Open renovate[bot] opened 2 years ago
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠️ Warning: custom changes will be lost.
This PR contains the following updates:
7.2.1
->9.5.6
GitHub Vulnerability Alerts
CVE-2021-3822
JSON Editor is a web-based tool to view, edit, format, and validate JSON. It has various modes such as a tree editor, a code editor, and a plain text editor. The jsoneditor package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex.
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.
Release Notes
josdejong/jsoneditor
### [`v9.5.6`](https://togithub.com/josdejong/jsoneditor/blob/HEAD/HISTORY.md#2021-09-22-version-956) [Compare Source](https://togithub.com/josdejong/jsoneditor/compare/v9.5.5...v9.5.6) - Fix inefficient regex to replace return characters. ### [`v9.5.5`](https://togithub.com/josdejong/jsoneditor/blob/HEAD/HISTORY.md#2021-09-01-version-955) [Compare Source](https://togithub.com/josdejong/jsoneditor/compare/v9.5.4...v9.5.5) - Fix `setMode` not throwing an exception anymore in case of a parse error (regression since `9.5.4`). ### [`v9.5.4`](https://togithub.com/josdejong/jsoneditor/blob/HEAD/HISTORY.md#2021-08-25-version-954) [Compare Source](https://togithub.com/josdejong/jsoneditor/compare/v9.5.3...v9.5.4) - Use `noreferrer` for window.open, see [#1365](https://togithub.com/josdejong/jsoneditor/issues/1365). Thanks [@rajitbanerjee](https://togithub.com/rajitbanerjee). - Fix [#1363](https://togithub.com/josdejong/jsoneditor/issues/1363): parsing error contains html characters. - Fix opening the Transform or Sort modal in code mode with invalid JSON contents not triggering the `onError` callback (see [#1364](https://togithub.com/josdejong/jsoneditor/issues/1364)). - Change the default behavior of error handling to open a basic alert instead of logging the error in the console (see [#1364](https://togithub.com/josdejong/jsoneditor/issues/1364)). ### [`v9.5.3`](https://togithub.com/josdejong/jsoneditor/blob/HEAD/HISTORY.md#2021-07-28-version-953) [Compare Source](https://togithub.com/josdejong/jsoneditor/compare/v9.5.2...v9.5.3) - Fix [#1356](https://togithub.com/josdejong/jsoneditor/issues/1356): background of tree mode is transparent instead of white. - Fix [#473](https://togithub.com/josdejong/jsoneditor/issues/473): enum dropdown not working on referenced schemas and templates, see [#1355](https://togithub.com/josdejong/jsoneditor/issues/1355). Thanks [@mpccolorado](https://togithub.com/mpccolorado). ### [`v9.5.2`](https://togithub.com/josdejong/jsoneditor/blob/HEAD/HISTORY.md#2021-07-22-version-952) [Compare Source](https://togithub.com/josdejong/jsoneditor/compare/v9.5.1...v9.5.2) - Fix [#675](https://togithub.com/josdejong/jsoneditor/issues/675): Relative image urls in CSS replaced with absolute urls by build script, see [#1354](https://togithub.com/josdejong/jsoneditor/issues/1354). Thanks [@esulu](https://togithub.com/esulu). ### [`v9.5.1`](https://togithub.com/josdejong/jsoneditor/blob/HEAD/HISTORY.md#2021-12-29-version-9511) [Compare Source](https://togithub.com/josdejong/jsoneditor/compare/v9.5.0...v9.5.1) - Fix the font on Ubuntu for real by add the "ubuntu mono" font. See [#1405](https://togithub.com/josdejong/jsoneditor/issues/1405). ### [`v9.5.0`](https://togithub.com/josdejong/jsoneditor/blob/HEAD/HISTORY.md#2021-06-05-version-950) [Compare Source](https://togithub.com/josdejong/jsoneditor/compare/v9.4.2...v9.5.0) - Implemented new method `JSONEditor.validate(): PromiseConfiguration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.