From 2cd5f26e52a3b19aab8af350bc377433dc793f4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Felleg?= <73272730+Andris28@users.noreply.github.com> Date: Mon, 26 Jan 2026 11:10:26 +0100 Subject: [PATCH 1/3] fix: bump jsonpat-plus to avoid CVEs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Felleg <73272730+Andris28@users.noreply.github.com> --- package-lock.json | 65 ++++++++++++++++++++++++++++++----------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/package-lock.json b/package-lock.json index 26c30565..0ad3ec07 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2328,24 +2328,6 @@ "ajv": "^8.0.1" } }, - "node_modules/@stoplight/spectral-core/node_modules/jsonpath-plus": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.2.0.tgz", - "integrity": "sha512-T9V+8iNYKFL2n2rF+w02LBOT2JjDnTjioaNFrxRy0Bv1y/hNsqR/EBK7Ojy2ythRHwmz2cRIls+9JitQGZC/sw==", - "license": "MIT", - "dependencies": { - "@jsep-plugin/assignment": "^1.3.0", - "@jsep-plugin/regex": "^1.0.4", - "jsep": "^1.4.0" - }, - "bin": { - "jsonpath": "bin/jsonpath-cli.js", - "jsonpath-plus": "bin/jsonpath-cli.js" - }, - "engines": { - "node": ">=18.0.0" - } - }, "node_modules/@stoplight/spectral-core/node_modules/nimma": { "version": "0.2.3", "resolved": "https://registry.npmjs.org/nimma/-/nimma-0.2.3.tgz", @@ -2365,6 +2347,25 @@ "lodash.topath": "^4.5.2" } }, + "node_modules/@stoplight/spectral-core/node_modules/nimma/node_modules/jsonpath-plus": { + "version": "10.3.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.3.0.tgz", + "integrity": "sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==", + "license": "MIT", + "optional": true, + "dependencies": { + "@jsep-plugin/assignment": "^1.3.0", + "@jsep-plugin/regex": "^1.0.4", + "jsep": "^1.4.0" + }, + "bin": { + "jsonpath": "bin/jsonpath-cli.js", + "jsonpath-plus": "bin/jsonpath-cli.js" + }, + "engines": { + "node": ">=18.0.0" + } + }, "node_modules/@stoplight/spectral-formats": { "version": "1.8.2", "resolved": "https://registry.npmjs.org/@stoplight/spectral-formats/-/spectral-formats-1.8.2.tgz", @@ -7373,6 +7374,24 @@ ], "license": "MIT" }, + "node_modules/jsonpath-plus": { + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.2.0.tgz", + "integrity": "sha512-T9V+8iNYKFL2n2rF+w02LBOT2JjDnTjioaNFrxRy0Bv1y/hNsqR/EBK7Ojy2ythRHwmz2cRIls+9JitQGZC/sw==", + "license": "MIT", + "dependencies": { + "@jsep-plugin/assignment": "^1.3.0", + "@jsep-plugin/regex": "^1.0.4", + "jsep": "^1.4.0" + }, + "bin": { + "jsonpath": "bin/jsonpath-cli.js", + "jsonpath-plus": "bin/jsonpath-cli.js" + }, + "engines": { + "node": ">=18.0.0" + } + }, "node_modules/jsonpointer": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz", @@ -15051,7 +15070,7 @@ }, "packages/ruleset": { "name": "@ibm-cloud/openapi-ruleset", - "version": "1.33.5", + "version": "1.33.6", "license": "Apache-2.0", "dependencies": { "@ibm-cloud/openapi-ruleset-utilities": "1.9.0", @@ -15061,7 +15080,7 @@ "chalk": "^4.1.2", "inflected": "^2.1.0", "jsonschema": "^1.5.0", - "lodash": "^4.17.21", + "lodash": "^4.17.23", "loglevel": "^1.9.2", "loglevel-plugin-prefix": "0.8.4", "minimatch": "^6.2.0", @@ -15114,10 +15133,10 @@ }, "packages/validator": { "name": "ibm-openapi-validator", - "version": "1.37.8", + "version": "1.37.9", "license": "Apache-2.0", "dependencies": { - "@ibm-cloud/openapi-ruleset": "1.33.5", + "@ibm-cloud/openapi-ruleset": "1.33.6", "@ibm-cloud/openapi-ruleset-utilities": "1.9.0", "@stoplight/spectral-cli": "^6.14.2", "@stoplight/spectral-core": "^1.19.4", @@ -15131,7 +15150,7 @@ "globby": "^11.0.4", "js-yaml": "^4.1.1", "json-dup-key-validator": "^1.0.3", - "lodash": "^4.17.21", + "lodash": "^4.17.23", "nimma": "^0.7.0", "pad": "^2.3.0", "semver": "^7.6.0" From 45b9cd81823aef40de69a916cfae3f5ff1312905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Felleg?= <73272730+Andris28@users.noreply.github.com> Date: Mon, 26 Jan 2026 13:21:55 +0100 Subject: [PATCH 2/3] Revert "fix: bump jsonpat-plus to avoid CVEs" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 2a0e781ac27dd54c966e0a75e25945f578f124b0. Signed-off-by: András Felleg <73272730+Andris28@users.noreply.github.com> --- package-lock.json | 65 +++++++++++++++++------------------------------ 1 file changed, 23 insertions(+), 42 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0ad3ec07..26c30565 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2328,6 +2328,24 @@ "ajv": "^8.0.1" } }, + "node_modules/@stoplight/spectral-core/node_modules/jsonpath-plus": { + "version": "10.2.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.2.0.tgz", + "integrity": "sha512-T9V+8iNYKFL2n2rF+w02LBOT2JjDnTjioaNFrxRy0Bv1y/hNsqR/EBK7Ojy2ythRHwmz2cRIls+9JitQGZC/sw==", + "license": "MIT", + "dependencies": { + "@jsep-plugin/assignment": "^1.3.0", + "@jsep-plugin/regex": "^1.0.4", + "jsep": "^1.4.0" + }, + "bin": { + "jsonpath": "bin/jsonpath-cli.js", + "jsonpath-plus": "bin/jsonpath-cli.js" + }, + "engines": { + "node": ">=18.0.0" + } + }, "node_modules/@stoplight/spectral-core/node_modules/nimma": { "version": "0.2.3", "resolved": "https://registry.npmjs.org/nimma/-/nimma-0.2.3.tgz", @@ -2347,25 +2365,6 @@ "lodash.topath": "^4.5.2" } }, - "node_modules/@stoplight/spectral-core/node_modules/nimma/node_modules/jsonpath-plus": { - "version": "10.3.0", - "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.3.0.tgz", - "integrity": "sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==", - "license": "MIT", - "optional": true, - "dependencies": { - "@jsep-plugin/assignment": "^1.3.0", - "@jsep-plugin/regex": "^1.0.4", - "jsep": "^1.4.0" - }, - "bin": { - "jsonpath": "bin/jsonpath-cli.js", - "jsonpath-plus": "bin/jsonpath-cli.js" - }, - "engines": { - "node": ">=18.0.0" - } - }, "node_modules/@stoplight/spectral-formats": { "version": "1.8.2", "resolved": "https://registry.npmjs.org/@stoplight/spectral-formats/-/spectral-formats-1.8.2.tgz", @@ -7374,24 +7373,6 @@ ], "license": "MIT" }, - "node_modules/jsonpath-plus": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.2.0.tgz", - "integrity": "sha512-T9V+8iNYKFL2n2rF+w02LBOT2JjDnTjioaNFrxRy0Bv1y/hNsqR/EBK7Ojy2ythRHwmz2cRIls+9JitQGZC/sw==", - "license": "MIT", - "dependencies": { - "@jsep-plugin/assignment": "^1.3.0", - "@jsep-plugin/regex": "^1.0.4", - "jsep": "^1.4.0" - }, - "bin": { - "jsonpath": "bin/jsonpath-cli.js", - "jsonpath-plus": "bin/jsonpath-cli.js" - }, - "engines": { - "node": ">=18.0.0" - } - }, "node_modules/jsonpointer": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz", @@ -15070,7 +15051,7 @@ }, "packages/ruleset": { "name": "@ibm-cloud/openapi-ruleset", - "version": "1.33.6", + "version": "1.33.5", "license": "Apache-2.0", "dependencies": { "@ibm-cloud/openapi-ruleset-utilities": "1.9.0", @@ -15080,7 +15061,7 @@ "chalk": "^4.1.2", "inflected": "^2.1.0", "jsonschema": "^1.5.0", - "lodash": "^4.17.23", + "lodash": "^4.17.21", "loglevel": "^1.9.2", "loglevel-plugin-prefix": "0.8.4", "minimatch": "^6.2.0", @@ -15133,10 +15114,10 @@ }, "packages/validator": { "name": "ibm-openapi-validator", - "version": "1.37.9", + "version": "1.37.8", "license": "Apache-2.0", "dependencies": { - "@ibm-cloud/openapi-ruleset": "1.33.6", + "@ibm-cloud/openapi-ruleset": "1.33.5", "@ibm-cloud/openapi-ruleset-utilities": "1.9.0", "@stoplight/spectral-cli": "^6.14.2", "@stoplight/spectral-core": "^1.19.4", @@ -15150,7 +15131,7 @@ "globby": "^11.0.4", "js-yaml": "^4.1.1", "json-dup-key-validator": "^1.0.3", - "lodash": "^4.17.23", + "lodash": "^4.17.21", "nimma": "^0.7.0", "pad": "^2.3.0", "semver": "^7.6.0" From d1c594d28fc59cdfd6bc3efd5c3b48ccb73f2553 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Felleg?= <73272730+Andris28@users.noreply.github.com> Date: Mon, 26 Jan 2026 14:09:16 +0100 Subject: [PATCH 3/3] fix: bump jsonpath.plus to avoid CVEs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: András Felleg <73272730+Andris28@users.noreply.github.com> --- package-lock.json | 48 +++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/package-lock.json b/package-lock.json index 26c30565..1335fde1 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2260,7 +2260,7 @@ "ajv-errors": "~3.0.0", "ajv-formats": "~2.1.0", "es-aggregate-error": "^1.0.7", - "jsonpath-plus": "10.2.0", + "jsonpath-plus": "10.3.0", "lodash": "~4.17.21", "lodash.topath": "^4.5.2", "minimatch": "3.1.2", @@ -2328,24 +2328,6 @@ "ajv": "^8.0.1" } }, - "node_modules/@stoplight/spectral-core/node_modules/jsonpath-plus": { - "version": "10.2.0", - "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.2.0.tgz", - "integrity": "sha512-T9V+8iNYKFL2n2rF+w02LBOT2JjDnTjioaNFrxRy0Bv1y/hNsqR/EBK7Ojy2ythRHwmz2cRIls+9JitQGZC/sw==", - "license": "MIT", - "dependencies": { - "@jsep-plugin/assignment": "^1.3.0", - "@jsep-plugin/regex": "^1.0.4", - "jsep": "^1.4.0" - }, - "bin": { - "jsonpath": "bin/jsonpath-cli.js", - "jsonpath-plus": "bin/jsonpath-cli.js" - }, - "engines": { - "node": ">=18.0.0" - } - }, "node_modules/@stoplight/spectral-core/node_modules/nimma": { "version": "0.2.3", "resolved": "https://registry.npmjs.org/nimma/-/nimma-0.2.3.tgz", @@ -7373,6 +7355,24 @@ ], "license": "MIT" }, + "node_modules/jsonpath-plus": { + "version": "10.3.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.3.0.tgz", + "integrity": "sha512-8TNmfeTCk2Le33A3vRRwtuworG/L5RrgMvdjhKZxvyShO+mBu2fP50OWUjRLNtvw344DdDarFh9buFAZs5ujeA==", + "license": "MIT", + "dependencies": { + "@jsep-plugin/assignment": "^1.3.0", + "@jsep-plugin/regex": "^1.0.4", + "jsep": "^1.4.0" + }, + "bin": { + "jsonpath": "bin/jsonpath-cli.js", + "jsonpath-plus": "bin/jsonpath-cli.js" + }, + "engines": { + "node": ">=18.0.0" + } + }, "node_modules/jsonpointer": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/jsonpointer/-/jsonpointer-5.0.1.tgz", @@ -15051,7 +15051,7 @@ }, "packages/ruleset": { "name": "@ibm-cloud/openapi-ruleset", - "version": "1.33.5", + "version": "1.33.6", "license": "Apache-2.0", "dependencies": { "@ibm-cloud/openapi-ruleset-utilities": "1.9.0", @@ -15061,7 +15061,7 @@ "chalk": "^4.1.2", "inflected": "^2.1.0", "jsonschema": "^1.5.0", - "lodash": "^4.17.21", + "lodash": "^4.17.23", "loglevel": "^1.9.2", "loglevel-plugin-prefix": "0.8.4", "minimatch": "^6.2.0", @@ -15114,10 +15114,10 @@ }, "packages/validator": { "name": "ibm-openapi-validator", - "version": "1.37.8", + "version": "1.37.9", "license": "Apache-2.0", "dependencies": { - "@ibm-cloud/openapi-ruleset": "1.33.5", + "@ibm-cloud/openapi-ruleset": "1.33.6", "@ibm-cloud/openapi-ruleset-utilities": "1.9.0", "@stoplight/spectral-cli": "^6.14.2", "@stoplight/spectral-core": "^1.19.4", @@ -15131,7 +15131,7 @@ "globby": "^11.0.4", "js-yaml": "^4.1.1", "json-dup-key-validator": "^1.0.3", - "lodash": "^4.17.21", + "lodash": "^4.17.23", "nimma": "^0.7.0", "pad": "^2.3.0", "semver": "^7.6.0"