[Security] Bump jsonpath-plus and @kubernetes/client-node

Bumps jsonpath-plus to 10.0.0 and updates ancestor dependency @kubernetes/client-node. These dependencies need to be updated together.

Updates jsonpath-plus from 9.0.0 to 10.0.0 This update includes a security fix.

Vulnerabilities fixed

JSONPath Plus Remote Code Execution (RCE) Vulnerability Versions of the package jsonpath-plus before 10.0.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.

Note:

The unsafe behavior is still available after applying the fix but it is not turned on by default.

Patched versions: 10.0.0 Affected versions: < 10.0.0

Changelog

Sourced from jsonpath-plus's changelog.

10.0.0

BREAKING CHANGES:

• Require Node 18+

• fix(security): use safe vm by default in Node

• chore: bump jsep, devDeps. and lint

Commits

• See full diff in compare view

Updates @kubernetes/client-node from 0.22.0 to 0.22.1

Release notes

Sourced from @​kubernetes/client-node's releases.

Release 0.22.1

What's Changed

• Fix cp promise returns by converting the exec callbacks into promises by @​joeferner in kubernetes-client/javascript#1880
• test: replace use of deprecated Buffer constructor by @​cjihrig in kubernetes-client/javascript#1891
• ci: test against node 22 by @​cjihrig in kubernetes-client/javascript#1890
• chore: update ws by @​mstruebing in kubernetes-client/javascript#1888
• ci: use node LTS in workflows by @​mstruebing in kubernetes-client/javascript#1918

New Contributors

• @​joeferner made their first contribution in kubernetes-client/javascript#1880

Full Changelog: https://github.com/kubernetes-client/javascript/compare/0.22.0...0.22.1

Commits

• 5a69713 Merge pull request #1932 from kubernetes-client/dependabot/npm_and_yarn/jasmi...
• 63b3d94 Merge pull request #1931 from kubernetes-client/dependabot/npm_and_yarn/mock-...
• e0cbd15 Merge pull request #1930 from kubernetes-client/dependabot/npm_and_yarn/typed...
• d2102b3 build(deps-dev): bump jasmine from 5.3.1 to 5.4.0
• 121f00f build(deps-dev): bump mock-fs from 5.3.0 to 5.4.0
• 37c4cbc build(deps-dev): bump typedoc from 0.26.8 to 0.26.9
• b05ab87 Merge pull request #1920 from kubernetes-client/ms/prepare-patch-0.22.1
• c4c52c7 Merge pull request #1918 from kubernetes-client/ms/update-node-in-workflow
• 81fb6ea chore: prepare patch release 0.22.1
• f4dbc08 Revert "chore: prepare patch release"
• Additional commits viewable in compare view

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts