update to latest release #1451
update to latest release #1451
Conversation
️✅ There are no secrets present in this pull request anymore.If these secrets were true positive and are still valid, we highly recommend you to revoke them. 🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| catch (result) | ||
| { | ||
| if (typeof result !== 'undefined' && step.outputAs) | ||
| results[job.name][step.outputAs] = result |
Check warning
Code scanning / CodeQL
Prototype-polluting assignment Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI about 1 month ago
To fix the prototype pollution issue, we should ensure that the keys used in the results object cannot be __proto__, constructor, or prototype. This can be achieved by either using a Map object or by explicitly checking and rejecting these keys.
The best way to fix this without changing existing functionality is to add a check to reject these keys. This approach is straightforward and does not require significant changes to the existing code structure.
| @@ -309,2 +309,5 @@ | ||
| let previousStepName: string = name + '#prerequisites'; | ||
| if (job.name === '__proto__' || job.name === 'constructor' || job.name === 'prototype') { | ||
| throw new Error('Invalid job name: ' + job.name); | ||
| } | ||
| results[job.name] = {}; |
BREAKING CHANGE: moved to mixins for vertical and horizontal
mimicking Material UI
|
No description provided.