apigee-127 / swagger-node-runner

The heart of Swagger-Node
MIT License
102 stars 124 forks source link

Security: update package use of qs library #97

Closed camsjams closed 7 years ago

camsjams commented 7 years ago

There is an advisory for the npm package qs that can be solved by upgrading to the latest version (currently at v6.4.0), or at the very least v6.1.2.

Some additional info from snyk and the qs github issue.

Should be a simple bump as there haven't been too many changes from 5 to 6 that would break.

camsjams commented 7 years ago

Created PR #98

camsjams commented 7 years ago

Thanks! Can you please publish to NPM?

t-sont commented 7 years ago

Hello, is there any special reason this is still not being published to NPM after 9 days? I don't want to state the obvious from the referenced security links above, by Camsjams, but the qs vulnerability is a high severity one. Is this project not a really important one? Or is someone really sure that it cannot be exploited with swagger-node-runner?

theganyo commented 7 years ago

Sorry for the delay. It has been published as 0.7.3.

camsjams commented 7 years ago

Thanks!