[Snyk] Security upgrade qs from 6.14.0 to 6.14.1 #1127
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-QS-14724253
|
Hi @cdimascio is there any plan for merge this pr & publish? Express is already updated this dependency |
|
@cdimascio , could we please get this merged? |
|
Will roll a new version tomorrow |
|
@cdimascio hope will see new release today |
|
v5.6.1 is out |
|
Hi @cdimascio , it looks like the latest version of @apidevtools/json-schema-ref-parser no longer supports CommonJS. After upgrading to the latest version, our existing CommonJS-based project started failing with an error indicating that require() is not supported. This has broken backward compatibility for older projects that still rely on CommonJS. Could you please confirm: Whether CommonJS support has been officially dropped? If there is a recommended workaround or a compatible version we should pin to for CommonJS projects? Thanks for your help. |
|
thanks @cvchauhan, reverted upgrade of that lib for now. will revisit |
|
the upgrade for @apidevtools/json-schema-ref-parser with continued support for both esm and non-esm is here: #1132 |
|
Thanks @cdimascio after override old version we are able to run our application on server but for latest it was failed |
1 similar comment
|
Thanks @cdimascio after override old version we are able to run our application on server but for latest it was failed |
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-QS-14724253
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Allocation of Resources Without Limits or Throttling