dep: upgrade jsonpath-plus to fix critical vulnerability

artilleryio / artillery

The complete load testing platform. Everything you need for production-grade load tests. Serverless & distributed. Load test with Playwright. Load test HTTP APIs, GraphQL, WebSocket, and more. Use any Node.js module.

https://www.artillery.io

Mozilla Public License 2.0

8.05k stars 512 forks source link

dep: upgrade jsonpath-plus to fix critical vulnerability #3369

Closed dirkluijk closed 1 month ago

dirkluijk commented 1 month ago

Description

See: https://nvd.nist.gov/vuln/detail/CVE-2024-21534

Fixes: https://github.com/artilleryio/artillery/issues/3368

Pre-merge checklist

This is for use by the Artillery team. Please leave this in if you're contributing to Artillery.

[ ] Does this require an update to the docs?
[ ] Does this require a changelog entry?

CLAassistant commented 1 month ago

All committers have signed the CLA.

hassy commented 1 month ago

thank you @dirkluijk!

dirkluijk commented 1 month ago

Can someone from the collaborators merge this MR? 😉

gelsogrove commented 1 month ago

Please Merge it !

Panzki commented 1 month ago

Hi, thanks for merging the dependency update so quickly. Can you tell anything about when this change is expected to be released? 😃

hassy commented 1 month ago

this is out in v2.0.21 now