search

slanatech / swagger-stats

API Observability. Trace API calls and Monitor API performance, health and usage statistics in Node.js Microservices.
https://swaggerstats.io/
MIT License
906 stars 139 forks source link

Fastify -> find-my-way vulnerability #291

Open awildeep opened 2 months ago

awildeep commented 2 months ago

swagger-stats currently depends on a version of fastify with a high severity vulnerability/

➜ npm audit
# npm audit report

find-my-way  <8.2.2
Severity: high
find-my-way has a ReDoS vulnerability in multiparametric routes - https://github.com/advisories/GHSA-rrr8-f88r-h8q6
fix available via `npm audit fix --force`
Will install @types/swagger-stats@0.95.4, which is a breaking change
node_modules/find-my-way
  fastify  0.17.0 - 4.25.2
  Depends on vulnerable versions of find-my-way
  node_modules/fastify
    @types/swagger-stats  >=0.95.5
    Depends on vulnerable versions of fastify
    node_modules/@types/swagger-stats