express-openapi-validator - npm Package Compare versions

Comparing version 0.53.1 to 0.53.2

dist/middlewares/openapi.multipart.js

@@ -17,2 +17,14 @@ "use strict";
                 else {
+                    // TODO:
+                    // If a form parameter 'file' is defined to take file value, but the user provides a string value instead
+                    // req.files will be empty and req.body.file will be populated with a string
+                    // This will incorrectly PASS validation. 
+                    // Instead, we should return a 400 with an invalid type e.g. file expects a file, but found string.
+                    // 
+                    // In order to support this, we likely need to inspect the schema directly to find the type. 
+                    // For example, if param with type: 'string', format: 'binary' is defined, we expect to see it in
+                    // req.files. If it's not present we should throw a 400
+                    // 
+                    // This is a bit complex because the schema may be defined inline (easy) or via a $ref (complex) in which
+                    // case we must follow the $ref to check the type.
                     if (req.files) {
@@ -19,0 +31,0 @@ // add files to body

package.json

 {
   "name": "express-openapi-validator",
-  "version": "0.53.1",
+  "version": "0.53.2",
   "description": "",
@@ -5,0 +5,0 @@ "main": "dist/index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

42388

increased by2.39%

Lines of code

880

increased by1.38%

No dependency changes