From 8e8346b706bdb8d12646de91bb9bca45dfb0984a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 16 Feb 2022 21:57:15 +0100 Subject: [PATCH 1/5] chore: bump ajv from 6.12.2 to 6.12.6 (#115) Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.12.2 to 6.12.6. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](https://github.com/ajv-validator/ajv/compare/v6.12.2...v6.12.6) --- updated-dependencies: - dependency-name: ajv dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 36cc343..1c62975 100644 --- a/package-lock.json +++ b/package-lock.json @@ -995,9 +995,9 @@ "dev": true }, "ajv": { - "version": "6.12.2", - "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.2.tgz", - "integrity": "sha512-k+V+hzjm5q/Mr8ef/1Y9goCmlsK4I6Sm74teeyGvFk1XrOsbsKLjEdrvny42CZ+a8sXbk8KWpY/bDwS+FLL2UQ==", + "version": "6.12.6", + "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz", + "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==", "dev": true, "requires": { "fast-deep-equal": "^3.1.1", From 7f6b262ac83bdf43c53a7eb02417e56e0cf491c8 Mon Sep 17 00:00:00 2001 From: Gabba90 <55579499+Gabba90@users.noreply.github.com> Date: Thu, 17 Feb 2022 07:18:11 +0100 Subject: [PATCH 2/5] fix: allow objects with a null prototype in binary packets (#114) --- lib/binary.ts | 4 ++-- test/arraybuffer.js | 15 +++++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/binary.ts b/lib/binary.ts index 18700e6..65d9789 100644 --- a/lib/binary.ts +++ b/lib/binary.ts @@ -33,7 +33,7 @@ function _deconstructPacket(data, buffers) { } else if (typeof data === "object" && !(data instanceof Date)) { const newData = {}; for (const key in data) { - if (data.hasOwnProperty(key)) { + if (Object.prototype.hasOwnProperty.call(data, key)) { newData[key] = _deconstructPacket(data[key], buffers); } } @@ -68,7 +68,7 @@ function _reconstructPacket(data, buffers) { } } else if (typeof data === "object") { for (const key in data) { - if (data.hasOwnProperty(key)) { + if (Object.prototype.hasOwnProperty.call(data, key)) { data[key] = _reconstructPacket(data[key], buffers); } } diff --git a/test/arraybuffer.js b/test/arraybuffer.js index 6d44057..f81a2d0 100644 --- a/test/arraybuffer.js +++ b/test/arraybuffer.js @@ -14,6 +14,21 @@ describe("parser", () => { helpers.test_bin(packet, done); }); + it("encodes an ArrayBuffer into an object with a null prototype", (done) => { + const packet = { + type: PacketType.EVENT, + data: [ + "a", + Object.create(null, { + array: { value: new ArrayBuffer(2), enumerable: true }, + }), + ], + id: 0, + nsp: "/", + }; + helpers.test_bin(packet, done); + }); + it("encodes a TypedArray", (done) => { const array = new Uint8Array(5); for (let i = 0; i < array.length; i++) array[i] = i; From 0a3b556de39c0cb45dfe80c1917e5fc7ad09ea38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Feb 2022 07:18:40 +0100 Subject: [PATCH 3/5] chore: bump path-parse from 1.0.6 to 1.0.7 (#108) Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1c62975..bf28dd2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5759,9 +5759,9 @@ "dev": true }, "path-parse": { - "version": "1.0.6", - "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz", - "integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw==", + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz", + "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==", "dev": true }, "path-platform": { From 89209fa22adbe92767c912f445398f12de0f2ac2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 17 Feb 2022 07:19:50 +0100 Subject: [PATCH 4/5] chore: bump cached-path-relative from 1.0.2 to 1.1.0 (#113) Bumps [cached-path-relative](https://github.com/ashaffer/cached-path-relative) from 1.0.2 to 1.1.0. - [Release notes](https://github.com/ashaffer/cached-path-relative/releases) - [Commits](https://github.com/ashaffer/cached-path-relative/commits) --- updated-dependencies: - dependency-name: cached-path-relative dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index bf28dd2..128f89c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1897,9 +1897,9 @@ } }, "cached-path-relative": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/cached-path-relative/-/cached-path-relative-1.0.2.tgz", - "integrity": "sha512-5r2GqsoEb4qMTTN9J+WzXfjov+hjxT+j3u5K+kIVNIwAd99DLCJE9pBIMP1qVeybV6JiijL385Oz0DcYxfbOIg==", + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/cached-path-relative/-/cached-path-relative-1.1.0.tgz", + "integrity": "sha512-WF0LihfemtesFcJgO7xfOoOcnWzY/QHR4qeDqV44jPU3HTI54+LnfXK3SA27AVVGCdZFgjjFFaqUA9Jx7dMJZA==", "dev": true }, "caseless": { From aed252c74260f5cbfbd3f61307905a2277fab7ce Mon Sep 17 00:00:00 2001 From: Damien Arrachequesne Date: Thu, 17 Feb 2022 07:37:18 +0100 Subject: [PATCH 5/5] chore(release): 4.1.2 Diff: https://github.com/socketio/socket.io-parser/compare/4.1.1...4.1.2 --- CHANGELOG.md | 9 +++++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 553e701..a7e41a5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [4.1.2](https://github.com/socketio/socket.io-parser/compare/4.1.1...4.1.2) (2022-02-17) + + +### Bug Fixes + +* allow objects with a null prototype in binary packets ([#114](https://github.com/socketio/socket.io-parser/issues/114)) ([7f6b262](https://github.com/socketio/socket.io-parser/commit/7f6b262ac83bdf43c53a7eb02417e56e0cf491c8)) + + + ## [4.1.1](https://github.com/socketio/socket.io-parser/compare/4.1.0...4.1.1) (2021-10-14) diff --git a/package-lock.json b/package-lock.json index 128f89c..6ec91fd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "socket.io-parser", - "version": "4.1.1", + "version": "4.1.2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 4642926..2eb5ff8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "socket.io-parser", - "version": "4.1.1", + "version": "4.1.2", "description": "socket.io protocol parser", "repository": { "type": "git",