Skip to content
This repository has been archived by the owner on Aug 4, 2023. It is now read-only.

Vulnerability in validator package #636

Open
TheBrockEllis opened this issue Nov 5, 2021 · 6 comments
Open

Vulnerability in validator package #636

TheBrockEllis opened this issue Nov 5, 2021 · 6 comments

Comments

@TheBrockEllis
Copy link

Running NPM audit reveals that the validator package that is used by z-schema, which is a dependency of swagger-tools, has a moderate vulnerability.

Link to the z-schema Github issue

Link to the NPM advisory

Is there any chance that this package will eventually be updated when the other upstream packages get patched?
@Nigrimmist
Copy link

The same issue

@TheBrockEllis
Copy link
Author

The z-schema package updated the issue 12 days ago with a fix for the discovered vulnerability. Any ETA for a new release of swagger-tools that would include updated dependencies?

@piyushhajare
Copy link

piyushhajare commented Nov 26, 2021
edited
Loading

We are having same issue with this. Z-schema has also updated the vulnerable package, can someone let us know the ETA for a new release of swagger-tools with updated version of z-schema?

@hrgondaliya
Copy link

We are having the same issue with this. The z-schema package updated the issue 12 days ago with a fix for the discovered vulnerability. Any ETA for a new release of swagger-tools?

@hrgondaliya
Copy link

Anyone can help with an alternative package for "swagger-tools" which does not have this vulnerability?

@amaciejk
Copy link

Also watching

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Nigrimmist @TheBrockEllis @piyushhajare @amaciejk @hrgondaliya