Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump dependency to address vulnerability in jsonpath-plus library #155

Merged
merged 1 commit into from
Oct 15, 2024
Merged

bump dependency to address vulnerability in jsonpath-plus library #155

merged 1 commit into from
Oct 15, 2024

Conversation

massfords
Copy link
Collaborator

chore: bump version on jsonpath-plus
chore: bump version on asl-path-validator

@massfords
Copy link
Collaborator Author

@ChristopheBougere same problem with the commit lint rule

I definitely added a leading blank line in the commit message but perhaps my editor (WebStorm) removes the line. I don't see leading blank lines in my previous PR's commit messages.

Anyway, this is only 2 changes in package.json to address a vulnerability. Can you fix this PR or do a new one with the version changes?

FWIW, in a different project I have, I validate the commit message before the commit is done to ensure it's following conventional commit rules. Failing before the commit would be preferable to having it fail in CICD.

Thanks.

@ChristopheBougere ChristopheBougere linked an issue Oct 15, 2024 that may be closed by this pull request
JSONPath Plus Remote Code Execution (RCE) Vulnerability #153
Closed
@ChristopheBougere ChristopheBougere marked this pull request as ready for review October 15, 2024 12:05
@ChristopheBougere
Copy link
Owner

Yeah that's curious...

Might be related to your editor.

Anyway I ammended your commit message and pushed it again, seems to work. I'll think about setting up git hooks for commitlint, that would make sense

Thanks for the fix

@ChristopheBougere ChristopheBougere merged commit bbd05fd into main Oct 15, 2024
1 check passed
@ChristopheBougere ChristopheBougere deleted the mf/issue153-2 branch October 15, 2024 12:07
@ChristopheBougere
Copy link
Owner

Actually, husky is already setup on the repo. However, it only works if you run a npm install that will setup the hook (see the prepare script in package.json).

Maybe you have a working repo on a fork with everything installed, and this repo just tu push branches without npm installed?

@cjcjameson cjcjameson mentioned this pull request Oct 24, 2024
Closed
@ChristopheBougere ChristopheBougere mentioned this pull request Oct 28, 2024
Merged
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 3.8.4 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

JSONPath Plus Remote Code Execution (RCE) Vulnerability
2 participants
@massfords @ChristopheBougere