From 7c4aba76943e37603ca954f19f1e9304ebfe674b Mon Sep 17 00:00:00 2001
From: Oren Griffin <oren@optibus.com>
Date: Wed, 2 Dec 2020 09:16:24 +0200
Subject: [PATCH 01/10] fix sed to work in mac

---
 tsc-to-mjs.sh | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tsc-to-mjs.sh b/tsc-to-mjs.sh
index d75abde9..f6984a06 100644
--- a/tsc-to-mjs.sh
+++ b/tsc-to-mjs.sh
@@ -1,4 +1,10 @@
 #!/bin/bash
 cd module
 mv core.js core.mjs && mv duplex.js duplex.mjs && mv helpers.js helpers.mjs
-sed -i 's/\.js/\.mjs/g' duplex.mjs core.mjs
\ No newline at end of file
+# Unlike Ubuntu, OS X requires the extension to be explicitly specified
+# https://myshittycode.com/2014/07/24/os-x-sed-extra-characters-at-the-end-of-l-command-error/
+if [[ "$OSTYPE" == "darwin"* ]]; then
+  sed -i '' 's/\.js/\.mjs/g' duplex.mjs core.mjs
+else
+  sed -i 's/\.js/\.mjs/g' duplex.mjs core.mjs
+fi
\ No newline at end of file

From f2bd5fe838fdf53826d5de61f7ba5c6833e82d04 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 11 Dec 2020 03:49:07 +0000
Subject: [PATCH 02/10] Bump ini from 1.3.5 to 1.3.7

Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7.
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 081eb354..e939b907 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "fast-json-patch",
-  "version": "3.0.0-1",
+  "version": "3.0.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -1845,12 +1845,6 @@
           "dev": true,
           "optional": true
         },
-        "ini": {
-          "version": "1.3.5",
-          "bundled": true,
-          "dev": true,
-          "optional": true
-        },
         "is-fullwidth-code-point": {
           "version": "1.0.0",
           "bundled": true,
@@ -2527,9 +2521,9 @@
       "dev": true
     },
     "ini": {
-      "version": "1.3.5",
-      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.5.tgz",
-      "integrity": "sha512-RZY5huIKCMRWDUqZlEi72f/lmXKMvuszcMBduliQ3nnWbx9X/ZBQO7DijMEYS9EhHBb2qacRUMtC7svLwe0lcw==",
+      "version": "1.3.7",
+      "resolved": "https://registry.npmjs.org/ini/-/ini-1.3.7.tgz",
+      "integrity": "sha512-iKpRpXP+CrP2jyrxvg1kMUpXDyRUFDWurxbnVT1vQPx+Wz9uCYsMIqYuSBLV+PAaZG/d7kRLKRFc9oDMsH+mFQ==",
       "dev": true
     },
     "interpret": {

From 60b3ca4f862ac2e1af527ef39745c6a3d124912e Mon Sep 17 00:00:00 2001
From: Bryce Gibson <bryce@gibson-consulting.com.au>
Date: Fri, 22 Jan 2021 13:54:06 +1100
Subject: [PATCH 03/10] Handle unescaping paths.

---
 src/core.ts                               | 6 +++---
 test/spec/json-patch-tests/tests.json.mjs | 5 +++++
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/core.ts b/src/core.ts
index 1440fe4e..bae849c9 100644
--- a/src/core.ts
+++ b/src/core.ts
@@ -247,6 +247,9 @@ export function applyOperation<T>(document: T, operation: Operation, validateOpe
     }
     while (true) {
       key = keys[t];
+      if (key && key.indexOf('~') != -1) {
+        key = unescapePathComponent(key);
+      }
 
       if(banPrototypeModifications && key == '__proto__') {
         throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
@@ -290,9 +293,6 @@ export function applyOperation<T>(document: T, operation: Operation, validateOpe
         }
       }
       else {
-        if (key && key.indexOf('~') != -1) {
-          key = unescapePathComponent(key);
-        }
         if (t >= len) {
           const returnValue = objOps[operation.op].call(operation, obj, key, document); // Apply patch
           if (returnValue.test === false) {
diff --git a/test/spec/json-patch-tests/tests.json.mjs b/test/spec/json-patch-tests/tests.json.mjs
index bde26462..c06f3e89 100644
--- a/test/spec/json-patch-tests/tests.json.mjs
+++ b/test/spec/json-patch-tests/tests.json.mjs
@@ -268,6 +268,11 @@ export default [
       "patch": [{"op": "move", "from": "/foo", "path": "/bar"}],
       "expected": {"baz": [{"qux": "hello"}], "bar": 1} },
 
+    { "comment": "Move handles escaped paths",
+      "doc": {"foo/": {"bar/": 1, "baz": 1}},
+      "patch": [{"op": "move", "from": "/foo~1/bar~1", "path": "/bar"}],
+      "expected": {"bar": 1, "foo/": {"baz": 1}} },
+
     { "doc": {"baz": [{"qux": "hello"}], "bar": 1},
       "patch": [{"op": "move", "from": "/baz/0/qux", "path": "/baz/1"}],
       "expected": {"baz": [{}, "hello"], "bar": 1} },

From fc6c69135d03e0cc2def40186dc4c36894974d18 Mon Sep 17 00:00:00 2001
From: Bryce Gibson <bryce@gibson-consulting.com.au>
Date: Fri, 22 Jan 2021 13:54:26 +1100
Subject: [PATCH 04/10] Build.

---
 commonjs/core.js                      | 6 +++---
 commonjs/duplex.js                    | 2 +-
 module/core.d.ts                      | 4 ++--
 module/core.mjs                       | 6 +++---
 test/spec/webpack/importSpec.build.js | 6 +++---
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/commonjs/core.js b/commonjs/core.js
index 19dd02b0..076d7041 100644
--- a/commonjs/core.js
+++ b/commonjs/core.js
@@ -185,6 +185,9 @@ function applyOperation(document, operation, validateOperation, mutateDocument,
         }
         while (true) {
             key = keys[t];
+            if (key && key.indexOf('~') != -1) {
+                key = helpers_js_1.unescapePathComponent(key);
+            }
             if (banPrototypeModifications && key == '__proto__') {
                 throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
             }
@@ -226,9 +229,6 @@ function applyOperation(document, operation, validateOperation, mutateDocument,
                 }
             }
             else {
-                if (key && key.indexOf('~') != -1) {
-                    key = helpers_js_1.unescapePathComponent(key);
-                }
                 if (t >= len) {
                     var returnValue = objOps[operation.op].call(operation, obj, key, document); // Apply patch
                     if (returnValue.test === false) {
diff --git a/commonjs/duplex.js b/commonjs/duplex.js
index bb3f14f3..1603bace 100644
--- a/commonjs/duplex.js
+++ b/commonjs/duplex.js
@@ -131,7 +131,7 @@ function _generate(mirror, obj, patches, path, invertible) {
         var oldVal = mirror[key];
         if (helpers_js_1.hasOwnProperty(obj, key) && !(obj[key] === undefined && oldVal !== undefined && Array.isArray(obj) === false)) {
             var newVal = obj[key];
-            if (typeof oldVal == "object" && oldVal != null && typeof newVal == "object" && newVal != null) {
+            if (typeof oldVal == "object" && oldVal != null && typeof newVal == "object" && newVal != null && Array.isArray(oldVal) === Array.isArray(newVal)) {
                 _generate(oldVal, newVal, patches, path + "/" + helpers_js_1.escapePathComponent(key), invertible);
             }
             else {
diff --git a/module/core.d.ts b/module/core.d.ts
index d63258c4..437a1f76 100644
--- a/module/core.d.ts
+++ b/module/core.d.ts
@@ -81,7 +81,7 @@ export declare function applyOperation<T>(document: T, operation: Operation, val
  * @param banPrototypeModifications Whether to ban modifications to `__proto__`, defaults to `true`.
  * @return An array of `{newDocument, result}` after the patch
  */
-export declare function applyPatch<T>(document: T, patch: Operation[], validateOperation?: boolean | Validator<T>, mutateDocument?: boolean, banPrototypeModifications?: boolean): PatchResult<T>;
+export declare function applyPatch<T>(document: T, patch: ReadonlyArray<Operation>, validateOperation?: boolean | Validator<T>, mutateDocument?: boolean, banPrototypeModifications?: boolean): PatchResult<T>;
 /**
  * Apply a single JSON Patch Operation on a JSON document.
  * Returns the updated document.
@@ -107,5 +107,5 @@ export declare function validator(operation: Operation, index: number, document?
  * @param document
  * @returns {JsonPatchError|undefined}
  */
-export declare function validate<T>(sequence: Operation[], document?: T, externalValidator?: Validator<T>): PatchError;
+export declare function validate<T>(sequence: ReadonlyArray<Operation>, document?: T, externalValidator?: Validator<T>): PatchError;
 export declare function _areEquals(a: any, b: any): boolean;
diff --git a/module/core.mjs b/module/core.mjs
index 4741dc56..d4994aa1 100644
--- a/module/core.mjs
+++ b/module/core.mjs
@@ -183,6 +183,9 @@ export function applyOperation(document, operation, validateOperation, mutateDoc
         }
         while (true) {
             key = keys[t];
+            if (key && key.indexOf('~') != -1) {
+                key = unescapePathComponent(key);
+            }
             if (banPrototypeModifications && key == '__proto__') {
                 throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
             }
@@ -224,9 +227,6 @@ export function applyOperation(document, operation, validateOperation, mutateDoc
                 }
             }
             else {
-                if (key && key.indexOf('~') != -1) {
-                    key = unescapePathComponent(key);
-                }
                 if (t >= len) {
                     var returnValue = objOps[operation.op].call(operation, obj, key, document); // Apply patch
                     if (returnValue.test === false) {
diff --git a/test/spec/webpack/importSpec.build.js b/test/spec/webpack/importSpec.build.js
index b0899762..55e8d38c 100644
--- a/test/spec/webpack/importSpec.build.js
+++ b/test/spec/webpack/importSpec.build.js
@@ -1,13 +1,13 @@
-!function(e){var t={};function n(o){if(t[o])return t[o].exports;var r=t[o]={i:o,l:!1,exports:{}};return e[o].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,o){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:o})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var o=Object.create(null);if(n.r(o),Object.defineProperty(o,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(o,r,function(t){return e[t]}.bind(null,r));return o},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=0)}([function(e,t,n){"use strict";n.r(t);var o={};n.r(o),n.d(o,"JsonPatchError",function(){return m}),n.d(o,"deepClone",function(){return y}),n.d(o,"getValueByPointer",function(){return _}),n.d(o,"applyOperation",function(){return A}),n.d(o,"applyPatch",function(){return E}),n.d(o,"applyReducer",function(){return g}),n.d(o,"validator",function(){return P}),n.d(o,"validate",function(){return x}),n.d(o,"_areEquals",function(){return T});var r={};n.r(r),n.d(r,"unobserve",function(){return C}),n.d(r,"observe",function(){return R}),n.d(r,"generate",function(){return I}),n.d(r,"compare",function(){return B});var i={};n.r(i),n.d(i,"JsonPatchError",function(){return w}),n.d(i,"deepClone",function(){return d}),n.d(i,"escapePathComponent",function(){return h}),n.d(i,"unescapePathComponent",function(){return l}),n.d(i,"default",function(){return S}),n.d(i,"getValueByPointer",function(){return _}),n.d(i,"applyOperation",function(){return A}),n.d(i,"applyPatch",function(){return E}),n.d(i,"applyReducer",function(){return g}),n.d(i,"validator",function(){return P}),n.d(i,"validate",function(){return x}),n.d(i,"_areEquals",function(){return T}),n.d(i,"unobserve",function(){return C}),n.d(i,"observe",function(){return R}),n.d(i,"generate",function(){return I}),n.d(i,"compare",function(){return B});
+!function(e){var t={};function n(o){if(t[o])return t[o].exports;var r=t[o]={i:o,l:!1,exports:{}};return e[o].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,o){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:o})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var o=Object.create(null);if(n.r(o),Object.defineProperty(o,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(o,r,function(t){return e[t]}.bind(null,r));return o},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=0)}([function(e,t,n){"use strict";n.r(t);var o={};n.r(o),n.d(o,"JsonPatchError",function(){return m}),n.d(o,"deepClone",function(){return y}),n.d(o,"getValueByPointer",function(){return A}),n.d(o,"applyOperation",function(){return _}),n.d(o,"applyPatch",function(){return E}),n.d(o,"applyReducer",function(){return g}),n.d(o,"validator",function(){return P}),n.d(o,"validate",function(){return x}),n.d(o,"_areEquals",function(){return T});var r={};n.r(r),n.d(r,"unobserve",function(){return C}),n.d(r,"observe",function(){return R}),n.d(r,"generate",function(){return I}),n.d(r,"compare",function(){return B});var i={};n.r(i),n.d(i,"JsonPatchError",function(){return w}),n.d(i,"deepClone",function(){return s}),n.d(i,"escapePathComponent",function(){return h}),n.d(i,"unescapePathComponent",function(){return l}),n.d(i,"default",function(){return S}),n.d(i,"getValueByPointer",function(){return A}),n.d(i,"applyOperation",function(){return _}),n.d(i,"applyPatch",function(){return E}),n.d(i,"applyReducer",function(){return g}),n.d(i,"validator",function(){return P}),n.d(i,"validate",function(){return x}),n.d(i,"_areEquals",function(){return T}),n.d(i,"unobserve",function(){return C}),n.d(i,"observe",function(){return R}),n.d(i,"generate",function(){return I}),n.d(i,"compare",function(){return B});
 /*!
  * https://github.com/Starcounter-Jack/JSON-Patch
  * (c) 2017 Joachim Wester
  * MIT license
  */
-var a,u=(a=function(e,t){return(a=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)t.hasOwnProperty(n)&&(e[n]=t[n])})(e,t)},function(e,t){function n(){this.constructor=e}a(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t.prototype,new n)}),p=Object.prototype.hasOwnProperty;function c(e,t){return p.call(e,t)}function f(e){if(Array.isArray(e)){for(var t=new Array(e.length),n=0;n<t.length;n++)t[n]=""+n;return t}if(Object.keys)return Object.keys(e);t=[];for(var o in e)c(e,o)&&t.push(o);return t}function d(e){switch(typeof e){case"object":return JSON.parse(JSON.stringify(e));case"undefined":return null;default:return e}}function s(e){for(var t,n=0,o=e.length;n<o;){if(!((t=e.charCodeAt(n))>=48&&t<=57))return!1;n++}return!0}function h(e){return-1===e.indexOf("/")&&-1===e.indexOf("~")?e:e.replace(/~/g,"~0").replace(/\//g,"~1")}function l(e){return e.replace(/~1/g,"/").replace(/~0/g,"~")}function v(e,t){var n=[e];for(var o in t){var r="object"==typeof t[o]?JSON.stringify(t[o],null,2):t[o];void 0!==r&&n.push(o+": "+r)}return n.join("\n")}var w=function(e){function t(t,n,o,r,i){var a=this.constructor,u=e.call(this,v(t,{name:n,index:o,operation:r,tree:i}))||this;return u.name=n,u.index=o,u.operation=r,u.tree=i,Object.setPrototypeOf(u,a.prototype),u.message=v(t,{name:n,index:o,operation:r,tree:i}),u}return u(t,e),t}(Error),m=w,y=d,b={add:function(e,t,n){return e[t]=this.value,{newDocument:n}},remove:function(e,t,n){var o=e[t];return delete e[t],{newDocument:n,removed:o}},replace:function(e,t,n){var o=e[t];return e[t]=this.value,{newDocument:n,removed:o}},move:function(e,t,n){var o=_(n,this.path);o&&(o=d(o));var r=A(n,{op:"remove",path:this.from}).removed;return A(n,{op:"add",path:this.path,value:r}),{newDocument:n,removed:o}},copy:function(e,t,n){var o=_(n,this.from);return A(n,{op:"add",path:this.path,value:d(o)}),{newDocument:n}},test:function(e,t,n){return{newDocument:n,test:T(e[t],this.value)}},_get:function(e,t,n){return this.value=e[t],{newDocument:n}}},O={add:function(e,t,n){return s(t)?e.splice(t,0,this.value):e[t]=this.value,{newDocument:n,index:t}},remove:function(e,t,n){return{newDocument:n,removed:e.splice(t,1)[0]}},replace:function(e,t,n){var o=e[t];return e[t]=this.value,{newDocument:n,removed:o}},move:b.move,copy:b.copy,test:b.test,_get:b._get};function _(e,t){if(""==t)return e;var n={op:"_get",path:t};return A(e,n),n.value}function A(e,t,n,o,r,i){if(void 0===n&&(n=!1),void 0===o&&(o=!0),void 0===r&&(r=!0),void 0===i&&(i=0),n&&("function"==typeof n?n(t,0,e,t.path):P(t,0)),""===t.path){var a={newDocument:e};if("add"===t.op)return a.newDocument=t.value,a;if("replace"===t.op)return a.newDocument=t.value,a.removed=e,a;if("move"===t.op||"copy"===t.op)return a.newDocument=_(e,t.from),"move"===t.op&&(a.removed=e),a;if("test"===t.op){if(a.test=T(e,t.value),!1===a.test)throw new m("Test operation failed","TEST_OPERATION_FAILED",i,t,e);return a.newDocument=e,a}if("remove"===t.op)return a.removed=e,a.newDocument=null,a;if("_get"===t.op)return t.value=e,a;if(n)throw new m("Operation `op` property is not one of operations defined in RFC-6902","OPERATION_OP_INVALID",i,t,e);return a}o||(e=d(e));var u=(t.path||"").split("/"),p=e,c=1,f=u.length,h=void 0,v=void 0,w=void 0;for(w="function"==typeof n?n:P;;){if(v=u[c],r&&"__proto__"==v)throw new TypeError("JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README");if(n&&void 0===h&&(void 0===p[v]?h=u.slice(0,c).join("/"):c==f-1&&(h=t.path),void 0!==h&&w(t,0,e,h)),c++,Array.isArray(p)){if("-"===v)v=p.length;else{if(n&&!s(v))throw new m("Expected an unsigned base-10 integer value, making the new referenced value the array element with the zero-based index","OPERATION_PATH_ILLEGAL_ARRAY_INDEX",i,t,e);s(v)&&(v=~~v)}if(c>=f){if(n&&"add"===t.op&&v>p.length)throw new m("The specified index MUST NOT be greater than the number of elements in the array","OPERATION_VALUE_OUT_OF_BOUNDS",i,t,e);if(!1===(a=O[t.op].call(t,p,v,e)).test)throw new m("Test operation failed","TEST_OPERATION_FAILED",i,t,e);return a}}else if(v&&-1!=v.indexOf("~")&&(v=l(v)),c>=f){if(!1===(a=b[t.op].call(t,p,v,e)).test)throw new m("Test operation failed","TEST_OPERATION_FAILED",i,t,e);return a}if(p=p[v],n&&c<f&&(!p||"object"!=typeof p))throw new m("Cannot perform operation at the desired path","OPERATION_PATH_UNRESOLVABLE",i,t,e)}}function E(e,t,n,o,r){if(void 0===o&&(o=!0),void 0===r&&(r=!0),n&&!Array.isArray(t))throw new m("Patch sequence must be an array","SEQUENCE_NOT_AN_ARRAY");o||(e=d(e));for(var i=new Array(t.length),a=0,u=t.length;a<u;a++)i[a]=A(e,t[a],n,!0,r,a),e=i[a].newDocument;return i.newDocument=e,i}function g(e,t,n){var o=A(e,t);if(!1===o.test)throw new m("Test operation failed","TEST_OPERATION_FAILED",n,t,e);return o.newDocument}function P(e,t,n,o){if("object"!=typeof e||null===e||Array.isArray(e))throw new m("Operation is not an object","OPERATION_NOT_AN_OBJECT",t,e,n);if(!b[e.op])throw new m("Operation `op` property is not one of operations defined in RFC-6902","OPERATION_OP_INVALID",t,e,n);if("string"!=typeof e.path)throw new m("Operation `path` property is not a string","OPERATION_PATH_INVALID",t,e,n);if(0!==e.path.indexOf("/")&&e.path.length>0)throw new m('Operation `path` property must start with "/"',"OPERATION_PATH_INVALID",t,e,n);if(("move"===e.op||"copy"===e.op)&&"string"!=typeof e.from)throw new m("Operation `from` property is not present (applicable in `move` and `copy` operations)","OPERATION_FROM_REQUIRED",t,e,n);if(("add"===e.op||"replace"===e.op||"test"===e.op)&&void 0===e.value)throw new m("Operation `value` property is not present (applicable in `add`, `replace` and `test` operations)","OPERATION_VALUE_REQUIRED",t,e,n);if(("add"===e.op||"replace"===e.op||"test"===e.op)&&function e(t){if(void 0===t)return!0;if(t)if(Array.isArray(t)){for(var n=0,o=t.length;n<o;n++)if(e(t[n]))return!0}else if("object"==typeof t){var r=f(t),i=r.length;for(n=0;n<i;n++)if(e(t[r[n]]))return!0}return!1}(e.value))throw new m("Operation `value` property is not present (applicable in `add`, `replace` and `test` operations)","OPERATION_VALUE_CANNOT_CONTAIN_UNDEFINED",t,e,n);if(n)if("add"==e.op){var r=e.path.split("/").length,i=o.split("/").length;if(r!==i+1&&r!==i)throw new m("Cannot perform an `add` operation at the desired path","OPERATION_PATH_CANNOT_ADD",t,e,n)}else if("replace"===e.op||"remove"===e.op||"_get"===e.op){if(e.path!==o)throw new m("Cannot perform the operation at a path that does not exist","OPERATION_PATH_UNRESOLVABLE",t,e,n)}else if("move"===e.op||"copy"===e.op){var a=x([{op:"_get",path:e.from,value:void 0}],n);if(a&&"OPERATION_PATH_UNRESOLVABLE"===a.name)throw new m("Cannot perform the operation from a path that does not exist","OPERATION_FROM_UNRESOLVABLE",t,e,n)}}function x(e,t,n){try{if(!Array.isArray(e))throw new m("Patch sequence must be an array","SEQUENCE_NOT_AN_ARRAY");if(t)E(d(t),d(e),n||!0);else{n=n||P;for(var o=0;o<e.length;o++)n(e[o],o,t,void 0)}}catch(e){if(e instanceof m)return e;throw e}}function T(e,t){if(e===t)return!0;if(e&&t&&"object"==typeof e&&"object"==typeof t){var n,o,r,i=Array.isArray(e),a=Array.isArray(t);if(i&&a){if((o=e.length)!=t.length)return!1;for(n=o;0!=n--;)if(!T(e[n],t[n]))return!1;return!0}if(i!=a)return!1;var u=Object.keys(e);if((o=u.length)!==Object.keys(t).length)return!1;for(n=o;0!=n--;)if(!t.hasOwnProperty(u[n]))return!1;for(n=o;0!=n--;)if(!T(e[r=u[n]],t[r]))return!1;return!0}return e!=e&&t!=t}
+var a,u=(a=function(e,t){return(a=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var n in t)t.hasOwnProperty(n)&&(e[n]=t[n])})(e,t)},function(e,t){function n(){this.constructor=e}a(e,t),e.prototype=null===t?Object.create(t):(n.prototype=t.prototype,new n)}),p=Object.prototype.hasOwnProperty;function c(e,t){return p.call(e,t)}function f(e){if(Array.isArray(e)){for(var t=new Array(e.length),n=0;n<t.length;n++)t[n]=""+n;return t}if(Object.keys)return Object.keys(e);t=[];for(var o in e)c(e,o)&&t.push(o);return t}function s(e){switch(typeof e){case"object":return JSON.parse(JSON.stringify(e));case"undefined":return null;default:return e}}function d(e){for(var t,n=0,o=e.length;n<o;){if(!((t=e.charCodeAt(n))>=48&&t<=57))return!1;n++}return!0}function h(e){return-1===e.indexOf("/")&&-1===e.indexOf("~")?e:e.replace(/~/g,"~0").replace(/\//g,"~1")}function l(e){return e.replace(/~1/g,"/").replace(/~0/g,"~")}function v(e,t){var n=[e];for(var o in t){var r="object"==typeof t[o]?JSON.stringify(t[o],null,2):t[o];void 0!==r&&n.push(o+": "+r)}return n.join("\n")}var w=function(e){function t(t,n,o,r,i){var a=this.constructor,u=e.call(this,v(t,{name:n,index:o,operation:r,tree:i}))||this;return u.name=n,u.index=o,u.operation=r,u.tree=i,Object.setPrototypeOf(u,a.prototype),u.message=v(t,{name:n,index:o,operation:r,tree:i}),u}return u(t,e),t}(Error),m=w,y=s,b={add:function(e,t,n){return e[t]=this.value,{newDocument:n}},remove:function(e,t,n){var o=e[t];return delete e[t],{newDocument:n,removed:o}},replace:function(e,t,n){var o=e[t];return e[t]=this.value,{newDocument:n,removed:o}},move:function(e,t,n){var o=A(n,this.path);o&&(o=s(o));var r=_(n,{op:"remove",path:this.from}).removed;return _(n,{op:"add",path:this.path,value:r}),{newDocument:n,removed:o}},copy:function(e,t,n){var o=A(n,this.from);return _(n,{op:"add",path:this.path,value:s(o)}),{newDocument:n}},test:function(e,t,n){return{newDocument:n,test:T(e[t],this.value)}},_get:function(e,t,n){return this.value=e[t],{newDocument:n}}},O={add:function(e,t,n){return d(t)?e.splice(t,0,this.value):e[t]=this.value,{newDocument:n,index:t}},remove:function(e,t,n){return{newDocument:n,removed:e.splice(t,1)[0]}},replace:function(e,t,n){var o=e[t];return e[t]=this.value,{newDocument:n,removed:o}},move:b.move,copy:b.copy,test:b.test,_get:b._get};function A(e,t){if(""==t)return e;var n={op:"_get",path:t};return _(e,n),n.value}function _(e,t,n,o,r,i){if(void 0===n&&(n=!1),void 0===o&&(o=!0),void 0===r&&(r=!0),void 0===i&&(i=0),n&&("function"==typeof n?n(t,0,e,t.path):P(t,0)),""===t.path){var a={newDocument:e};if("add"===t.op)return a.newDocument=t.value,a;if("replace"===t.op)return a.newDocument=t.value,a.removed=e,a;if("move"===t.op||"copy"===t.op)return a.newDocument=A(e,t.from),"move"===t.op&&(a.removed=e),a;if("test"===t.op){if(a.test=T(e,t.value),!1===a.test)throw new m("Test operation failed","TEST_OPERATION_FAILED",i,t,e);return a.newDocument=e,a}if("remove"===t.op)return a.removed=e,a.newDocument=null,a;if("_get"===t.op)return t.value=e,a;if(n)throw new m("Operation `op` property is not one of operations defined in RFC-6902","OPERATION_OP_INVALID",i,t,e);return a}o||(e=s(e));var u=(t.path||"").split("/"),p=e,c=1,f=u.length,h=void 0,v=void 0,w=void 0;for(w="function"==typeof n?n:P;;){if((v=u[c])&&-1!=v.indexOf("~")&&(v=l(v)),r&&"__proto__"==v)throw new TypeError("JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README");if(n&&void 0===h&&(void 0===p[v]?h=u.slice(0,c).join("/"):c==f-1&&(h=t.path),void 0!==h&&w(t,0,e,h)),c++,Array.isArray(p)){if("-"===v)v=p.length;else{if(n&&!d(v))throw new m("Expected an unsigned base-10 integer value, making the new referenced value the array element with the zero-based index","OPERATION_PATH_ILLEGAL_ARRAY_INDEX",i,t,e);d(v)&&(v=~~v)}if(c>=f){if(n&&"add"===t.op&&v>p.length)throw new m("The specified index MUST NOT be greater than the number of elements in the array","OPERATION_VALUE_OUT_OF_BOUNDS",i,t,e);if(!1===(a=O[t.op].call(t,p,v,e)).test)throw new m("Test operation failed","TEST_OPERATION_FAILED",i,t,e);return a}}else if(c>=f){if(!1===(a=b[t.op].call(t,p,v,e)).test)throw new m("Test operation failed","TEST_OPERATION_FAILED",i,t,e);return a}if(p=p[v],n&&c<f&&(!p||"object"!=typeof p))throw new m("Cannot perform operation at the desired path","OPERATION_PATH_UNRESOLVABLE",i,t,e)}}function E(e,t,n,o,r){if(void 0===o&&(o=!0),void 0===r&&(r=!0),n&&!Array.isArray(t))throw new m("Patch sequence must be an array","SEQUENCE_NOT_AN_ARRAY");o||(e=s(e));for(var i=new Array(t.length),a=0,u=t.length;a<u;a++)i[a]=_(e,t[a],n,!0,r,a),e=i[a].newDocument;return i.newDocument=e,i}function g(e,t,n){var o=_(e,t);if(!1===o.test)throw new m("Test operation failed","TEST_OPERATION_FAILED",n,t,e);return o.newDocument}function P(e,t,n,o){if("object"!=typeof e||null===e||Array.isArray(e))throw new m("Operation is not an object","OPERATION_NOT_AN_OBJECT",t,e,n);if(!b[e.op])throw new m("Operation `op` property is not one of operations defined in RFC-6902","OPERATION_OP_INVALID",t,e,n);if("string"!=typeof e.path)throw new m("Operation `path` property is not a string","OPERATION_PATH_INVALID",t,e,n);if(0!==e.path.indexOf("/")&&e.path.length>0)throw new m('Operation `path` property must start with "/"',"OPERATION_PATH_INVALID",t,e,n);if(("move"===e.op||"copy"===e.op)&&"string"!=typeof e.from)throw new m("Operation `from` property is not present (applicable in `move` and `copy` operations)","OPERATION_FROM_REQUIRED",t,e,n);if(("add"===e.op||"replace"===e.op||"test"===e.op)&&void 0===e.value)throw new m("Operation `value` property is not present (applicable in `add`, `replace` and `test` operations)","OPERATION_VALUE_REQUIRED",t,e,n);if(("add"===e.op||"replace"===e.op||"test"===e.op)&&function e(t){if(void 0===t)return!0;if(t)if(Array.isArray(t)){for(var n=0,o=t.length;n<o;n++)if(e(t[n]))return!0}else if("object"==typeof t){var r=f(t),i=r.length;for(n=0;n<i;n++)if(e(t[r[n]]))return!0}return!1}(e.value))throw new m("Operation `value` property is not present (applicable in `add`, `replace` and `test` operations)","OPERATION_VALUE_CANNOT_CONTAIN_UNDEFINED",t,e,n);if(n)if("add"==e.op){var r=e.path.split("/").length,i=o.split("/").length;if(r!==i+1&&r!==i)throw new m("Cannot perform an `add` operation at the desired path","OPERATION_PATH_CANNOT_ADD",t,e,n)}else if("replace"===e.op||"remove"===e.op||"_get"===e.op){if(e.path!==o)throw new m("Cannot perform the operation at a path that does not exist","OPERATION_PATH_UNRESOLVABLE",t,e,n)}else if("move"===e.op||"copy"===e.op){var a=x([{op:"_get",path:e.from,value:void 0}],n);if(a&&"OPERATION_PATH_UNRESOLVABLE"===a.name)throw new m("Cannot perform the operation from a path that does not exist","OPERATION_FROM_UNRESOLVABLE",t,e,n)}}function x(e,t,n){try{if(!Array.isArray(e))throw new m("Patch sequence must be an array","SEQUENCE_NOT_AN_ARRAY");if(t)E(s(t),s(e),n||!0);else{n=n||P;for(var o=0;o<e.length;o++)n(e[o],o,t,void 0)}}catch(e){if(e instanceof m)return e;throw e}}function T(e,t){if(e===t)return!0;if(e&&t&&"object"==typeof e&&"object"==typeof t){var n,o,r,i=Array.isArray(e),a=Array.isArray(t);if(i&&a){if((o=e.length)!=t.length)return!1;for(n=o;0!=n--;)if(!T(e[n],t[n]))return!1;return!0}if(i!=a)return!1;var u=Object.keys(e);if((o=u.length)!==Object.keys(t).length)return!1;for(n=o;0!=n--;)if(!t.hasOwnProperty(u[n]))return!1;for(n=o;0!=n--;)if(!T(e[r=u[n]],t[r]))return!1;return!0}return e!=e&&t!=t}
 /*!
  * https://github.com/Starcounter-Jack/JSON-Patch
  * (c) 2017 Joachim Wester
  * MIT license
  */
-var D=new WeakMap,N=function(e){this.observers=new Map,this.obj=e},j=function(e,t){this.callback=e,this.observer=t};function C(e,t){t.unobserve()}function R(e,t){var n,o=function(e){return D.get(e)}(e);if(o){var r=function(e,t){return e.observers.get(t)}(o,t);n=r&&r.observer}else o=new N(e),D.set(e,o);if(n)return n;if(n={},o.value=d(e),t){n.callback=t,n.next=null;var i=function(){I(n)},a=function(){clearTimeout(n.next),n.next=setTimeout(i)};"undefined"!=typeof window&&(window.addEventListener("mouseup",a),window.addEventListener("keyup",a),window.addEventListener("mousedown",a),window.addEventListener("keydown",a),window.addEventListener("change",a))}return n.patches=[],n.object=e,n.unobserve=function(){I(n),clearTimeout(n.next),function(e,t){e.observers.delete(t.callback)}(o,n),"undefined"!=typeof window&&(window.removeEventListener("mouseup",a),window.removeEventListener("keyup",a),window.removeEventListener("mousedown",a),window.removeEventListener("keydown",a),window.removeEventListener("change",a))},o.observers.set(t,new j(t,n)),n}function I(e,t){void 0===t&&(t=!1);var n=D.get(e.object);L(n.value,e.object,e.patches,"",t),e.patches.length&&E(n.value,e.patches);var o=e.patches;return o.length>0&&(e.patches=[],e.callback&&e.callback(o)),o}function L(e,t,n,o,r){if(t!==e){"function"==typeof t.toJSON&&(t=t.toJSON());for(var i=f(t),a=f(e),u=!1,p=a.length-1;p>=0;p--){var s=e[v=a[p]];if(!c(t,v)||void 0===t[v]&&void 0!==s&&!1===Array.isArray(t))Array.isArray(e)===Array.isArray(t)?(r&&n.push({op:"test",path:o+"/"+h(v),value:d(s)}),n.push({op:"remove",path:o+"/"+h(v)}),u=!0):(r&&n.push({op:"test",path:o,value:e}),n.push({op:"replace",path:o,value:t}),!0);else{var l=t[v];"object"==typeof s&&null!=s&&"object"==typeof l&&null!=l?L(s,l,n,o+"/"+h(v),r):s!==l&&(!0,r&&n.push({op:"test",path:o+"/"+h(v),value:d(s)}),n.push({op:"replace",path:o+"/"+h(v),value:d(l)}))}}if(u||i.length!=a.length)for(p=0;p<i.length;p++){var v;c(e,v=i[p])||void 0===t[v]||n.push({op:"add",path:o+"/"+h(v),value:d(t[v])})}}}function B(e,t,n){void 0===n&&(n=!1);var o=[];return L(e,t,o,"",n),o}var S=Object.assign({},o,r,{JsonPatchError:w,deepClone:d,escapePathComponent:h,unescapePathComponent:l});function k(e){expect(typeof e).withContext("result from import should be an object").toEqual("object"),expect(typeof e).withContext("result from import should not be a function").not.toEqual("function"),expect(e.applyOperation).withContext("applyOperation should be a method within the object").toBeDefined(),expect(e.applyPatch).withContext("applyPatch should be a method within the object").toBeDefined(),expect(e.applyReducer).withContext("applyReducer should be a method within the object").toBeDefined(),expect(e.getValueByPointer).withContext("getValueByPointer should be a method within the object").toBeDefined(),expect(e.validate).withContext("validate should be a method within the object").toBeDefined(),expect(e.validator).withContext("validator should be a method within the object").toBeDefined(),expect(e._areEquals).withContext("_areEquals should be a method within the object").toBeDefined(),expect(e.JsonPatchError).withContext("JsonPatchError should be a method within the object").toBeDefined(),expect(e.deepClone).withContext("deepClone should be a method within the object").toBeDefined(),expect(e.escapePathComponent).withContext("escapePathComponent should be a method within the object").toBeDefined(),expect(e.unescapePathComponent).withContext("unescapePathComponent should be a method within the object").toBeDefined(),expect(e.unobserve).withContext("unobserve should be a method within the object").toBeDefined(),expect(e.observe).withContext("observe should be a method within the object").toBeDefined(),expect(e.generate).withContext("generate should be a method within the object").toBeDefined(),expect(e.compare).withContext("compare should be a method within the object").toBeDefined()}describe("This package imported by Webpack",function(){describe("import default",function(){it("should have the expected structure",function(){k(S)})}),describe("import asterisk",function(){it("should have the expected structure",function(){k(i)})}),describe("named import",function(){it("should have the expected structure",function(){expect(A).withContext("applyOperation should be defined").toBeDefined()})})})}]);
\ No newline at end of file
+var D=new WeakMap,N=function(e){this.observers=new Map,this.obj=e},j=function(e,t){this.callback=e,this.observer=t};function C(e,t){t.unobserve()}function R(e,t){var n,o=function(e){return D.get(e)}(e);if(o){var r=function(e,t){return e.observers.get(t)}(o,t);n=r&&r.observer}else o=new N(e),D.set(e,o);if(n)return n;if(n={},o.value=s(e),t){n.callback=t,n.next=null;var i=function(){I(n)},a=function(){clearTimeout(n.next),n.next=setTimeout(i)};"undefined"!=typeof window&&(window.addEventListener("mouseup",a),window.addEventListener("keyup",a),window.addEventListener("mousedown",a),window.addEventListener("keydown",a),window.addEventListener("change",a))}return n.patches=[],n.object=e,n.unobserve=function(){I(n),clearTimeout(n.next),function(e,t){e.observers.delete(t.callback)}(o,n),"undefined"!=typeof window&&(window.removeEventListener("mouseup",a),window.removeEventListener("keyup",a),window.removeEventListener("mousedown",a),window.removeEventListener("keydown",a),window.removeEventListener("change",a))},o.observers.set(t,new j(t,n)),n}function I(e,t){void 0===t&&(t=!1);var n=D.get(e.object);L(n.value,e.object,e.patches,"",t),e.patches.length&&E(n.value,e.patches);var o=e.patches;return o.length>0&&(e.patches=[],e.callback&&e.callback(o)),o}function L(e,t,n,o,r){if(t!==e){"function"==typeof t.toJSON&&(t=t.toJSON());for(var i=f(t),a=f(e),u=!1,p=a.length-1;p>=0;p--){var d=e[v=a[p]];if(!c(t,v)||void 0===t[v]&&void 0!==d&&!1===Array.isArray(t))Array.isArray(e)===Array.isArray(t)?(r&&n.push({op:"test",path:o+"/"+h(v),value:s(d)}),n.push({op:"remove",path:o+"/"+h(v)}),u=!0):(r&&n.push({op:"test",path:o,value:e}),n.push({op:"replace",path:o,value:t}),!0);else{var l=t[v];"object"==typeof d&&null!=d&&"object"==typeof l&&null!=l&&Array.isArray(d)===Array.isArray(l)?L(d,l,n,o+"/"+h(v),r):d!==l&&(!0,r&&n.push({op:"test",path:o+"/"+h(v),value:s(d)}),n.push({op:"replace",path:o+"/"+h(v),value:s(l)}))}}if(u||i.length!=a.length)for(p=0;p<i.length;p++){var v;c(e,v=i[p])||void 0===t[v]||n.push({op:"add",path:o+"/"+h(v),value:s(t[v])})}}}function B(e,t,n){void 0===n&&(n=!1);var o=[];return L(e,t,o,"",n),o}var S=Object.assign({},o,r,{JsonPatchError:w,deepClone:s,escapePathComponent:h,unescapePathComponent:l});function k(e){expect(typeof e).withContext("result from import should be an object").toEqual("object"),expect(typeof e).withContext("result from import should not be a function").not.toEqual("function"),expect(e.applyOperation).withContext("applyOperation should be a method within the object").toBeDefined(),expect(e.applyPatch).withContext("applyPatch should be a method within the object").toBeDefined(),expect(e.applyReducer).withContext("applyReducer should be a method within the object").toBeDefined(),expect(e.getValueByPointer).withContext("getValueByPointer should be a method within the object").toBeDefined(),expect(e.validate).withContext("validate should be a method within the object").toBeDefined(),expect(e.validator).withContext("validator should be a method within the object").toBeDefined(),expect(e._areEquals).withContext("_areEquals should be a method within the object").toBeDefined(),expect(e.JsonPatchError).withContext("JsonPatchError should be a method within the object").toBeDefined(),expect(e.deepClone).withContext("deepClone should be a method within the object").toBeDefined(),expect(e.escapePathComponent).withContext("escapePathComponent should be a method within the object").toBeDefined(),expect(e.unescapePathComponent).withContext("unescapePathComponent should be a method within the object").toBeDefined(),expect(e.unobserve).withContext("unobserve should be a method within the object").toBeDefined(),expect(e.observe).withContext("observe should be a method within the object").toBeDefined(),expect(e.generate).withContext("generate should be a method within the object").toBeDefined(),expect(e.compare).withContext("compare should be a method within the object").toBeDefined()}describe("This package imported by Webpack",function(){describe("import default",function(){it("should have the expected structure",function(){k(S)})}),describe("import asterisk",function(){it("should have the expected structure",function(){k(i)})}),describe("named import",function(){it("should have the expected structure",function(){expect(_).withContext("applyOperation should be defined").toBeDefined()})})})}]);
\ No newline at end of file

From 962bb6a31c3ec3d510e7a6613cba924048781dd0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Mar 2021 18:37:20 +0000
Subject: [PATCH 05/10] Bump elliptic from 6.5.3 to 6.5.4

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4.
- [Release notes](https://github.com/indutny/elliptic/releases)
- [Commits](https://github.com/indutny/elliptic/compare/v6.5.3...v6.5.4)

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 081eb354..e7ba42d5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "fast-json-patch",
-  "version": "3.0.0-1",
+  "version": "3.0.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -1198,18 +1198,26 @@
       }
     },
     "elliptic": {
-      "version": "6.5.3",
-      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.3.tgz",
-      "integrity": "sha512-IMqzv5wNQf+E6aHeIqATs0tOLeOTwj1QKbRcS3jBbYkl5oLAserA8yJTT7/VyHUYG91PRmPyeQDObKLPpeS4dw==",
+      "version": "6.5.4",
+      "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.5.4.tgz",
+      "integrity": "sha512-iLhC6ULemrljPZb+QutR5TQGB+pdW6KGD5RSegS+8sorOZT+rdQFbsQFJgvN3eRqNALqJer4oQ16YvJHlU8hzQ==",
       "dev": true,
       "requires": {
-        "bn.js": "^4.4.0",
-        "brorand": "^1.0.1",
+        "bn.js": "^4.11.9",
+        "brorand": "^1.1.0",
         "hash.js": "^1.0.0",
-        "hmac-drbg": "^1.0.0",
-        "inherits": "^2.0.1",
-        "minimalistic-assert": "^1.0.0",
-        "minimalistic-crypto-utils": "^1.0.0"
+        "hmac-drbg": "^1.0.1",
+        "inherits": "^2.0.4",
+        "minimalistic-assert": "^1.0.1",
+        "minimalistic-crypto-utils": "^1.0.1"
+      },
+      "dependencies": {
+        "bn.js": {
+          "version": "4.12.0",
+          "resolved": "https://registry.npmjs.org/bn.js/-/bn.js-4.12.0.tgz",
+          "integrity": "sha512-c98Bf3tPniI+scsdk237ku1Dc3ujXQTSgyiPUDEOe7tRkhrqridvh8klBv0HCEso1OLOYcHuCv/cS6DNxKH+ZA==",
+          "dev": true
+        }
       }
     },
     "emoji-regex": {

From ab4f30f8f2dffe5d3d195465310ba0afeb745d84 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 29 Mar 2021 17:49:12 +0000
Subject: [PATCH 06/10] Bump y18n from 4.0.0 to 4.0.1

Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 081eb354..a98bd42f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "fast-json-patch",
-  "version": "3.0.0-1",
+  "version": "3.0.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -5086,9 +5086,9 @@
       "dev": true
     },
     "y18n": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.0.tgz",
-      "integrity": "sha512-r9S/ZyXu/Xu9q1tYlpsLIsa3EeLXXk0VwlxqTcFRfg9EhMW+17kbt9G0NrgCmhGb5vT2hyhJZLfDGx+7+5Uj/w==",
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+      "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
       "dev": true
     },
     "yallist": {

From 59448a8879af9fa9e0e3a2e5cab2149523991002 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 29 Apr 2021 21:25:44 +0000
Subject: [PATCH 07/10] Bump ssri from 6.0.1 to 6.0.2

Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/npm/ssri/releases)
- [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md)
- [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2)

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 081eb354..04815662 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "fast-json-patch",
-  "version": "3.0.0-1",
+  "version": "3.0.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -4238,9 +4238,9 @@
       }
     },
     "ssri": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.1.tgz",
-      "integrity": "sha512-3Wge10hNcT1Kur4PDFwEieXSCMCJs/7WvSACcrMYrNp+b8kDL1/0wJch5Ni2WrtwEa2IO8OsVfeKIciKCDx/QA==",
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/ssri/-/ssri-6.0.2.tgz",
+      "integrity": "sha512-cepbSq/neFK7xB6A50KHN0xHDotYzq58wWCa5LeWqnPrHG8GzfEjO/4O8kpmcGW+oaxkvhEJCWgbgNk4/ZV93Q==",
       "dev": true,
       "requires": {
         "figgy-pudding": "^3.5.1"

From 7cda0f13f7ab48a6887356720078c048ab60997a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 6 May 2021 23:28:04 +0000
Subject: [PATCH 08/10] Bump lodash from 4.17.19 to 4.17.21

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 081eb354..189fb011 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "fast-json-patch",
-  "version": "3.0.0-1",
+  "version": "3.0.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -2872,9 +2872,9 @@
       }
     },
     "lodash": {
-      "version": "4.17.19",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.19.tgz",
-      "integrity": "sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==",
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
       "dev": true
     },
     "lower-case": {

From 2e0063fbac58005298c0e4ada44d2510eea19410 Mon Sep 17 00:00:00 2001
From: Joachim Wester <1219049+Starcounter-Jack@users.noreply.github.com>
Date: Mon, 24 May 2021 22:03:10 +0200
Subject: [PATCH 09/10] Update core.ts

---
 src/core.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core.ts b/src/core.ts
index bae849c9..9a8f7375 100644
--- a/src/core.ts
+++ b/src/core.ts
@@ -1,6 +1,6 @@
 /*!
  * https://github.com/Starcounter-Jack/JSON-Patch
- * (c) 2013-2020 Joachim Wester
+ * (c) 2013-2021 Joachim Wester
  * MIT license
  */
 declare var require: any;

From 5bcc925fc57374081ec2785d768c9fc2cf4dc71d Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Tue, 1 Jun 2021 22:46:21 -0500
Subject: [PATCH 10/10] Added compiled files

---
 commonjs/core.js   | 6 ++++--
 commonjs/duplex.js | 2 +-
 module/core.d.ts   | 4 ++--
 module/core.mjs    | 6 ++++--
 4 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/commonjs/core.js b/commonjs/core.js
index 19dd02b0..3d9ca301 100644
--- a/commonjs/core.js
+++ b/commonjs/core.js
@@ -185,8 +185,10 @@ function applyOperation(document, operation, validateOperation, mutateDocument,
         }
         while (true) {
             key = keys[t];
-            if (banPrototypeModifications && key == '__proto__') {
-                throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+            if (banPrototypeModifications &&
+                (key == '__proto__' ||
+                    (key == 'prototype' && t > 0 && keys[t - 1] == 'constructor'))) {
+                throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
             }
             if (validateOperation) {
                 if (existingPathFragment === undefined) {
diff --git a/commonjs/duplex.js b/commonjs/duplex.js
index bb3f14f3..1603bace 100644
--- a/commonjs/duplex.js
+++ b/commonjs/duplex.js
@@ -131,7 +131,7 @@ function _generate(mirror, obj, patches, path, invertible) {
         var oldVal = mirror[key];
         if (helpers_js_1.hasOwnProperty(obj, key) && !(obj[key] === undefined && oldVal !== undefined && Array.isArray(obj) === false)) {
             var newVal = obj[key];
-            if (typeof oldVal == "object" && oldVal != null && typeof newVal == "object" && newVal != null) {
+            if (typeof oldVal == "object" && oldVal != null && typeof newVal == "object" && newVal != null && Array.isArray(oldVal) === Array.isArray(newVal)) {
                 _generate(oldVal, newVal, patches, path + "/" + helpers_js_1.escapePathComponent(key), invertible);
             }
             else {
diff --git a/module/core.d.ts b/module/core.d.ts
index d63258c4..437a1f76 100644
--- a/module/core.d.ts
+++ b/module/core.d.ts
@@ -81,7 +81,7 @@ export declare function applyOperation<T>(document: T, operation: Operation, val
  * @param banPrototypeModifications Whether to ban modifications to `__proto__`, defaults to `true`.
  * @return An array of `{newDocument, result}` after the patch
  */
-export declare function applyPatch<T>(document: T, patch: Operation[], validateOperation?: boolean | Validator<T>, mutateDocument?: boolean, banPrototypeModifications?: boolean): PatchResult<T>;
+export declare function applyPatch<T>(document: T, patch: ReadonlyArray<Operation>, validateOperation?: boolean | Validator<T>, mutateDocument?: boolean, banPrototypeModifications?: boolean): PatchResult<T>;
 /**
  * Apply a single JSON Patch Operation on a JSON document.
  * Returns the updated document.
@@ -107,5 +107,5 @@ export declare function validator(operation: Operation, index: number, document?
  * @param document
  * @returns {JsonPatchError|undefined}
  */
-export declare function validate<T>(sequence: Operation[], document?: T, externalValidator?: Validator<T>): PatchError;
+export declare function validate<T>(sequence: ReadonlyArray<Operation>, document?: T, externalValidator?: Validator<T>): PatchError;
 export declare function _areEquals(a: any, b: any): boolean;
diff --git a/module/core.mjs b/module/core.mjs
index 4741dc56..01b23314 100644
--- a/module/core.mjs
+++ b/module/core.mjs
@@ -183,8 +183,10 @@ export function applyOperation(document, operation, validateOperation, mutateDoc
         }
         while (true) {
             key = keys[t];
-            if (banPrototypeModifications && key == '__proto__') {
-                throw new TypeError('JSON-Patch: modifying `__proto__` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
+            if (banPrototypeModifications &&
+                (key == '__proto__' ||
+                    (key == 'prototype' && t > 0 && keys[t - 1] == 'constructor'))) {
+                throw new TypeError('JSON-Patch: modifying `__proto__` or `constructor/prototype` prop is banned for security reasons, if this was on purpose, please set `banPrototypeModifications` flag false and pass it to this function. More info in fast-json-patch README');
             }
             if (validateOperation) {
                 if (existingPathFragment === undefined) {