Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump jsonpointer and is-my-json-valid #365

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump jsonpointer and is-my-json-valid #365

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 3, 2023
edited
Loading

Bumps jsonpointer and is-my-json-valid. These dependencies needed to be updated together.
Updates jsonpointer from 4.0.1 to 5.0.1

Release notes

Sourced from jsonpointer's releases.

Version 5.0.1

Changelog

v5.0.0

5.0.0 (2021-10-31)

Bug Fixes

  • Fix prototype pollution (#51)

    • The original, non-mutated objects are now returned if any of the keys __proto__, constructor or prototype are used in a json pointer.
    // returns the unmodified input {}
jsonpointer.set({}, '/foo/__proto__/boo', 'polluted')
    • When passing non-string arrays to a .set operation, an error is thrown:
    // throws `new Error('Invalid JSON pointer. Must be of type string or number.')`
jsonpointer.set({}, [['__proto__'], ['__proto__'], 'boo'], 'polluted')

v4.1.0

4.1.0 (2020-07-03)

Bug Fixes

Features

Commits
  • 4a253c0 Adopt strictEqual changes and only return null when the get succeeded
  • bad4983 Fix null values throwing exception when traversing over while getting
  • a5706e8 test: Always use strictEqual to ensure null and undefined values are asserted...
  • b8e1e6a fix incorrect typings for compile get/set methods
  • c4de620 Merge pull request #53 from janl/release/5.0.0
  • 8dbf304 feat: v5
  • 84cf173 Merge pull request #52 from janl/fix/test
  • f716e5c chore: more rip travis
  • e2ae355 chore: remove comment
  • d23693b chore: update primary branch
  • Additional commits viewable in compare view

Updates is-my-json-valid from 2.20.0 to 2.20.6

Commits

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
chore(deps): bump jsonpointer and is-my-json-valid
43ca3a1 
Bumps [jsonpointer](https://github.com/janl/node-jsonpointer) and [is-my-json-valid](https://github.com/mafintosh/is-my-json-valid). These dependencies needed to be updated together.

Updates `jsonpointer` from 4.0.1 to 5.0.1
- [Release notes](https://github.com/janl/node-jsonpointer/releases)
- [Commits](janl/node-jsonpointer@4.0.1...v5.0.1)

Updates `is-my-json-valid` from 2.20.0 to 2.20.6
- [Commits](mafintosh/is-my-json-valid@v2.20.0...v2.20.6)

---
updated-dependencies:
- dependency-name: jsonpointer
  dependency-type: indirect
- dependency-name: is-my-json-valid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 3, 2023
@dependabot dependabot bot temporarily deployed to testing July 3, 2023 09:19 Inactive
@dependabot dependabot bot temporarily deployed to testing August 25, 2023 02:04 Inactive
@cht8687 cht8687 force-pushed the master branch 2 times, most recently from 5559a1c to bd9b25e Compare September 2, 2023 04:22
@cht8687
Copy link
Member

cht8687 commented Sep 2, 2023

https://github.com/dependabot rebase

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 2, 2023

Looks like these dependencies are no longer a dependency, so this is no longer needed.

@dependabot dependabot bot closed this Sep 2, 2023
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/jsonpointer-and-is-my-json-valid-5.0.1 branch September 2, 2023 04:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@cht8687