postmanlabs / swagger2-postman2

Module and library to convert Swagger 2.0 to a Postman Collection (v2.0)
Apache License 2.0
82 stars 42 forks source link

[Snyk] Security upgrade openapi-to-postmanv2 from 2.0.0 to 2.10.0 #93

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342073
No Proof of Concept
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKED-2342082
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: openapi-to-postmanv2 The new version differs by 177 commits.
  • 67c8817 Merge branch 'release/2.10.0'
  • 4a5933c Released v2.10.0
  • 9ee7055 Merge pull request #331 from postmanlabs/feature/automate-release-script
  • 0de131c Merge pull request #396 from postmanlabs/feature/fix-schema-caching
  • 66df6a3 Merge pull request #393 from raghavgarg1257/fix/apiKey-securityScheme-value
  • 6832a1d Merge pull request #395 from postmanlabs/feature/fix-pmvar-faker
  • 446ca77 Added more comments to understand added fields correctly
  • 25b2ee0 Updated code to be more readable as suggested in comment
  • a14cc2a Merge pull request #388 from postmanlabs/feature/update-dependencies
  • a79c1e9 Merge pull request #389 from postmanlabs/feature/fix-missing-description-validation
  • 3cbbf4f Added tests to validate failing case currently to be fixed
  • 19b0e1d Fixed issue where invalid cached schema was being used
  • f27caec Fixed issue where example values with pm variable syntax were not picked up in conversion
  • 7dc00a2 Fixes the value format for apiKey security scheme.
  • 4c57b5e Fixed issue where description was missing from suggested fix for missing_in_request type of mismatches
  • 70a3905 Updated vulnerable dependencies
  • 6bad8c7 Merge branch 'release/2.9.0'
  • bb35217 Merge branch 'release/2.9.0' into develop
  • 1dcf08a Released v2.9.0
  • 5571296 Merge pull request #386 from postmanlabs/feature/fix-deepobject-conversion
  • 13ebc25 Added support for validation of deepObject styled parameters
  • aeeae46 Fixed issue where params with style deepObject were only converted to only one level of key-value pair
  • 4994f3a Merge branch 'release/2.8.0'
  • 71197f3 Changelog v2.8.0
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic