jsondiffpatch 0.6.0 vulneratiliby

https://github.com/aws-samples/sample-multi-tenant-saas-mcp-server/security/dependabot/2

 Transitive dependency jsondiffpatch 0.6.0 is introduced via
`    ai 4.3.19 
`
upgrading to version 5 introduces incompatibility with Amazon Bedrock.
Waiting for fix before to resolve



```

# npm audit report

jsondiffpatch  <0.7.2
Severity: moderate
jsondiffpatch is vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin - https://github.com/advisories/GHSA-33vc-wfww-vjfv
fix available via `npm audit fix --force`
Will install ai@5.0.57, which is a breaking change
node_modules/jsondiffpatch
  ai  <=0.0.0-e27b4ed4-20240419203611 || 3.0.0 - 5.0.0-canary.4
  Depends on vulnerable versions of jsondiffpatch
  node_modules/ai

2 moderate severity vulnerabilities

To address all issues (including breaking changes), run:
  npm audit fix --force

 ⋮ 
 ● Completed in 1.81s


> Found 2 moderate severity vulnerabilities:

1. jsondiffpatch - XSS vulnerability (Cross-site Scripting via HtmlFormatter::nodeBegin)
2. ai package - Depends on the vulnerable jsondiffpatch version
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

jsondiffpatch 0.6.0 vulneratiliby #2

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

jsondiffpatch 0.6.0 vulneratiliby #2

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions