Skip to content

Commit 10aa98f

Browse files
shortstackedclaude
shortstacked
and
claude
authored
fix(editor): Replace jsonpath with jsonpath-plus to resolve CVE (#26408)
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
1 parent 9b1d456 commit 10aa98f

File tree

4 files changed

+61
-56
lines changed

4 files changed

+61
-56
lines changed

packages/frontend/editor-ui/package.json

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@
7878
"flatted": "catalog:",
7979
"highlight.js": "catalog:frontend",
8080
"humanize-duration": "^3.27.2",
81-
"jsonpath": "^1.2.0",
81+
"jsonpath-plus": "^10.3.0",
8282
"lodash": "catalog:",
8383
"luxon": "catalog:",
8484
"n8n-workflow": "workspace:*",
@@ -122,7 +122,6 @@
122122
"@types/file-saver": "^2.0.1",
123123
"@types/humanize-duration": "^3.27.1",
124124
"@types/json-schema": "^7.0.15",
125-
"@types/jsonpath": "^0.2.0",
126125
"@types/lodash": "catalog:",
127126
"@types/uuid": "catalog:",
128127
"@vitejs/plugin-legacy": "^7.2.1",

packages/frontend/editor-ui/src/app/composables/useDataSchema.test.ts

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import jp from 'jsonpath';
1+
import { JSONPath } from 'jsonpath-plus';
22
import { useDataSchema, useFlattenSchema, type SchemaNode } from './useDataSchema';
33
import type { INodeUi, Schema } from '@/Interface';
44
import type { IExecutionResponse } from '@/features/execution/executions/executions.types';
@@ -300,10 +300,10 @@ describe('useDataSchema', () => {
300300
it('should return the correct data when using the generated json path on an object', () => {
301301
const input = { people: ['Joe', 'John'] };
302302
const schema = getSchema(input);
303-
const pathData = jp.query(
304-
input,
305-
`$${((schema.value as Schema[])[0].value as Schema[])[0].path}`,
306-
);
303+
const pathData = JSONPath({
304+
path: `$${((schema.value as Schema[])[0].value as Schema[])[0].path}`,
305+
json: input,
306+
});
307307
expect(pathData).toEqual(['Joe']);
308308
});
309309

@@ -313,20 +313,20 @@ describe('useDataSchema', () => {
313313
{ name: 'Joe', age: 33, hobbies: ['skateboarding', 'gaming'] },
314314
];
315315
const schema = getSchema(input);
316-
const pathData = jp.query(
317-
input,
318-
`$${(((schema.value as Schema[])[0].value as Schema[])[2].value as Schema[])[1].path}`,
319-
);
316+
const pathData = JSONPath({
317+
path: `$${(((schema.value as Schema[])[0].value as Schema[])[2].value as Schema[])[1].path}`,
318+
json: input,
319+
});
320320
expect(pathData).toEqual(['traveling']);
321321
});
322322

323323
it('should return the correct data when using the generated json path on a list of list', () => {
324324
const input = [[1, 2]];
325325
const schema = getSchema(input);
326-
const pathData = jp.query(
327-
input,
328-
`$${((schema.value as Schema[])[0].value as Schema[])[1].path}`,
329-
);
326+
const pathData = JSONPath({
327+
path: `$${((schema.value as Schema[])[0].value as Schema[])[1].path}`,
328+
json: input,
329+
});
330330
expect(pathData).toEqual([2]);
331331
});
332332

@@ -338,10 +338,10 @@ describe('useDataSchema', () => {
338338
],
339339
];
340340
const schema = getSchema(input);
341-
const pathData = jp.query(
342-
input,
343-
`$${(((schema.value as Schema[])[0].value as Schema[])[1].value as Schema[])[1].path}`,
344-
);
341+
const pathData = JSONPath({
342+
path: `$${(((schema.value as Schema[])[0].value as Schema[])[1].value as Schema[])[1].path}`,
343+
json: input,
344+
});
345345
expect(pathData).toEqual([33]);
346346
});
347347

@@ -355,15 +355,15 @@ describe('useDataSchema', () => {
355355
},
356356
];
357357
const schema = getSchema(input);
358-
const pathData = jp.query(
359-
input,
360-
`$${
358+
const pathData = JSONPath({
359+
path: `$${
361360
(
362361
(((schema.value as Schema[])[0].value as Schema[])[0].value as Schema[])[0]
363362
.value as Schema[]
364363
)[0].path
365364
}`,
366-
);
365+
json: input,
366+
});
367367
expect(pathData).toEqual([new Date('2022-11-22T00:00:00.000Z')]);
368368
});
369369

packages/frontend/editor-ui/src/features/ndv/runData/components/RunDataJsonActions.vue

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<script lang="ts" setup>
2-
import jp from 'jsonpath';
2+
import { JSONPath } from 'jsonpath-plus';
33
import type { INodeUi } from '@/Interface';
44
import type { IDataObject } from 'n8n-workflow';
55
import { clearJsonKey, convertPath } from '@/app/utils/typesUtils';
@@ -83,7 +83,7 @@ function getJsonValue(): string {
8383
const jsonPath = normalisedJsonPath.value.startsWith('$')
8484
? normalisedJsonPath.value
8585
: `$${normalisedJsonPath.value}`;
86-
selectedValue = jp.query(props.jsonData, jsonPath)[0];
86+
selectedValue = JSONPath({ path: jsonPath, json: props.jsonData })[0];
8787
}
8888
8989
let value = '';

pnpm-lock.yaml

Lines changed: 37 additions & 31 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)