Jsonlint is a command-line tool and library for validating JSON files. Comparing versions 1.6.2 and 1.6.3 reveals a significant update. Version 1.6.3, released in February 2018, comes more than three years after version 1.6.2, released in August 2014, signifying a potentially substantial upgrade cycle. Both versions share the same core purpose: validating JSON. They also maintain identical devDependencies, optionalDependencies, repository, and author information. The core dependencies of the package are nomnom and JSV, used for command-line argument parsing and JSON Schema validation, although the later version uses the ^ carret symbol to allow updates on minor versions.
The key difference lies in the dependency versioning. While version 1.6.2 uses inclusive version ranges (>=) for nomnom and JSV, version 1.6.3 utilizes the ^ operator, indicating that any minor or patch updates should be automatically applied to the listed libraries which can introduce breaking changes. For developers, this subtle change is crucial. Developers should be aware of the difference in dependency management as it impacts long-term project stability. Finally, the dist object contains metadata on how the packge is distributed. It now contains fileCount and unpackedSize, which can be usefull if for example the developer is concerned about library size.
All the vulnerabilities related to the version 1.6.3 of the package
Arbitrary Code Execution in underscore
The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized.
