search

ajv-validator / ajv-merge-patch

$merge and $patch keywords for Ajv JSON-Schema validator to extend schemas
https://ajv.js.org
MIT License
46 stars 17 forks source link

Update fast-json-patch deps #58

Closed zdm closed 9 months ago

zdm commented 9 months ago

Please, update fast-json-patch to the v3.

Current used version v2 contains vulnerability.

npm audit
# npm audit report

fast-json-patch  <3.1.1
Severity: high
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - https://github.com/advisories/GHSA-8gh8-hqwg-xf34
No fix available
node_modules/fast-json-patch
  ajv-merge-patch  *
  Depends on vulnerable versions of fast-json-patch
  node_modules/ajv-merge-patch

2 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.