Security Vulnerability in fast-json-patch Dependency via ajv-cli

### Describe the bug

I have identified a security vulnerability in the OSCAL project's dependency chain. The package ajv-cli relies on an outdated version of fast-json-patch, which contains a Prototype Pollution vulnerability. This issue has been documented as:

Vulnerability ID: [GHSA-8gh8-hqwg-xf34](https://github.com/advisories/GHSA-8gh8-hqwg-xf34)

Affected Versions: fast-json-patch versions < 3.1.1

The vulnerability allows for Prototype Pollution.

### Who is the bug affecting

-

### What is affected by this bug

CI/CD

### How do we replicate this issue

npm audit

### Expected behavior (i.e. solution)

fast-json-patch  <3.1.1
Severity: high (unknown) 
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - https://github.com/advisories/GHSA-8gh8-hqwg-xf34
fix available via `npm audit fix --force`
Will install ajv-cli@0.6.0, which is a breaking change
node_modules/fast-json-patch
  ajv-cli  >=0.7.0
  Depends on vulnerable versions of fast-json-patch
  node_modules/ajv-cli

### Other comments

_No response_

### Revisions

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Vulnerability in fast-json-patch Dependency via ajv-cli #2089

Describe the bug

Who is the bug affecting

What is affected by this bug

How do we replicate this issue

Expected behavior (i.e. solution)

Other comments

Revisions

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security Vulnerability in fast-json-patch Dependency via ajv-cli #2089

Description

Describe the bug

Who is the bug affecting

What is affected by this bug

How do we replicate this issue

Expected behavior (i.e. solution)

Other comments

Revisions

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions