From 8e8346b706bdb8d12646de91bb9bca45dfb0984a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Feb 2022 21:57:15 +0100 Subject: [PATCH 1/5] chore: bump ajv from 6.12.2 to 6.12.6 (#115) Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.12.2 to 6.12.6. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](https://github.com/ajv-validator/ajv/compare/v6.12.2...v6.12.6) --- updated-dependencies: - dependency-name: ajv dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 36cc343..1c62975 100644 --- a/package-lock.json +++ b/package-lock.json @@ -995,9 +995,9 @@ "dev": true }, "ajv": { - "version": "6.12.2", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.2.tgz", - "integrity": "sha512-k+V+hzjm5q/Mr8ef/1Y9goCmlsK4I6Sm74teeyGvFk1XrOsbsKLjEdrvny42CZ+a8sXbk8KWpY/bDwS+FLL2UQ==", + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "dev": true, "requires": { "fast-deep-equal": "^3.1.1", From 7f6b262ac83bdf43c53a7eb02417e56e0cf491c8 Mon Sep 17 00:00:00 2001 From: Gabba90 <55579499+Gabba90@users.noreply.github.com> Date: Thu, 17 Feb 2022 07:18:11 +0100 Subject: [PATCH 2/5] fix: allow objects with a null prototype in binary packets (#114) --- lib/binary.ts | 4 ++-- test/arraybuffer.js | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/binary.ts b/lib/binary.ts index 18700e6..65d9789 100644 --- a/lib/binary.ts +++ b/lib/binary.ts @@ -33,7 +33,7 @@ function _deconstructPacket(data, buffers) { } else if (typeof data === "object" && !(data instanceof Date)) { const newData = {}; for (const key in data) { - if (data.hasOwnProperty(key)) { + if (Object.prototype.hasOwnProperty.call(data, key)) { newData[key] = _deconstructPacket(data[key], buffers); } } @@ -68,7 +68,7 @@ function _reconstructPacket(data, buffers) { } } else if (typeof data === "object") { for (const key in data) { - if (data.hasOwnProperty(key)) { + if (Object.prototype.hasOwnProperty.call(data, key)) { data[key] = _reconstructPacket(data[key], buffers); } } diff --git a/test/arraybuffer.js b/test/arraybuffer.js index 6d44057..f81a2d0 100644 --- a/test/arraybuffer.js +++ b/test/arraybuffer.js @@ -14,6 +14,21 @@ describe("parser", () => { helpers.test_bin(packet, done); }); + it("encodes an ArrayBuffer into an object with a null prototype", (done) => { + const packet = { + type: PacketType.EVENT, + data: [ + "a", + Object.create(null, { + array: { value: new ArrayBuffer(2), enumerable: true }, + }), + ], + id: 0, + nsp: "/", + }; + helpers.test_bin(packet, done); + }); + it("encodes a TypedArray", (done) => { const array = new Uint8Array(5); for (let i = 0; i < array.length; i++) array[i] = i; From 0a3b556de39c0cb45dfe80c1917e5fc7ad09ea38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Feb 2022 07:18:40 +0100 Subject: [PATCH 3/5] chore: bump path-parse from 1.0.6 to 1.0.7 (#108) Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1c62975..bf28dd2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5759,9 +5759,9 @@ "dev": true }, "path-parse": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz", - "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", "dev": true }, "path-platform": { From 89209fa22adbe92767c912f445398f12de0f2ac2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Feb 2022 07:19:50 +0100 Subject: [PATCH 4/5] chore: bump cached-path-relative from 1.0.2 to 1.1.0 (#113) Bumps [cached-path-relative](https://github.com/ashaffer/cached-path-relative) from 1.0.2 to 1.1.0. - [Release notes](https://github.com/ashaffer/cached-path-relative/releases) - [Commits](https://github.com/ashaffer/cached-path-relative/commits) --- updated-dependencies: - dependency-name: cached-path-relative dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index bf28dd2..128f89c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1897,9 +1897,9 @@ } }, "cached-path-relative": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/cached-path-relative/-/cached-path-relative-1.0.2.tgz", - "integrity": "sha512-5r2GqsoEb4qMTTN9J+WzXfjov+hjxT+j3u5K+kIVNIwAd99DLCJE9pBIMP1qVeybV6JiijL385Oz0DcYxfbOIg==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/cached-path-relative/-/cached-path-relative-1.1.0.tgz", + "integrity": "sha512-WF0LihfemtesFcJgO7xfOoOcnWzY/QHR4qeDqV44jPU3HTI54+LnfXK3SA27AVVGCdZFgjjFFaqUA9Jx7dMJZA==", "dev": true }, "caseless": { From aed252c74260f5cbfbd3f61307905a2277fab7ce Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Thu, 17 Feb 2022 07:37:18 +0100 Subject: [PATCH 5/5] chore(release): 4.1.2 Diff: https://github.com/socketio/socket.io-parser/compare/4.1.1...4.1.2 --- CHANGELOG.md | 9 +++++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 553e701..a7e41a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [4.1.2](https://github.com/socketio/socket.io-parser/compare/4.1.1...4.1.2) (2022-02-17) + + +### Bug Fixes + +* allow objects with a null prototype in binary packets ([#114](https://github.com/socketio/socket.io-parser/issues/114)) ([7f6b262](https://github.com/socketio/socket.io-parser/commit/7f6b262ac83bdf43c53a7eb02417e56e0cf491c8)) + + + ## [4.1.1](https://github.com/socketio/socket.io-parser/compare/4.1.0...4.1.1) (2021-10-14) diff --git a/package-lock.json b/package-lock.json index 128f89c..6ec91fd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "socket.io-parser", - "version": "4.1.1", + "version": "4.1.2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 4642926..2eb5ff8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "socket.io-parser", - "version": "4.1.1", + "version": "4.1.2", "description": "socket.io protocol parser", "repository": { "type": "git", pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy