[Snyk: High]: json-schema prototype pollution (due 02/03/2022)

[pkfec]

Overview

Affected versions of this package are vulnerable to Prototype Pollution via the validate function, which when given a special payload will pollute Object with undesired attributes.

https://security.snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922

Detailed path:

Introduced through node-sass@7.0.0

• Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › request@2.88.2 › http-signature@1.2.0 › jsprim@1.4.1 › json-schema@0.2.3

  Fix: Your dependencies are out of date, otherwise you would be using a newer json-schema than json-schema@0.2.3. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.

• Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › node-gyp@7.1.2 › request@2.88.2 › http-signature@1.2.0 › jsprim@1.4.1 › json-schema@0.2.3

• Fix: Your dependencies are out of date, otherwise you would be using a newer json-schema than json-schema@0.2.3. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.

Remediation:

Fixed in json-schema@0.4.0.

Completion criteria:

• Fix: Your dependencies are out of date, otherwise you would be using a newer json-schema.Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.

Once we upgrade to node-sass@7.0.1 this should be resolved.