webapi-parser icon indicating copy to clipboard operation
webapi-parser copied to clipboard

Published 20 hours ago verified publisher icon raml-org

Bug: update ajv dependency

Open kavinho opened this issue 4 years ago • 1 comments

Library version used "0.5.0"

Language library used with JavaScript

Describe the bug This lib depends on ajv:6.5.2 , which is vulnerable prototype pollution attack. https://sca.analysiscenter.veracode.com/vulnerability-database/security/prototype-pollution/javascript/sid-25893

Expected behaviour/output Can we update the dependency to 6.12.3 or later.

kavinho avatar Apr 06 '21 01:04 kavinho

Same here: https://www.npmjs.com/package/nestjs-asyncapi

railsstudent avatar Mar 17 '22 02:03 railsstudent