json-ptr - npm Package Compare versions

package.json

		{
		"name": "json-ptr",
		"version": "2.1.1-master.98922c7",
		"version": "2.1.2-master.bdd6317",
		"author": "Phillip Clark <phillip@flitbit.com>",
		@@ -5,0 +5,0 @@ "description": "A complete implementation of JSON Pointer (RFC 6901) for nodejs and modern browsers.",

README.md

		@@ -242,3 +242,5 @@ # json-ptr

		- 2021-05-12 — 2.1.0 _Bug fixes for #28 and #30; Security Vulnerability Patched_
		- 2021-05-12 — 2.1.1 _Bug fix for [#36](https://github.com/flitbit/json-ptr/issues/36)_
		- @CarolynWebster reported an unintentional behavior change starting at v1.3.0. An operation involving a pointer/path that crossed a null value in the object graph resulted in an exception. In versions prior to v1.3.0 it returned `undefined` as intended. The original behavior has been restored.
		- 2021-05-12 — 2.1.0 _Bug fixes for [#28](https://github.com/flitbit/json-ptr/issues/28) and [#30](https://github.com/flitbit/json-ptr/issues/30); Security Vulnerability Patched_
		- When compiling the accessors for quickly points in an object graph, the `.get()` method was not properly delimiting single quotes. This error caused the get operation to throw an exception in during normal usage. Worse, in cases where malicious user input was sent directly to `json-ptr`, the failure to delimit single quotes allowed the execution of arbitrary code (an injection attack). The first of these issues was reported in #28 by @mprast, the second (vulnerability) by @zpbrent. Thanks also to @elimumford for the actual code used for the fix.
		@@ -245,0 +247,0 @@

New alerts