Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: bump jsonpath-plus to avoid CVE #731

Merged
merged 1 commit into from
Mar 7, 2025
Merged

build: bump jsonpath-plus to avoid CVE #731

merged 1 commit into from
Mar 7, 2025

Conversation

padamstx
Copy link
Member

@padamstx padamstx commented Mar 6, 2025
edited
Loading

PR summary

Bumps our version of jsonpath-plus to avoid a CVE

PR Checklist

General checklist

Please make sure that your PR fulfills the following requirements:

  • The commit message follows the Angular Commit Message Guidelines.
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • Dependencies have been updated as needed
  • .secrets.baseline has been updated as needed
  • npm run generate-utilities-docs has been run if any files in packages/utilities/src have been updated

Checklist for adding a new validation rule:

  • Added new validation rule definition (packages/ruleset/src/rules/*.js, index.js)
  • If necessary, added new validation rule implementation (packages/ruleset/src/functions/*.js, updated index.js)
  • Added new rule to default configuration (packages/ruleset/src/ibm-oas.js)
  • Added tests for new rule (packages/ruleset/test/*.test.js)
  • Added docs for new rule (docs/ibm-cloud-rules.md)
  • Added scoring rubric entry for new rule (packages/validator/src/scoring-tool/rubric.js)

@padamstx
build: bump jsonpath-plus to avoid CVE
46deaee 
Signed-off-by: Phil Adams <phil_adams@us.ibm.com>
@padamstx padamstx self-assigned this Mar 6, 2025
@padamstx padamstx requested a review from dpopp07 March 6, 2025 22:08
dpopp07
dpopp07 approved these changes Mar 7, 2025
View reviewed changes
Copy link
Member

@dpopp07 dpopp07 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! 👍

@padamstx padamstx merged commit 06e6b10 into main Mar 7, 2025
7 checks passed
@padamstx padamstx deleted the bump-deps branch March 7, 2025 19:50
@melloware melloware mentioned this pull request Mar 10, 2025
Closed
@melloware
Copy link

Isn't this worth a minor release since it fixes a CVE?

@padamstx
Copy link
Member Author

@melloware In retrospect, yes I should have used a "fix" type commit. One of my colleagues will be making a small (unrelated) change in the validator within the next few days and that will itself trigger a new fix release.

@ibm-devx-sdk
Copy link

🎉 This PR is included in version 1.29.3 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

@ibm-devx-sdk
Copy link

🎉 This PR is included in version 1.33.3 🎉

The release is available on npm package (@latest dist-tag)

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dpopp07 dpopp07 dpopp07 approved these changes

Assignees

@padamstx padamstx

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@padamstx @melloware @ibm-devx-sdk @dpopp07