@stoplight/spectral-core depends on jsonpath-plus <10 #2710

jacquesg · 2024-10-14T18:26:29Z

Describe the bug
See: GHSA-pppg-cpfq-h7wr

jacquesg · 2024-10-16T13:04:24Z

With 5205058 merged, could a new release be cut?

parithibang · 2024-10-17T03:34:23Z

@jacquesg When can we expect a patch release?

pjungermann · 2024-10-17T11:40:15Z

"nimma": "0.2.2",

This dependency nimma depends on jsonpath-plus with version ^6.0.1 (optional dependency).

The latest version is 7.0.0 and since 4.0.0, it's only a dev dependency and no optional dependency anymore.

Mariscal6 · 2024-10-18T07:25:26Z

@jacquesg When can we expect a patch release?

+1

jacquesg · 2024-10-18T08:59:54Z

I'm not the maintainer, I asked the same question :)

jacquesg · 2024-10-20T18:25:56Z

A new version of nimma in the 0.2 series is now available: https://www.npmjs.com/package/nimma/v/0.2.3

jacquesg · 2024-10-20T18:29:52Z

Added a PR to bump the dependency #2712

ferrarimarco mentioned this issue Oct 19, 2024

Failt to build container locally super-linter/super-linter#6282

Closed

5 tasks

jacquesg mentioned this issue Oct 22, 2024

chore(deps): bump nimma 0.2.2 to 0.2.3 #2712

Merged

4 tasks

mnaumanali94 closed this as completed in #2712 Oct 24, 2024

Provide feedback