[JOC-2214] Upgrade ajv version 6.12.6 to 8.18.0 due to 3rd-party vulnerability CVE-2025-69873 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Dismissed (View Workflow)
Priority: Low
Resolution: Won't Fix
Affects Version/s: 2.5.10, 2.7.1
Fix Version/s: 2.5.13, 2.7.8
Component/s: JOC Cockpit GUI
Labels:
None

CVE-ID:
CVE-2025-69873

Description

Impact

Development dependency used for build-time schema validation.
ajv is not included in production bundle. There is no run-time exposure.

Maintainer Note

The issue is dismissed for releases in branch 2.5 as version 8.18.0 of ajv requires upgrading to Angular 21.
The upgrade of the Angular framework is a too big change for the LTS phase in branch 2.5.

Attachments

Activity

People

Assignee:: Neeraj Patidar

Reporter:: Andreas Püschel

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17 April 2026 16:35

Updated:: 17 April 2026 17:28

Resolved:: 17 April 2026 16:38