jsprim
Advanced tools
Comparing version 2.0.1 to 2.0.2
@@ -7,2 +7,10 @@ # Changelog | ||
## v2.0.2 (2021-11-16) | ||
* #30 json-schema dep is vulnerable to prototype pollution | ||
See also https://security.snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922 | ||
## v2.0.1 (2021-11-03) | ||
* Remove use of `git://` URLs. | ||
## v2.0.0 (2017-10-25) | ||
@@ -9,0 +17,0 @@ |
{ | ||
"name": "jsprim", | ||
"version": "2.0.1", | ||
"version": "2.0.2", | ||
"description": "utilities for primitive JavaScript types", | ||
@@ -13,3 +13,3 @@ "main": "./lib/jsprim.js", | ||
"extsprintf": "1.3.0", | ||
"json-schema": "0.2.3", | ||
"json-schema": "0.4.0", | ||
"verror": "1.10.0" | ||
@@ -16,0 +16,0 @@ }, |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
31357
0
+ Addedjson-schema@0.4.0(transitive)
- Removedjson-schema@0.2.3(transitive)
Updatedjson-schema@0.4.0