Headline
CVE-2022-25907: prevent against prototype pollution · voodoocreation/ts-deepmerge@9be5148
The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.
@@ -3,7 +3,7 @@
"author": "Raice Hannay [email protected]",
"description": "A TypeScript deep merge function.",
"license": "ISC",
"version": "2.0.1",
"version": "2.0.2",
"keywords": [
"typescript",
"deep",
@@ -23,9 +23,9 @@
"test": "cross-env NODE_ENV=test jest --no-cache --config ./jest.config.js",
"test:all": "npm-run-all format typecheck lint test:coverage",
"test:coverage": "cross-env NODE_ENV=test jest --no-cache --coverage --config ./jest.config.js",
"typecheck": “tsc”
"typecheck": "tsc",
"prepack": “tsc”
},
"prepublish": "tsc",
"repository": {
"type": "git",
"url": “[email protected]:voodoocreation/ts-deepmerge.git”
@@ -36,18 +36,19 @@
"homepage": "https://github.com/voodoocreation/ts-deepmerge#readme",
"types": "dist/index.d.ts",
"devDependencies": {
"@types/jest": "^27.0.2",
"@typescript-eslint/eslint-plugin": "^5.0.0",
"@types/jest": "^28.1.4",
"@typescript-eslint/eslint-plugin": "^5.30.5",
"cross-env": "^7.0.3",
"eslint": "^8.0.0",
"eslint": "^8.19.0",
"eslint-config-voodoocreation": "^2.0.1",
"eslint-plugin-import": "^2.25.1",
"eslint-plugin-jest": "^25.0.5",
"eslint-plugin-import": "^2.26.0",
"eslint-plugin-jest": "^26.5.3",
"eslint-plugin-prefer-arrow": "^1.2.3",
"jest": "^27.2.5",
"jest": "^28.1.2",
"jest-environment-jsdom": "^28.1.2",
"npm-run-all": "^4.1.5",
"prettier": "^2.4.1",
"ts-jest": "^27.0.5",
"typescript": “^4.4.4”
"prettier": "^2.7.1",
"ts-jest": "^28.0.5",
"typescript": “^4.7.4”
}
}
Related news
The package ts-deepmerge before version 2.0.2 is vulnerable to Prototype Pollution due to missing sanitization of the `merge` function.