Vulnerability with dependency swagger-parser v10.0.2

Question

Vulnerability with dependency swagger-parser v10.0.2

Opened this issue 3 years ago · 1 comments

In our company's vulnerability scans this morning there was a security vulnerability discovered with a deep-down dependency of swagger parser v10.0.2 (z-schema v4.2.3 -> validator v13.6.0). It looks like this has been resolved with v10.0.3, so an upgrade of that dependency version to v10.0.3 seems to be in order.

Answer 1 · 2022-02-14T14:40:51.000Z

I see this was updated in the yarn.lock file in #300, but the changes don't seem to cascade when used due to the package.json still being a hard pin to 10.0.2. Would it be possible to cut a new release with a hard pin to 10.0.3?