26227260197
99%

Ran 21 May 2026 12:56PM UTC

Jobs 1

Files 2

Run time 1min

Badge

Embed ▾

Committed 21 May 2026 12:55PM UTC coverage: 99.396% (+0.01%) from 99.385%

Build # 26227260197

Build Type

push

github

Committed by

web-flow

Commit Message

fix: prevent prototype pollution in patch paths (GHSA-9m6g-wc8r-q59c) (#1112)

* fix: prevent prototype pollution in patch paths (GHSA-9m6g-wc8r-q59c)

A SCIM PATCH whose value-key or path contained __proto__, constructor,
or prototype (e.g. value: { "__proto__.polluted": "x" } or
path: "__proto__.polluted") was walked unfiltered by resolvePaths ->
assign / navigate, writing onto Object.prototype process-wide.

Reject these keys in resolvePaths, the single chokepoint shared by all
three sinks, throwing InvalidScimPatchOp. Legitimate SCIM clients never
send these keys, so this is non-breaking.

* Update src/scimPatch.ts

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

---------

Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

Coverage Stats

104 of 105 branches covered (99.05%)

Branch coverage included in aggregate %.

11 of 11 new or added lines in 1 file covered. (100.0%)

225 of 226 relevant lines covered (99.56%)

23.92 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	26227260197.1	21 May 2026 12:56PM UTC	2	99.4	GitHub Action Run

thomaspoignant / scim-patch / 26227260197
99%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 26227260197

thomaspoignant / scim-patch / 26227260197 99%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 26227260197

thomaspoignant / scim-patch / 26227260197
99%

README BADGES
x