NPM Audit Vulnerability ajv-merge-patch > fast-json-patch

Question

NPM Audit Vulnerability ajv-merge-patch > fast-json-patch

Scott-Allen-Mind-Gyn opened this issue 2 years ago · 0 comments

Scott-Allen-Mind-Gyn commented 2 years ago

Issue raised here ajv-validator/ajv-merge-patch#54

But doesn't look like there's been any movement on this npm package for a long time, so perhaps an alternative is required?

fast-json-patch <3.1.1 Severity: moderate Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - https://github.com/advisories/GHSA-8gh8-hqwg-xf34 fix available via npm audit fix --forceWill install serverless-appsync-plugin@1.14.0, which is a breaking change node_modules/fast-json-patch ajv-merge-patch * Depends on vulnerable versions of fast-json-patch node_modules/serverless-appsync-plugin/node_modules/ajv-merge-patch serverless-appsync-plugin >=2.0.0-alpha.1 Depends on vulnerable versions of ajv-merge-patch node_modules/serverless-appsync-plugin