search

completecoding / serverless-auto-swagger

80 stars 48 forks source link

Moderate vulnerability on typeconv 1.30 - 1.8.0 #120

Open caiorhian opened 1 year ago

caiorhian commented 1 year ago

Hey there, do you have plans already to update typeconv? Latest version has support for many TS features like Partial<> and Omit<>.

Not only that but the current version contains moderate vulnerability issues as detailed below:

jsonpointer  <5.0.0
Severity: moderate
Prototype Pollution in node-jsonpointer - https://github.com/advisories/GHSA-282f-qqgm-c34q
No fix available
node_modules/jsonpointer
  awesome-ajv-errors  <=2.0.0
  Depends on vulnerable versions of jsonpointer
  node_modules/awesome-ajv-errors
    suretype  <=2.4.1
    Depends on vulnerable versions of awesome-ajv-errors
    node_modules/suretype
      core-types-suretype  <=2.0.0
      Depends on vulnerable versions of suretype
      node_modules/core-types-suretype
        typeconv  1.3.0 - 1.8.0
        Depends on vulnerable versions of core-types-suretype
        node_modules/typeconv
          serverless-auto-swagger  *
          Depends on vulnerable versions of typeconv
          node_modules/serverless-auto-swagger
hallelk commented 1 week ago

bump