Bump dependency due to a vulnerable package
SF97 opened this issue · comments
SĂ©rgio Ferreira commented
A dependency used in this project @apidevtools/json-schema-ref-parser is vulnerable to a prototype pollution attack, as listed in https://nvd.nist.gov/vuln/detail/CVE-2024-29651 - GHSA-5f97-h2c2-826q
We should bump this dependency in order to avoid any potential vulnerabilities, and to prevent vulnerability alarms by automated CVE analysis in this project.