spectral icon indicating copy to clipboard operation
spectral copied to clipboard

Published 20 hours ago verified publisher icon stoplightio

@stoplight/spectral-core depends on jsonpath-plus <10

Open jacquesg opened this issue 1 year ago • 7 comments
trafficstars

Describe the bug See: https://github.com/advisories/GHSA-pppg-cpfq-h7wr

jacquesg avatar Oct 14 '24 18:10 jacquesg

With 5205058d1c9b48e6785b7744e2e2716cc7f1e0f4 merged, could a new release be cut?

jacquesg avatar Oct 16 '24 13:10 jacquesg

@jacquesg When can we expect a patch release?

parithibang avatar Oct 17 '24 03:10 parithibang 

"nimma": "0.2.2",

This dependency nimma depends on jsonpath-plus with version ^6.0.1 (optional dependency).

The latest version is 7.0.0 and since 4.0.0, it's only a dev dependency and no optional dependency anymore.

pjungermann avatar Oct 17 '24 11:10 pjungermann

@jacquesg When can we expect a patch release?

+1

Mariscal6 avatar Oct 18 '24 07:10 Mariscal6

I'm not the maintainer, I asked the same question :)

jacquesg avatar Oct 18 '24 08:10 jacquesg

A new version of nimma in the 0.2 series is now available: https://www.npmjs.com/package/nimma/v/0.2.3

jacquesg avatar Oct 20 '24 18:10 jacquesg

Added a PR to bump the dependency #2712

jacquesg avatar Oct 20 '24 18:10 jacquesg