kobik
commented
3 years ago @paimon0715 Thanks for the heads up 👍
Released a new version with the relevant fix.
Closed paimon0715 closed 3 years ago
kobik
commented
3 years ago @paimon0715 Thanks for the heads up 👍
Released a new version with the relevant fix.
Hi, @kobik, I have reported a vulnerability issue in package z-schema.
As far as I am aware, vulnerability SNYK-JS-VALIDATOR-1090600, SNYK-JS-VALIDATOR-1090599, SNYK-JS-VALIDATOR-1090602 and SNYK-JS-VALIDATOR-1090601 detected in package validator<13.6.0 is directly referenced by z-schema@4.2.3, on which your package openapi-validator-middleware@3.2.2 transitively depends. As such, this vulnerability can also affect openapi-validator-middleware@3.2.2 via the following path:
openapi-validator-middleware@3.2.2 ➔ api-schema-builder@2.0.5 ➔ swagger-parser@10.0.2 ➔ @apidevtools/swagger-parser@10.0.2 ➔ z-schema@4.2.3 ➔ validator@12.2.0(vulnerable version)Since z-schema has released a new patched version z-schema@4.2.4 to resolve this issue (z-schema@4.2.4 ➔ validator@13.6.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
openapi-validator-middleware@3.2.2 ➔ api-schema-builder@2.0.5 ➔ swagger-parser@10.0.2 ➔ @apidevtools/swagger-parser@10.0.2 ➔ z-schema@4.2.4 ➔ validator@13.6.0(vulnerability fix version).A warm tip.^_^