Vulnerability in validator package

Question

Vulnerability in validator package

TheBrockEllis opened this issue 3 years ago · 6 comments

Running NPM audit reveals that the validator package that is used by z-schema, which is a dependency of swagger-tools, has a moderate vulnerability.

Link to the z-schema Github issue

Link to the NPM advisory

Is there any chance that this package will eventually be updated when the other upstream packages get patched?

Answer 1 · 2021-11-09T08:32:59.000Z

The same issue

Answer 2 · 2021-11-23T14:17:02.000Z

The z-schema package updated the issue 12 days ago with a fix for the discovered vulnerability. Any ETA for a new release of swagger-tools that would include updated dependencies?

Answer 3 · 2021-11-26T04:56:16.000Z

We are having same issue with this. Z-schema has also updated the vulnerable package, can someone let us know the ETA for a new release of swagger-tools with updated version of z-schema?

Answer 4 · 2021-12-16T07:27:42.000Z

We are having the same issue with this. The z-schema package updated the issue 12 days ago with a fix for the discovered vulnerability. Any ETA for a new release of swagger-tools?

Answer 5 · 2021-12-21T08:47:49.000Z

Anyone can help with an alternative package for "swagger-tools" which does not have this vulnerability?

Answer 6 · 2022-10-17T16:53:30.000Z

Also watching