Vulnerability with json-schema@0.2.3
amansanghvi opened this issue · 3 comments
amansanghvi commented
SDK you're using (please complete the following information):
- Version [4.19.1, 4.23.0]
Describe the bug
Snyk on our system shows a "high" ranked vulnerability:
xero-node@4.19.1 › request@2.88.2 › http-signature@1.2.0 › jsprim@1.4.1 › json-schema@0.2.3
as this may pollute the global prototype via the validate
function.
This is fixed in json-schema@0.4.0
.
Automated advice from Snyk is:
Your dependencies are out of date, otherwise you would be using a newer json-schema than json-schema@0.2.3. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.
tnzzz commented
Hi @amansanghvi 👋 I've just started looking into this issue, and believe it is related to #579 and the deprecated request library.
sangeet-joy-tw commented
We have updated the required packages in our new version. npm audit report is clean now.
Please use version v5.0.1
let us know with any further issues on this ticket. @amansanghvi @tnzzz
sangeet-joy-tw commented
Please use version v5.0.1