Title: Bump jsonpath-plus from 10.0.1 to 10.2.0 in the npm-security-updates group across 1 directory by dependabot[bot] · Pull Request #2762 · secureCodeBox/secureCodeBox · GitHub
Open Graph Title: Bump jsonpath-plus from 10.0.1 to 10.2.0 in the npm-security-updates group across 1 directory by dependabot[bot] · Pull Request #2762 · secureCodeBox/secureCodeBox
X Title: Bump jsonpath-plus from 10.0.1 to 10.2.0 in the npm-security-updates group across 1 directory by dependabot[bot] · Pull Request #2762 · secureCodeBox/secureCodeBox
Description: Bumps the npm-security-updates group with 1 update in the / directory: jsonpath-plus.
Updates jsonpath-plus from 10.0.1 to 10.2.0
Changelog
Sourced from jsonpath-plus's changelog.
10.2.0
fix(eval): improve security of safe-eval (#233)
chore: update deps. and devDeps.
10.1.0
feat: add typeof operator to safe script
10.0.7
fix(security): prevent constructor access
docs: add security policy file
10.0.6
fix(security): prevent call/apply invocation of Function
10.0.5
fix: remove overly aggressive disabling of native functions but
disallow __proto__
10.0.4
fix(security): further prevent binding of Function calls which may evade detection
10.0.3
fix(security): prevent binding of Function calls which may evade detection
10.0.2
fix(security): prevent Function calls outside of member expressions
Commits
8e4acf8 chore: bump version
f0708a4 chore: update deps. and devDeps.
0bfda55 build(deps): bump @eslint/plugin-kit from 0.2.0 to 0.2.3 (#234)
73ad72e fix(eval): improve security of safe-eval (#233)
93612a3 chore: bump version
4a16cbd feat: add undefined, null literals to safe script
f119fe3 feat: add typeof operator to safe script
b70aa71 fix(security): prevent constructor access in safe vm
763ada0 fix(security): prevent call/apply invocation of Function
98a6b22 fix: remove overly aggressive disabling of native functions but disallow `__p...
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps the npm-security-updates group with 1 update in the / directory: jsonpath-plus. Updates jsonpath-plus from 10.0.1 to 10.2.0 Changelog Sourced from jsonpath-plus's changelog. 10.2.0 fix...
X Description: Bumps the npm-security-updates group with 1 update in the / directory: jsonpath-plus. Updates jsonpath-plus from 10.0.1 to 10.2.0 Changelog Sourced from jsonpath-plus's changelog. 10.2.0 ...
Opengraph URL: https://github.com/secureCodeBox/secureCodeBox/pull/2762
X: @github
Domain: github.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:26eac5be-fa5d-ce89-22b1-fe45e7cc4d39 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | 9880:3AB02:15F00C:1CBDCD:69909470 |
| html-safe-nonce | 4aba39ca9ab3ba25294beb8832f2b712b80217ff8e90f6fecd40971a51abc4b9 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5ODgwOjNBQjAyOjE1RjAwQzoxQ0JEQ0Q6Njk5MDk0NzAiLCJ2aXNpdG9yX2lkIjoiMTkyNzY1NTQ1MTA1NjQ0NDUyOCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 7f5eb76042516aa2dbeb1cd519abbba2c4ee629b45cbbc502bf01f52bc4cc9de |
| hovercard-subject-tag | pull_request:2184689630 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/secureCodeBox/secureCodeBox/pull/2762/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps the npm-security-updates group with 1 update in the / directory: jsonpath-plus. Updates jsonpath-plus from 10.0.1 to 10.2.0 Changelog Sourced from jsonpath-plus's changelog. 10.2.0 fix... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | 42c603b9d642c4a9065a51770f75e5e27132fef0e858607f5c9cb7e422831a7b |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/secureCodeBox/secureCodeBox git https://github.com/secureCodeBox/secureCodeBox.git |
| octolytics-dimension-user_id | 34573705 |
| octolytics-dimension-user_login | secureCodeBox |
| octolytics-dimension-repository_id | 80711933 |
| octolytics-dimension-repository_nwo | secureCodeBox/secureCodeBox |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 80711933 |
| octolytics-dimension-repository_network_root_nwo | secureCodeBox/secureCodeBox |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 3b33c5aedc9808f45bc5fcf0b1e4404cf749dac7 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width