whitlockjc
commented
5 years ago This is more an issue with swagger-tools because json-refs has resolved the security issue you're mentioning. (No need to double post, I got the message for swagger-tools.)
Hi Team, we are using swagger-tools and now our security team has raised a License issue with it as Swagger is using json-refs which inturn is using Slash. Slash is flagged as vulnerable with GPL license. Our current version is: Swagger-tools : 0.10.1 → json-refs : 2.1.7 →slash : 1.0.0 (Vulnerable) we can upgrade it but slash vulnerability still remains and slash not in development from 2006. Could you please let us know if we have any alternative here. It is very critical as our production release will be stuck.