Skip to content

Latest commit

 

History

History
437 lines (332 loc) · 15.4 KB

CHANGES.md

File metadata and controls

437 lines (332 loc) · 15.4 KB

CHANGES for jsonpath-plus

10.2.0

  • fix(eval): improve security of safe-eval (#233)
  • chore: update deps. and devDeps.

10.1.0

  • feat: add typeof operator to safe script

10.0.7

  • fix(security): prevent constructor access
  • docs: add security policy file

10.0.6

  • fix(security): prevent call/apply invocation of Function

10.0.5

  • fix: remove overly aggressive disabling of native functions but disallow __proto__

10.0.4

  • fix(security): further prevent binding of Function calls which may evade detection

10.0.3

  • fix(security): prevent binding of Function calls which may evade detection

10.0.2

  • fix(security): prevent Function calls outside of member expressions

10.0.1

  • fix(security): prohibit Function in "safe" vm

10.0.0

BREAKING CHANGES:

  • Require Node 18+

  • fix(security): use safe vm by default in Node

  • chore: bump jsep, devDeps. and lint

9.0.0

BREAKING CHANGES:

  • Removes preventEval property. Prefer eval: false instead.

  • Changed behavior of eval property. In the browser, eval/Function won't be used by default to evaluate expressions. Instead, we'll safely evaluate using a subset of JavaScript. To resume using unsafe eval in the browser, pass in the option eval: "native"

  • feat: add safe eval for browser and eval option (#185) (@80avin)

  • feat: add ignoreEvalErrors property (@80avin)

8.1.0

  • feat: add basic cli (#206) (@vid)

8.0.0

  • Breaking change: Bump Node engines to 14
  • feat: add support for nested filter expressions (@carlosingles)
  • docs: update README and license (@akirataguchi115)
  • docs: github workflow badge (@dsanch3z)

7.2.0

  • perf: optimize walk method by 10%-34% (@jacobroschen)
  • chore: add types to exports field (@awlayton)

7.1.0

  • perf: improve evaluation speed of conditional queries (@jacobroschen)

7.0.0

  • Breaking change: Bump engines to 12
  • fix: remove console.log when error is thrown (@sh33dafi)
  • chore: update devDeps.

6.0.1 (2021-07-07)

  • Fix: Some package.json paths needed updating (@matushorvath)
  • npm: Update devDeps.

6.0.0 (2021-07-05)

User-impacting

  • Breaking enhancement: Create as true ESM module
  • Breaking change: Utilize .cjs extension for UMD and CJS builds (very old browsers might not support, but needed with the change given that Webpack may complain if there even exists CJS within what it thinks is an ESM file, the ".js", our default)
  • Breaking change: Utilize .js extension instead of .mjs for now default ESM builds

Dev-impacting

  • npm: Add lint script
  • npm: Update devDeps.

5.1.0 (2021-06-24)

  • Enhancement: support double-quoted bracket notation
  • Linting: As per latest ash-nazg
  • npm: Update devDeps.

5.0.7 (2021-04-12)

  • Fix: Add packge.json to exports (@sebastiendavid)

5.0.6 (2021-04-09)

  • Fix: Remove static modifiers (@sdolski)
  • Linting: As per latest ash-nazg
  • npm: Update devDeps.

5.0.5 (2021-04-09)

  • Fix: Avoid cache corruption when the returned structure is modified. Fixes #102. (@tejodorus)

5.0.4 (2021-03-02)

  • Fix: allow falsey at values in filter (now may require checking for presence of @ in some cases); fixes #136
  • Docs: Add old missing release info (reconciling with GitHub releases)
  • Docs: Update README to reflect 1.2.0 was not a released version (subsume release details into 2.0.0)
  • Linting: As per latest ash-nazg
  • npm: Update devDeps.

5.0.3 (2021-02-06)

  • Fix: Add package exports for browser and umd (#145) (@gjvoosten)
  • Update: Build as per refactoring
  • Docs: Update as per typedoc update
  • Docs: Update license badges per latest
  • Linting: As per latest ash-nazg
  • CI: Update from Travis -> GitHub Actions
  • npm: Switch from eslint-plugin-sonarjs to eslint-plugin-radar
  • npm: Switch to pnpm
  • npm: Update devDeps.

5.0.2 (2021-01-15)

  • Fix: Proper Node CommonJS export; fixes #144

5.0.1 (2021-01-15)

  • Fix: Proper Node CommonJS export; fixes #143
  • Docs: Properly indicate new browser paths

5.0.0 (2021-01-14)

  • Breaking change: Add type: 'commonjs' and exports: {import, require} (with node-import-test npm script to demo)
  • Breaking change: Change paths for browser (now is dist/index-browser-umd.js or dist/index-browser-es.js) (for Node, main and module point to new Node-specific dist)
  • Breaking enhancement: Add browser for browser bundling; allowing static analysis environments, doesn't have however conditional code to require vm); for ESM browser bundling, now must check browser in Rollup Node resolver plugin; see README
  • Build: Update per latest devDeps.
  • Docs: Add Regex (.match) example on value (@jeffreypriebe)
  • Docs: Add Regex (.match) example on property
  • Docs: Fix XPath example (@humbertoc-silva)
  • Docs: Link to XPath 2.0 tester
  • Docs: Update badges per latest updates
  • Linting: quote props
  • Linting: As per latest ash-nazg
  • Testing: Fix browser tests
  • Testing: Add test case for setting values in callbacks (issue #126)
  • Testing: Add more at-sign tests
  • Testing: Bump timeout
  • Travis: Check Node 14
  • Travis: add default dist field to avoid extra config reporting
  • npm: Update from deprecated rollup-plugin-babel to @rollup/plugin-babel (and make babelHelpers explicit)
  • npm: Reorder scripts by test execution order
  • npm: Update devDeps

4.0.0 (2020-04-09)

  • Breaking change/fix: Disallow resultType from being lower-cased (broke parentProperty)
  • Breaking change: Expect Node >= 10
  • Build: As per latest rollup
  • Linting: Check hidden files; update as per latest ash-nazg
  • Docs: Update coverage badge
  • npm: Update devDeps

3.0.0 (2020-01-13)

  • Breaking change: Expect Node >= 8
  • Fix: Require json as "own" property
  • Fix: wrap: false returning inconsistent data types (@CacheControl)
  • Fix: Ensure throwing with a bad result type
  • Fix: Allow empty string keys
  • Fix: Avoid erring when value before parent selector is falsey
  • Fix: If resultType is "all", if path resolves internally to a non-array (string), ensure it is converted to an array before converting to pointer for pointer
  • Enhancement: Allow path as array in non-object signature
  • Docs: Add locally-generated badges for testing, coverage, etc.
  • Linting (ESLint): As per latest ash-nazg
  • Linting (ESLint): Remove redundant "use strict" with switch to ESM
  • Maintenance: 2 sp. for package.json
  • Testing: Add nyc for coverage
  • Testing: Test against source (using esm)
  • Testing: Improve coverage (more type operator tests)
  • Testing: Check vm
  • npm: Add test-cov script
  • npm: Update devDeps

2.0.0 (2019-11-23)

  • Breaking change: Throw TypeError instead of Error for missing otherTypeCallback when using @other
  • Breaking change: Throw TypeError instead of Error for missing path
  • Enhancement: Throw TypeError for missing json (fixes #110)
  • Enhancement: Use more efficient new Function over eval; also allows use of cyclic context objects
  • Enhancement: Add @root filter selector
  • Maintenance: Add .editorconfig
  • Docs: Document options in jsdoc; add return values to callbacks; fix constructor doc sig.
  • Testing: Add test for missing path or json
  • Testing: Remove unneeded closures
  • npm: Update devDeps and package-lock.json

1.1.0 (September 26, 2019)

  • Enhancement: Add explicit 'any' to evaluate() declaration (for use with noImplicitAny TypeScript option)
  • Build: Update minified build files
  • Travis: Update to check Node 6, 10, 12
  • npm: Ignore .idea/.remarkrc files
  • npm: Update devDeps (Babel, linting, Rollup, TypeScript related)
  • npm: Avoid eslint script within test script
  • npm: Ignore typescript docs

1.0.0 (August 7, 2019)

  • Add TypeScript declaration

0.20.2 (July 9, 2019)

  • supportsNodeVM check that works in GOJA, node and ReactNative. (@legander)

0.20.1 (June 12, 2019)

  • npm: Avoid adding core-js-bundle as peerDep. (fixes #95)

0.20.0 (June 4, 2019)

  • Build: Add browserslist for Babel builds
  • Linting: Conform to ESLint updates (jsdoc)
  • Testing: Switch from end-of-lifed nodeunit to Mocha
  • Testing: Add performance test to browser, but bump duration
  • npm: Update devDeps; add core-js-bundle to peerDependencies
  • npm: Ignore some unneeded files
  • Bump Node version in Travis to avoid erring with object rest in eslint-plugin-node routine

0.19.0 (May 16, 2019)

  • Docs (README): Indicate features, including performance (removing old note)
  • Docs (README): Add headings for setup and fix headings levels
  • Docs (README): Indicate parent selector was not present in original spec (not just not documented)
  • Docs (README): Fix escaping
  • Linting: Switch to Unix line breaks and other changes per ash-nazg, including linting Markdown JS
  • Linting: Use recommended .json extension
  • Linting: Switch to ash-nazg
  • Linting: Add lgtm.yml file for lgtm.com
  • npm: Update devDeps, and update per security audit

0.18.1 (May 14, 2019)

  • Fix: Expose pointer on resultType: "all"

0.18.0 (October 20, 2018)

  • Security enhancement: Use global eval instead of regular eval
  • Fix: Handle React-Native environment's lack of support for Node vm (@simon-scherzinger); closes #87
  • Refactoring: Use arrow functions, for-of, declare block scope vars closer to block
  • Docs: Clarify current wrap behavior
  • npm: Add Rollup to test scripts

0.17.0 (October 19, 2018)

  • Breaking change: With Node use, must now use require('jsonpath-plus').JSONPath.
  • Breaking change: Stop including polyfills for array and string includes (can get with @babel/polyfill or own)
  • Breaking change: Remove deprecated JSONPath.eval
  • License: Remove old and unneeded license portion from within source file (already have external file)
  • Fix: Support object shorthand functions on sandbox objects (toString() had not been working properly with them)
  • Enhancement: Add Rollup/Babel/Terser and module in package.json
  • Refactoring: Use ES6 features such as object shorthand
  • Linting: prefer const and no var
  • Testing: Replace custom server code with node-static and add opn-cli; mostly switch to ESM
  • npm: Update devDeps; add package-lock.json; remove non-functioning remark

0.16.0 (January 14, 2017)

  • Breaking change: Give preference to treating special chars in a property as special (override with backtick operator)
  • Breaking feature: Add custom ` operator to allow unambiguous literal sequences (if an initial backtick is needed, an additional one must now be added)
  • Fix: toPathArray caching bug
  • Improvements: Performance optimizations
  • Dev testing: Rename test file

0.15.0 (Mar 15, 2016)

  • Fix: Fixing support for sandbox in the case of functions
  • Feature: Use this if present for global export
  • Docs: Clarify function signature
  • Docs: Update testing section
  • Dev testing: Add in missing test for browser testing
  • Dev testing: Add remark linting to testing process (#70)
  • Dev testing: Lint JS test support files
  • Dev testing: Split out tests into eslint, remark, lint, nodeunit
  • Dev testing: Remove need for nodeunit build step
  • Dev testing: Simplify nodeunit usage and make available as npm run browser-test

0.14.0 (Jan 10, 2016)

  • Feature: Add @scalar() type operator (in JavaScript mode, will also include)

0.13.1 (Jan 5, 2016)

  • Fix: Avoid double-encoding path in results

0.13.0 (Dec 13, 2015)

  • Breaking change (from version 0.11): Silently strip ~ and ^ operators and type operators such as @string() in JSONPath.toPathString() calls.
  • Breaking change: Remove Array.isArray polyfill as no longer supporting IE <= 8
  • Feature: Allow omission of options first argument to JSONPath
  • Feature: Add JSONPath.toPointer() and "pointer" resultType option.
  • Fix: Correctly support callback and otherTypeCallback as numbered arguments to JSONPath.
  • Fix: Enhance Node checking to avoid issue reported with angular-mock
  • Fix: Allow for @ or other special characters in at-sign-prefixed property names (by use of [?(@['...'])] or [(@['...'])]).

0.12.0 (Dec 12, 2015 10:39pm)

  • Breaking change: Problems with upper-case letters in npm is causing us to rename the package, so have renamed package to "jsonpath-plus" (there are already package with lower-case "jsonpath" or "json-path"). The new name also reflects that there have been changes to the original spec.

0.11.2 (Dec 12, 2015 10:36pm)

  • Docs: Actually add the warning in the README that problems in npm with upper-case letters is causing us to rename to "jsonpath-plus" (next version will actually apply the change).

0.11.1 (Dec 12, 2015 10:11pm)

  • Docs: Give warning in README that problems in npm with upper-case letters is causing us to rename to "jsonpath-plus" (next version will actually apply the change).

0.11.0 (Dec 12, 2015)

  • Breaking change: For unwrapped results, return undefined instead of false upon failure to find path (to allow distinguishing of undefined--a non-allowed JSON value--from the valid JSON values, null or false) and return the exact value upon falsy single results (in order to allow return of null)
  • Deprecated: Use of jsonPath.eval(); use new class-based API instead
  • Feature: AMD export
  • Feature: By using self instead of window export, allow JSONPath to be trivially imported into web workers, without breaking compatibility in normal scenarios. See MDN on self
  • Feature: Offer new class-based API and object-based arguments (with option to run new queries via evaluate() method without resupplying config)
  • Feature: Allow new preventEval=true and autostart=false option
  • Feature: Allow new callback option to allow a callback function to execute as each final result node is obtained
  • Feature: Allow type operators: JavaScript types (@boolean(), @number(), @string()), other fundamental JavaScript types (@null(), @object(), @array()), the JSONSchema-added type, @integer(), and the following non-JSON types that can nevertheless be used with JSONPath when querying non-JSON JavaScript objects (@undefined(), @function(), @nonFinite()). Finally, @other() is made available in conjunction with a new callback option, otherTypeCallback, can be used to allow user-defined type detection (at least until JSON Schema awareness may be provided).
  • Feature: Support "parent" and "parentProperty" for resultType along with "all" (which also includes "path" and "value" together)
  • Feature: Support custom @parent, @parentProperty, @property (in addition to custom property @path) inside evaluations
  • Feature: Support a custom operator (~) to allow grabbing of property names
  • Feature: Support $ for retrieval of root, and document this as well as $.. behavior
  • Feature: Expose cache on JSONPath.cache for those who wish to preserve and reuse it
  • Feature: Expose class methods toPathString for converting a path as array into a (normalized) path as string and toPathArray for the reverse (though accepting unnormalized strings as well as normalized)
  • Fix: Allow ^ as property name
  • Fix: Support . within properties
  • Fix: @path in index/property evaluations

0.10.0 (Oct 23, 2013)

  • Feature: Support for parent selection via ^
  • Feature: Access current path via @path in test statements
  • Feature: Allowing for multi-statement evals
  • Improvements: Performance

0.9.0 (Mar 28, 2012)

  • Feature: Support a sandbox arg to eval
  • Improvements: Use vm.runInNewContext in place of eval