defaults-deep

defaults-deep copied to clipboard

Due to the lack of issues and PR's being responded to is has this project been abandoned?

acotty

Added a TypeScript definition, updated vulnerable devDependencies

3

Added a TypeScript definition file. I also updated some devDependencies that had vulnerabilities.

EvanDarwin

Prototype Pollution defaults-deep is vulnerable to prototype pollution. Properties of the `Object` prototype can be added or modified via `JSON.parse`, causing a denial of service condition or possibly remote code...

riddhi77

Address Prototype Pollution vulnerability

1

### TL;DR This vulnerability exposes language construct prototypes to unwanted modifications ```js defaultsDeep( {}, { constructor: { prototype: { isAdmin: true } } } ); console.log({}.isAdmin); // true for all...

omrilotan

fix: exclude `constructor.prototype`

1

Fix prototype pollution: - fix https://www.npmjs.com/advisories/778 - fix https://hackerone.com/reports/380878 (CVE-2018-16486) - add a test to prevent regressions Related commit: c873f341327ad885ff4d0f23b3d3bca31b0343e5 (exclude `__proto__`) in 2.4.0 Similar lodash fix: https://github.com/lodash/lodash/commit/90e6199a161b6445b01454517b40ef65ebecd2ad

pi0

Hello, If found this package pretty useful but the "missing" criteria doesn't match with my needs. So I would propose (as a new feature) having a custom, optional, callback as...

jhuliano