Comparing version 2.1.1-master.98922c7 to 2.1.2-master.bdd6317
{ | ||
"name": "json-ptr", | ||
"version": "2.1.1-master.98922c7", | ||
"version": "2.1.2-master.bdd6317", | ||
"author": "Phillip Clark <phillip@flitbit.com>", | ||
@@ -5,0 +5,0 @@ "description": "A complete implementation of JSON Pointer (RFC 6901) for nodejs and modern browsers.", |
@@ -242,3 +242,5 @@ # json-ptr | ||
- 2021-05-12 — **2.1.0** _Bug fixes for #28 and #30; **Security Vulnerability Patched**_ | ||
- 2021-05-12 — **2.1.1** _Bug fix for [#36](https://github.com/flitbit/json-ptr/issues/36)_ | ||
- @CarolynWebster reported an unintentional behavior change starting at v1.3.0. An operation involving a pointer/path that crossed a null value in the object graph resulted in an exception. In versions prior to v1.3.0 it returned `undefined` as intended. The original behavior has been restored. | ||
- 2021-05-12 — **2.1.0** _Bug fixes for [#28](https://github.com/flitbit/json-ptr/issues/28) and [#30](https://github.com/flitbit/json-ptr/issues/30); **Security Vulnerability Patched**_ | ||
- When compiling the accessors for quickly points in an object graph, the `.get()` method was not properly delimiting single quotes. This error caused the get operation to throw an exception in during normal usage. Worse, in cases where malicious user input was sent directly to `json-ptr`, the failure to delimit single quotes allowed the execution of arbitrary code (an injection attack). The first of these issues was reported in #28 by @mprast, the second (vulnerability) by @zpbrent. Thanks also to @elimumford for the actual code used for the fix. | ||
@@ -245,0 +247,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
221107
292