Grunt-jsonlint is a Grunt plugin designed to validate JSON files, ensuring data integrity and preventing runtime errors within your Grunt build process. Version 1.1.0 introduces subtle but potentially impactful changes compared to the prior stable release, version 1.0.8. Both versions rely on jsonlint 1.6.2 for the core validation and strip-json-comments for preprocessing, suggesting continued stability in core parsing functionalities.
However, significant differences lie in the listed devDependencies. The update features enhancements centered around testing and mocking. Most notably sinon-expect has been updated from version 0.2.0 to 0.3.0 and mkdirp-promise has been bumped from version 1.0.3 to 2.0.0. While the other dev dependencies remained the same. These sorts of changes suggest the 1.1.0 release focused on testing improvements and internal changes that enhance reliability.
For developers integrating grunt-jsonlint, this indicates a potentially more robust and reliable validation process in version 1.1.0, especially concerning complex or edge-case JSON structures. If you're using sinon-expect for testing, or mkdirp-promise for directory handling, version 1.1.0 offers improved compatibility and feature integration. Existing users can likely upgrade seamlessly, while new adopters benefit from a refined testing environment. Consider evaluating the updated testing dependencies if you're contributing to the project or need precise control over validation behavior.
All the vulnerabilities related to the version 1.1.0 of the package
Arbitrary Code Execution in underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
