JSON8
JSON8 copied to clipboard
sonnyp
JSON toolkit for JavaScript.
Prototype pollution vulnerability in function add() in json8-patch/lib/add.js in json8-patch1.0.6 via the function add and variable add The function usevariable partent and function add lead to Prototype pollution in line...
Removes [cacheable-request](https://github.com/jaredwray/cacheable-request). It's no longer used after updating ancestor dependency [ava](https://github.com/avajs/ava). These dependencies need to be updated together. Removes `cacheable-request` Updates `ava` from 3.15.0 to 5.2.0 Release notes Sourced from...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. Commits 2449650 Update mocha 560b2d8 Don't use regex to trim whitespace b1bdb92 Remove linting package zoo c20dc7e Cache 308 See full diff in compare...
Bumps [json-pointer](https://github.com/manuelstofer/json-pointer) from 0.6.1 to 0.6.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [fast-json-patch](https://github.com/Starcounter-Jack/JSON-Patch) from 3.1.0 to 3.1.1. Release notes Sourced from fast-json-patch's releases. 3.1.1 Security Fix for Prototype Pollution - huntr.dev #262 Commits 9d313ac fix(tests): Updated tests to reflect new error...
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2. Release notes Sourced from decode-uri-component's releases. v0.2.2 Prevent overwriting previously decoded tokens 980e0bf https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2 v0.2.1 Switch to GitHub workflows 76abc93 Fix issue where decode...
Bumps [qs](https://github.com/ljharb/qs) from 6.5.2 to 6.5.3. Changelog Sourced from qs's changelog. 6.5.3 [Fix] parse: ignore __proto__ keys (#428) [Fix] utils.merge`: avoid a crash with a null target and a truthy...
Bumps [parse-url](https://github.com/IonicaBizau/parse-url) from 6.0.0 to 6.0.5. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
Bumps [json-ptr](https://github.com/flitbit/json-ptr) from 2.2.0 to 3.0.0. Commits 2d8c1ab 3.0.0 375d91d updated lock file 18a4d58 Merge pull request #42 from flitbit/packaging-rollup 7af30ca ci build node-14 92f726a fix ci script for updated...
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. Release notes Sourced from node-fetch's releases. v2.6.7 Security patch release Recommended to upgrade, to not leak sensitive cookie and authentication header information to 3th...