swagger-tools icon indicating copy to clipboard operation
swagger-tools copied to clipboard

Published 20 hours ago verified publisher icon apigee-127

Vulnerability in validator package

Open TheBrockEllis opened this issue 3 years ago • 6 comments

Running NPM audit reveals that the validator package that is used by z-schema, which is a dependency of swagger-tools, has a moderate vulnerability.

Link to the z-schema Github issue

Link to the NPM advisory

Is there any chance that this package will eventually be updated when the other upstream packages get patched?

TheBrockEllis avatar Nov 05 '21 20:11 TheBrockEllis

The same issue

Nigrimmist avatar Nov 09 '21 08:11 Nigrimmist

The z-schema package updated the issue 12 days ago with a fix for the discovered vulnerability. Any ETA for a new release of swagger-tools that would include updated dependencies?

TheBrockEllis avatar Nov 23 '21 14:11 TheBrockEllis

We are having same issue with this. Z-schema has also updated the vulnerable package, can someone let us know the ETA for a new release of swagger-tools with updated version of z-schema?

piyushhajare avatar Nov 26 '21 04:11 piyushhajare

We are having the same issue with this. The z-schema package updated the issue 12 days ago with a fix for the discovered vulnerability. Any ETA for a new release of swagger-tools?

hrgondaliya avatar Dec 16 '21 07:12 hrgondaliya

Anyone can help with an alternative package for "swagger-tools" which does not have this vulnerability?

hrgondaliya avatar Dec 21 '21 08:12 hrgondaliya

Also watching

amaciejk avatar Oct 17 '22 16:10 amaciejk