Skip to content

Fix dependabot vulnrability issues#3583

Open
ilan7empest wants to merge 1 commit intomlrun:developmentfrom
ilan7empest:ML-12198
Open

Fix dependabot vulnrability issues#3583
ilan7empest wants to merge 1 commit intomlrun:developmentfrom
ilan7empest:ML-12198

Conversation

@ilan7empest
Copy link
Member

@ilan7empest ilan7empest commented Feb 24, 2026
edited
Loading

📝 Description

  • Fix jsonpath has Arbitrary Code Injection via Unsafe Evaluation of JSON Path Expressions

🛠️ Changes Made

Update bfj package to a version not using jsonpath

✅ Checklist

  • I have given the PR a well-structured title describing the domain and the specific change that was made
  • I tested the changes in the browser (locally or via preview build)
  • I confirmed that existing tests pass
  • I added or updated unit / integration tests (if needed)
  • I checked that this change doesn’t introduce new console warnings or lint / formatting errors
  • I updated the relevant Jira ticket with the appropriate details and status

🔗 References

  • Related ticket / issue: ML-12198
  • Figma / design spec:
  • Documentation:

🚨 Potentially Breaking Changes

  • Yes
  • No

Includes DRC change

  • Yes
  • No

If yes -> requires bump NPM version

🔍 Additional Notes

📸 Screenshots / Demos

@ilan7empest ilan7empest self-assigned this Feb 24, 2026
@ilan7empest ilan7empest added the bug Something isn't working label Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@muli-cohen muli-cohen Awaiting requested review from muli-cohen

Assignees

@ilan7empest ilan7empest

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ilan7empest