Comments (9)
Hi Ben.
Yes, I will take care if that. Thank you for the reminder.
from json-schema-library.
json-schema-library is published with an upgraded gson-pointer dependency: v7.3.7
.
Your issue should be solved.
from json-schema-library.
Perfect! thanks for turning this around for us quickly! Have a great day! 🙏
from json-schema-library.
Nice thanks! Let me know if there's anything we can do to help! 🙏
from json-schema-library.
Thank you for the quick turnaround! 🙏
from json-schema-library.
@sagold it looks like the vulnerability is still there in the latest package however? Just tried with the latest 4.1.2 version and it's still possible to do prototype pollution with the latest version?
from json-schema-library.
yes I see the problem now. Will be done soon.
from json-schema-library.
OK perfect! Thank you again! 🙏
from json-schema-library.
Hi Ben.
- the prototype pollution vulnerability has been fixed in
gson-pointer
- the vulerable devDependency
watch
has been removed fromgson-pointer
gson-pointer
was published withv4.1.3
In addition, a step which was overdue is to move gson-pointer
package. This package will further be published under @sagold/json-pointer
and is currently available with v5.0.0
(ahead of gson-pointer and includes the same patches).
Thus
- with json-schema-library
v7.3.8
the dependency was replaced by@sagold/[email protected]
running yarn audit
results in 0 vulnerabilities.
If I missed something, send me response.
from json-schema-library.
Related Issues (20)
- Clearly document how remote schemas are identified HOT 3
- ESM-Bundle for using in browser HOT 1
- getTemplate loses compiled references HOT 2
- getTemplate falsely returns default for type number when schema type is set to integer HOT 2
- Top level "oneOf" does not validate correctly HOT 2
- Support for future JSON Schema Drafts / Specifications HOT 3
- Template generation for arrays with `anyOf` clobbers valid default values using first schema's template HOT 3
- Cannot be used in browser-based applications that set a CSP which disallows unsafe-eval HOT 4
- multipleOf running into floating point issue HOT 10
- Wrongful Error on chained negative logic If cases HOT 4
- Support for `idn-email` fromat in Draft07 HOT 1
- The purpose of minLengthOneError HOT 2
- `patternProperties` schemas cause `getSchema` to mangle subsequent pointers HOT 2
- Request for Full ESM Support and Enabling "type: module" HOT 14
- Mutiple typeIds [not, oneOf] matched in subschema HOT 1
- Remove additional properties HOT 1
- Date Error Typo HOT 2
- "export 'default' (imported as 'deepmerge') was not found in 'deepmerge'
- MinItemsError rendering incorrectly HOT 2
- Array values mutated during validate when allOf exists HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from json-schema-library.