Closed smarusa closed 6 years ago
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
:memo: Please visit https://cla.developers.google.com/ to sign.
Once you've signed, please reply here (e.g. I signed it!
) and we'll verify. Thanks.
comment
CLAs look good, thanks!
@whitlockjc latest version 0.10.3 still has "string":"^3.3.0" as its dependencies but GitHub repo package.json doesn't have this dependency could you please check your npmjs.org published tar file
I haven't published after this PR.
@whitlockjc - any outlook when 0.10.4 will be released that contains this update?
I'll get something out soon, sorry for the delay (holidays).
@whitlockjc - any updates on how soon is soon :)?
Very interested in this as well. Any idea on dates?
Any update on when this PR will be included in a cut version? Thousands of clients are still potentially vulnerable without this change. This has been open for 4 months.
I don't see why we can't try to get a release out.
@whitlockjc anything missing to release v0.10.4 that we can help with?
I've not really planned on it but I can push it since people seem to want it now.
Do we know when v0.10.4 will come out?
Hello, Any date for 0.10.4?
Thanks
ping
Is this project dead? Leaving a known, patched security flaw without so much as a patch version release in a project that sees 66,000 weekly downloads is pretty irresponsible. It's completely understandable if you don't have the time to dedicate to this project, and I'm sure if you ask the community would be happy to lend a hand.
Thanks for your work on this project over the years.
On Mon, May 7, 2018 at 10:56 AM, David Marr notifications@github.com wrote:
ping
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/apigee-127/swagger-tools/pull/542#issuecomment-387149145, or mute the thread https://github.com/notifications/unsubscribe-auth/ABgJRP5LdhBvWlieCHreF-_ncyCelyY3ks5twIrXgaJpZM4P87OK .
Remove stringjs dependency due to vulnerability in string 3.3. It is used so little there is no need for the extra dependency in Swagger-tools.
Source: CERT Name: https://nodesecurity.io/advisories/536 Url: https://nodesecurity.io/advisories/536 Source: CERT Name: https://github.com/jprichardson/string.js/issues/212 Url: https://github.com/jprichardson/string.js/issues/212