Skip to content
This repository was archived by the owner on Jul 3, 2023. It is now read-only.

[Snyk] Security upgrade swagger-parser from 3.4.2 to 4.0.0 #12

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade swagger-parser from 3.4.2 to 4.0.0 #12

wants to merge 1 commit into from

Conversation

tf-security
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 461/1000
Why? Recently disclosed, Has a fix available, CVSS 3.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-DEBUG-3227433		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: swagger-parser The new version differs by 61 commits.
  • 3689c62 release v4.0.0
  • 6928836 updated dependencies
  • 6913678 Changelog for v4.0.0 (final)
  • 0f07f42 Updated the website to support new options
  • 9e38fb2 moved some website files around
  • de6fc8a updated build
  • f8986af set lenient tolerances in CI, due to flaky browser behavior
  • 1f4a644 Fixed typos
  • 148d5c1 Removed headless Firefox from the CI tests, since it keeps dropping its connection to Karma, causing the build to fail
  • 4c02007 Skip the bungie.net API in tests for now (https://snyk.io/redirect/github/Weird circular ref causes endless loop APIDevTools/json-schema-ref-parser#56)
  • f5637dc Merge branch 'master' of https://github.com/BigstickCarpet/swagger-parser
  • 67b1dd6 Merge pull request #57 from ashish1729/patch-1
  • 7615441 apis.guru now has over 600 APIs!
  • becd962 fixed the "npm run karma" script for local development
  • f68d135 refactored some tests to match the new behavior of JSON Schema $Ref Parser
  • 86670c9 created some additional path helpers for tests
  • f17793d corrected `args.api` to `args.schema`
  • a5a9523 send code-coverage results to Codacy
  • 6537f24 setup CI testing on headless Chrome
  • 850440b refactored the validators to match other plugins
  • f2c1910 Added JSDoc comments for the `path` parameter of each method
  • a7934f8 Merge branch 'v4'
  • d5252d4 Changed a devDependency (from `npm-check-updates` to `npm-check`)
  • 9145a89 Updated dependencies

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

@snyk-bot
fix: package.json to reduce vulnerabilities
1eb6bc6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DEBUG-3227433
@tf-security tf-security requested a review from a team January 9, 2023 19:47
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tf-security @snyk-bot