merge main #614
Merged
merge main #614
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chore: Fix StyleSetting issue
feat: Refactor the workflow
feat: Add graphy into experimental tools
feat: Add Coodinator setting
feat: Add an illustration for portal
release: v0.1.7
fix bug of maintaining duplicate edges
feat: Supports drag-and-drop combos for layout adjustment
chore: disable encrypted
release: v0.1.8
chore: Update kuzu_wasm to v0.7.0
fix bug when chroma db is empty and prepare workflow for extraction
feat: Support kuzu wasm
fix: remove GloveEmbedding implementation in clustering
feat: Update deps version
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| console.log('SLOTS', SLOTS); | ||
| }; | ||
| export const unInstallSlot = (slotType: SlotType, appId: string) => { | ||
| delete SLOTS[slotType][appId]; |
Check warning
Code scanning / CodeQL
Prototype-polluting assignment Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 1 year ago
To fix the problem, we need to ensure that appId cannot be used to modify Object.prototype. We can achieve this by checking if appId is one of the special property names (__proto__, constructor, prototype) and rejecting it if it is. This will prevent prototype pollution while maintaining the existing functionality.
Suggested changeset
1
packages/studio-website/src/slots/index.tsx
| @@ -22,2 +22,5 @@ | ||
| export const installSlot = (slotType: SlotType, appId: string, slot: any) => { | ||
| if (appId === '__proto__' || appId === 'constructor' || appId === 'prototype') { | ||
| throw new Error('Invalid appId'); | ||
| } | ||
| SLOTS[slotType] = { | ||
| @@ -29,2 +32,5 @@ | ||
| export const unInstallSlot = (slotType: SlotType, appId: string) => { | ||
| if (appId === '__proto__' || appId === 'constructor' || appId === 'prototype') { | ||
| throw new Error('Invalid appId'); | ||
| } | ||
| delete SLOTS[slotType][appId]; | ||
| @@ -41,2 +47,5 @@ | ||
| export const registerSideMenuSlot = (appId: string, slot: MenuProps['items']) => { | ||
| if (appId === '__proto__' || appId === 'constructor' || appId === 'prototype') { | ||
| throw new Error('Invalid appId'); | ||
| } | ||
| SLOTS['SIDE_MEU'] = { | ||
| @@ -48,2 +57,5 @@ | ||
| export const registerRoutesSlot = (appId: string, slot: any) => { | ||
| if (appId === '__proto__' || appId === 'constructor' || appId === 'prototype') { | ||
| throw new Error('Invalid appId'); | ||
| } | ||
| SLOTS['ROUTES'] = { |
Copilot is powered by AI and may make mistakes. Always verify output.
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.