Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request upgrade ajv version: Synk Failing - Prototype Pollution - High Severity #18308

Closed
samuelkavin opened this issue Jul 20, 2020 · 2 comments · Fixed by #18312, #18310 or #18313
Closed

Request upgrade ajv version: Synk Failing - Prototype Pollution - High Severity #18308

samuelkavin opened this issue Jul 20, 2020 · 2 comments · Fixed by #18312, #18310 or #18313
Assignees
@alan-agius4
Labels
area: devkit/core freq3: high severity6: security type: bug/fix
Milestone
Backlog

Comments

@samuelkavin
Copy link

samuelkavin commented Jul 20, 2020
edited

Currently, we are having some security warning in synk. It's requesting upgrade ajv version of angular-devkit to 6.12.3 from 6.12.0

Current ajv version

angular-cli/package.json

Line 126 in d584762

"ajv": "6.12.0",

Error message

@angular-devkit/core@9.0.1
Prototype Pollution [High Severity][https://snyk.io/vuln/SNYK-JS-AJV-584908] in ajv@6.10.2

introduced by @angular-devkit/core@9.0.7 > ajv@6.10.2 and 1 other path(s)

This issue was fixed in versions: 6.12.3
@samuelkavin samuelkavin changed the title Request: Synk Failing - Prototype Pollution - High Severity Request upgrade ajv version: Synk Failing - Prototype Pollution - High Severity Jul 20, 2020
@ngbot ngbot bot added this to the needsTriage milestone Jul 20, 2020
@ngbot ngbot bot modified the milestones: needsTriage, Backlog Jul 20, 2020
This was referenced Jul 21, 2020
Merged
Merged
@alan-agius4 alan-agius4 linked a pull request Jul 21, 2020 that will close this issue
fix(@angular-devkit/core): update ajv to 6.12.3 #18310
Merged
@alan-agius4 alan-agius4 mentioned this issue Jul 21, 2020
Merged
@alan-agius4 alan-agius4 self-assigned this Jul 21, 2020
@alan-agius4 alan-agius4 linked a pull request Jul 21, 2020 that will close this issue
[LTS - 9] fix(@angular-devkit/core): update ajv to 6.12.3 #18312
Merged
@alan-agius4 alan-agius4 removed a link to a pull request Jul 21, 2020
fix(@angular-devkit/core): update ajv to 6.12.3 #18310
Merged
This was linked to pull requests Jul 21, 2020
fix(@angular-devkit/core): update ajv to 6.12.3 #18310
Merged
[LTS - 8] fix(@angular-devkit/core): update ajv to 6.12.3 #18313
Merged
filipesilva pushed a commit that referenced this issue Jul 22, 2020
@alan-agius4 @filipesilva
fix(@angular-devkit/core): update ajv to 6.12.3
eec0a28 
Fixes security notice https://snyk.io/vuln/SNYK-JS-AJV-584908

Closes: #18308
filipesilva pushed a commit that referenced this issue Jul 22, 2020
@alan-agius4 @filipesilva
fix(@angular-devkit/core): update ajv to 6.12.3
0c6d05f 
Fixes security notice https://snyk.io/vuln/SNYK-JS-AJV-584908

Closes: #18308
filipesilva pushed a commit that referenced this issue Jul 22, 2020
@alan-agius4 @filipesilva
fix(@angular-devkit/core): update ajv to 6.12.3
a5ddadc 
Fixes security notice https://snyk.io/vuln/SNYK-JS-AJV-584908

Closes: #18308
@alan-agius4
Copy link
Collaborator

Closed via the above referenced PRs.

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Aug 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@alan-agius4 alan-agius4

Labels
area: devkit/core freq3: high severity6: security type: bug/fix
Projects
None yet
Milestone
Backlog
2 participants
@samuelkavin @alan-agius4