Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Snyk vulnerability in version asyncapi/generator 2.5.0 #1323

Open
2 tasks done
Divya-hub-dot opened this issue Dec 10, 2024 · 4 comments
Open
2 tasks done

[BUG] Snyk vulnerability in version asyncapi/generator 2.5.0 #1323

Divya-hub-dot opened this issue Dec 10, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@Divya-hub-dot
Copy link

Divya-hub-dot commented Dec 10, 2024
edited
Loading

Describe the bug.

A critical vulnerability has been reported for the package jsonpath-plus, which originates from @asyncapi/[email protected].
To address this, we have upgraded @asyncapi/generator to versions 2.4.0 and even tested with the latest version 2.5.0. However, the issue persists along the following dependency path:

lib@* › @asyncapi/[email protected] › @asyncapi/[email protected][email protected]

To resolve this, jsonpath-plus needs to be upgraded to version 10.2.0, but unfortunately, we are not able to do it, so could you please help us to upgrade jsonpath-plus to 10.2.0 or can you guide how it can be done..

Expected behavior

Snyk vulnerabilities should not appear on the snyk board under below mentioned path:
image

How to Reproduce

  1. As suggested in SNYK org, I have upgraded @asyncapi/generator to versions 2.4.0 but still snyk vuln was showing up
  2. I then upgraded to 2.5.0 which is the latest version of @asyncapi/generator
  3. but still Vul is showing up in SNYK org and it is suggesting upgrading jsonpath-plus to 10.2.0
  4. so need help/suggestion on upgrading jsonpath-plus to 10.2.0

🥦 Browser

None

👀 Have you checked for similar open issues?

  • I checked and didn't find similar issue

🏢 Have you read the Contributing Guidelines?

Are you willing to work on this issue ?

None
@Divya-hub-dot Divya-hub-dot added the bug Something isn't working label Dec 10, 2024
@github-actions GitHub Actions
Copy link
Contributor

Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

@Divya-hub-dot Divya-hub-dot reopened this Dec 10, 2024
@derberg derberg mentioned this issue Dec 11, 2024
Open
2 tasks
@derberg
Copy link
Member

derberg commented Dec 11, 2024

thanks for the issue, not a fix we should do in generator, only as last resort, lets first try in asyncapi/parser-js#1065 (comment)

@asos-pareshjadhav
Copy link

Hi @derberg
asyncapi/generator & asyncapi/parser-js** both are same ??

@derberg
Copy link
Member

derberg commented Dec 17, 2024

@asos-pareshjadhav in what sense? I don't get your question, need more context

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@derberg @Divya-hub-dot @asos-pareshjadhav