Security Vulnerability: ajv (JSON Schema Validator)
Summary
My CI/CD pipeline (Sysdig image scan) is failing due to a High severity security vulnerability detected in the ajv package (JSON Schema Validator). This is blocking all deployments.
Details
The Sysdig scanner identified one vulnerable version of ajv in the API Docker image:
| Component |
Current Version |
Fixed Version |
Severity |
ajv |
8.13.0 |
8.18.0 |
High |
This version fails the Sysdig Best Practices policy (1 failure), causing the job to exit with code 1.
Root Cause
ajv is a transitive dependency — it is not directly declared in our package.json. It is pulled in through the following dependency chain:
ajv@8.13.0 ← umzug → @rushstack/ts-command-line → @rushstack/terminal → @rushstack/node-core-library → ajv
Security Vulnerability:
ajv(JSON Schema Validator)Summary
My CI/CD pipeline (Sysdig image scan) is failing due to a High severity security vulnerability detected in the
ajvpackage (JSON Schema Validator). This is blocking all deployments.Details
The Sysdig scanner identified one vulnerable version of
ajvin the API Docker image:ajvThis version fails the
Sysdig Best Practicespolicy (1 failure), causing the job to exit with code 1.Root Cause
ajvis a transitive dependency — it is not directly declared in ourpackage.json. It is pulled in through the following dependency chain:ajv@8.13.0←umzug→@rushstack/ts-command-line→@rushstack/terminal→@rushstack/node-core-library→ajv