search

thiagobustamante / typescript-rest-swagger

Swagger tools for typescript-rest
156 stars 57 forks source link

Dependency Vulnerabilities #120

Closed nathanloyer closed 4 years ago

nathanloyer commented 4 years ago

Hi,

There's a large number of vulnerabilities in the dependencies of this project. When I use this package in my project, the only one that gets reported is the one below for yargs-parser.

┌──────────────────────────────────────────────────────────────────────────────┐ │ Manual Review │ │ Some vulnerabilities require your attention to resolve │ │ │ │ Visit https://go.npm.me/audit-guide for additional guidance │ └──────────────────────────────────────────────────────────────────────────────┘ ┌───────────────┬──────────────────────────────────────────────────────────────┐ │ Low │ Prototype Pollution │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ yargs-parser │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ typescript-rest-swagger │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ typescript-rest-swagger > swagger2openapi > yargs > │ │ │ yargs-parser │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ https://npmjs.com/advisories/1500 │ └───────────────┴──────────────────────────────────────────────────────────────┘

When I run npm audit from the command line after cloning this repo, it reports 853 vulnerabilities, of which it can fix 842 of them for you via npm audit fix.

I think the only update I really need is the one for yargs-parser through swagger2openapi.

rpinheiroalmeida commented 4 years ago

Hi everyone,

Some news about this issue?

alexandreMelloTW commented 4 years ago

Hi everyone,

Some news about this issue?

I've already open an PR to fix that: #124 Just waiting for a response.

nathanloyer commented 4 years ago

Looks like that PR was closed. Thanks @alexandreMelloTW

I will try it out today and close the ticket once I verify it is resolved.

nathanloyer commented 4 years ago

Yep, the issue is resolved. Thanks