Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: update package use of superagent to fix vulnerability from qs library #11

Closed
camsjams opened this issue Apr 6, 2017 · 3 comments
Closed

Security: update package use of superagent to fix vulnerability from qs library #11

camsjams opened this issue Apr 6, 2017 · 3 comments

Comments

@camsjams
Copy link

camsjams commented Apr 6, 2017

There is an advisory for the npm package qs that can be solved by upgrading your dependency of superagent to the latest version (currently at v3.5.2), or at the very least v2.0.0

Some additional info from snyk and the qs github issue.

Should be a simple bump as there haven't been too many changes from 5 to 6 that would break.

Path loader is a dependent or transitive dependent of several swagger related packages.
@whitlockjc
Copy link
Owner

Thanks for pointing this out. I'll release either tonight or tomorrow.

@whitlockjc whitlockjc mentioned this issue Apr 12, 2017
Closed
@whitlockjc
Copy link
Owner

json-refs@v1.0.2 fixes this. Thanks for the report.

@camsjams
Copy link
Author

Wonderful! Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@whitlockjc @camsjams