jsonpointer Security Vulnerability

[theory]

Dependabot on my employer's repository reports:

CVE-2021-23807

moderate severity Vulnerable versions: < 5.0.0 Patched version: 5.0.0 This affects the package jsonpointer before 5.0.0. A type confusion vulnerability can lead to a bypass of a previous Prototype Pollution fix when the pointer components are arrays.

And:

Remediation

Upgrade jsonpointer to version 5.0.0 or later. For example:

"dependencies": {
  "jsonpointer": ">=5.0.0"
}

or…

"devDependencies": {
  "jsonpointer": ">=5.0.0"
}