From ec61940453d1b72d21c155d374bdf53b8ee823f2 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 1 Jun 2026 19:36:54 +0000
Subject: [PATCH 1/2] Initial plan


From f85c683471a8643a34cc695e0d5ccf9a487f316d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 1 Jun 2026 19:39:19 +0000
Subject: [PATCH 2/2] Fix for-in loop in use() method to use for-of, preventing
 prototype pollution

---
 index.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/index.js b/index.js
index 167419d..fc723eb 100644
--- a/index.js
+++ b/index.js
@@ -467,12 +467,12 @@ class API {
     let middleware = [];
 
     // Add func args as middleware
-    for (let arg in args) {
-      if (typeof args[arg] === 'function') {
-        if (args[arg].length === 3) {
-          middleware.push(args[arg]);
-        } else if (args[arg].length === 4) {
-          this._errors.push(args[arg]);
+    for (let arg of args) {
+      if (typeof arg === 'function') {
+        if (arg.length === 3) {
+          middleware.push(arg);
+        } else if (arg.length === 4) {
+          this._errors.push(arg);
         } else {
           throw new ConfigurationError(
             'Middleware must have 3 or 4 parameters'