Skip to content

build(deps): update dependency jsonpath to v1.2.0 [security]#362

Open
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-jsonpath-vulnerability
Open

build(deps): update dependency jsonpath to v1.2.0 [security]#362
renovate[bot] wants to merge 1 commit intomasterfrom
renovate/npm-jsonpath-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 5, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
jsonpath 1.1.11.2.0 age confidence

GitHub Vulnerability Alerts

CVE-2025-61140

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

Release Notes

dchester/jsonpath (jsonpath)

v1.2.0

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the security label Feb 5, 2026
@renovate renovate bot requested a review from a team February 5, 2026 16:19
@codecov
Copy link

codecov bot commented Feb 5, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.51%. Comparing base (2f30675) to head (38d7cf8).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master     #362   +/-   ##
=======================================
  Coverage   80.51%   80.51%           
=======================================
  Files          27       27           
  Lines         154      154           
=======================================
  Hits          124      124           
  Misses         30       30

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate bot changed the title build(deps): update dependency jsonpath to v1.2.0 [security] build(deps): update dependency jsonpath to v1.2.1 [security] Feb 12, 2026
@renovate renovate bot force-pushed the renovate/npm-jsonpath-vulnerability branch from 2ff8f47 to e0fd47f Compare February 12, 2026 15:33
@renovate renovate bot changed the title build(deps): update dependency jsonpath to v1.2.1 [security] build(deps): update dependency jsonpath to v1.2.0 [security] Feb 18, 2026
@renovate renovate bot force-pushed the renovate/npm-jsonpath-vulnerability branch from e0fd47f to 38d7cf8 Compare February 18, 2026 00:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants