Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

chore(deps): bump jsonpath from 1.0.2 to 1.2.0 in /plugins/insomnia-plugin-response

Closed
Number: #203
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 1
Created: February 05, 2026 at 07:52 PM UTC
(4 months ago)
Updated: February 12, 2026 at 07:05 PM UTC
(4 months ago)
Closed: February 12, 2026 at 07:05 PM UTC
(4 months ago)
Time to Close: 7 days
Labels:
dependencies javascript
Description:

Bumps jsonpath from 1.0.2 to 1.2.0.

Commits
  • 0170daa version 1.2.0
  • 04a09a1 jscs is ancient now and causes build failures
  • 640c0ec tweak array checks for consistency
  • 9631412 CVE-2025-61140: Prevent prototype pollution in JSON path handling
  • 9d1a162 version 1.1.2
  • 263191e Merge pull request #188 from andy3520/master
  • af14cb7 Merge pull request #1 from andy3520/snyk-upgrade-20a9d671102e26e4f601340b621d...
  • 075ca03 Merge pull request #2 from andy3520/snyk-upgrade-7135e2d5510c7bb16a81384e0c97...
  • dfdfc0b fix: upgrade esprima from 1.2.2 to 1.2.5
  • 72b4644 fix: upgrade underscore from 1.12.1 to 1.13.6
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Package Dependencies
Package:
jsonpath
Ecosystem:
npm
Version Change:
1.0.2 → 1.2.0
Update Type:
Minor
Path:
/plugins/insomnia-plugin-response
Security Advisories
JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js
GHSA-6c59-mwgh-r2x6 CVE-2025-61140 MODERATE
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 13755733
UUID: 3903308321
Node ID: PR_kwDOD9-NIM7B0U2C
Host: GitHub
Repository: httpsgithu/insomnia