json-schema-sampler vulnerable to CVE-2021-23820 #24
Description
Describe the bug
@stoplightio/json-schema-sampler depends on json-pointer, which is vulnerable to CVE-2021-23820. json-pointer has not been updated in a year, Would it be possible for stoplight to remediate this by moving to another library?
To Reproduce
Install stoplight/elements 6 or 7, then run npm audit --production
Expected behavior
0 production vulnerabilities
Additional context
npm audit report
json-pointer *
Severity: moderate
Prototype Pollution in json-pointer - GHSA-v5vg-g7rq-363w
fix available via npm audit fix --force
Will install @stoplight/[email protected], which is a breaking change
node_modules/json-pointer
@stoplight/json-schema-sampler *
Depends on vulnerable versions of json-pointer
node_modules/@stoplight/json-schema-sampler
@stoplight/elements-core *
Depends on vulnerable versions of @stoplight/json-schema-sampler
node_modules/@stoplight/elements-core
@stoplight/elements >=6.0.0-alpha.1
Depends on vulnerable versions of @stoplight/elements-core
Depends on vulnerable versions of @stoplight/http-spec
node_modules/@stoplight/elements
Screenshots
none
Environment (remove any that are not applicable):
Worth noting: npm audit fix --force causes other stoplight problems.
Thank you for considering this!