tools,doc: add guards against prototype pollution when creating proxies #43391
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review requested:
|
nodejs-github-bot
added
needs-ci
jasnell
approved these changes
Jun 13, 2022
aduh95
added
author ready
github-actions
bot
removed
the
request-ci
aduh95
added
commit-queue
nodejs-github-bot
added
commit-queue-failed
Commit Queue failed- Loading data for nodejs/node/pull/43391 ✔ Done loading data for nodejs/node/pull/43391 ----------------------------------- PR info ------------------------------------ Title tools,doc: add guards against prototype pollution when creating proxies (#43391) ⚠ Could not retrieve the email or name of the PR author's from user's GitHub profile! Branch aduh95:proxy-prototype-pollution -> nodejs:main Labels tools, author ready, needs-ci, commit-queue-squash Commits 4 - tools,doc: add guards against prototype pollution when creating proxies - fixup! tools,doc: add guards against prototype pollution when creatin… - fixup! tools,doc: add guards against prototype pollution when creatin… - Update tools/eslint-rules/avoid-prototype-pollution.js Committers 2 - Antoine du Hamel - GitHub PR-URL: https://github.com/nodejs/node/pull/43391 Reviewed-By: James M Snell Reviewed-By: LiviaMedeiros Reviewed-By: Сковорода Никита Андреевич ------------------------------ Generated metadata ------------------------------ PR-URL: https://github.com/nodejs/node/pull/43391 Reviewed-By: James M Snell Reviewed-By: LiviaMedeiros Reviewed-By: Сковорода Никита Андреевич -------------------------------------------------------------------------------- ℹ This PR was created on Sun, 12 Jun 2022 11:53:36 GMT ✔ Approvals: 3 ✔ - James M Snell (@jasnell) (TSC): https://github.com/nodejs/node/pull/43391#pullrequestreview-1004583796 ✔ - LiviaMedeiros (@LiviaMedeiros): https://github.com/nodejs/node/pull/43391#pullrequestreview-1007161498 ✔ - Сковорода Никита Андреевич (@ChALkeR) (TSC): https://github.com/nodejs/node/pull/43391#pullrequestreview-1007417535 ✔ Last GitHub CI successful ℹ Last Full PR CI on 2022-06-15T20:46:03Z: https://ci.nodejs.org/job/node-test-pull-request/44599/ - Querying data for job/node-test-pull-request/44599/ ✔ Last Jenkins CI successful -------------------------------------------------------------------------------- ✔ No git cherry-pick in progress ✔ No git am in progress ✔ No git rebase in progress -------------------------------------------------------------------------------- - Bringing origin/main up to date... From https://github.com/nodejs/node * branch main -> FETCH_HEAD 70b516e4db..9119382555 main -> origin/main ✔ origin/main is now up-to-date main is out of sync with origin/main. Mismatched commits: - 9119382555 tools: report unsafe string and regex primordials as lint errors -------------------------------------------------------------------------------- HEAD is now at 9119382555 tools: report unsafe string and regex primordials as lint errors ✔ Reset to origin/main - Downloading patch for 43391 From https://github.com/nodejs/node * branch refs/pull/43391/merge -> FETCH_HEAD ✔ Fetched commits as 70b516e4dbdf..a92ce2efa40a -------------------------------------------------------------------------------- Auto-merging test/parallel/test-eslint-avoid-prototype-pollution.js CONFLICT (content): Merge conflict in test/parallel/test-eslint-avoid-prototype-pollution.js Auto-merging tools/eslint-rules/avoid-prototype-pollution.js CONFLICT (content): Merge conflict in tools/eslint-rules/avoid-prototype-pollution.js error: could not apply 86dc079e91... tools,doc: add guards against prototype pollution when creating proxies hint: After resolving the conflicts, mark them with hint: "git add/rm ", then run hint: "git cherry-pick --continue". hint: You can instead skip this commit with "git cherry-pick --skip". hint: To abort and get back to the state before "git cherry-pick", hint: run "git cherry-pick --abort". ✖ Failed to apply patcheshttps://github.com/nodejs/node/actions/runs/2505466684 |
PR-URL: nodejs#43391 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: LiviaMedeiros <livia@cirno.name> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
aduh95
force-pushed
the
proxy-prototype-pollution
branch
from
a92ce2e to
358008f
Compare
|
Landed in 358008f |
22 tasks
danielleadams
pushed a commit
that referenced
this pull request
Jun 16, 2022
PR-URL: #43391 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: LiviaMedeiros <livia@cirno.name> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Merged
This was referenced Jun 17, 2022
aduh95
added a commit
to aduh95/node
that referenced
this pull request
Aug 1, 2022
PR-URL: nodejs#43391 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: LiviaMedeiros <livia@cirno.name> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
aduh95
added a commit
to aduh95/node
that referenced
this pull request
Aug 1, 2022
PR-URL: nodejs#43391 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: LiviaMedeiros <livia@cirno.name> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
guangwong
pushed a commit
to noslate-project/node
that referenced
this pull request
Oct 10, 2022
PR-URL: nodejs/node#43391 Backport-PR-URL: nodejs/node#44081 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: LiviaMedeiros <livia@cirno.name> Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When defining a
Proxy, the handler object could be at risk of prototypepollution when using a plain object literal: