Bump jsonpath-plus and pepr in /bouncer #7

dependabot · 2024-11-12T16:56:27Z

Bumps jsonpath-plus to 10.1.0 and updates ancestor dependency pepr. These dependencies need to be updated together.

Updates jsonpath-plus from 9.0.0 to 10.1.0

Changelog

Sourced from jsonpath-plus's changelog.

10.1.0

feat: add typeof operator to safe script

10.0.7

fix(security): prevent constructor access

docs: add security policy file

10.0.6

fix(security): prevent call/apply invocation of Function

10.0.5

fix: remove overly aggressive disabling of native functions but disallow __proto__

10.0.4

fix(security): further prevent binding of Function calls which may evade detection

10.0.3

fix(security): prevent binding of Function calls which may evade detection

10.0.2

fix(security): prevent Function calls outside of member expressions

10.0.1

fix(security): prohibit Function in "safe" vm

10.0.0

BREAKING CHANGES:

Require Node 18+

fix(security): use safe vm by default in Node

chore: bump jsep, devDeps. and lint

Commits

93612a3 chore: bump version
4a16cbd feat: add undefined, null literals to safe script
f119fe3 feat: add typeof operator to safe script
b70aa71 fix(security): prevent constructor access in safe vm
763ada0 fix(security): prevent call/apply invocation of Function
98a6b22 fix: remove overly aggressive disabling of native functions but disallow `__p...
30194c7 fix(security): further prevent binding of Function calls which may evade dete...
eac48fe fix(security): prevent binding of Function calls which may evade detection
34a836b chore: bump version
5a22e3f fix(security): prevent Function calls outside of member expressions
Additional commits viewable in compare view

Updates pepr from 0.32.7 to 0.39.0

Release notes

Sourced from pepr's releases.

v0.39.0

Features

feat: add ability to exit Finalize() callback WITHOUT removing the finalizer by @btlghrants in defenseunicorns/pepr#1321

feat: expose rbacMode from moduleConfig by @cmwylie19 in defenseunicorns/pepr#1347

feat: rbac overrides in package.json by @schaeferka in defenseunicorns/pepr#1331

What's Changed

chore: validate images from registry via Pepr (impl) by @btlghrants in defenseunicorns/pepr#1262

fix: eslint max depth warnings by @tamirazrab in defenseunicorns/pepr#1255

fix: eslint max depth warnings with passing E2E tests by @samayer12 in defenseunicorns/pepr#1366

revert: filter-chain refactor by @samayer12 in defenseunicorns/pepr#1396

chore: updates for undici watch by @cmwylie19 in defenseunicorns/pepr#1384

chore: increase soak duration by @samayer12 in defenseunicorns/pepr#1399

chore: make test crossplatform by @cmwylie19 in defenseunicorns/pepr#1369

chore: pinned deps in ci -all the rest by @cmwylie19 in defenseunicorns/pepr#1377

chore: squash HIGH vulnerability in container scan by @cmwylie19 in defenseunicorns/pepr#1376

chore: squash HIGH vulnerability by @cmwylie19 in defenseunicorns/pepr#1374

Revert "fix: eslint max depth warnings" by @samayer12 in defenseunicorns/pepr#1365

chore: disable cosign testing for now by @btlghrants in defenseunicorns/pepr#1368

chore: unit tests for finalizer with user alias by @schaeferka in defenseunicorns/pepr#1342

chore: refactor store code by @samayer12 in defenseunicorns/pepr#1259

fix: fix error in metrics.ts related to this.#cacheMissWindows.delete(firstKey) by @schaeferka in defenseunicorns/pepr#1352

chore: refactor complex implementation of request-processing filters by @samayer12 in defenseunicorns/pepr#1333

chore: fix circular dependency between lib.ts and sdk.ts by @schaeferka in defenseunicorns/pepr#1348

chore: fix circular dependency between types and mutate-request by @schaeferka in defenseunicorns/pepr#1332

Dependabot

chore: bump trufflesecurity/trufflehog from a63bf95412e732b7a187e8fd7cc2d19c4a2e4963 to e6d786a7d99f05f14327ba8e2ab75aa863b4df3b by @dependabot in defenseunicorns/pepr#1378

chore: bump trufflesecurity/trufflehog from e6d786a7d99f05f14327ba8e2ab75aa863b4df3b to 5ca4a17a4c7a242046966b84cf9d7a53364971bc by @dependabot in defenseunicorns/pepr#1386

chore: bump the development-dependencies group with 3 updates by @dependabot in defenseunicorns/pepr#1385

chore: bump @types/node from 22.8.7 to 22.9.0 in the development-dependencies group by @dependabot in defenseunicorns/pepr#1394

chore: bump anchore/scan-action from 5.2.0 to 5.2.1 by @dependabot in defenseunicorns/pepr#1392

chore: bump anchore/sbom-action from 0.17.6 to 0.17.7 by @dependabot in defenseunicorns/pepr#1391

chore: bump trufflesecurity/trufflehog from 5ca4a17a4c7a242046966b84cf9d7a53364971bc to 944d5dcdc2ba2aa70c2227d8e432d19eceda10be by @dependabot in defenseunicorns/pepr#1390

chore: bump kubernetes-fluent-client from 3.2.2 to 3.3.0 in the production-dependencies group by @dependabot in defenseunicorns/pepr#1393

chore: bump trufflesecurity/trufflehog from 944d5dcdc2ba2aa70c2227d8e432d19eceda10be to 9095845958d9cabdc354ddf372123b5399a5d334 by @dependabot in defenseunicorns/pepr#1400

chore: bump chainguard-dev/digestabot from 1.2.0 to 1.2.1 by @dependabot in defenseunicorns/pepr#1335

chore: bump @types/node from 22.7.9 to 22.8.1 in the development-dependencies group by @dependabot in defenseunicorns/pepr#1338

chore: bump actions/setup-node from 4.0.4 to 4.1.0 by @dependabot in defenseunicorns/pepr#1334

chore: bump kubernetes-fluent-client from 3.2.1 to 3.2.2 in the production-dependencies group by @dependabot in defenseunicorns/pepr#1362

chore: bump actions/dependency-review-action from 4.3.5 to 4.4.0 by @dependabot in defenseunicorns/pepr#1346

chore: bump anchore/scan-action from 5.1.0 to 5.2.0 by @dependabot in defenseunicorns/pepr#1356

chore: bump @types/node from 22.8.4 to 22.8.6 in the development-dependencies group by @dependabot in defenseunicorns/pepr#1372

chore: bump @types/node from 22.8.1 to 22.8.4 in the development-dependencies group across 1 directory by @dependabot in defenseunicorns/pepr#1354

New Contributors

@tamirazrab made their first contribution in defenseunicorns/pepr#1255

Full Changelog: defenseunicorns/pepr@v0.38.3...v0.39.0

... (truncated)

Commits

c84043e chore: bump trufflesecurity/trufflehog from 944d5dcdc2ba2aa70c2227d8e432d19ec...
5b724a0 chore: increase soak duration (#1399)
6b6d39f chore: updates for undici watch (#1384)
7020907 chore: bump kubernetes-fluent-client from 3.2.2 to 3.3.0 in the production-de...
fe4c069 revert: filter-chain refactor (#1396)
967d747 chore: bump trufflesecurity/trufflehog from 5ca4a17a4c7a242046966b84cf9d7a533...
fe1bc13 chore: bump anchore/sbom-action from 0.17.6 to 0.17.7 (#1391)
d6b5970 chore: bump anchore/scan-action from 5.2.0 to 5.2.1 (#1392)
8138763 chore: bump @types/node from 22.8.7 to 22.9.0 in the development-dependencies...
e7d4f2f chore: bump the development-dependencies group with 3 updates (#1385)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [jsonpath-plus](https://github.com/s3u/JSONPath) to 10.1.0 and updates ancestor dependency [pepr](https://github.com/defenseunicorns/pepr). These dependencies need to be updated together. Updates `jsonpath-plus` from 9.0.0 to 10.1.0 - [Release notes](https://github.com/s3u/JSONPath/releases) - [Changelog](https://github.com/JSONPath-Plus/JSONPath/blob/main/CHANGES.md) - [Commits](JSONPath-Plus/JSONPath@v9.0.0...v10.1.0) Updates `pepr` from 0.32.7 to 0.39.0 - [Release notes](https://github.com/defenseunicorns/pepr/releases) - [Commits](defenseunicorns/pepr@v0.32.7...v0.39.0) --- updated-dependencies: - dependency-name: jsonpath-plus dependency-type: indirect - dependency-name: pepr dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added the dependencies Pull requests that update a dependency file label Nov 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump jsonpath-plus and pepr in /bouncer #7

Bump jsonpath-plus and pepr in /bouncer #7

Uh oh!

dependabot bot commented on behalf of github Nov 12, 2024

Uh oh!

Uh oh!

Bump jsonpath-plus and pepr in /bouncer #7

Are you sure you want to change the base?

Bump jsonpath-plus and pepr in /bouncer #7

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 12, 2024

10.1.0

10.0.7

10.0.6

10.0.5

10.0.4

10.0.3

10.0.2

10.0.1

10.0.0

v0.39.0

Features

What's Changed

Dependabot

New Contributors

Uh oh!

Uh oh!