Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade jsonpointer from 5.0.0 to 5.0.1 #1296

Merged
merged 1 commit into from
Aug 28, 2022
Merged

[Snyk] Upgrade jsonpointer from 5.0.0 to 5.0.1 #1296

merged 1 commit into from
Aug 28, 2022
+8 −8

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Aug 3, 2022

Snyk has created this PR to upgrade jsonpointer from 5.0.0 to 5.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 21 days ago, on 2022-07-13.
Release notes
Package name: jsonpointer
  • 5.0.1 - 2022-07-13

    Changelog

    • Fix incorrect typings for compile get/set methods (#58, thanks to @ haakemon)
    • Fix null values throwing exception when traversing over while getting (#50, thanks to @ reckter)
    • Fix tests for null and undefined assertions (a5706e8)
  • 5.0.0 - 2021-10-31

    5.0.0 (2021-10-31)

    Bug Fixes

    • Fix prototype pollution (#51)

      • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
      // returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
      • When passing non-string arrays to a .set operation, an error is thrown:
      // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')
from jsonpointer GitHub release notes
Commit messages
Package name: jsonpointer

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@github-actions
Copy link

github-actions bot commented Aug 3, 2022
edited
Loading

MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
✅ GIT git_diff yes no 0.19s
✅ JSON eslint-plugin-jsonc 2 0 1.78s
✅ JSON jsonlint 2 0 0.82s
⚠️ JSON prettier 2 1 0.82s
✅ JSON v8r 2 0 4.53s
✅ SPELL misspell 2 0 0.05s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

@rseedorff rseedorff merged commit 30f5e6d into main Aug 28, 2022
@rseedorff rseedorff deleted the snyk-upgrade-66ab65135f84ba2ddf290ce3a5840c0b branch August 28, 2022 07:55
@rseedorff rseedorff added the dependencies Pull requests that update a dependency file label Aug 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rseedorff rseedorff

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@snyk-bot @rseedorff