CVE's in connexion #1516
Comments
|
These are all related to our dependency |
|
@RobbeSneyders it looks like swagger-ui-bundle has been abandoned. I don't think there's a need for the bundle as swagger-ui 3 supports OAS2.x specification as well - is it possible to change the dependency just to include swagger-ui (not the abandoned bundle)? |
RobbeSneyders
added a commit
that referenced
this issue
Jan 9, 2023
Fixes #1412 Fixes #1516 Since [swagger-ui-bundle](https://github.com/dtkav/swagger_ui_bundle) is no longer maintained, I forked it under the spec-first organization as [py-swagger-ui](https://github.com/spec-first/py-swagger-ui). This PR updates connexion to use it instead.
|
Awesome, thanks a lot! Do you already have an estimate when this might be released? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Twistlock found these CVE's in the latest connexion package 2.13.0:
https://nvd.nist.gov/vuln/detail/CVE-2019-17495
GHSA-cr3q-pqgq-m8c2
GHSA-qrmm-w75w-3wpx
GHSA-388g-jwpg-x6j4
GHSA-4f9m-pxwh-68hg
GHSA-cr3q-pqgq-m8c2
GHSA-qrmm-w75w-3wpx
Can you please update this package in order to fix these issues?
The text was updated successfully, but these errors were encountered: