Fix CVE in jsonpath-plus dep

[timd73]

Describe the bug
The jsonpath-plus dependency contains a critical CVE:
CVE-2024-21534

It is fixed (as least as far as "Snyk" scans are concerned) in 10.0.0

The request is to update the dependency in @kubernetes/client-node

Client Version
0.22.0 (and earlier)

Environment (please complete the following information):

• NodeJS client

[cjihrig]

The dependency is updated on the master branch in #1916, and on the release-1.x branch in #1914.

It looks like a release for the 0.x line is underway based on #1920.

[mstruebing]

@brendanburns I've tried to run the release but the workflow isn't successful.
I suspect an outdated authentication token or similar. Running it from my local machine, where I definitely do not have access rights to the package results in the exact same error message.

The error message is:

npm error 404 Not Found - PUT https://registry.npmjs.org/@kubernetes%2fclient-node - Not found                                                              npm error 404  '@kubernetes/client-node@0.22.1' is not in this registry.          

Do you know what's wrong?

Here is the log for the main branch: https://github.com/kubernetes-client/javascript/actions/runs/11317557777/job/31471135586

[brendandburns]

This is due to the npm token expiring, I will generate a new one and re-add it to the gh actions.

[brendandburns]

@mstruebing this should now work.

[rlsf]

can we get also a release of the 1.x branch?

[timd73]

And what's the ETA on the release of the 0.x line?

[mstruebing]

@brendandburns thanks, npm release worked fine.

I also released 1.0.0-rc7 as the next tag on npm:

• https://www.npmjs.com/package/@kubernetes/client-node/v/0.22.1
• https://www.npmjs.com/package/@kubernetes/client-node/v/1.0.0-rc7