Skip to content

Commit

Permalink
#33 json-schema dep is vulnerable to prototype pollution (#34)
Browse files Browse the repository at this point in the history
Reviewed by: Dan McDonald <danmcd@kebe.com>
  • Loading branch information
bahamat authored Nov 17, 2021
1 parent f544b6d commit 017f744
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 2 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
node_modules
package-lock.json
8 changes: 8 additions & 0 deletions CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@

None yet.

## v2.0.2 (2021-11-16)

* #30 json-schema dep is vulnerable to prototype pollution
See also https://security.snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922

## v2.0.1 (2021-11-03)

* Remove use of `git://` URLs.
## v2.0.0 (2017-10-25)

Major bump due to a change in the semantics of `deepEqual`. Code that relies on
Expand Down
4 changes: 2 additions & 2 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "jsprim",
"version": "2.0.1",
"version": "2.0.2",
"description": "utilities for primitive JavaScript types",
"main": "./lib/jsprim.js",
"repository": {
Expand All @@ -10,7 +10,7 @@
"dependencies": {
"assert-plus": "1.0.0",
"extsprintf": "1.3.0",
"json-schema": "0.2.3",
"json-schema": "0.4.0",
"verror": "1.10.0"
},
"engines": [
Expand Down

0 comments on commit 017f744

Please sign in to comment.