JSONPath Plus Remote Code Execution (RCE) Vulnerability

[thienscmon]

jsonpath-plus  <10.0.0
Severity: critical
JSONPath Plus Remote Code Execution (RCE) Vulnerability - https://github.com/advisories/GHSA-pppg-cpfq-h7wr
fix available via `npm audit fix --force`
Will install redis-om@0.3.6, which is a breaking change
node_modules/jsonpath-plus
  redis-om  >=0.4.0-beta.1
  Depends on vulnerable versions of jsonpath-plus
  node_modules/redis-om

2 critical severity vulnerabilities

[dongshunyao]

I also encountered this issue. It caused the CI/CD pipeline to fail and blocked my work.

I have created a pull request to fix it: #249.

@guyroyse Could you please review and approve it? That way we can continue working. Thanks!

[guyroyse]

PR #249 from @dongshunyao has been merge and I pushed the new version to NPM. Y'all should be good to go.

[guyroyse]

Let me know if you run into any problems. Thanks again!