xero-node Vulnerability with json-schema@0.2.3

Vulnerability with [email protected]

Open amansanghvi opened this issue 2 years ago • 1 comments

SDK you're using (please complete the following information):

Version [4.19.1, 4.23.0]

Describe the bug Snyk on our system shows a "high" ranked vulnerability:

[email protected] › [email protected] › [email protected] › [email protected] › [email protected]

as this may pollute the global prototype via the validate function.

This is fixed in [email protected].

Automated advice from Snyk is:

Your dependencies are out of date, otherwise you would be using a newer json-schema than [email protected]. Try relocking your lockfile or deleting node_modules. If the problem persists, one of your dependencies may be bundling outdated modules.

Aug 24 '22 01:08 amansanghvi

Hi @amansanghvi 👋 I've just started looking into this issue, and believe it is related to #579 and the deprecated request library.

Sep 07 '22 22:09 tnzzz

We have updated the required packages in our new version. npm audit report is clean now.

Please use version v5.0.1

let us know with any further issues on this ticket. @amansanghvi @tnzzz

Feb 07 '24 06:02 sangeet-joy-tw

Please use version v5.0.1

Feb 08 '24 13:02 sangeet-joy-tw

xero-node xero-node copied to clipboard

Vulnerability with [email protected]

xero-node
xero-node copied to clipboard