Reset changelog, fix dotted notation regex, remove redundant helper, add new test cases for dot notation

woo-industries · woo-industries · commit 7636ab4d4801 · 2026-02-25T14:49:59.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,76 +1,80 @@
 # Changelog
 
-## [Unreleased]
-
-### Security
-
--   replace jsonpath with jsonpath-plus to remediate eval()-based code injection vulnerability
-
 ## [7.0.3](https://github.com/Flagsmith/flagsmith-nodejs-client/compare/v7.0.2...v7.0.3) (2026-01-21)
 
+
 ### Dependency Updates
 
--   bump glob and npm ([#233](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/233)) ([17802df](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/17802dfafc10874a17dbb3804c0a4e91722864d8))
--   bump js-yaml from 4.1.0 to 4.1.1 ([#223](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/223)) ([7235792](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/7235792a10bb1a8ca3ffc1144697cd7654ec5c4e))
--   bump tar and npm ([#232](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/232)) ([bb34fb5](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/bb34fb5e53dff9003794df9d476674bf9fbb2e10))
+* bump glob and npm ([#233](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/233)) ([17802df](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/17802dfafc10874a17dbb3804c0a4e91722864d8))
+* bump js-yaml from 4.1.0 to 4.1.1 ([#223](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/223)) ([7235792](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/7235792a10bb1a8ca3ffc1144697cd7654ec5c4e))
+* bump tar and npm ([#232](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/232)) ([bb34fb5](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/bb34fb5e53dff9003794df9d476674bf9fbb2e10))
 
 ## [7.0.2](https://github.com/Flagsmith/flagsmith-nodejs-client/compare/v7.0.1...v7.0.2) (2025-12-02)
 
+
 ### CI
 
--   use-nvmrc-for-version ([#236](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/236)) ([a56f073](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/a56f0736f6c31d3c273932ede8204710de7cf853))
+* use-nvmrc-for-version ([#236](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/236)) ([a56f073](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/a56f0736f6c31d3c273932ede8204710de7cf853))
 
 ## [7.0.1](https://github.com/Flagsmith/flagsmith-nodejs-client/compare/v7.0.0...v7.0.1) (2025-12-02)
 
+
 ### CI
 
--   use-latest-npm ([#234](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/234)) ([6a741f3](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/6a741f3b12af3bea31150561dee1e6f7c7045e56))
+* use-latest-npm ([#234](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/234)) ([6a741f3](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/6a741f3b12af3bea31150561dee1e6f7c7045e56))
 
 ## [7.0.0](https://github.com/Flagsmith/flagsmith-nodejs-client/compare/v6.2.0...v7.0.0) (2025-12-02)
 
+
 ### ⚠ BREAKING CHANGES
 
--   implement context values ([#203](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/203))
+* implement context values ([#203](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/203))
 
 ### Features
 
--   implement context values ([#203](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/203)) ([41258f2](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/41258f2e24ef7e89207a0f10116ffbd1229c0a30))
--   removed-feature-key-and-segment-key-from-schema ([#210](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/210)) ([014f38b](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/014f38bf33af77fb706e4e130e8a571914632408))
+* implement context values ([#203](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/203)) ([41258f2](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/41258f2e24ef7e89207a0f10116ffbd1229c0a30))
+* removed-feature-key-and-segment-key-from-schema ([#210](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/210)) ([014f38b](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/014f38bf33af77fb706e4e130e8a571914632408))
+
 
 ### Bug Fixes
 
--   exclude-identities-when-traits-is-undefined ([#230](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/230)) ([f7488e1](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/f7488e17fe524111dd18c06a30be1c44ae15ec5d))
--   fix-mv-evaluation ([#222](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/222)) ([ae1fb7e](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/ae1fb7eb0551defd0823c94d37b860be7eb88a5d))
--   properly-map-environment-name ([#226](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/226)) ([3c1d200](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/3c1d200e656ec9926fdc6d4627bb259963d06a2e))
--   removed-dango-id-usage-in-mapper ([#229](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/229)) ([29c7613](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/29c761370a7e8d6d733a45293c60297843e7e1e7))
--   use-default-on-jsonpath-import ([#231](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/231)) ([7a8d949](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/7a8d9498fbc0297c881b3f32fc8d0d024fe8366f))
+* exclude-identities-when-traits-is-undefined ([#230](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/230)) ([f7488e1](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/f7488e17fe524111dd18c06a30be1c44ae15ec5d))
+* fix-mv-evaluation ([#222](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/222)) ([ae1fb7e](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/ae1fb7eb0551defd0823c94d37b860be7eb88a5d))
+* properly-map-environment-name ([#226](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/226)) ([3c1d200](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/3c1d200e656ec9926fdc6d4627bb259963d06a2e))
+* removed-dango-id-usage-in-mapper ([#229](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/229)) ([29c7613](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/29c761370a7e8d6d733a45293c60297843e7e1e7))
+* use-default-on-jsonpath-import ([#231](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/231)) ([7a8d949](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/7a8d9498fbc0297c881b3f32fc8d0d024fe8366f))
+
 
 ### CI
 
--   use NPM trusted publishing ([#217](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/217)) ([7d01563](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/7d015635f4bc41246519799dddaea7ff8da2c50a))
+* use NPM trusted publishing ([#217](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/217)) ([7d01563](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/7d015635f4bc41246519799dddaea7ff8da2c50a))
 
 ## [6.2.0](https://github.com/Flagsmith/flagsmith-nodejs-client/compare/v6.1.0...v6.2.0) (2025-11-04)
 
+
 ### Features
 
--   add user agent to requests ([#206](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/206)) ([ef2b97a](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/ef2b97a3022a5feeb96c3ccdb8009ae89b582d0b))
+* add user agent to requests ([#206](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/206)) ([ef2b97a](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/ef2b97a3022a5feeb96c3ccdb8009ae89b582d0b))
 
 ### Bug Fixes
 
--   handle environment documentation pagination ([#205](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/205)) ([a83d3a5](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/a83d3a5789abbc47abc2a95d07a19756ab7befbb))
+* handle environment documentation pagination ([#205](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/205)) ([a83d3a5](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/a83d3a5789abbc47abc2a95d07a19756ab7befbb))
+
 
 ### CI
 
--   add release please configuration ([#190](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/190)) ([946f911](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/946f911e3c9d7df21bd7e5c6df5f9f92927e5e59))
+* add release please configuration ([#190](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/190)) ([946f911](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/946f911e3c9d7df21bd7e5c6df5f9f92927e5e59))
+
 
 ### Docs
 
--   removing hero image from SDK readme ([#194](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/194)) ([bc71d40](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/bc71d40bdfa319b5333c18f4f9eacbe90b6fad0d))
+* removing hero image from SDK readme ([#194](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/194)) ([bc71d40](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/bc71d40bdfa319b5333c18f4f9eacbe90b6fad0d))
+
 
 ### Other
 
--   add root CODEOWNERS ([#200](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/200)) ([e81cc00](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/e81cc00f1de35e0884b2cfc70c6cf54a75a3426c))
--   versioned test data ([#197](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/197)) ([9fb5c12](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/9fb5c127a2b56503ba876da2466c24e5ceff1d3f))
+* add root CODEOWNERS ([#200](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/200)) ([e81cc00](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/e81cc00f1de35e0884b2cfc70c6cf54a75a3426c))
+* versioned test data ([#197](https://github.com/Flagsmith/flagsmith-nodejs-client/issues/197)) ([9fb5c12](https://github.com/Flagsmith/flagsmith-nodejs-client/commit/9fb5c127a2b56503ba876da2466c24e5ceff1d3f))
 
 <a id="v6.1.0"></a>
 
diff --git a/flagsmith-engine/segments/evaluators.ts b/flagsmith-engine/segments/evaluators.ts
@@ -137,7 +137,7 @@ function evaluateRuleConditions(ruleType: string, conditionResults: boolean[]):
     }
 }
 
-const TRAITS_DOT_PATTERN = /^\$\.identity\.traits\.([^.]+)$/;
+const TRAITS_DOT_PATTERN = /^\$\.identity\.traits\.(.+)$/;
 const TRAITS_BRACKET_PATTERN = /^\$\.identity\.traits\['(.+)'\]$/;
 
 function extractTraitNameFromPath(property: string): string | undefined {
@@ -190,14 +190,9 @@ export function getContextValue(jsonPath: string, context?: GenericEvaluationCon
     if (!context || !jsonPath?.startsWith('$.')) return undefined;
 
     try {
-        const normalizedPath = normalizeJsonPath(jsonPath);
-        const results = JSONPath({ path: normalizedPath, json: context });
+        const results = JSONPath({ path: jsonPath, json: context });
         return results.length > 0 ? results[0] : undefined;
     } catch (error) {
         return undefined;
     }
 }
-
-function normalizeJsonPath(jsonPath: string): string {
-    return jsonPath.replace(/\.([^.\[\]]+)$/, "['$1']");
-}
diff --git a/tests/engine/unit/segments/segment_evaluators.test.ts b/tests/engine/unit/segments/segment_evaluators.test.ts
@@ -355,7 +355,8 @@ describe('traitsMatchSegmentCondition with $.identity.traits.* properties', () =
                 age: 25,
                 tamaño: 'grande',
                 サイズ: 'medium',
-                '[$the.size$]': 'small'
+                '[$the.size$]': 'small',
+                'my.foo.bar': 'dotted'
             }
         },
         segments: {},
@@ -369,6 +370,9 @@ describe('traitsMatchSegmentCondition with $.identity.traits.* properties', () =
         // dot notation – unicode trait name
         [{ property: '$.identity.traits.tamaño', operator: 'EQUAL', value: 'grande' }, true],
         [{ property: '$.identity.traits.サイズ', operator: 'EQUAL', value: 'medium' }, true],
+        // dot notation – trait name that itself contains dots (everything after $.identity.traits. is the key)
+        [{ property: '$.identity.traits.my.foo.bar', operator: 'EQUAL', value: 'dotted' }, true],
+        [{ property: '$.identity.traits.my.foo.bar', operator: 'EQUAL', value: 'other' }, false],
         // bracket notation – special characters in trait name that break jsonpath-plus
         [
             { property: "$.identity.traits['[$the.size$]']", operator: 'EQUAL', value: 'small' },

Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ function evaluateRuleConditions(ruleType: string, conditionResults: boolean[]):`
`137`	`137`	`}`
`138`	`138`	`}`
`139`	`139`
`140`		`-const TRAITS_DOT_PATTERN = /^\$\.identity\.traits\.([^.]+)$/;`
	`140`	`+const TRAITS_DOT_PATTERN = /^\$\.identity\.traits\.(.+)$/;`
`141`	`141`	`const TRAITS_BRACKET_PATTERN = /^\$\.identity\.traits\['(.+)'\]$/;`
`142`	`142`
`143`	`143`	`function extractTraitNameFromPath(property: string): string \| undefined {`
`@@ -190,14 +190,9 @@ export function getContextValue(jsonPath: string, context?: GenericEvaluationCon`
`190`	`190`	`if (!context \|\| !jsonPath?.startsWith('$.')) return undefined;`
`191`	`191`
`192`	`192`	`try {`
`193`		`- const normalizedPath = normalizeJsonPath(jsonPath);`
`194`		`- const results = JSONPath({ path: normalizedPath, json: context });`
	`193`	`+ const results = JSONPath({ path: jsonPath, json: context });`
`195`	`194`	`return results.length > 0 ? results[0] : undefined;`
`196`	`195`	`} catch (error) {`
`197`	`196`	`return undefined;`
`198`	`197`	`}`
`199`	`198`	`}`
`200`		`-`
`201`		`-function normalizeJsonPath(jsonPath: string): string {`
`202`		`- return jsonPath.replace(/\.([^.\[\]]+)$/, "['$1']");`
`203`		`-}`