Skip to content

Please upgrade dependency jsonpath-plus to 10.1.0 due to critical vulnerability #394

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
Ben-CA opened this issue Nov 12, 2024 · 3 comments
Closed

Please upgrade dependency jsonpath-plus to 10.1.0 due to critical vulnerability #394

Ben-CA opened this issue Nov 12, 2024 · 3 comments

Comments

@Ben-CA
Copy link
Contributor

Ben-CA commented Nov 12, 2024

Apparently there is a critical vulnerability with jsonpath-plus < 10.0.7

image

https://www.npmjs.com/package/jsonpath-plus
@chris-pardy
Copy link
Collaborator

@Ben-CA thanks for raising this.

@CacheControl I think this furthers my desire to get the path handling out of the core engine since this dependency is a pain.

@buddhamagnet
Copy link

Yes please and thanks for this awesome engine.

@Ben-CA
Copy link
Contributor Author

Ben-CA commented Nov 13, 2024

Thanks for the quick response and update!

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@buddhamagnet @chris-pardy @Ben-CA