jsprim
Advanced tools
Comparing version 2.0.1 to 2.0.2
@@ -7,2 +7,10 @@ # Changelog | ||
| ## v2.0.2 (2021-11-16) | ||
| * #30 json-schema dep is vulnerable to prototype pollution | ||
| See also https://security.snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922 | ||
| ## v2.0.1 (2021-11-03) | ||
| * Remove use of `git://` URLs. | ||
| ## v2.0.0 (2017-10-25) | ||
@@ -9,0 +17,0 @@ |
| { | ||
| "name": "jsprim", | ||
| "version": "2.0.1", | ||
| "version": "2.0.2", | ||
| "description": "utilities for primitive JavaScript types", | ||
@@ -13,3 +13,3 @@ "main": "./lib/jsprim.js", | ||
| "extsprintf": "1.3.0", | ||
| "json-schema": "0.2.3", | ||
| "json-schema": "0.4.0", | ||
| "verror": "1.10.0" | ||
@@ -16,0 +16,0 @@ }, |
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.68%
31357
- Number of medium supply chain risk alerts
- decreased by-100%
0
Dependency changes
+ Addedjson-schema@0.4.0(transitive)
- Removedjson-schema@0.2.3(transitive)
Updatedjson-schema@0.4.0