Skip to content

Commit

Permalink
chore(deps): bump jsonpath-plus to ^10.0.0 to mitigate CVE-2024-21534 (
Browse files Browse the repository at this point in the history 
…#1058)

* chore(deps): update dependency jsonpath-plus to 10.0.0 due to vulnerability

Signed-off-by: Nowacki, Kacper <[email protected]>

* adding changeset

---------

Signed-off-by: Nowacki, Kacper <[email protected]>
Co-authored-by: knowacki23 <[email protected]>
  • Loading branch information
@coreydaley @knowacki23
coreydaley and knowacki23 authored Oct 28, 2024
1 parent dd8c9e8 commit e18f865
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 3 deletions.
6 changes: 6 additions & 0 deletions .changeset/new-ears-clap.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---
"@asyncapi/multi-parser": minor
"@asyncapi/parser": minor
---

Updating jsonpath-plus dependency to mitigate CVE-2024-21534
34 changes: 32 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion packages/parser/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@
"ajv-formats": "^2.1.1",
"avsc": "^5.7.5",
"js-yaml": "^4.1.0",
"jsonpath-plus": "^7.2.0",
"jsonpath-plus": "^10.0.0",
"node-fetch": "2.6.7"
},
"devDependencies": {
Expand Down

0 comments on commit e18f865

Please sign in to comment.