1.1.0 - prevent walking into complex BSON object types

.eslintrc.json

@@ -7,7 +7,9 @@
   },
   "extends": ["eslint:recommended", "google", "prettier"],
   "globals": {},
-  "parserOptions": {},
+  "parserOptions": {
+    "ecmaVersion": 2022
+  },
   "rules": {
     "indent": ["error", 4, {"SwitchCase": 1}],
     "max-len": ["off"],

.github/workflows/ci-build.yml

@@ -2,10 +2,6 @@ name: "Build"
 
 on:
   push:
-    branches: [master, develop]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [master, develop]
   workflow_dispatch:
     inputs:
       reason:
@@ -16,12 +12,17 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
-
+    strategy:
+      matrix:
+        node-version: [16.x, 18.x, 20.x, 22.x]
+        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - name: Check out repo
+        uses: actions/checkout@v4
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
         with:
-          node-version: 12
+          node-version: ${{ matrix.node-version }}
           registry-url: https://registry.npmjs.org/
       # Skip post-install scripts here, as a malicious
       # script could steal NODE_AUTH_TOKEN.
@@ -40,10 +41,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 12
+          node-version: 20
           registry-url: https://registry.npmjs.org/
       # Skip post-install scripts here, as a malicious
       # script could steal NODE_AUTH_TOKEN.

.github/workflows/ci-codeql-analysis.yml

@@ -2,10 +2,6 @@ name: "CodeQL Analysis"
 
 on:
   push:
-    branches: [master, develop]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [master, develop]
   workflow_dispatch:
     inputs:
       reason:
@@ -26,11 +22,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -39,4 +35,4 @@ jobs:
           # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/ci-npm-publish.yml

@@ -8,12 +8,17 @@ jobs:
   build:
     name: Build
     runs-on: ubuntu-latest
-
+    strategy:
+      matrix:
+        node-version: [16.x, 18.x, 20.x, 22.x]
+        # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - name: Check out repo
+        uses: actions/checkout@v4
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v4
         with:
-          node-version: 12
+          node-version: ${{ matrix.node-version }}
           registry-url: https://registry.npmjs.org/
       # Skip post-install scripts here, as a malicious
       # script could steal NODE_AUTH_TOKEN.
@@ -32,10 +37,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 12
+          node-version: 20
           registry-url: https://registry.npmjs.org/
       # Skip post-install scripts here, as a malicious
       # script could steal NODE_AUTH_TOKEN.

lib/JSONPointer.js

@@ -4,7 +4,7 @@
 const _toString = Object.prototype.toString;
 const $check = require('check-types');
 
 function each(obj, fn, ctx) {
     if (_toString.call(fn) !== '[object Function]') {
         throw new TypeError('iterator must be a function');
     }
@@ -37,7 +37,7 @@
  * @returns {*}
  */
 
 function api(obj, pointer, value) {
     // .set()
     if (arguments.length === 3) {
         return api.set(obj, pointer, value);
@@ -173,7 +173,17 @@
         descend ||
         function (value) {
             const type = Object.prototype.toString.call(value);
-            return type === '[object Object]' || type === '[object Array]';
+            if (type === '[object Object]') {
+                // descend if the value is not a BSONValue
+                // todo: this should rather be (value instanceof BSONValue) if we didn't have to support node 12
+                if (!!value._bsontype && !!value[Symbol.for('@@mdb.bson.version')]) {
+                    return false;
+                } else {
+                    return true;
+                }
+            } else {
+                return type === '[object Array]';
+            }
         };
 
     (function next(cur) {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@synatic/json-magic",
-  "version": "1.0.2",
+  "version": "1.1.0",
   "description": "Utilities for manipulating JSON objects.",
   "main": "index.js",
   "files": [
@@ -19,7 +19,8 @@
     "url": "https://github.com/synatic/json-magic.git"
   },
   "keywords": [
-    "json"
+    "json",
+    "bson"
   ],
   "author": {
     "name": "Synatic Inc",
@@ -42,15 +43,16 @@
     "node": ">=12"
   },
   "dependencies": {
-    "check-types": "11.2.2",
+    "check-types": "11.2.3",
     "serialize-error": "8.1.0"
   },
   "devDependencies": {
+    "bson": "^6.8.0",
     "eslint": "^8.16.0",
     "eslint-config-google": "^0.14.0",
     "eslint-config-prettier": "^8.5.0",
     "mocha": "^10.0.0",
-    "nyc": "^15.1.0",
-    "prettier": "^2.6.2"
+    "nyc": "^17.0.0",
+    "prettier": "^3.3.3"
   }
 }

test/test.js

@@ -1,5 +1,6 @@
 const assert = require('assert');
 const $check = require('check-types');
+const {ObjectId, Binary, Timestamp} = require('bson');
 
 const $json = require('../index.js');
 
@@ -248,11 +249,13 @@
             $json.set(val, '/a/b', {c: 1});
             assert.deepStrictEqual(val, {a: {b: {c: 1}}}, 'Invalid set');
         });
+
         it('should set a value 4', function () {
             const val = {};
             $json.set(val, 'a', '1');
             assert.deepStrictEqual(val, {a: '1'}, 'Invalid set');
         });
+
         it('should set a value 5 ', function () {
             const val = [];
             $json.set(val, '/0', 'Val1');
@@ -621,7 +624,8 @@
             val = $json.changeValue(val, (val, path) => {
                 return val;
             });
-            assert.deepStrictEqual(val, {a: {b: {c: 1, d: 2}, x: 'abc'}}, 'Invalid kchange val');
+
+            assert.deepStrictEqual(val, {a: {b: {c: 1, d: 2}, x: 'abc'}}, 'Invalid change val');
         });
 
         it('should change a value', function () {
@@ -664,6 +668,26 @@
             );
         });
 
+        it('should change a value containing BSON data and be able to stringify the output', function () {
+            const value = {
+                a: 'a',
+                _id: new ObjectId(),
+                binary: new Binary(Buffer.from('binary')),
+                nested: {
+                    b: 1,
+                    timestamp: new Timestamp(0xffffffffffffffffn)
+                }
+            };
+
+            const newValue = $json.changeValue(value, (val, path) => {
+                return {value: val};
+            });
+
+            const newValueString = JSON.stringify(newValue);
+
+            assert.strictEqual(JSON.stringify(value), newValueString, 'Invalid change val');
+        });
+
         it('should change a string ', function () {
             let val = 'abc';
 
@@ -773,8 +797,8 @@
         });
 
         it('should fix an Error for mongo', function () {
             class TestMongoError extends Error {
                 constructor(message, details = {}) {
                     super(message);
                     for (const detailsKey in details) {
                         if (details.hasOwnProperty(detailsKey)) {
@@ -800,8 +824,8 @@
         });
 
         it('should fix an Error with circular properties for mongo', function () {
             class TestMongoError extends Error {
                 constructor(message, details = {}) {
                     super(message);
                     for (const detailsKey in details) {
                         if (details.hasOwnProperty(detailsKey)) {