Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade jsonpointer to address security vulnerability #188

Merged
merged 1 commit into from Nov 10, 2021

Conversation

axelniklasson
Copy link
Contributor

@axelniklasson axelniklasson commented Nov 8, 2021

Addresses CVE-2021-23807 through upgrading jsonpointer to > v5.0.0

Fixes #189

@axelniklasson axelniklasson marked this pull request as ready for review Nov 8, 2021
@axelniklasson
Copy link
Contributor Author

@axelniklasson axelniklasson commented Nov 8, 2021

@mafintosh CI doesn't seem to be running here but tests are passing locally so I figured I'd raise the PR. Let me know if there are any other steps I should take before it could be merged -- thanks!

@LinusU
Copy link
Collaborator

@LinusU LinusU commented Nov 10, 2021

It wasn't easy to find out what has changed, but it seems like it doesn't actually have any breaking changes:

janl/node-jsonpointer@v4.1.0...v5.0.0
janl/node-jsonpointer#56

@LinusU LinusU merged commit f76edf0 into mafintosh:master Nov 10, 2021
@LinusU
Copy link
Collaborator

@LinusU LinusU commented Nov 10, 2021

Released as 2.20.6 :shipit:

@axelniklasson
Copy link
Contributor Author

@axelniklasson axelniklasson commented Nov 10, 2021

Thanks for the quick turnaround @LinusU 💯

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants