## Dependabot Alert - Alert: #1 - Package: ajv - Severity: medium - Manifest: pnpm-lock.yaml - Vulnerable range: < 6.14.0 - Patched version: 6.14.0 - Advisory: GHSA-2g4f-4pwh-qvx6 - CVE: CVE-2025-69873 - Public advisory: https://github.com/advisories/GHSA-2g4f-4pwh-qvx6 ## Summary ajv has ReDoS when using `$data` option ## Remediation - Update the dependency graph so ajv resolves outside the vulnerable range. - Regenerate pnpm-lock.yaml. - Run the app test/build checks and package dry run. - Confirm GitHub Dependabot marks alert #1 resolved after merge.
Dependabot Alert
Summary
ajv has ReDoS when using
$dataoptionRemediation