Snyk failing in Pipeline due to jsonpath-plus issue #1661
Comments
|
Updating depedencies of dependencies can be tricky but PR is welcome! |
|
|
|
it looks like the fix is there but not tagged yet |
|
@Mariscal6 thanks for keeping your eye on it and let us know when its released so we can bump! |
|
Hello @melloware, it looks like the PR has been merged :) |
|
Nice now Spectral needs to do a release. |
|
There is another PR that needs to land in spectral: stoplightio/spectral#2712 |
|
OK somebody let me know when Spectral releases. |
|
@melloware looks like the PR has landed :) |
|
Yep but spectral has not done a release yet... |
|
@melloware spectral has released the new version |
|
I will look at this today! |
|
PR is here but looking at it it looks like IBM OPenApiTools is what needs to update to the latest Spectral? https://github.com/orval-labs/orval/pull/1701/files |
|
@melloware correct, I will try to open a PR there tomorrow. |
|
its actually not validator its |
|
Indeed, I've created a PR to update the deps there: |
|
@melloware version |
|
PR updated! #1702 |
|
OK 7.3.0 is out if everyone wants to try it. |
What are the steps to reproduce this issue?
Run snyk test --severity-threshold=high on package after installing
What happens?
Issues with no direct upgrade or patch:
✗ Remote Code Execution (RCE) [Critical Severity][https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884] in [email protected]
introduced by [email protected] > @orval/[email protected] > @orval/[email protected] > @ibm-cloud/[email protected] > @stoplight/[email protected] > @stoplight/[email protected] > [email protected] and 1 other path(s)
This issue was fixed in versions: 10.0.0
What were you expecting to happen?
Snyk to be fine with all Orval dependencies
Any logs, error output, etc?
https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884
Any other comments?
What versions are you using?
npmPackages:
axios: ^1.7.7 => 1.7.7
msw: ^2.4.9 => 2.4.9
orval: ^7.1.1 => 7.1.1
The text was updated successfully, but these errors were encountered: