Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): bump spectral-core dependents #2742

Conversation

frankkilcommins
Copy link
Contributor

Fixes #2717

Does this PR introduce a breaking change?

  • Yes
  • No

This PR bumps spectral packages that depend on spectral-core to leverage the latest version which includes jsonpath-plus 10.2.0 thus addressing CVE-2024-21534

@frankkilcommins frankkilcommins requested a review from a team as a code owner November 19, 2024 10:58
@frankkilcommins frankkilcommins added the dependencies Pull requests that update a dependency file label Nov 19, 2024
@frankkilcommins frankkilcommins merged commit 30c0349 into stoplightio:develop Nov 19, 2024
7 checks passed
stoplight-bot pushed a commit that referenced this pull request Nov 19, 2024
## @stoplight/spectral-cli [6.14.2](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-cli-6.14.1...@stoplight/spectral-cli-6.14.2) (2024-11-19)

### Bug Fixes

* **deps:** bump spectral-core dependents ([#2742](#2742)) ([30c0349](30c0349))
stoplight-bot pushed a commit that referenced this pull request Nov 19, 2024
## [1.4.3](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-formatters-1.4.2...@stoplight/spectral-formatters-1.4.3) (2024-11-19)

### Bug Fixes

* **deps:** bump spectral-core dependents ([#2742](#2742)) ([30c0349](30c0349))
* **deps:** fix CVE related to jsonpath-plus ([169db7a](169db7a))
stoplight-bot pushed a commit that referenced this pull request Nov 19, 2024
## [1.9.3](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-functions-1.9.2...@stoplight/spectral-functions-1.9.3) (2024-11-19)

### Bug Fixes

* **deps:** bump spectral-core dependents ([#2742](#2742)) ([30c0349](30c0349))
* **deps:** fix CVE related to jsonpath-plus ([169db7a](169db7a))
stoplight-bot pushed a commit that referenced this pull request Nov 19, 2024
## [1.21.3](https://github.com/stoplightio/spectral/compare/@stoplight/spectral-rulesets-1.21.2...@stoplight/spectral-rulesets-1.21.3) (2024-11-19)

### Bug Fixes

* **deps:** bump spectral-core dependents ([#2742](#2742)) ([30c0349](30c0349))
* **deps:** fix CVE related to jsonpath-plus ([169db7a](169db7a))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Release a new package to include the patch for CVE-2024-21534 critical vulnerability
2 participants