Describe the bug
The json-schema npm dependency in package.json is outdated and vulnerable to attacks. Updating to version >=0.4.0 should fix the problem.
To Reproduce
Steps to reproduce the behavior:
- Run
npm audit
- Find the following:
json-schema <0.4.0
Severity: moderate
json-schema is vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-896r-f27r-55mw
No fix available
node_modules/@xops.net/json-schema-to-react-tree/node_modules/json-schema
@xops.net/json-schema-to-react-tree *
Depends on vulnerable versions of json-schema
node_modules/@xops.net/json-schema-to-react-tree
Expected behavior
Running npm audit should not include any warnings about the json-schema package
Additional context
See GHSA-896r-f27r-55mw to read about the vuln.
This should be as easy as running npm install json-schema@0.4.0 to fix.
This will also fix the same vulnerability that exists in https://github.com/open-rpc/docs-react due to this package being a dependency.
Describe the bug
The
json-schemanpm dependency inpackage.jsonis outdated and vulnerable to attacks. Updating to version >=0.4.0 should fix the problem.To Reproduce
Steps to reproduce the behavior:
npm auditExpected behavior
Running
npm auditshould not include any warnings about thejson-schemapackageAdditional context
See GHSA-896r-f27r-55mw to read about the vuln.
This should be as easy as running
npm install json-schema@0.4.0to fix.This will also fix the same vulnerability that exists in https://github.com/open-rpc/docs-react due to this package being a dependency.