From 5679bb394d547647a8d1def0a951e05d2fcebe23 Mon Sep 17 00:00:00 2001 From: Christopher Brown Date: Wed, 15 Dec 2021 22:05:25 -0600 Subject: [PATCH] 5.0.0 --- README.md | 9 +++++++++ package.json | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6d1ecc9..e85d3d5 100644 --- a/README.md +++ b/README.md @@ -122,6 +122,15 @@ see [JSON Patch (RFC6902)](#json-patch-rfc6902) below. I'm not going to copy & paste my relatively descriptive commit messages into groups here; rather, these are just the changes that merited major version bumps: +### `4.x.x` → `5.0.0` (2021-12-15) + +* Short-circuits JSON pointer traversal over the prototype-polluting tokens `__proto__`, `constructor`, and `prototype`. I.e., `/a/__proto__/b` and `/a/b` evaluate to the same thing. +This is in violation of the spec, +which makes no special provisions for this idiosyncrasy of the JavaScript language, +but AFAIK there's no way to strictly comply with the spec in JavaScript. +It would probably be more correct to throw an error in those cases, +but this 'solution' feels less disruptive / more in line with workarounds implemented by other libraries. + ### `3.x.x` → `4.0.0` (2020-07-27) * Potential performance regression due to consolidating separate `compare(a, b): boolean` and `diff(a, b): Operation[]` logic into basically defining `compare(a, b)` as `!diff(a, b).length` (i.e., `diff(a, b)` returns empty array). diff --git a/package.json b/package.json index 66895c0..5d08179 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "rfc6902", - "version": "4.0.2", + "version": "5.0.0", "description": "Complete implementation of RFC6902 (patch and diff)", "keywords": [ "json",