Fix the following CodeQL security alerts:
Approach 1
Replace the flagged property assignments by returning an updated object in the enclosing this.update() call, or using Object.assign to mutate the state object.
Object.assign and spread operator syntax are both safe to use for this purpose as they only enumerate "own" properties of object literals.
For an example of this approach, see: https://github.com/MetaMask/core/pull/3963/files#diff-1eb134c9c5a9dd0a4e4838f719ba67723f61fdacd8bfc1a9acef96366b7578fbR207-R236
Approach 2
Validate that the dynamic string property in question does not evaluate to __proto__ before performing the assignment operation.
Fix the following CodeQL security alerts:
Approach 1
Replace the flagged property assignments by returning an updated object in the enclosing
this.update()call, or usingObject.assignto mutate the state object.Object.assignand spread operator syntax are both safe to use for this purpose as they only enumerate "own" properties of object literals.For an example of this approach, see: https://github.com/MetaMask/core/pull/3963/files#diff-1eb134c9c5a9dd0a4e4838f719ba67723f61fdacd8bfc1a9acef96366b7578fbR207-R236
Approach 2
Validate that the dynamic string property in question does not evaluate to
__proto__before performing the assignment operation.