Vulnerability with dependency swagger-parser v10.0.2
bbakersc opened this issue · comments
In our company's vulnerability scans this morning there was a security vulnerability discovered with a deep-down dependency of swagger parser v10.0.2 (z-schema v4.2.3 -> validator v13.6.0). It looks like this has been resolved with v10.0.3, so an upgrade of that dependency version to v10.0.3 seems to be in order.
I see this was updated in the yarn.lock
file in #300, but the changes don't seem to cascade when used due to the package.json still being a hard pin to 10.0.2
. Would it be possible to cut a new release with a hard pin to 10.0.3
?