MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-14 23:31:13 -07:00
Code Issues Packages Projects Releases Wiki Activity

Add extra safety checks for proto pollution (#20396)

Browse Source 
Co-authored-by: Gal Zahavi <38544478+galz10@users.noreply.github.com>
This commit is contained in:
Jacob Richman
2026-03-03 16:21:09 -08:00
committed by GitHub
parent 28af4e127f
commit af424aefa9
2 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/cli/src/utils/deepMerge.ts
View File

@@ -30,7 +30,7 @@ function mergeRecursively(
for (const key of Object.keys(source)) {
// JSON.parse can create objects with __proto__ as an own property.
// We must skip it to prevent prototype pollution.
if (key === '__proto__') {
if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
continue;
}
const srcValue = source[key];