Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade glob dependency to >= v10 #260

Open
bqp-articulate opened this issue Feb 20, 2024 · 0 comments
Open

Upgrade glob dependency to >= v10 #260

bqp-articulate opened this issue Feb 20, 2024 · 0 comments

Comments

@bqp-articulate
Copy link

Is your feature request related to a problem? Please describe.
My snyk scanning tool highlighted a vulnerability in older versions of glob (prior to v10). The vulnerability is in the inflight dependency, which is a defunct project and won't ever have a fix. Newer versions have dropped that dependency.

Describe the solution you'd like
This library uses a version of glob that does not have the vulnerability

Describe alternatives you've considered
I've worked around the problem with yarn resolutions, but that's only intended to be a stopgap. The good news is that the express-jsdoc-swagger seems to work!

Additional context
N/A
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bqp-articulate