Closed erlanggatjhie closed 4 months ago
Hello there erlanggatjhie 👋
Thank you for opening your very first issue in this project.
We will try to get back to you as soon as we can.👀
Not relevant to how we use that package in the cli. But happy to review a PR if anyone is annoyed by the warning
But happy to review a PR if anyone is annoyed by the warning
Thanks WoH. Happy to hear the finding is not relevant to how we use that package. The finding actually causes lots of lost time dealing with corporate security teams and especially government customers that monitor each finding. Switching to a more maintained yaml library would be appreciated. Thanks for the fix @mamerruddin!
Sorting
I'm submitting a ...
I confirm that I
Current Behavior
Snyk has identified a security vulnerability within the tsoa packages:
Inflight - Missing Release of Resource after Effective Lifetime
Possible Solution
The vulnerability comes from yamljs@0.3.0 which indirectly uses inflight. Unfortunately, both
inflight
andyamljs
are not actively maintained. I am thinking if we can use js-yaml or yaml instead ofyamljs
to remediate the security issue.Context (Environment)
Version of the library: 4.1.3, 5.1.1, 6.0.0 Version of NodeJS: 18