High level vulnerability in ajv@6.12.x

[kpalumbokitu]

Associated line in package.json:

eslintrc/package.json

Line 65 in 245ada5

"ajv": "^6.12.4",

Snyk vulnerability:
https://security.snyk.io/vuln/SNYK-JS-AJV-15274295

ajv has released a new tag (8.18.0) which fixes the vulnerability.

Is it possible to update eslintrc 3.3.3 to fix this vulnerability?

[joshuabremer]

I'm working on a PR right now.

#218

Just letting you know, I'm reading through the contributing guide now and making sure this meets all your requirements. I'll move it to "Ready for Review", when I'm certain this is ready so I don't waste your time.

[eslint-github-bot]

👋 Hi! This issue is being addressed in pull request #218. Thanks, @joshuabremer!

[joshuabremer]

Ok, this is ready for review.

[karlhorky]

A backport is coming

• fix(security): backport CVE-2025-69873 - wrap $data pattern in try/catch ajv-validator/ajv#2588

[eslint-github-bot]

👋 Hi! This issue is being addressed in pull request #221. Thanks, @lumirlumir!