[Snyk] Upgrade jsonpointer from 5.0.0 to 5.0.1 by snyk-bot · Pull Request #1296 · secureCodeBox/secureCodeBox

snyk-bot · 2022-08-03T16:15:37Z

Snyk has created this PR to upgrade jsonpointer from 5.0.0 to 5.0.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released 21 days ago, on 2022-07-13.

Release notes

Package name: jsonpointer

5.0.1 - 2022-07-13
Changelog
- Fix incorrect typings for compile get/set methods (#58, thanks to @ haakemon)
- Fix null values throwing exception when traversing over while getting (#50, thanks to @ reckter)
- Fix tests for null and undefined assertions (a5706e8)
5.0.0 - 2021-10-31
5.0.0 (2021-10-31)

Bug Fixes
- Fix prototype pollution (#51)
  - The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
```
// returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
```
  - When passing non-string arrays to a .set operation, an error is thrown:
```
// throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')
```

from jsonpointer GitHub release notes

Commit messages

Package name: jsonpointer

d0d9af9 Version 5.0.1
4a253c0 Adopt strictEqual changes and only return null when the get succeeded
bad4983 Fix null values throwing exception when traversing over while getting
a5706e8 test: Always use strictEqual to ensure null and undefined values are asserted correctly
b8e1e6a fix incorrect typings for compile get/set methods
c4de620 Merge pull request CLI run_scanner.sh #53 from janl/release/5.0.0
84cf173 Merge pull request Added environment variables to define scanner user #52 from janl/fix/test

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade jsonpointer from 5.0.0 to 5.0.1. See this package in npm: https://www.npmjs.com/package/jsonpointer See this project in Snyk: https://app.snyk.io/org/securecodebox/project/f177f813-0bac-418b-bd84-1635c57687eb?utm_source=github&utm_medium=referral&page=upgrade-pr

github-actions · 2022-08-03T16:18:42Z

MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Errors	Elapsed time
✅ GIT	git_diff	yes	no	0.19s
✅ JSON	eslint-plugin-jsonc	2	0	1.78s
✅ JSON	jsonlint	2	0	0.82s
⚠️ JSON	prettier	2	1	0.82s
✅ JSON	v8r	2	0	4.53s
✅ SPELL	misspell	2	0	0.05s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

rfelber approved these changes Aug 28, 2022

View reviewed changes

rfelber merged commit 30f5e6d into main Aug 28, 2022

rfelber deleted the snyk-upgrade-66ab65135f84ba2ddf290ce3a5840c0b branch August 28, 2022 07:55

rfelber added the dependencies Pull requests that update a dependency file label Aug 28, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade jsonpointer from 5.0.0 to 5.0.1#1296

[Snyk] Upgrade jsonpointer from 5.0.0 to 5.0.1#1296
rfelber merged 1 commit intomainfrom
snyk-upgrade-66ab65135f84ba2ddf290ce3a5840c0b

Changelog

5.0.0 (2021-10-31)

Bug Fixes

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Snyk has created this PR to upgrade jsonpointer from 5.0.0 to 5.0.1.

Changelog

5.0.0 (2021-10-31)

Bug Fixes

Uh oh!

Uh oh!

MegaLinter status: ⚠️ WARNING

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants