Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue from better-ajv-errors module json-schema 0.30.0 version #2981

Closed
scottdickerson opened this issue Nov 19, 2021 · 0 comments · Fixed by #2988
Closed

Security issue from better-ajv-errors module json-schema 0.30.0 version #2981

scottdickerson opened this issue Nov 19, 2021 · 0 comments · Fixed by #2988

Comments

@scottdickerson
Copy link

Welcome! Please use this template for reporting bugs or requesting features. For questions about using Workbox, the best place to ask is Stack Overflow, tagged with [workbox]: https://stackoverflow.com/questions/ask?tags=workbox

Library Affected:
workbox-build

Browser & Platform:
NA

Issue or Feature Request Description:
A new security exposure has been found in json-schema 0.3.0. Here are the details, recommendations upgrade to 0.4.0 at least
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-3918

Here's the yarn why that shows the nested dependency

  └─ workbox-webpack-plugin@npm:6.4.1 [3cca9] (via npm:^6.4.1 [3cca9])
      └─ workbox-build@npm:6.4.1 (via npm:6.4.1)
         └─ @apideck/better-ajv-errors@npm:0.2.7 [c0a5f] (via npm:^0.2.7 [c0a5f])
            └─ json-schema@npm:0.3.0 (via npm:^0.3.0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: update @apideck/better-ajv-errors to ^0.3.1
1 participant
@scottdickerson