Grunt-jsonlint, versions 2.1.4 and 2.1.5, are Grunt plugins designed to validate JSON files, ensuring data integrity within your projects. Both versions rely on "@prantlf/jsonlint" version 10.2.0 for the core validation logic and share a suite of development dependencies including ESLint for code linting, Mocha for testing, and Sinon for creating test spies and stubs. This ensures code quality and robust testing.
A key change between versions is the update in the "grunt" dev dependency. Version 2.1.4 specifies "^1.6.1", while version 2.1.5 downgrades this to "1.5.3". This adjustment might be relevant for developers using specific Grunt versions, potentially addressing compatibility issues encountered with Grunt 1.6.1. Developers should consider this if upgrading from 2.1.4 causes any conflicts in their Grunt-based workflows. It's also worth noting a minor difference in unpacked size, with 2.1.5 being slightly larger (16739 bytes) compared to 2.1.4 (16584 bytes), possibly due to minor code adjustments or documentation updates. Finally, the release dates indicates that version 2.1.5 follows a day later after 2.1.4, meaning the update was fast and likely contained a bug fix or solved a compatibility issue.
All the vulnerabilities related to the version 2.1.5 of the package
Prototype Pollution in Ajv
An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.)
