apidom-reference: FileResolver disabled by default

[char0n]

We will introduce breaking change and have FileResolver disabled by default as it open’s possibility to do dangerous operations. We will also introduce additional security measure in form of configuration supplied regex that will guard the base resolution context of FileResolver - this will allow processing only certain whitelisted paths. Additional thing that we work on is to allow possibility to ignore certain URL schemas and not process them at all (instead of ApiDOM throwing error, the unrecognized schemas will be ignored).

TODO:

• introduce mechanism to ignore certain URL schemas from processing
• introduce regex whitelist for FileResolver
• disable FileResolver by default

[frantuma]

@char0n just mentioning for future reference that if I get it right this would probably affect behavior in FS based environments, like IDE extensions e.g. https://github.com/swagger-api/apidom-lsp-vscode (added this ticket)

[mend-for-github-com]

✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.

[char0n]

@frantuma yes - it will be a breaking change, but the behavior can be explicitly turned on again and work exactly as before.