fix: Clone JsonRpcEngineV2 results to prevent returning frozen objects#8077
Merged
FrederikBolding merged 4 commits intomainfrom Mar 2, 2026
Merged
fix: Clone JsonRpcEngineV2 results to prevent returning frozen objects#8077FrederikBolding merged 4 commits intomainfrom
JsonRpcEngineV2 results to prevent returning frozen objects#8077FrederikBolding merged 4 commits intomainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Explanation
JsonRpcEngineV2internally freezesrequestandresultto prevent middlewares from modifying the objects. This implementation detail has leaked into theresultreturned fromhandlewhich does not seem expected and is causing problems downstream. To work around this issue, this PR adds logic to clone the result before returning it, undoing any frozen objects.References
https://consensyssoftware.atlassian.net/browse/WPC-510
Note
Medium Risk
Changes the runtime behavior of
JsonRpcEngineV2.handle()by returning deep-cloned results (new object identities) instead of the internally frozen objects, which may affect consumers relying on referential equality or immutability and adds cloning overhead.Overview
JsonRpcEngineV2.handle()now deep-clones the final middlewareresultbefore returning it, so callers no longer receive the engine’s internally frozen objects (and the return type is no longerReadonly).Adds coverage to ensure returned objects (including nested objects) are not frozen, updates downstream cache middleware tests to use
toStrictEqualinstead of reference equality, and records the fix in thejson-rpc-enginechangelog.Written by Cursor Bugbot for commit ca7e6d5. This will update automatically on new commits. Configure here.