Add vulnerability fix in changelog. Drop support to node < 10, at lea…

…st officially (latest version of mocha does not work in node < 10). Remove sponsor.
mariocasciaro · Oct 10, 2020 · 8e32400 · 8e32400 · EdCafferata · Oct 24, 2020
1 parent 2be3354
commit 8e32400
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 6 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,11 +1,7 @@
 sudo: false
 language: node_js
 node_js:
-  - "0.10"
-  - "0.12"
-  - "4"
-  - "6"
-  - "8"
   - "10"
+  - "12"
   - "14"
 after_script: NODE_ENV=test istanbul cover ./node_modules/mocha/bin/_mocha --report lcovonly -- -R spec && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage
diff --git a/README.md b/README.md
@@ -15,6 +15,10 @@ Sponsored by [<img src="https://frontendrobot.com/assets/fr-full-logo-green.png"
 
 ## Changelog
 
+### 0.11.5
+
+* **Security Fix**. Fix a prototype pollution vulnerability in the `set()` function when using the "inherited props" mode (e.g. when a new `object-path` instance is created with the `includeInheritedProps` option set to `true` or when using the `withInheritedProps` default instance. The vulnerability does not exist in the default instance exposed by object path (e.g `objectPath.set()`).
+
 ### 0.11.0
 
 * Introduce ability to specify options and create new instances of `object-path`

diff --git a/package.json b/package.json
@@ -11,7 +11,7 @@
     "url": "git://github.com/mariocasciaro/object-path.git"
   },
   "engines": {
-    "node": ">=0.10.0"
+    "node": ">= 10.12.0"
   },
   "devDependencies": {
     "@mariocasciaro/benchpress": "^0.1.3",