Skip to content

Address security vulnerabilities - reduce from 7 to 5 #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
M1CTIAN wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Address security vulnerabilities - reduce from 7 to 5 #2

M1CTIAN wants to merge 5 commits into from

Conversation

@M1CTIAN
Copy link

@M1CTIAN M1CTIAN commented Oct 17, 2025

πŸ“‹ Description

This PR addresses security vulnerabilities in project dependencies by upgrading swagger-jsdoc to the latest version.

πŸ”’ Security Improvements

  • βœ… Fixed: 1 high severity vulnerability
  • βœ… Fixed: 1 low severity vulnerability
  • βœ… Fixed: 1 moderate severity vulnerability
  • ⚠️ Remaining: 5 moderate severity vulnerabilities

Vulnerabilities Summary

Before:

  • 7 vulnerabilities (1 low, 5 moderate, 1 high)

After:

  • 5 moderate severity vulnerabilities

πŸ”§ Changes Made

  • Upgraded swagger-jsdoc from ^3.7.0 to ^6.2.8
  • Updated dependency tree to use modern @apidevtools/* packages
  • Replaced deprecated packages:
    • ❌ json-schema-ref-parser β†’ βœ… @apidevtools/json-schema-ref-parser
    • ❌ swagger-methods β†’ βœ… @apidevtools/swagger-methods
    • ❌ openapi-schemas β†’ βœ… @apidevtools/openapi-schemas

⚠️ Known Issues

The remaining 5 moderate vulnerabilities are in the validator package, which is a transitive dependency:

nhuyiuem and others added 3 commits October 17, 2025 13:45
@nhuyiuem
Update README.md
0e09e74
@M1CTIAN
fix: downgrade swagger-jsdoc to resolve security
e93c9e3 
vulnerabilities

- Downgraded swagger-jsdoc from 6.2.8 to 3.7.0
- Fixes 7 vulnerabilities (1 low, 5 moderate, 1 high)
- Updated all related dependencies in package-lock.json
@M1CTIAN
address security vulnerabilities in dependencies
0b694e5 
- Upgraded swagger-jsdoc to latest version (6.2.8)
- Reduced vulnerabilities from 7 (including 1 high) to 5 (all moderate)
- Updated dependency tree to use @APIDevTools packages
- Remaining 5 moderate vulnerabilities are in validator package (dependency chain)

The high severity vulnerability has been eliminated. Remaining moderate
vulnerabilities are in the validator package used by z-schema, which is a
transitive dependency of swagger-jsdoc. These require upstream fixes.
@nhuyiuem nhuyiuem force-pushed the main branch 27 times, most recently from 3417fd1 to 7ed12e3 Compare October 21, 2025 20:31
@nhuyiuem nhuyiuem force-pushed the main branch 30 times, most recently from c5ec40e to c34b480 Compare February 6, 2026 17:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@M1CTIAN @chandra-011220 @nhuyiuem