Fix uri scheme validation (@ChALkeR).
Fix boolean schemas with strictKeywords option (#1270)
v6.12.4
Fix: coercion of one-item arrays to scalar that should fail validation (failing example).
v6.12.3
Pass schema object to processCode function
Option for strictNumbers (@issacgerges, #1128)
Fixed vulnerability related to untrusted schemas (CVE-2020-15366)
Bumps the npm_and_yarn group with 23 updates in the / directory:
5.1.0
6.3.16
6.12.2
6.12.6
4.1.0
4.1.1
2.6.3
2.6.4
4.2.0
4.2.3
0.2.0
0.2.2
1.3.1
1.3.4
6.5.3
6.5.5
1.0.7
1.1.2
4.17.1
4.19.2
1.4.0
1.4.2
1.12.1
1.15.6
1.3.5
1.3.8
0.2.3
0.4.0
1.4.1
1.4.2
4.17.19
4.17.21
1.2.5
1.2.8
6.5.2
6.5.3
1.4.7
1.5.10
3.7.2
removed
4.0.2
5.0.1
3.11.0
5.0.4
4.0.0
4.0.3
Updates
karma
from 5.1.0 to 6.3.16Release notes
Sourced from karma's releases.
... (truncated)
Changelog
Sourced from karma's changelog.
... (truncated)
Commits
ab4b328
chore(release): 6.3.16 [skip ci]ff7edbb
fix(security): mitigate the "Open Redirect Vulnerability"c1befa0
chore(release): 6.3.15 [skip ci]d9dade2
fix(helper): make mkdirIfNotExists helper resilient to concurrent calls653c762
ci: prevent duplicate CI tasks on creating a PRc97e562
chore(release): 6.3.14 [skip ci]91d5acd
fix: remove string template from client code69cfc76
fix: warn whensingleRun
andautoWatch
arefalse
839578c
fix(security): remove XSS vulnerability inreturnUrl
query paramdb53785
chore(release): 6.3.13 [skip ci]Updates
ajv
from 6.12.2 to 6.12.6Release notes
Sourced from ajv's releases.
Commits
fe59143
6.12.6d580d3e
Merge pull request #1298 from ajv-validator/fix-urlfd36389
fix: regular expression for "url" format490e34c
docs: link to v7-beta branch9cd93a1
docs: note about v7 in readme877d286
Merge pull request #1262 from b4h0-c4t/refactor-opt-object-typef1c8e45
6.12.5764035e
Merge branch 'ChALkeR-chalker/fix-comma'3798160
Merge branch 'chalker/fix-comma' of git://github.com/ChALkeR/ajv into ChALkeR...a3c7eba
Merge branch 'refactor-opt-object-type' of github.com:b4h0-c4t/ajv into refac...Updates
ansi-regex
from 4.1.0 to 4.1.1Commits
64735d2
v4.1.175a657d
Fix potential ReDoS (#37)Updates
async
from 2.6.3 to 2.6.4Changelog
Sourced from async's changelog.
Commits
c6bdaca
Version 2.6.48870da9
Update built files4df6754
update changelog8f7f903
Fix prototype pollution vulnerability (#1828)Maintainer changes
This version was pushed to npm by hargasinski, a new releaser for async since your current version.
Updates
browserify-sign
from 4.2.0 to 4.2.3Changelog
Sourced from browserify-sign's changelog.
Commits
bf2c3ec
v4.2.39247adf
[patch] widen support to 0.12f427270
[Deps] update `parse-asn187f3a35
[Dev Deps] updateaud
,npmignore
,tape
fb261ce
[Deps] updateelliptic
4d0ee49
[patch] drop minimum node support to v19e2bf12
[Deps] pinhash-base
to ~3.0, due to a breaking change168e16f
[Deps] pinelliptic
due to a breaking change37a4758
[actions] remove redundant finisher4af5a90
v4.2.2Maintainer changes
This version was pushed to npm by ljharb, a new releaser for browserify-sign since your current version.
Updates
decode-uri-component
from 0.2.0 to 0.2.2Release notes
Sourced from decode-uri-component's releases.
Commits
a0eea46
0.2.2980e0bf
Prevent overwriting previously decoded tokens3c8a373
0.2.176abc93
Switch to GitHub workflows746ca5d
Fix issue where decode throws - fixes #6486d7e2
Update license (#1)a650457
Tidelift tasks66e1c28
Meta tweaksUpdates
dns-packet
from 1.3.1 to 1.3.4Commits
ebdf849
1.3.4ac57872
move all allocUnsafes to allocs for easier maintenancec64c950
1.3.30598ba1
fix .. in encodingLength010aedb
1.3.20d0d593
backport encodingLength fix to v1Updates
elliptic
from 6.5.3 to 6.5.5Commits
7570078
6.5.5206da2e
lib: lint0a78e03
[Fix] restore node < 4 compat43ac7f2
6.5.4f4bc72b
package: bump deps441b742
ec: validate that a point before deriving keyse71b2d9
lib: relint using eslint8421a01
build(deps): bump elliptic from 6.4.1 to 6.5.3 (#231)Updates
ws
from 6.1.4 to 6.2.1Release notes
Sourced from ws's releases.
Commits
d57db27
[dist] 6.2.140734d8
[minor] Add missing option in JSDoc comment0556f31
[doc] Add TOC to ws.md (#1539)aa1dcd5
[fix] MakeWebSocket#close()
set the close timer immediately297f56d
[minor] Remove unneededif
statementbcab373
[test] Increase code coverage3a5a20a
Revert "[ci] Cache dependencies"9a89e5d
[ci] Cache dependencies7f5025d
[test] Fix flaky test148c373
[test] Prefer arrow functionsUpdates
eventsource
from 1.0.7 to 1.1.2Changelog
Sourced from eventsource's changelog.
Commits
0a8b85b
1.1.2f99ae66
docs: update history for 1.1.206c9721
chore: rebuild polyfill9494642
fix: inline origin resolution, droporiginal
dependency (#281)aa7a408
1.1.156d489e
chore: rebuild polyfill4a951e5
docs: update history for 1.1.1f9f6416
fix: strip sensitive headers on redirect to different origin9dd0687
1.1.049497ba
Update history for 1.1.0 (#146)Updates
express
from 4.17.1 to 4.19.2Release notes
Sourced from express's releases.
... (truncated)
Changelog
Sourced from express's changelog.
... (truncated)
Commits
04bc627
4.19.2da4d763
Improved fix for open redirect allow list bypass4f0f6cc
4.19.1a003cfa
Allow passing non-strings to res.location with new encoding handling checks f...a1fa90f
fixed un-edited version in history.md for 4.19.011f2b1d
build: fix build due to inconsistent supertest behavior in older versions084e365
4.19.00867302
Prevent open redirect allow list bypass due to encodeurl567c9c6
Add note on how to update docs for new release (#5541)69a4cf2
deps: cookie@0.6.0Maintainer changes
This version was pushed to npm by wesleytodd, a new releaser for express since your current version.
Updates
loader-utils
from 1.4.0 to 1.4.2Release notes
Sourced from loader-utils's releases.
Changelog
Sourced from loader-utils's changelog.
Commits
331ad50
chore(release): 1.4.217cbf8f
fix: ReDoS problem (#226)8f082b3
chore(release): 1.4.14504e34
fix: security problem (#220)Updates
follow-redirects
from 1.12.1 to 1.15.6Commits
35a517c
Release version 1.15.6 of the npm package.c4f847f
Drop Proxy-Authorization across hosts.8526b4a
Use GitHub for disclosure.b1677ce
Release version 1.15.5 of the npm package.d8914f7
Preserve fragment in responseUrl.6585820
Release version 1.15.4 of the npm package.7a6567e
Disallow bracketed hostnames.05629af
Prefer native URL instead of deprecated url.parse.1cba8e8
Prefer native URL instead of legacy url.resolve.72bc2a4
Simplify _processResponse error handling.Updates
ini
from 1.3.5 to 1.3.8Commits
a2c5da8
1.3.8af5c6bb
Do not use Object.create(null)8b648a1
don't test where our devdeps don't even workc74c8af
1.3.7024b8b5
update deps, add linting032fbaf
Use Object.create(null) to avoid default object property hazards2da9039
1.3.6cfea636
better git push script, before publish instead of after56d2805
do not allow invalid hazardous string as section nameMaintainer changes
This version was pushed to npm by isaacs, a new releaser for ini since your current version.
Updates
json-schema
from 0.2.3 to 0.4.0Commits
f6f6a3b
Use a little more robust method of checking instancesef60987
Update versionb62f1da
Protect against constructor modification, #84fb427cd
Link to json-schema-org repository in addition to site, fixes #5422f1461
Don't allow proto property to be used for schema default/coerce, fixes #84c52a27c
Get basic test to passb3f42b3
Add security policy3b0cec3
Update versionc28470f
Update readme to acknowledge the state of the package7dff9cd
Merge pull request #81 from hodovani/patch-1Updates
jsprim
from 1.4.1 to 1.4.2Changelog
Sourced from jsprim's changelog.
Commits
5c8475f
joyent/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.xMaintainer changes
This version was pushed to npm by bahamat, a new releaser for jsprim since your current version.
Updates
lodash
from 4.17.19 to 4.17.21Commits
f299b52
Bump to v4.17.21c4847eb
Improve performance oftoNumber
,trim
andtrimEnd
on large input strings3469357
Prevent command injection through_.template
'svariable
optionded9bc6
Bump to v4.17.20.63150ef
Documentation fixes.00f0f62
test.js: Remove trailing comma.846e434
Temporarily use a custom fork oflodash-cli
.5d046f3
Re-enable Travis tests on4.17
branch.aa816b3
Remove/npm-package
.Maintainer changes
This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.
Updates
log4js
from 6.3.0 to 6.9.1Changelog
Sourced from log4js's changelog.
... (truncated)
Commits
26dcec6
6.9.163ae5b9
Merge pull request #1379 from log4js-node/update-docs185fa66
docs: updated changelog for 6.9.1ed54dc2
Merge pull request #1378 from log4js-node/1377-defaultparsecallstack-cant-par...2628688
fix(7922e82): regex for stacktraceb3919d8
6.9.07cfe8a4
Merge pull request #1376 from log4js-node/update-docsf89e7b6
docs: updated changelog for 6.9.00082928
Merge pull request... _Description has been truncated_