From 0f6c19f6b4f57afd51904c3cb1d64cf9b4ed8e62 Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Thu, 22 Oct 2020 13:44:08 +0300
Subject: [PATCH 1/3] Fix Prototype Pollution

---
 src/core.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/core.ts b/src/core.ts
index 1440fe4e..35198499 100644
--- a/src/core.ts
+++ b/src/core.ts
@@ -248,7 +248,9 @@ export function applyOperation<T>(document: T, operation: Operation, validateOpe
     while (true) {
       key = keys[t];
 
-      if(banPrototypeModifications && key == '__proto__') {
+      if(banPrototypeModifications && 
+          (key == '__proto__' || key == 'constructor' || key == 'prototype')
+        ) {
         throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
       }
 

From 7d88fd23155a7f0ef2a179f5d4f08972cafa2db9 Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Thu, 22 Oct 2020 13:53:05 +0300
Subject: [PATCH 2/3] Enhance constructor/prototype handling

---
 src/core.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/core.ts b/src/core.ts
index 35198499..6de79385 100644
--- a/src/core.ts
+++ b/src/core.ts
@@ -247,11 +247,11 @@ export function applyOperation<T>(document: T, operation: Operation, validateOpe
     }
     while (true) {
       key = keys[t];
-
       if(banPrototypeModifications && 
-          (key == '__proto__' || key == 'constructor' || key == 'prototype')
+          (key == '__proto__' || 
+          (key == 'prototype' && t>0 && keys[t-1] == 'constructor'))
         ) {
-        throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+        throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
       }
 
       if (validateOperation) {

From 5bcc925fc57374081ec2785d768c9fc2cf4dc71d Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Tue, 1 Jun 2021 22:46:21 -0500
Subject: [PATCH 3/3] Added compiled files

---
 commonjs/core.js   | 6 ++++--
 commonjs/duplex.js | 2 +-
 module/core.d.ts   | 4 ++--
 module/core.mjs    | 6 ++++--
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/commonjs/core.js b/commonjs/core.js
index 19dd02b0..3d9ca301 100644
--- a/commonjs/core.js
+++ b/commonjs/core.js
@@ -185,8 +185,10 @@ function applyOperation(document, operation, validateOperation, mutateDocument,
         }
         while (true) {
             key = keys[t];
-            if (banPrototypeModifications && key == '__proto__') {
-                throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+            if (banPrototypeModifications &&
+                (key == '__proto__' ||
+                    (key == 'prototype' && t > 0 && keys[t - 1] == 'constructor'))) {
+                throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
             }
             if (validateOperation) {
                 if (existingPathFragment === undefined) {
diff --git a/commonjs/duplex.js b/commonjs/duplex.js
index bb3f14f3..1603bace 100644
--- a/commonjs/duplex.js
+++ b/commonjs/duplex.js
@@ -131,7 +131,7 @@ function _generate(mirror, obj, patches, path, invertible) {
         var oldVal = mirror[key];
         if (helpers_js_1.hasOwnProperty(obj, key) && !(obj[key] === undefined && oldVal !== undefined && Array.isArray(obj) === false)) {
             var newVal = obj[key];
-            if (typeof oldVal == "object" && oldVal != null && typeof newVal == "object" && newVal != null) {
+            if (typeof oldVal == "object" && oldVal != null && typeof newVal == "object" && newVal != null && Array.isArray(oldVal) === Array.isArray(newVal)) {
                 _generate(oldVal, newVal, patches, path + "/" + helpers_js_1.escapePathComponent(key), invertible);
             }
             else {
diff --git a/module/core.d.ts b/module/core.d.ts
index d63258c4..437a1f76 100644
--- a/module/core.d.ts
+++ b/module/core.d.ts
@@ -81,7 +81,7 @@ export declare function applyOperation<T>(document: T, operation: Operation, val
  * @param banPrototypeModifications Whether to ban modifications to `__proto__`, defaults to `true`.
  * @return An array of `{newDocument, result}` after the patch
  */
-export declare function applyPatch<T>(document: T, patch: Operation[], validateOperation?: boolean | Validator<T>, mutateDocument?: boolean, banPrototypeModifications?: boolean): PatchResult<T>;
+export declare function applyPatch<T>(document: T, patch: ReadonlyArray<Operation>, validateOperation?: boolean | Validator<T>, mutateDocument?: boolean, banPrototypeModifications?: boolean): PatchResult<T>;
 /**
  * Apply a single JSON Patch Operation on a JSON document.
  * Returns the updated document.
@@ -107,5 +107,5 @@ export declare function validator(operation: Operation, index: number, document?
  * @param document
  * @returns {JsonPatchError|undefined}
  */
-export declare function validate<T>(sequence: Operation[], document?: T, externalValidator?: Validator<T>): PatchError;
+export declare function validate<T>(sequence: ReadonlyArray<Operation>, document?: T, externalValidator?: Validator<T>): PatchError;
 export declare function _areEquals(a: any, b: any): boolean;
diff --git a/module/core.mjs b/module/core.mjs
index 4741dc56..01b23314 100644
--- a/module/core.mjs
+++ b/module/core.mjs
@@ -183,8 +183,10 @@ export function applyOperation(document, operation, validateOperation, mutateDoc
         }
         while (true) {
             key = keys[t];
-            if (banPrototypeModifications && key == '__proto__') {
-                throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+            if (banPrototypeModifications &&
+                (key == '__proto__' ||
+                    (key == 'prototype' && t > 0 && keys[t - 1] == 'constructor'))) {
+                throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
             }
             if (validateOperation) {
                 if (existingPathFragment === undefined) {