refresh the lockfile to automatically remove the vulnerabilities

Question

refresh the lockfile to automatically remove the vulnerabilities

paimon0715 opened this issue 3 years ago · 1 comments

Hi, @kalinchernev, I have reported a vulnerability issue in package z-schema.

As far as I am aware, vulnerability SNYK-JS-VALIDATOR-1090600, SNYK-JS-VALIDATOR-1090599, SNYK-JS-VALIDATOR-1090602 and SNYK-JS-VALIDATOR-1090601 detected in package validator<13.6.0 is directly referenced by z-schema@4.2.3, on which your package swagger-jsdoc@6.1.0 transitively depends. As such, this vulnerability can also affect swagger-jsdoc@6.1.0 via the following path:
swagger-jsdoc@6.1.0 ➔ swagger-parser@10.0.2 ➔ @apidevtools/swagger-parser@10.0.2 ➔ z-schema@4.2.3 ➔ validator@12.2.0(vulnerable version)

Since z-schema has released a new patched version z-schema@4.2.4 to resolve this issue (z-schema@4.2.4 ➔ validator@13.6.0(fix version)), then this vulnerability patch can be automatically propagated into your project only if you update your lockfile. The following is your new dependency path :
swagger-jsdoc@6.1.0 ➔ swagger-parser@10.0.2 ➔ @apidevtools/swagger-parser@10.0.2 ➔ z-schema@4.2.4 ➔ validator@13.6.0(vulnerability fix version).

A warm tip.^_^

Answer 1 · 2021-10-19T11:25:39.000Z

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.