Carmine DiMascio

@GWellerGMSL oas 3.1 support was added in v5.4.0. As such 3.1 support has no impact on earlier 5.x versions. Please provid specifics regarding your issue. Cheers!

@constanzaderienzo can you describe the current behavior today and the desired behavior if this change were implemented and merged?

@0bex0 curious whether you've created an issue with ajv regarding the double caching. Would love to solve it there, upgrade the dep, and retain your fix (assuming it's feasible within...

Alternatively, we might maintain our own cache, essentially compile the schema on first use, then cache the schema via a map owned by the validator, rather than using ajv's addSchema....

there is a test for this that is passing. test: https://github.com/cdimascio/express-openapi-validator/blob/master/test/read.only.spec.ts#L170-L184 oas spec: https://github.com/cdimascio/express-openapi-validator/blob/master/test/resources/read.only.yaml#L14-L46 please validate your spec/usage against this to ensure its accurate

@FYamazaki to get set up quickly, click the "Gitpod | Ready-to-code" badge.  ### Step by Step: 1. Navigate to https://github.com/cdimascio/express-openapi-validator 2. Click the "Gitpod | Ready-to-code" badge 3. Login...

Thus far, response validation has only been supported for JSON responses.

@max-at-silverflow this is a large change. What is your confidence, particularly regarding the series work?

@briangweber thanks for the ticket. happy to work with you on a fix. feel free to submit a PR. thank you!

The PR above upgrades to path-to-regex to 6.3.0 which resolves the vulnerability. An upgrade to v8.x is still desired. PRs welcome