype.
|
|
58
60
|
Object.entries(s2.properties).forEach(([k, v]) => {
|
|
59
61
|
s1.properties[k] = v
|
|
60
62
|
})
|