search

APIDevTools / swagger-parser

Swagger 2.0 and OpenAPI 3.0 parser/validator
https://apitools.dev/swagger-parser
MIT License
1.09k stars 154 forks source link

Release package with z-schema v5+ #177

Closed wronrohn closed 3 years ago

wronrohn commented 3 years ago

Currently, there are vulnerabilities in the validator package within the v4 of z-schema. Would it be possible to have a new release supporting z-schema v5+?

jonrober-80 commented 3 years ago

It looks like the work has already been done as PR https://github.com/APIDevTools/swagger-parser/pull/166 was merged. It just hasn't been included in a release yet. @philsturgeon @JamesMessinger is this something that you're able help with?

jonrober-80 commented 3 years ago

@JamesMessinger @philsturgeon are you able to release a new version of swagger-parser or share the plans for when the next release of will be available? As mentioned above, there is a security vulnerability in the z-schema library (which was already fixed by PR #166) that consumers are keen to pick up a fix for.

philsturgeon commented 3 years ago

@jonrober-80 When #173 is unblocked through #178 or #175 or whichever PR makes the build pass we can release. Cannot release without tests passing.

philsturgeon commented 3 years ago

Done, 10.0.3 has z-schema v5+. Sorry for the delay, I was in the middle of mountains/desert for quite some time. Back now.

The browser tests were failing but node tests are passing, so I'll look into that, get OAS 3.1 updated, and get circular dependencies fixed with #173 too.