[Snyk] Upgrade static-eval from 2.0.2 to 2.1.0

[snyk-bot]

Snyk has created this PR to upgrade static-eval from 2.0.2 to 2.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.
• The recommended version was released 3 years ago, on 2020-06-15.

Release notes

Package name: static-eval

• 2.1.0 - 2020-06-15
  

  • Add allowAccessToMethodsOnFunctions option to restore 1.x behaviour so that cwise can upgrade. (@ archmoj in #31)

    Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.

• 2.0.5 - 2020-03-07
  
  • Fix function bodies being invoked during declaration. (@ RoboPhred in #30)
• 2.0.4 - 2020-03-07
  
  • Short-circuit evaluation in && and || expressions. (@ RoboPhred in #28)
  • Start tracking changes.
• 2.0.3 - 2019-11-19
  

  Disallows accessing .constructor and .__proto__ properties, which could be used to access the Function() constructor. (#27)
  Thanks to an anonymous reporter!

• 2.0.2 - 2019-02-26
  

  2.0.2

from static-eval GitHub release notes

Commit messages

Package name: static-eval

• 1a4d734 2.1.0
• 054adac ci: add node 14
• 09c4b83 Merge pull request Support for subscript-descendant-string_literal in handlers dchester/jsonpath#31 from archmoj/allow-cwise-transform
• e619afc make option to enable allowAccessToMethodsOnFunctions namely to be used by cwise transform
• 36587c2 remove trailing spaces
• 798b0d5 ci: add node 12 and 13
• b5ab0d7 2.0.5
• aa0eaeb Merge pull request Better syntax for filter expressions dchester/jsonpath#30 from RoboPhred/fix-func-decl-invoke
• 23bc6ca Merge branch 'master' into fix-func-decl-invoke
• 9d39dd5 Update repository URL in package.json.
• b9cd982 2.0.4
• 19422b2 Merge pull request Support running browserify from external projects dchester/jsonpath#28 from RoboPhred/short-circuit-evaluation
• 995a736 Update badge URL.
• 7c6c029 Remove dead branch
• 6d79e78 Do not use template string where not required
• 753ca89 Remove debug test
• b1be8a6 Fix functions invoked during declaration
• af8cceb Test for function invocation during declaration
• 72cc85d Implement short circuit eval for OR
• c65e1f5 Test short circuit eval for OR
• 3eb2207 Implement short circuit evaluation
• 16f9c46 Test for short circuit evaluation
• e06011a security caveat
• 62b9033 Add security.md

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs