From 07f9fb5445a86beafa42ccfd4eed901669aac203 Mon Sep 17 00:00:00 2001
From: Christophe Bougere <christophe.bougere@nona.fr>
Date: Wed, 13 Nov 2024 09:33:43 +0100
Subject: [PATCH] feat: update asl-path-validator to mitigate another
 jsonpath-plus CVE

---
 package-lock.json | 71 ++++++++++-------------------------------------
 package.json      |  2 +-
 2 files changed, 16 insertions(+), 57 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 5bcfe4e..30183dc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
       "license": "Apache-2.0",
       "dependencies": {
         "ajv": "^8.12.0",
-        "asl-path-validator": "^0.14.1",
+        "asl-path-validator": "^0.14.2",
         "commander": "^10.0.1",
         "jsonpath-plus": "^10.0.0",
         "yaml": "^2.3.1"
@@ -2806,12 +2806,11 @@
       }
     },
     "node_modules/asl-path-validator": {
-      "version": "0.14.1",
-      "resolved": "https://registry.npmjs.org/asl-path-validator/-/asl-path-validator-0.14.1.tgz",
-      "integrity": "sha512-Q5P3WLX1sLhTKdMXsgCW6KwKeapozQADq2nhfC6a6/dTVkfj+mL42YS0NGB4cmlvm/qoXjOnElHoBQFjm2ce0g==",
-      "license": "MIT",
+      "version": "0.14.2",
+      "resolved": "https://registry.npmjs.org/asl-path-validator/-/asl-path-validator-0.14.2.tgz",
+      "integrity": "sha512-laFuKAa69tYGJ4PFoBY5D4NYZkiUwI+yD91F/gML6liQh0FFFsvlfqRGnKQbea8exjabmYUQb7D2AQPmmsehag==",
       "dependencies": {
-        "jsonpath-plus": "^10.0.0"
+        "jsonpath-plus": "^10.1.0"
       }
     },
     "node_modules/astral-regex": {
@@ -5960,10 +5959,9 @@
       ]
     },
     "node_modules/jsonpath-plus": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.0.0.tgz",
-      "integrity": "sha512-v7j76HGp/ibKlXYeZ7UrfCLSNDaBWuJMA0GaMjA4sZJtCtY89qgPyToDDcl2zdeHh4B5q/B3g2pQdW76fOg/dA==",
-      "license": "MIT",
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.1.0.tgz",
+      "integrity": "sha512-gHfV1IYqH8uJHYVTs8BJX1XKy2/rR93+f8QQi0xhx95aCiXn1ettYAd5T+7FU6wfqyDoX/wy0pm/fL3jOKJ9Lg==",
       "dependencies": {
         "@jsep-plugin/assignment": "^1.2.1",
         "@jsep-plugin/regex": "^1.0.3",
@@ -7864,14 +7862,6 @@
       "inBundle": true,
       "license": "MIT"
     },
-    "node_modules/npm/node_modules/depd": {
-      "version": "2.0.0",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 0.8"
-      }
-    },
     "node_modules/npm/node_modules/diff": {
       "version": "5.2.0",
       "dev": true,
@@ -8023,17 +8013,6 @@
       "inBundle": true,
       "license": "ISC"
     },
-    "node_modules/npm/node_modules/has": {
-      "version": "1.0.3",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "function-bind": "^1.1.1"
-      },
-      "engines": {
-        "node": ">= 0.4.0"
-      }
-    },
     "node_modules/npm/node_modules/has-unicode": {
       "version": "2.0.1",
       "dev": true,
@@ -8198,11 +8177,6 @@
         "node": "^14.17.0 || ^16.13.0 || >=18.0.0"
       }
     },
-    "node_modules/npm/node_modules/ip": {
-      "version": "2.0.0",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/npm/node_modules/ip-address": {
       "version": "9.0.5",
       "dev": true,
@@ -14606,11 +14580,11 @@
       "dev": true
     },
     "asl-path-validator": {
-      "version": "0.14.1",
-      "resolved": "https://registry.npmjs.org/asl-path-validator/-/asl-path-validator-0.14.1.tgz",
-      "integrity": "sha512-Q5P3WLX1sLhTKdMXsgCW6KwKeapozQADq2nhfC6a6/dTVkfj+mL42YS0NGB4cmlvm/qoXjOnElHoBQFjm2ce0g==",
+      "version": "0.14.2",
+      "resolved": "https://registry.npmjs.org/asl-path-validator/-/asl-path-validator-0.14.2.tgz",
+      "integrity": "sha512-laFuKAa69tYGJ4PFoBY5D4NYZkiUwI+yD91F/gML6liQh0FFFsvlfqRGnKQbea8exjabmYUQb7D2AQPmmsehag==",
       "requires": {
-        "jsonpath-plus": "^10.0.0"
+        "jsonpath-plus": "^10.1.0"
       }
     },
     "astral-regex": {
@@ -16938,9 +16912,9 @@
       "dev": true
     },
     "jsonpath-plus": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.0.0.tgz",
-      "integrity": "sha512-v7j76HGp/ibKlXYeZ7UrfCLSNDaBWuJMA0GaMjA4sZJtCtY89qgPyToDDcl2zdeHh4B5q/B3g2pQdW76fOg/dA==",
+      "version": "10.1.0",
+      "resolved": "https://registry.npmjs.org/jsonpath-plus/-/jsonpath-plus-10.1.0.tgz",
+      "integrity": "sha512-gHfV1IYqH8uJHYVTs8BJX1XKy2/rR93+f8QQi0xhx95aCiXn1ettYAd5T+7FU6wfqyDoX/wy0pm/fL3jOKJ9Lg==",
       "requires": {
         "@jsep-plugin/assignment": "^1.2.1",
         "@jsep-plugin/regex": "^1.0.3",
@@ -18230,10 +18204,6 @@
           "bundled": true,
           "dev": true
         },
-        "depd": {
-          "version": "2.0.0",
-          "dev": true
-        },
         "diff": {
           "version": "5.2.0",
           "bundled": true,
@@ -18337,13 +18307,6 @@
           "bundled": true,
           "dev": true
         },
-        "has": {
-          "version": "1.0.3",
-          "dev": true,
-          "requires": {
-            "function-bind": "^1.1.1"
-          }
-        },
         "has-unicode": {
           "version": "2.0.1",
           "bundled": true,
@@ -18462,10 +18425,6 @@
             "validate-npm-package-name": "^5.0.0"
           }
         },
-        "ip": {
-          "version": "2.0.0",
-          "dev": true
-        },
         "ip-address": {
           "version": "9.0.5",
           "bundled": true,
diff --git a/package.json b/package.json
index ff57370..b63b086 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,7 @@
   "homepage": "https://github.com/ChristopheBougere/asl-validator#readme",
   "dependencies": {
     "ajv": "^8.12.0",
-    "asl-path-validator": "^0.14.1",
+    "asl-path-validator": "^0.14.2",
     "commander": "^10.0.1",
     "jsonpath-plus": "^10.0.0",
     "yaml": "^2.3.1"