Skip to content

Commit

Permalink
Update the readme
Browse files Browse the repository at this point in the history
  • Loading branch information
@jwadhams
jwadhams committed Jan 10, 2022
1 parent 045a7fd commit 9c805e9
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
8 changes: 8 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
# Change Log

## 2.0.2

Thanks [@panzi](https://github.com/panzi) for rebuilding the test system and removing Gulp as a dev dependency.

## 2.0.1

The operations object could be exploited to run arbitrary code. Resolves [SNYK-JS-JSONLOGICJS-674308](https://security.snyk.io/vuln/SNYK-JS-JSONLOGICJS-674308), thanks Arel Cordero for reporting.

## 2.0.0

Major version bump because we're removing the `method` operation. The [NPM advisory 1542](https://www.npmjs.com/advisories/1542) shows that an attacker can supply a JsonLogic rule that will execute arbitrary code in the client of anyone who executes that rule with any data.
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "json-logic-js",
"version": "2.0.1",
"version": "2.0.2",
"description": "Build complex rules, serialize them as JSON, and execute them in JavaScript",
"main": "logic.js",
"directories": {
Expand Down

0 comments on commit 9c805e9

Please sign in to comment.