[BUG] Upgrade transitive dependency "json-schema@0.2.3" to fix CVE-2021-3918

angular / protractor

E2E test framework for Angular apps

http://www.protractortest.org

MIT License

8.75k stars 2.31k forks source link

[BUG] Upgrade transitive dependency "json-schema@0.2.3" to fix CVE-2021-3918 #5542

Closed amrityam closed 2 years ago

amrityam commented 2 years ago

While scanning my project with auditjs, I discovered json-schema has a transitive dependency on protractor@7.0.0 which has vulnerability CVE-2021-3918. This can be fixed by upgrading json-schema to 0.4.0 version.

$ npm ls json-schema web@2.1.3-b C:\Users\my-project └─┬ protractor@7.0.0 └─┬ webdriver-manager@12.1.7 └─┬ request@2.88.2 └─┬ http-signature@1.2.0 └─┬ jsprim@1.4.1 └── json-schema@0.2.3

alan-agius4 commented 2 years ago

Please regenerate your lock file.