Update dependency jsoneditor to v9 [SECURITY] #295
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
7.2.1
->9.5.6
GitHub Vulnerability Alerts
CVE-2021-3822
JSON Editor is a web-based tool to view, edit, format, and validate JSON. It has various modes such as a tree editor, a code editor, and a plain text editor. The jsoneditor package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted element as input to the getInnerText function may cause an application to consume an excessive amount of CPU. Below pinned line using vulnerable regex.
CVE-2020-23849
Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 through injecting and executing JavaScript.
Release Notes
josdejong/jsoneditor
v9.5.6
Compare Source
v9.5.5
Compare Source
setMode
not throwing an exception anymore in case of a parse error(regression since
9.5.4
).v9.5.4
Compare Source
noreferrer
for window.open, see #1365. Thanks @rajitbanerjee.contents not triggering the
onError
callback (see #1364).of logging the error in the console (see #1364).
v9.5.3
Compare Source
see #1355. Thanks @mpccolorado.
v9.5.2
Compare Source
script, see #1354. Thanks @esulu.
v9.5.1
Compare Source
v9.5.0
Compare Source
JSONEditor.validate(): Promise<ValidationError[]>
.Thanks @ChrisAcrobat.
v9.4.2
Compare Source
from
code
mode topreview
mode.selectr
to prevent conflicts with tailwind,see #1333. Thanks @mdix.
v9.4.1
Compare Source
v9.4.0
Compare Source
oneOf
,anyOf
,allOf
. Thanks @maufl.refresh()
duringonChange
callback.
v9.3.1
Compare Source
$jse-icons-url
, see #1268. Thanks @ppetkow.v9.3.0
Compare Source
[email protected]
.v9.2.0
Compare Source
Ctrl+\
andCtrl+Shift+\
toCtrl+I
andCtrl+Shift+I
respectively, because not allbrowsers and operating systems support this key combination.
v9.1.10
Compare Source
Thanks @Hagartinger.
[email protected]
).v9.1.9
Compare Source
jsoneditor-minimalist
bundle being too large. Regression sincev9.1.5
(caused by a recent upgrade to Webpack 5). Thanks @cbmgit.
v9.1.8
Compare Source
simple-json-repair
withjsonrepair
(library was renamed).v9.1.7
Compare Source
v9.1.6
Compare Source
additionalProperties
. Thanks @maufl.ajv
.v9.1.5
Compare Source
v9.1.4
Compare Source
Thanks @tanmayrajani.
v9.1.3
Compare Source
[email protected]
.v9.1.2
Compare Source
onEvent
for boolean checkbox and enum selectbox too.onEditable
isinvalid. See #1112.
[email protected]
.library
simple-json-repair
with many improvements.v9.1.1
Compare Source
Thanks @Hagartinger.
[email protected]
).v9.1.0
Compare Source
de
). Thanks @s-a.Ctrl-\
(format) andCtrl-Shift-\
(compact) not workingin
code
mode.[email protected]
.v9.0.5
Compare Source
name
.[email protected]
.v9.0.4
Compare Source
[email protected]
,[email protected]
.main
field inpackage.json
to point to the actualbundled and minified file instead of a node.js index file.
v9.0.3
Compare Source
v9.0.2
in the select boxes in theTransform model not lighlighting the matches correctly.
v9.0.2
Compare Source
Thanks @p3x-robot.
v9.0.1
Compare Source
Thanks @p3x-robot.
find
andfindIndex
in such a waythat they are not iterable.
v9.0.0
Compare Source
limitDragging
, see #962. This is a breaking change whenusing a JSON schema: dragging is more restrictive by default in that case.
Set
limitDragging: false
to keep the old, non-restricted behavior.v8.6.8
Compare Source
from OpenOffice.
v8.6.7
Compare Source
dist/jsoneditor.js
bundle containing a link to anon-existing source map.
line whilst typing.
[email protected]
.v8.6.6
Compare Source
Regression introduced in
v8.6.5
.v8.6.5
Compare Source
[email protected]
,[email protected]
.v8.6.4
Compare Source
sortObjectKeys
emitsonChange
events.language
not working in modestext
,code
, andpreview
.object (introduced in
v8.6.2
). See #917.v8.6.3
Compare Source
JSONEditor.update
broken, did not always recognize when theinput changed. Regression introduced in
v8.6.2
.v8.6.2
Compare Source
[email protected]
v8.6.1
Compare Source
'preview'
to
'code'
mode.v8.6.0
Compare Source
True
,False
and
None
into valid JSON using repair.v8.5.3
Compare Source
code
being broken when customloading an old version of Ace Editor.
v8.5.2
Compare Source
code
not always updating.v8.5.1
Compare Source
v8.5.0
Compare Source
Transform modal. New options
createQuery
,executeQuery
, andqueryDescription
are available for this now. An example is availablein
examples/23_custom_query_language.html
. See #857, #871.code
mode.code
andtext
aftertransforming or sorting.
v8.4.1
Compare Source
console.log
in production code. Oopsie.v8.4.0
Compare Source
jsoneditor-expanded
andjsoneditor-collapsed
on arrayand object nodes reflecting there state.
v8.3.0
Compare Source
ajv
tov6.11.0
.placeholder.
v8.2.1
Compare Source
v8.2.0
Compare Source
values, see #881. Thanks @petermanders89.
ace
tov1.4.8
.v8.1.2
Compare Source
internationalization.
vanilla-picker
tov2.10.1
.v8.1.1
Compare Source
preview
mode showKB
andMB
insteadof
KiB
andMiB
in order to match the size reported by filesystems.v8.1.0
Compare Source
popupAnchor
allowing to select a custom anchor element.See #869 and #870.
* { font-family: ... }
resulting in Ace editor (code
mode) not having a mono-space font anymore.
v8.0.0
Compare Source
timestampFormat
which allows customizing the formattingof timestamp tags. See also option
timestampTag
. Thanks @smallp.timestampTag
to fallback on the built-in rules whenthe function does not return a boolean. See #856.
v7.3.0
to check whether some fieldcontains a timestamp based on the field name, because they can give wrong
timestamps in case of values in seconds instead of the assumed milliseconds
(see #847, #856).
v7.5.0
Compare Source
onValidationError
to also report parse errors,and distinguish between JSON schema validation errors and custom errors.
See #861 and #612. Thanks @meirotstein.
v7.4.0
Compare Source
onValidationError
, see #612, #854.Thanks @meirotstein.
like
null
,123
,true
,false
.v7.3.1
Compare Source
onFocus
andonBlur
not working in modestext
andcode
when editor was created without main menu bar, and
editor.destroy()
throwing an exception.
v7.3.0
Compare Source
onFocus
andonBlur
(PR #809, issue #727).Thanks @123survesh.
is a timestamp or not by passing a callback function to
timestampTag
.Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.