diff --git a/package-lock.json b/package-lock.json index 666363482..1ab6f665e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1271,6 +1271,18 @@ "@jridgewell/sourcemap-codec": "^1.4.14" } }, + "node_modules/@jsep-plugin/assignment": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/@jsep-plugin/assignment/-/assignment-1.2.1.tgz", + "integrity": "sha512-gaHqbubTi29aZpVbBlECRpmdia+L5/lh2BwtIJTmtxdbecEyyX/ejAOg7eQDGNvGOUmPY7Z2Yxdy9ioyH/VJeA==", + "license": "MIT", + "engines": { + "node": ">= 10.16.0" + }, + "peerDependencies": { + "jsep": "^0.4.0||^1.0.0" + } + }, "node_modules/@jsep-plugin/regex": { "version": "1.0.3", "resolved": "https://registry.npmjs.org/@jsep-plugin/regex/-/regex-1.0.3.tgz", @@ -12219,7 +12231,7 @@ }, "packages/parser": { "name": "@asyncapi/parser", - "version": "3.2.2", + "version": "3.3.0", "license": "Apache-2.0", "dependencies": { "@asyncapi/specs": "^6.8.0", @@ -12239,7 +12251,7 @@ "ajv-formats": "^2.1.1", "avsc": "^5.7.5", "js-yaml": "^4.1.0", - "jsonpath-plus": "^7.2.0", + "jsonpath-plus": "^10.0.0", "node-fetch": "2.6.7" }, "devDependencies": { @@ -12281,6 +12293,24 @@ "undici-types": "~5.26.4" } }, + "packages/parser/node_modules/jsonpath-plus": { + "version": "10.0.0", + "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.0.0.tgz", + "integrity": "sha512-v7j76HGp/ibKlXYeZ7UrfCLSNDaBWuJMA0GaMjA4sZJtCtY89qgPyToDDcl2zdeHh4B5q/B3g2pQdW76fOg/dA==", + "license": "MIT", + "dependencies": { + "@jsep-plugin/assignment": "^1.2.1", + "@jsep-plugin/regex": "^1.0.3", + "jsep": "^1.3.9" + }, + "bin": { + "jsonpath": "bin/jsonpath-cli.js", + "jsonpath-plus": "bin/jsonpath-cli.js" + }, + "engines": { + "node": ">=18.0.0" + } + }, "packages/parser/node_modules/undici-types": { "version": "5.26.5", "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-5.26.5.tgz", diff --git a/packages/multi-parser/CHANGELOG.md b/packages/multi-parser/CHANGELOG.md index e0a744944..b257d5299 100644 --- a/packages/multi-parser/CHANGELOG.md +++ b/packages/multi-parser/CHANGELOG.md @@ -1,5 +1,16 @@ # @asyncapi/multi-parser +## 2.2.0 + +### Minor Changes + +- e18f865: Updating jsonpath-plus dependency to mitigate CVE-2024-21534 + +### Patch Changes + +- Updated dependencies [e18f865] + - @asyncapi/parser@3.4.0 + ## 2.1.1 ### Patch Changes diff --git a/packages/multi-parser/package.json b/packages/multi-parser/package.json index 81335e008..2aeb3371f 100644 --- a/packages/multi-parser/package.json +++ b/packages/multi-parser/package.json @@ -1,6 +1,6 @@ { "name": "@asyncapi/multi-parser", - "version": "2.1.1", + "version": "2.2.0", "description": "This tool allows to parse AsyncAPI documents and produce a desired interface based on a given Parser-API version", "private": false, "bugs": { diff --git a/packages/parser/CHANGELOG.md b/packages/parser/CHANGELOG.md index b17877e29..2eab2af3d 100644 --- a/packages/parser/CHANGELOG.md +++ b/packages/parser/CHANGELOG.md @@ -1,5 +1,11 @@ # @asyncapi/parser +## 3.4.0 + +### Minor Changes + +- e18f865: Updating jsonpath-plus dependency to mitigate CVE-2024-21534 + ## 3.3.0 ### Minor Changes diff --git a/packages/parser/package.json b/packages/parser/package.json index 1128ad916..48e5d33fd 100644 --- a/packages/parser/package.json +++ b/packages/parser/package.json @@ -1,6 +1,6 @@ { "name": "@asyncapi/parser", - "version": "3.3.0", + "version": "3.4.0", "description": "JavaScript AsyncAPI parser.", "private": false, "bugs": { @@ -59,7 +59,7 @@ "ajv-formats": "^2.1.1", "avsc": "^5.7.5", "js-yaml": "^4.1.0", - "jsonpath-plus": "^7.2.0", + "jsonpath-plus": "^10.0.0", "node-fetch": "2.6.7" }, "devDependencies": {