diff --git a/CHANGELOG.md b/CHANGELOG.md index 67e23ec58..5ad9e8c49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,6 +14,7 @@ Inspired by [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### Deprecated ### Removed ### Fixed +- Upgrade JSON11 from 1.1.2 to 2.0.0 to ensure UTF-8 safety when stringifying JSON data ### Security ## [3.0.0] diff --git a/package-lock.json b/package-lock.json index 4980220aa..8c0db18c0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "aws4": "^1.11.0", "debug": "^4.3.1", "hpagent": "^1.2.0", - "json11": "^1.1.2", + "json11": "^2.0.0", "ms": "^2.1.3", "secure-json-parse": "^2.4.0" }, @@ -3313,9 +3313,10 @@ "dev": true }, "node_modules/json11": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/json11/-/json11-1.1.2.tgz", - "integrity": "sha512-5r1RHT1/Gr/jsI/XZZj/P6F11BKM8xvTaftRuiLkQI9Z2PFDukM82Ysxw8yDszb3NJP/NKnRlSGmhUdG99rlBw==", + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/json11/-/json11-2.0.0.tgz", + "integrity": "sha512-VuKJKUSPEJape+daTm70Nx7vdcdorf4S6LCyN2z0jUVH4UrQ4ftXo2kC0bnHpCREmxHuHqCNVPA75BjI3CB6Ag==", + "license": "MIT", "bin": { "json11": "dist/cli.mjs" } diff --git a/package.json b/package.json index 1a10f4cea..e84e7393a 100644 --- a/package.json +++ b/package.json @@ -108,7 +108,7 @@ "aws4": "^1.11.0", "debug": "^4.3.1", "hpagent": "^1.2.0", - "json11": "^1.1.2", + "json11": "^2.0.0", "ms": "^2.1.3", "secure-json-parse": "^2.4.0" }, diff --git a/yarn.lock b/yarn.lock index d46355ba9..f632a9f65 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2222,10 +2222,10 @@ json-stable-stringify-without-jsonify@^1.0.1: resolved "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz" integrity sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE= sha512-Bdboy+l7tA3OGW6FjyFHWkP5LuByj1Tk33Ljyq0axyzdk9//JSi2u3fP1QSmd1KNwq6VOKYGlAu87CisVir6Pw== -json11@^1.1.2: - version "1.1.2" - resolved "https://registry.npmjs.org/json11/-/json11-1.1.2.tgz" - integrity sha512-5r1RHT1/Gr/jsI/XZZj/P6F11BKM8xvTaftRuiLkQI9Z2PFDukM82Ysxw8yDszb3NJP/NKnRlSGmhUdG99rlBw== +json11@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/json11/-/json11-2.0.0.tgz#06c4ad0a40b50c5de99a87f6d3028593137e5641" + integrity sha512-VuKJKUSPEJape+daTm70Nx7vdcdorf4S6LCyN2z0jUVH4UrQ4ftXo2kC0bnHpCREmxHuHqCNVPA75BjI3CB6Ag== json5@^2.2.2: version "2.2.3"