fast-json-patch version is susceptible to a vulnerability

[DrakeEsdon]

The current version of fast-json-patch is vulnerable to prototype pollution attacks. We should update to fast-json-patch@3.1.1 or higher in our dependancies

[jhonnycordova]

Any updates on this? Are you planning to update the fast-json-patch version?

[nantiferov]

Not the best solution, but it's possible to override dependency in package.json with fixed version like this:

{
...
  "overrides": {
    "ajv-cli": {
      "fast-json-patch": "^3.1.1"
    }
...
  }

[luke-hill]

Echo'ing this that it's causing a lot of notifications on larger repos that are flagging this as a security vulnerability