fix(deps): update dependency jsonpath-plus to v10 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
jsonpath-plus	^7.2.0 -> ^10.0.0

GitHub Vulnerability Alerts

CVE-2024-21534

Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.

Note:

The unsafe behavior is still available after applying the fix but it is not turned on by default.

---

Release Notes

s3u/JSONPath (jsonpath-plus)

v10.0.0

BREAKING CHANGES:

• Require Node 18+

• fix(security): use safe vm by default in Node

• chore: bump jsep, devDeps. and lint

v9.0.0

Compare Source

BREAKING CHANGES:

• Removes preventEval property. Prefer eval: false instead.

• Changed behavior of eval property. In the browser, eval/Function won't be used by default to evaluate expressions. Instead, we'll safely evaluate using a subset of JavaScript. To resume using unsafe eval in the browser, pass in the option eval: "native"

• feat: add safe eval for browser and eval option (#​185) (@​80avin)

• feat: add ignoreEvalErrors property (@​80avin)

v8.1.0

• feat: add basic cli (#​206) (@​vid)

v8.0.0

• Breaking change: Bump Node engines to 14
• feat: add support for nested filter expressions (@​carlosingles)
• docs: update README and license (@​akirataguchi115)
• docs: github workflow badge (@​dsanch3z)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.