atlassian / swagger-mock-validator / issues / #79 - update deps due to sec vuln — Bitbucket

Issue #79 invalid

Former user created an issue 2019-03-22

Hi,

Could we update js-yaml dep due to a sec vuln.

I have raised an issue against json-schema-ref-parser

Cheers!

Comments (7)

Former user Account Deleted reporter
- edited description
- 2019-03-22T12:10:55+00:00
Former user Account Deleted reporter
- attached Screenshot 2019-03-22 at 12.11.24.png
- edited description
- 2019-03-22T12:11:38+00:00
Ben Sayers
@YOU54F we already have declared our dependency like this:
```
"js-yaml": "^3.12.0"
```
And from your screen shot the fix is in 3.13.0 or higher, which will be picked up by our caret range. What more do you need us to do?
- 2019-03-22T12:58:17+00:00
Former user Account Deleted reporter
Ahhh yes, you are correct on the fact that it will pick up that version, deleted my yarn lock file and reinstalled, yarn audit was fine after that :)

Thanks! I will marked as resolved
- 2019-03-22T16:27:25+00:00
Former user Account Deleted reporter
- attached Screenshot 2019-03-22 at 16.28.03.png
Thanks Ben!
- 2019-03-22T16:28:44+00:00
Former user Account Deleted reporter
- changed status to resolved
- 2019-03-22T16:28:58+00:00
Former user Account Deleted reporter
- changed status to invalid
- 2019-03-22T16:29:10+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: invalid

Votes: 0

Watchers: 1