- Santize filenames when files are loaded with loadAsync, to avoid "zip
slip" attacks. The original filename is available on each zip entry as
unsafeOriginalName. See the documentation.
- Drop patch (already in version)
- Update hash of license file (dual licensing clarification with
f81c2d700d)
- Update indentation in hash file (two spaces)
https://github.com/Stuk/jszip/blob/v3.10.0/CHANGES.md
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This affects the package jszip before 3.7.0. Crafting a new zip file
with filenames set to Object prototype values (e.g __proto__, toString,
etc) results in a returned object with a modified prototype instance.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Joeri Barbarien <joeri.barbarien@nokia.com>
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
