Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade swagger-ui from 3.48.0 to 3.52.5 #78

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade swagger-ui from 3.48.0 to 3.52.5.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 11 versions ahead of your current version.
  • The recommended version was released 4 months ago, on 2021-10-14.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1585202
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1314893
482/1000
Why? Proof of Concept exploit, CVSS 7.5
No Known Exploit
Open Redirect
SNYK-JS-URLPARSE-1533425
482/1000
Why? Proof of Concept exploit, CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: swagger-ui
  • 3.52.5 - 2021-10-14

    3.52.5 (2021-10-14)

    Bug Fixes

  • 3.52.4 - 2021-10-11

    3.52.4 (2021-10-11)

    Bug Fixes

  • 3.52.3 - 2021-09-20

    3.52.3 (2021-09-20)

    Bug Fixes

  • 3.52.2 - 2021-09-13

    3.52.2 (2021-09-13)

    Bug Fixes

    • Dockerfile: fix security issue in docker image (3c9061e), closes #7445
    • security: fix security issue in prismjs production dep (#7493) (2a1b710), closes #7492
    • security: fix security issue in url-parse production dep
  • 3.52.1 - 2021-09-10

    3.52.1 (2021-09-10)

    Bug Fixes

    • build-security: do not expose hostname to build framents (#7491) (fdef4ea), closes #7446
    • security: bump swagger-client to v3.16.1 (5029b81), closes #7473
  • 3.52.0 - 2021-08-09
  • 3.51.2 - 2021-07-30
  • 3.51.1 - 2021-06-30
  • 3.51.0 - 2021-06-23
  • 3.50.0 - 2021-06-03
  • 3.49.0 - 2021-05-19
  • 3.48.0 - 2021-04-29
from swagger-ui GitHub release notes
Commit messages
Package name: swagger-ui
  • 0fc429f fix(highlight-code): handle mousewheel events properly (#7554)
  • 5ada9ef chore(release): cut the v3.52.4 release
  • a740f3d fix: remove redundant whitespaces in API key auth popup (#7538)
  • 90c8a73 fix: rename request snippets configuration props (#7535)
  • 491d641 refactor(highlight-code): declare properties explicitly
  • 24aaa53 fix: fix issue with highlight code scrolling causing console error (#7497) (#7519)
  • fc7cdb8 fix(UI): correct width of HTTP request method names (#7527)
  • f88334a fix(paths): break long paths with <wbr> (#7516)
  • 9952849 refactor: remove IE7 CSS hack (#7526)
  • 765056d chore(deps-dev): fix security vulnerabilities in dep tree
  • ff5deb3 fix(ux): update the buttons of the example tabs to be displayed as links (#7517)
  • aa9f2e6 chore(release): cut the v3.52.3 release
  • 158c127 chore(docker): automatic updates + nightly security check (#7515)
  • 8ffb1ae fix(a11n): provide proper a11n for response example tabs (#7464)
  • 00d5b30 chore(security): fix security vulnerabilities in dev deps (#7510)
  • 5cc7ff9 docs(configuration): fix wrong property name
  • f1aab53 fix(sample-gen): generate the correct number of properties (#7432)
  • cc700f0 fix(try-it-out): fix the width of image responses (#7495)
  • e5611d7 chore(release): cut the v3.52.2 release
  • 3c9061e fix(Dockerfile): fix security issue in docker image
  • 2a1b710 fix(security): fix security issue in prismjs dep (#7493)
  • 79214e0 chore(deps): bump url-parse from 1.5.1 to 1.5.2
  • f22730d chore(deps-dev): bump chromedriver from 90.0.1 to 91.0.1
  • 06a4cdb chore(release): cut the v3.52.1 release

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant