fix: update jsonpath-plus for CVE-2025-1302

[JonathanSmithSkipton]

Description

Followup fix for vulnerability CVE-2024-21534 previous addressed in #3369

See: https://nvd.nist.gov/vuln/detail/CVE-2025-1302

Pre-merge checklist

This is for use by the Artillery team. Please leave this in if you're contributing to Artillery.

• Does this require an update to the docs?
• Does this require a changelog entry?

[CLAassistant]

All committers have signed the CLA.

[JonathanSmithSkipton]

@hassy anything you need from me on this? very interested in getting this RCE vulnerability closed off from a security point of view

[JonathanSmithSkipton]

@hassy do we have an eta on when this would likely be merged? getting alot of alerts raised from this due to its nature as a critical vulnerability

[TonyF111]

Can this be bumped up in urgency please?

[hassy]

merged now, thank you @JonathanSmithSkipton & apologies for the delay.

btw this is unlikely to have affected any installations of Artillery, since the dependency only pins the major version, so v10.3.0 of the package would be installed on npm install artillery.