fix: update dependency to close vulnerability · Issue #1835 · dherault/serverless-offline

## Description First of all thx for all the great work. Like many others we use `serverless-offline` at work. Today we got a dependabot alert for `serverless-offline` because it's dependency package `jsonpath-plus` is subject to a security vulnerability. [A recent bump](https://github.com/dherault/serverless-offline/issues/1825) to Version 10.0.0 only temporarily helped as it was soon found out to still be vulnerable to RCE. **Bumped `jsonpath-plus` dependency from 10.0.0 to 10.1.0 to get on top of a security vulnerability with the possibility of remote code execution.** ## Motivation and Context For reference you can check out the snyk report via NVD [here](https://nvd.nist.gov/vuln/detail/cve-2024-21534) or see the issue from `jsonpath-plus` [here](https://github.com/JSONPath-Plus/JSONPath/issues/226). ## Screenshots (if appropriate): ![image](https://github.com/user-attachments/assets/19ce9961-89b0-40dc-9acf-cab8d09f1669)

AI Analysis

This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by m4i3r and has received 2 comments.

Add a comment

Comment form would go here

fix: update dependency to close vulnerability#1835