postmanlabs / swagger2-postman2

Module and library to convert Swagger 2.0 to a Postman Collection (v2.0)
Apache License 2.0
82 stars 42 forks source link

[Snyk] Security upgrade swagger2openapi from 7.0.2 to 7.0.4 #75

Closed snyk-bot closed 2 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-Y18N-1021887
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: swagger2openapi The new version differs by 31 commits.
  • e26cda0 Publish
  • e1945a0 build: update .gitignore
  • 16faa5d build: fixup some webpack errors
  • 07cc35c build: update deps
  • d80e76e Merge pull request #307 from Mermade/dependabot/npm_and_yarn/babel/runtime-7.12.5
  • ee0fd07 Merge pull request #309 from Mermade/dependabot/npm_and_yarn/eslint-7.13.0
  • 99b311f Merge pull request #305 from Mermade/dependabot/npm_and_yarn/mocha-8.2.1
  • adef7db build: drop travis, basic github ci workflow
  • 5e48a4b fix: validator better context for responses
  • fd11f77 build: eslintrc changes
  • cc0d875 fix: schema type:file improvements
  • ca4ed88 build(deps-dev): bump eslint from 7.11.0 to 7.13.0
  • 6e8a5b2 build(deps-dev): bump @babel/runtime from 7.11.2 to 7.12.5
  • 6873e38 build(deps-dev): bump mocha from 8.1.3 to 8.2.1
  • 30b3b50 Publish
  • d01f227 tests: options fixes
  • 36cce83 fix: s2o declare node-fetch dep explicitly, refs #292
  • bfbd29e fix: s2o ensure there is a server.param.default value
  • 7888e01 build: test only a known-good node 12 version
  • d2e3944 docs: improve oas-validator README, refs #289
  • f4791d3 Merge pull request #290 from Mermade/dependabot/npm_and_yarn/webpack-cli-4.0.0
  • e9ff14e build(deps-dev): bump webpack-cli from 3.3.12 to 4.0.0
  • a1ca303 Merge pull request #291 from Mermade/dependabot/npm_and_yarn/eslint-7.11.0
  • c4a0d5a Merge pull request #288 from Mermade/dependabot/npm_and_yarn/exodus/schemasafe-1.0.0-rc.3
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic