We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug jsonpath-plus is restricted to 10.2.0:
https://github.com/stoplightio/spectral/blob/%40stoplight/spectral-core-1.19.4/packages/core/package.json#L50
https://github.com/stoplightio/spectral/blob/%40stoplight/spectral-core-1.19.4/yarn.lock#L9284
So it's vulnerable to GHSA-hw8r-x6gr-5gjp.
To Reproduce
Interestingly npm audit isn't flagging this yet.
npm audit
Expected behavior
Shouldn't have vulnerable dependencies; upgrade to jsonpath-plus 10.3.0.
Additional context https://github.com/JSONPath-Plus/JSONPath/releases/tag/v10.3.0
Fix: JSONPath-Plus/JSONPath#237
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Describe the bug
jsonpath-plus is restricted to 10.2.0:
https://github.com/stoplightio/spectral/blob/%40stoplight/spectral-core-1.19.4/packages/core/package.json#L50
https://github.com/stoplightio/spectral/blob/%40stoplight/spectral-core-1.19.4/yarn.lock#L9284
So it's vulnerable to GHSA-hw8r-x6gr-5gjp.
To Reproduce
Interestingly
npm auditisn't flagging this yet.Expected behavior
Shouldn't have vulnerable dependencies; upgrade to jsonpath-plus 10.3.0.
Additional context
https://github.com/JSONPath-Plus/JSONPath/releases/tag/v10.3.0
Fix: JSONPath-Plus/JSONPath#237
The text was updated successfully, but these errors were encountered: