Skip to content

Commit 2f34e3d

Browse files
Merge pull request #57 from Open-Tech-Foundation/changeset-release/main
Version Packages (beta)
2 parents 37a1df8 + 24cb1bd commit 2f34e3d

3 files changed

Lines changed: 16 additions & 1 deletion

File tree

.changeset/pre.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
"playground": "0.0.0"
88
},
99
"changesets": [
10+
"good-cars-begin",
1011
"large-baboons-kiss"
1112
]
1213
}

packages/std/CHANGELOG.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,19 @@
11
# @opentf/std
22

3+
## 1.0.0-beta.2
4+
5+
### Minor Changes
6+
7+
- 37a1df8: 🛡️ Security Fixes Implemented:
8+
9+
Performed a security audit of all object-manipulation utilities and implemented strict key filtering to block access to sensitive keys (**proto**, constructor, prototype). The following utilities are now secured:
10+
11+
set.ts: Prevented path-based pollution of the global prototype.
12+
unset.ts: Blocked the ability to delete properties from the global prototype (preventing DoS attacks).
13+
merge.ts & mergeAll.ts: Added guards to prevent deep-merging from traversing into internal object properties.
14+
clone.ts: Ensured that cloning an object cannot inadvertently modify the prototype of the new instance.
15+
mapKeys.ts: Protected against transformation mappers that return sensitive key names.
16+
317
## 1.0.0-beta.1
418

519
### Patch Changes

packages/std/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@opentf/std",
3-
"version": "1.0.0-beta.1",
3+
"version": "1.0.0-beta.2",
44
"description": "The Modern JavaScript Standard Library. A lightweight, high-accuracy, and cross-runtime collection of essential utilities.",
55
"keywords": [
66
"collection",

0 commit comments

Comments
 (0)