-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability with dependency swagger-parser v10.0.2 #287
Labels
pinned
Issues that will not be automatically closed
Comments
I see this was updated in the |
Haegin
added a commit
to Haegin/swagger-jsdoc
that referenced
this issue
Oct 17, 2022
Fixes Vulnerability with dependency swagger-parser v10.0.2 Surnet#287. swagger-parser depends on z-schema, which depends on validator, and the version that swagger-parser v10.0.2 depends on has a security vulnerability (GHSA-xx4c-jj58-r7x6). PR Surnet#300 tried to fix this, but because the version is pinned to 10.0.2 exactly in package.json it hasn't changed the version used.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In our company's vulnerability scans this morning there was a security vulnerability discovered with a deep-down dependency of swagger parser v10.0.2 (z-schema v4.2.3 -> validator v13.6.0). It looks like this has been resolved with v10.0.3, so an upgrade of that dependency version to v10.0.3 seems to be in order.
The text was updated successfully, but these errors were encountered: