search

stoplightio / spectral

A flexible JSON/YAML linter for creating automated style guides, with baked in support for OpenAPI v3.1, v3.0, and v2.0 as well as AsyncAPI v2.x.
https://stoplight.io/spectral
Apache License 2.0
2.43k stars 235 forks source link

Stop including vm2 as a dependency #2518

Closed pvcresin closed 1 year ago

pvcresin commented 1 year ago

Chore summary

spectral-cli is connected to vm2 deep in the dependencies.

vm2 has security issues and is no longer maintained.

Even if the dependent libraries support the update, it may take some time for spectral-cli to reflect the changes. So, is there any way to prevent vm2 from being included as a dependency on the spectral-cli side?

Tasks

Additional context

pvcresin commented 1 year ago

In the latest version, vm2 was missing from the dependencies. Sorry for the lack of confirmation.