Security Vulnerability in Underscore Dependency (CVE-2026-27601) #200
Description
The current version of jsonpath (v1.3.0) pins the underscore dependency to a fixed version 1.13.6. This specific version is vulnerable to CVE-2026-27601, which involves a security flaw that could potentially lead to Denial of Service (DoS)
To resolve this and ensure future security patches are automatically pulled, the dependency should be updated to use a caret (^) range, allowing for compatible version updates.
In package.json, must changed:
"underscore": "1.13.6"to:
"underscore": "^1.13.8"