merge
merge copied to clipboard
swordev
Bumps [terser](https://github.com/terser/terser) from 5.3.8 to 5.14.2. Changelog Sourced from terser's changelog. v5.14.2 Security fix for RegExps that should not be evaluated (regexp DDOS) Source maps improvements (#1211) Performance improvements in...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [pathval](https://github.com/chaijs/pathval) from 1.1.0 to 1.1.1. Release notes Sourced from pathval's releases. v1.1.1 Fixes a security issue around prototype pollution. Commits db6c3e3 chore: v1.1.1 7859e0e Merge pull request #60 from...
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.14.7 to 4.16.6. - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](https://github.com/browserslist/browserslist/compare/4.14.7...4.16.6) Signed-off-by: dependabot[bot]
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2. Release notes Sourced from glob-parent's releases. v5.1.2 Bug Fixes eliminate ReDoS (#36) (f923116) Changelog Sourced from glob-parent's changelog. 5.1.2 (2021-03-06) Bug Fixes eliminate ReDoS...
Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.14.7 to 4.16.6. Changelog Sourced from browserslist's changelog. 4.16.6 Fixed npm-shrinkwrap.json support in --update-db (by Geoff Newman). 4.16.5 Fixed unsafe RegExp (by Yeting Li). 4.16.4 Fixed unsafe...
Treating them as an abstract data type which should not be cloned https://stackoverflow.com/questions/30626070/shallow-clone-a-map-or-set#comment72065146_30626071 and also prevents Prototype Pollution of `toString` and `hasOwnProperty`
In absence of a security policy I am creating the issue here. CVE-2020-28499 https://nvd.nist.gov/vuln/detail/CVE-2020-28499#match-6281551
I just got an issue with a Map resulting in an empty element :(
Thanks for sharing merge. When upgrading from v1 to v2 I found the following bug. Bit confused as what could have caused it as the clone code doesn't seem to...
