jaime-ez
commented
2 years ago Hi, thanks for the warning! can you make a pull request?
Closed rahuljeswani1995 closed 2 years ago
jaime-ez
commented
2 years ago Hi, thanks for the warning! can you make a pull request?
rahuljeswani1995
commented
2 years ago Unfortunately, I can't. I tried to clone and build deepstream server on my machine, but it gave me an error message - No XCode or CLT version detected. Furthermore, I am unable to install Xcode on my Mac, because it wants the latest version of Mac OS installed, which I can't do on my work laptop. I believe the change is simply to update the dependency better-ajv-errors in package.json from version 0.6.7 to 0.8.2 and you would also need to do a bit of regression testing. I'd really appreciate it if you could make this update. I would have done it myself if I could.
Update better-ajv-errors to version 0.8.2 or later because of a vulnerability in its dependency - jsonpointer Github advisory for the vulnerability - https://github.com/advisories/GHSA-282f-qqgm-c34q. Although the advisory shows this as a moderate vulnerability, Trivy scans (https://github.com/aquasecurity/trivy) flag it as a critical vulnerability. The dependency better-ajv-errors has already been updated to have the correct version (5.0.0) of the vulnerable dependency jsonpointer in its version 0.8.2 - https://github.com/atlassian/better-ajv-errors/commit/25134438bb628a3d6c6c202e54b0423458b1e582.