mathjs 7.5.0 → 7.5.1

package/HISTORY.md

@@ -1,5 +1,10 @@
 # History
 
+# 2020-10-10, version 7.5.1
+
+- Fix object pollution vulnerability in `math.config`. Thanks Snyk.
+
+
 # 2020-10-07, version 7.5.0
 
 - Function `pickRandom` now allows randomly picking elements from matrices 

package/dist/math.js

@@ -6,8 +6,8 @@
  * It features real and complex numbers, units, matrices, a large set of
  * mathematical functions, and a flexible expression parser.
  *
- * @version 7.5.0
- * @date    2020-10-07
+ * @version 7.5.1
+ * @date    2020-10-10
  *
  * @license
  * Copyright (C) 2013-2020 Jos de Jong <wjosdejong@gmail.com>
@@ -1233,7 +1233,9 @@ function deepExtend(a, b) {
   }
 
   for (var prop in b) {
-    if (hasOwnProperty(b, prop)) {
+    // We check against prop not being in Object.prototype or Function.prototype
+    // to prevent polluting for example Object.__proto__.
+    if (hasOwnProperty(b, prop) && !(prop in Object.prototype) && !(prop in Function.prototype)) {
       if (b[prop] && b[prop].constructor === Object) {
         if (a[prop] === undefined) {
           a[prop] = {};
@@ -60659,7 +60661,7 @@ var createReplacer = /* #__PURE__ */Object(factory["a" /* factory */])(replacer_
   };
 });
 // CONCATENATED MODULE: ./src/version.js
-var version = '7.5.0'; // Note: This file is automatically generated when building math.js.
+var version = '7.5.1'; // Note: This file is automatically generated when building math.js.
 // Changes made in this file will be overwritten.
 // CONCATENATED MODULE: ./src/plain/number/constants.js
 var constants_pi = Math.PI;