You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@stoplightio/json-schema-sampler depends on json-pointer, which is vulnerable to CVE-2021-23820. json-pointer has not been updated in a year, Would it be possible for stoplight to remediate this by moving to another library?
To Reproduce
Install stoplight/elements 6 or 7, then run npm audit --production
Expected behavior
0 production vulnerabilities
Additional context
npm audit report
json-pointer *
Severity: moderate
Prototype Pollution in json-pointer - GHSA-v5vg-g7rq-363w
fix available via npm audit fix --force
Will install @stoplight/[email protected], which is a breaking change
node_modules/json-pointer
@stoplight/json-schema-sampler *
Depends on vulnerable versions of json-pointer
node_modules/@stoplight/json-schema-sampler
@stoplight/elements-core *
Depends on vulnerable versions of @stoplight/json-schema-sampler
node_modules/@stoplight/elements-core
@stoplight/elements >=6.0.0-alpha.1
Depends on vulnerable versions of @stoplight/elements-core
Depends on vulnerable versions of @stoplight/http-spec
node_modules/@stoplight/elements
Screenshots
none
Environment (remove any that are not applicable):
Worth noting: npm audit fix --force causes other stoplight problems.
Thank you for considering this!
The text was updated successfully, but these errors were encountered:
Describe the bug
@stoplightio/json-schema-sampler depends on json-pointer, which is vulnerable to CVE-2021-23820. json-pointer has not been updated in a year, Would it be possible for stoplight to remediate this by moving to another library?
To Reproduce
Install stoplight/elements 6 or 7, then run npm audit --production
Expected behavior
0 production vulnerabilities
Additional context
npm audit report
json-pointer *
Severity: moderate
Prototype Pollution in json-pointer - GHSA-v5vg-g7rq-363w
fix available via
npm audit fix --forceWill install @stoplight/[email protected], which is a breaking change
node_modules/json-pointer
@stoplight/json-schema-sampler *
Depends on vulnerable versions of json-pointer
node_modules/@stoplight/json-schema-sampler
@stoplight/elements-core *
Depends on vulnerable versions of @stoplight/json-schema-sampler
node_modules/@stoplight/elements-core
@stoplight/elements >=6.0.0-alpha.1
Depends on vulnerable versions of @stoplight/elements-core
Depends on vulnerable versions of @stoplight/http-spec
node_modules/@stoplight/elements
Screenshots
none
Environment (remove any that are not applicable):
Worth noting: npm audit fix --force causes other stoplight problems.
Thank you for considering this!
The text was updated successfully, but these errors were encountered: