Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

chore(deps): bump jsonpath from 1.0.2 to 1.2.1 in /plugins/insomnia-plugin-jsonpath

Open
Number: #211
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 1
Created: February 18, 2026 at 04:11 AM UTC
(4 months ago)
Updated: April 19, 2026 at 08:39 PM UTC
(about 2 months ago)
Labels:
dependencies Stale javascript
Description:

Bumps jsonpath from 1.0.2 to 1.2.1.

Commits
  • 3640316 version 1.2.1
  • 447e410 rebuild for 1.2.1
  • 0170daa version 1.2.0
  • 04a09a1 jscs is ancient now and causes build failures
  • 640c0ec tweak array checks for consistency
  • 9631412 CVE-2025-61140: Prevent prototype pollution in JSON path handling
  • 9d1a162 version 1.1.2
  • 263191e Merge pull request #188 from andy3520/master
  • af14cb7 Merge pull request #1 from andy3520/snyk-upgrade-20a9d671102e26e4f601340b621d...
  • 075ca03 Merge pull request #2 from andy3520/snyk-upgrade-7135e2d5510c7bb16a81384e0c97...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Package Dependencies
Package:
jsonpath
Ecosystem:
npm
Version Change:
1.0.2 → 1.2.1
Update Type:
Minor
Path:
/plugins/insomnia-plugin-jsonpath
Security Advisories
JSONPath vulnerable to Prototype Pollution due to insufficient input validation of object keys in lib/index.js
GHSA-6c59-mwgh-r2x6 CVE-2025-61140 MODERATE
The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 15401515
UUID: 3955837226
Node ID: PR_kwDOD9-NIM7EhAi8
Host: GitHub
Repository: httpsgithu/insomnia