egg 3.23.0 → 3.24.0

package/index.d.ts

@@ -326,10 +326,11 @@ declare module 'egg' {
      * @property {String} textLimit - json body size limit, default 1mb
      * @property {Boolean} strict - json body strict mode, if set strict value true, then only receive object and array json body
      * @property {Number} queryString.arrayLimit - from item array length limit, default 100
-     * @property {Number} queryString.depth - json value deep lenght, default 5
-     * @property {Number} queryString.parameterLimit - paramter number limit ,default 1000
-     * @property {string[]} enableTypes - parser will only parse when request type hits enableTypes, default is ['json', 'form']
-     * @property {any} extendTypes - support extend types
+     * @property {Number} queryString.depth - json value deep length, default 5
+     * @property {Number} queryString.parameterLimit - parameter number limit, default 1000
+     * @property {String[]} enableTypes - parser will only parse when request type hits enableTypes, default is ['json', 'form']
+     * @property {Object} extendTypes - support extend types
+     * @property {String} onProtoPoisoning - Defines what action must take when parsing a JSON object with `__proto__`. Possible values are `'error'`, `'remove'` and `'ignore'`. Default is `'error'`, it will return `403` response when `Prototype-Poisoning` happen.
      */
     bodyParser: {
       enable: boolean;
@@ -351,6 +352,8 @@ declare module 'egg' {
         form: string[];
         text: string[];
       };
+      /** Default is `'error'`, it will return `403` response when `Prototype-Poisoning` happen. */
+      onProtoPoisoning: 'error' | 'remove' | 'ignore';
     };
 
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "egg",
-  "version": "3.23.0",
+  "version": "3.24.0",
   "publishConfig": {
     "tag": "latest"
   },