Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(dependencies): bump @apidevtools/json-schema-ref-parser to 11.6… #918

Merged
merged 1 commit into from
Jun 2, 2024
Merged

chore(dependencies): bump @apidevtools/json-schema-ref-parser to 11.6… #918

merged 1 commit into from
Jun 2, 2024

Conversation

SF97
Copy link
Contributor

@SF97 SF97 commented May 22, 2024
edited
Loading

A dependency used in this project @apidevtools/json-schema-ref-parser is vulnerable to a prototype pollution attack, as listed in https://nvd.nist.gov/vuln/detail/CVE-2024-29651 - CVE-2024-29651

This PR bumps the dependency to prevent any vulnerabilities, although it doesn't seem to affect this package directly. The major version changes don't seem to affect this package, and the tests are still passing

Closes #919

References

@SF97 SF97 force-pushed the vulnerability/json-schema-issue branch 2 times, most recently from 4941a5f to e551f43 Compare May 22, 2024 12:56
@cdimascio
Copy link
Owner

Thanks for this. Looks good. Please resolve the merge conflict and I'll get a new version cut asap

@SF97 SF97 force-pushed the vulnerability/json-schema-issue branch from e551f43 to 367054b Compare May 23, 2024 07:11
@SF97
Copy link
Contributor Author

SF97 commented May 23, 2024

Thanks for this. Looks good. Please resolve the merge conflict and I'll get a new version cut asap

Done :)

@SF97 SF97 force-pushed the vulnerability/json-schema-issue branch from 367054b to 57a8ba5 Compare May 23, 2024 07:12
@xpol
Copy link

xpol commented May 29, 2024

Any updates?

@cdimascio cdimascio merged commit 61ff0cf into cdimascio:master Jun 2, 2024
5 checks passed
@davesag davesag mentioned this pull request Jun 23, 2024
Open
This was referenced Jun 24, 2024
Closed
Merged
@davesag davesag mentioned this pull request Jul 13, 2024
Open
@davesag davesag mentioned this pull request Aug 2, 2024
Open
@cdimascio cdimascio mentioned this pull request Aug 5, 2024
Merged
This was referenced Aug 26, 2024
Closed
Merged
Merged
This was referenced Sep 13, 2024
Open
Open
This was referenced Sep 15, 2024
Closed
Closed
@rish2497 rish2497 mentioned this pull request Sep 22, 2024
Open
This was referenced Nov 5, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cdimascio cdimascio cdimascio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bump dependency due to a vulnerable package
3 participants
@SF97 @cdimascio @xpol