fix(commons): correctly handle shared references in deepMerge#5195
Open
fix(commons): correctly handle shared references in deepMerge#5195
Conversation
…andle shared references deepMerge used a WeakSet to detect circular references, which incorrectly skipped shared (non-circular) object references. Replace with an ancestor array (push/pop stack) so only true cycles are detected.
Cross-referenced against lodash _.merge test suite to close coverage gaps: multi-source array-of-objects merging, indirect prototype pollution via toString.constructor.prototype, function-replaced-by-object across sources, and self-merge safety.
powertools-for-aws-oss-automation
bot
added
size/L
powertools-for-aws-oss-automation
bot
added
size/L
svozza
force-pushed
the
fix/deepmerge-shared-references
branch
from
04ab726 to
0fa558a
Compare
powertools-for-aws-oss-automation
bot
added
size/L
powertools-for-aws-oss-automation
bot
added
size/L
…in deepMerge tests Replace verbose as-casts with type annotations, use direct value checks (toBe, toEqual, toHaveProperty, in-operator) instead of intermediate casts and property lookups.
svozza
force-pushed
the
fix/deepmerge-shared-references
branch
from
5414340 to
8e2a18f
Compare
powertools-for-aws-oss-automation
bot
added
size/L
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
deepMergeused aWeakSetto detect circular references, which incorrectly treated shared (non-circular) object references as circular — silently dropping them. This replaces theWeakSetwith ancestor-chain tracking (push/pop array stack) so only true cycles in the recursion path are detected and skipped.Changes
WeakSet<object>withobject[]ancestor array in all internaldeepMergefunctions_.mergetest suite and add parity tests for: multi-source array-of-objects merging, indirect prototype pollution viatoString.constructor.prototype, function-replaced-by-object across sources, and self-merge safetyRecord<string, unknown>where merged-in keys aren't known at compile timeas) in test assertions, replacing them with type annotations,toHaveProperty,toEqual, andin-operator checks.Issue number: closes #5192
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.