Bump the npm_and_yarn group across 1 directory with 4 updates

[dependabot]

Bumps the npm_and_yarn group with 4 updates in the / directory: axios, openapi-enforcer, jsonpath-plus and openapi-examples-validator.

Removes axios

Updates openapi-enforcer from 1.13.1 to 1.23.0

Changelog

Sourced from openapi-enforcer's changelog.

1.23.0

Added

• You Can Ignore Undefined Property Values

  The default implementation complains of objects where a property is defined but set to undefined. This will cause Schema instances to fail validations, serialization, and deserialization. Now you have the option to set the global Enforcer.config.ignoreUndefinedPropertyValues to true or false (default) or when calling a Schema instance's validate function you can specify the ignoreUndefinedPropertyValues as an option property. Serialization and deserialization will now ignore undefined values in all cases.

1.22.3

Security

• Update Dependencies

  Updated some dependencies to address security vulnerabilities.

1.22.2

Fixed

• Fix Validation of not Sub Schema

  Any time a schema had the property not, it was not validating correctly. This code for this fix, including tests, is thanks to gaetano-guerriero.

1.22.1

Fixed

• Exception Skip Codes Bug Fix

  The exception skip codes that were defined via the options were not being carried through to child components. This fix allows those settings to be carried. Exception skip codes defined by an instance (see change 1.22.0) are still limited to just the component.

1.22.0

Added

• You Can Now Skip Instances of an Exception

  Being able to skip a specific type of exception has been around for a while, but if you want to skip just a single instance of an exception, that is now possible. Find the nearest component to where your exception is occurring and add the extension x-enforcer-exception-skip-codes followed by a space seperated list of all exceptions that should be skipped in that component. This will not affect child components of this component, only the exceptions that

... (truncated)

Commits

• See full diff in compare view

Updates jsonpath-plus from 6.0.1 to 10.3.0

Release notes

Sourced from jsonpath-plus's releases.

v10.3.0

What's Changed

• fix(eval): rce using non-string prop names by @​80avin in JSONPath-Plus/JSONPath#237
• feat(demo): make demo link shareable by @​80avin in JSONPath-Plus/JSONPath#238

Full Changelog: JSONPath-Plus/JSONPath@v10.2.0...v10.3.0

v7.2.0

7.2.0 (2022-09-02)

• perf: optimize walk method by 10%-34% (@​jacobroschen)
• chore: add types to exports field (@​awlayton)

Changelog

Sourced from jsonpath-plus's changelog.

10.3.0

• fix(eval): rce using non-string prop names (#237)
• feat(demo): make demo link shareable (#238)
• chore: update deps. and devDeps.

10.2.0

• fix(eval): improve security of safe-eval (#233)
• chore: update deps. and devDeps.

10.1.0

• feat: add typeof operator to safe script

10.0.7

• fix(security): prevent constructor access
• docs: add security policy file

10.0.6

• fix(security): prevent call/apply invocation of Function

10.0.5

• fix: remove overly aggressive disabling of native functions but disallow __proto__

10.0.4

• fix(security): further prevent binding of Function calls which may evade detection

10.0.3

• fix(security): prevent binding of Function calls which may evade detection

10.0.2

• fix(security): prevent Function calls outside of member expressions

10.0.1

• fix(security): prohibit Function in "safe" vm

10.0.0

BREAKING CHANGES:

• Require Node 18+

... (truncated)

Commits

• 9754e4b chore: bump version
• f690da1 chore: update deps and devDeps
• 313a9b4 Merge pull request #238 from 80avin/shareable-demo
• 39a0d03 Merge pull request #237 from 80avin/fix-10.2.0-rce
• 1c532fc feat(demo): make demo link shareable
• 3094289 fix(eval): rce using non-string prop names
• 8e4acf8 chore: bump version
• f0708a4 chore: update deps. and devDeps.
• 0bfda55 build(deps): bump @​eslint/plugin-kit from 0.2.0 to 0.2.3 (#234)
• 73ad72e fix(eval): improve security of safe-eval (#233)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by 80avin, a new releaser for jsonpath-plus since your current version.

Updates openapi-examples-validator from 4.7.1 to 6.0.1

Changelog

Sourced from openapi-examples-validator's changelog.

6.0.1 (2024-11-20)

Bug Fixes

• update README.md that minimum NodeJS version is 18 now (eb69b27)

6.0.0 (2024-11-20)

⚠ BREAKING CHANGES

• dependencies: - minimum required Node version is 18 now

Features

• support complex MIME definitions in OAS3 content type (#191) (ea1a53f), closes #190

Bug Fixes

• dependencies: upgrade dependencies (#193) (de88e48)

5.0.0 (2023-05-22)

⚠ BREAKING CHANGES

• Minimum required Node version is 16 now
• Dropped the support of ajv-oai in favor of the official ajv-formats as ajv-oai is not maintained anymore and only supports ajv@6.x. This may cause different results when using type with formats.
• The property dataPath in the validation errors has changed to instancePath and the type has changed from jsPropertySyntax to JSONPointer
• Unknown formats do not result in a validation-error anymore but log a warning to the error-console. To suppress these log entries for specific formats, pass them with the --ignore-formats option
• In the validation-errors, should was replaced with must

Features

• support polymorphism with discriminators (#185) (d596631)

Bug Fixes

• upgrade dependencies (#186) (b08229b)

Commits

• 78cf376 chore(release): 6.0.1
• eb69b27 fix: update README.md that minimum NodeJS version is 18 now
• 236c811 chore(release): 6.0.0
• 10fb1f4 chore: fix github-actions (#194)
• da86002 chore: upgrade github-actions
• de88e48 fix(dependencies): upgrade dependencies (#193)
• 146769a chore(deps): bump jsonpath-plus (#192)
• ea1a53f feat: support complex MIME definitions in OAS3 content type (#191)
• 9ef5908 chore(release): 5.0.0
• b08229b fix: upgrade dependencies (#186)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml