This release bumps various dependencies that fixed security vulnerabilities. Particularly the vulnerabilities in protobufjs (GHSA-xq3m-2v4x-88gg) and jsonpath-plus (GHSA-pppg-cpfq-h7wr) might be exploitable through specifically crafted requests, so we recommend updating as soon as possible.
What's Changed
- Bump jsonpath-plus from 10.0.7 to 10.3.0 by @dependabot[bot] in #99
- Bump protobufjs from 7.2.5 to 7.5.5 by @dependabot[bot] in #101
- Bump qs from 6.11.1 to 6.14.2 by @dependabot[bot] in #102
- Update various development dependencies by @dependabot[bot] in #104
Full Changelog: v1.0.0...v1.0.1
Contributors
dependabot