Browse Source

Pull request #280112: REPORT-122294 lodash 低版本安全漏洞

Merge in DEC/fineui from ~FANGLEI/fineui-decision:release/11.0 to release/11.0

* commit 'e4aafdc056db6402ad1d670a20e4fa36133d5d58':
  REPORT-122294 lodash 低版本安全漏洞
master
fanglei-方磊 6 months ago committed by drew-倪梦威
parent
commit
bb260ec29a
  1. 8
      packages/fineui/src/core/1.lodash.js

8
packages/fineui/src/core/1.lodash.js

@ -14,7 +14,7 @@
var undefined; var undefined;
/** Used as the semantic version number. */ /** Used as the semantic version number. */
var VERSION = '4.17.5'; var VERSION = '4.17.21';
/** Used as the size to enable large array optimizations. */ /** Used as the size to enable large array optimizations. */
var LARGE_ARRAY_SIZE = 200; var LARGE_ARRAY_SIZE = 200;
@ -899,7 +899,7 @@
} }
/** /**
* Gets the value at `key`, unless `key` is "__proto__". * Gets the value at `key`, unless `key` is "__proto__" or "constructor".
* *
* @private * @private
* @param {Object} object The object to query. * @param {Object} object The object to query.
@ -907,6 +907,10 @@
* @returns {*} Returns the property value. * @returns {*} Returns the property value.
*/ */
function safeGet(object, key) { function safeGet(object, key) {
if (key === 'constructor' && typeof object[key] === 'function') {
return;
}
return key == '__proto__' return key == '__proto__'
? undefined ? undefined
: object[key]; : object[key];

Loading…
Cancel
Save