Update dependency json-schema to v0.4.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
json-schema	0.3.0 → 0.4.0

---

json-schema is vulnerable to Prototype Pollution

CVE-2021-3918 / GHSA-896r-f27r-55mw

More information

Details

json-schema before version 0.4.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

Severity

• CVSS Score: 9.8 / 10 (Critical)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-3918
• https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741
• https://huntr.dev/bounties/bb6ccd63-f505-4e3a-b55f-cd2662c261a9
• https://github.com/kriszyp/json-schema/commit/b62f1da1ff5442f23443d6be6a92d00e65cba93a
• https://github.com/kriszyp/json-schema/commit/f6f6a3b02d667aa4ba2d5d50cc19208c4462abfa
• https://lists.debian.org/debian-lts-announce/2022/12/msg00013.html
• https://security.netapp.com/advisory/ntap-20250117-0004
• https://github.com/advisories/GHSA-896r-f27r-55mw

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

kriszyp/json-schema (json-schema)

v0.4.0

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[qlty-cloud-legacy]

Code Climate has analyzed commit d8518a2 and detected 0 issues on this pull request.

View more on Code Climate.