Skip to content

Commit a0faa70

Browse files
NstttScriptedAlchemy
Nsttt
and
ScriptedAlchemy
authored
fix(deps): override ajv@8.18.0 (CVE-2025-69873) (#4438)
Co-authored-by: Zack Jackson <25274700+ScriptedAlchemy@users.noreply.github.com> Co-authored-by: ScriptedAlchemy <zackary.l.jackson@gmail.com>
1 parent 7927967 commit a0faa70

File tree

4 files changed

+100
-133
lines changed

4 files changed

+100
-133
lines changed

.changeset/stale-bulldogs-suffer.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
---
2+
'@module-federation/enhanced': patch
3+
---
4+
5+
Security fix: bump Ajv usage to 8.18.0 to prevent CVE-2025-69873 from affecting `schema-utils` validation paths.

package.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -130,7 +130,9 @@
130130
}
131131
},
132132
"overrides": {
133-
"@changesets/assemble-release-plan": "workspace:*"
133+
"@changesets/assemble-release-plan": "workspace:*",
134+
"ajv": "8.18.0",
135+
"schema-utils@3.3.0>ajv": "6.12.6"
134136
},
135137
"onlyBuiltDependencies": [
136138
"@parcel/watcher",

packages/enhanced/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@
8585
"devDependencies": {
8686
"@module-federation/webpack-bundler-runtime": "workspace:*",
8787
"@types/btoa": "^1.2.5",
88-
"ajv": "^8.17.1",
88+
"ajv": "^8.18.0",
8989
"enhanced-resolve": "^5.0.0",
9090
"terser": "^5.37.0",
9191
"memfs": "4.46.0"

0 commit comments

Comments
 (0)