Security: update package use of superagent to fix vulnerability from qs library

Question

Security: update package use of superagent to fix vulnerability from qs library

camsjams opened this issue 7 years ago · comments

There is an advisory for the npm package qs that can be solved by upgrading your dependency of superagent to the latest version (currently at v3.5.2), or at the very least v2.0.0

Some additional info from snyk and the qs github issue.

Should be a simple bump as there haven't been too many changes from 5 to 6 that would break.

Path loader is a dependent or transitive dependent of several swagger related packages.

Jeremy Whitlock · Answer 1 · Thu Apr 06 2017 11:45:28 GMT+0800 (China Standard Time)

Thanks for pointing this out. I'll release either tonight or tomorrow.

Jeremy Whitlock · Answer 2 · Thu Apr 13 2017 16:01:31 GMT+0800 (China Standard Time)

json-refs@v1.0.2 fixes this. Thanks for the report.

Cameron Manavian · Answer 3 · Thu Apr 13 2017 22:01:18 GMT+0800 (China Standard Time)

Wonderful! Thanks!