This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade swagger-ui-express from 4.1.4 to 4.6.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **7 versions** ahead of your current version.
- The recommended version was released **2 months ago**, on 2022-11-07.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| User Interface (UI) Misrepresentation of Critical Information [SNYK-JS-SWAGGERUIDIST-2314884](https://snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884) | **484/1000** **Why?** Has a fix available, CVSS 5.4 | No Known Exploit
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: swagger-ui-express
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade swagger-ui-express from 4.1.4 to 4.6.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **7 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2022-11-07. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-SWAGGERUIDIST-2314884](https://snyk.io/vuln/SNYK-JS-SWAGGERUIDIST-2314884) | **484/1000**
**Why?** Has a fix available, CVSS 5.4 | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: swagger-ui-express
Accept array of external JS/CSS assets
Commit messages
Package name: swagger-ui-express
- 24381a0 Bump version
- 53c0fb4 Merge pull request #319 from Luku1806/feature/multiple-script-imports
- 79ee9c7 Allow multiple external and inline Javascript imports as well as multiple external CSS
- add0b6b Bump version of package
- cd3fda6 Merge pull request #298 from kleinod21/master
- d3f182a Url checking improved
- 6f4d460 Bump package version
- ec32130 fix dynamic loading for serveFiles and added customJsStr
- 8cc6416 Extra check of trim query
- 002178a Merge pull request #280 from dukvanduken/bugfix/req-path-query-trim
- 89904f7 Merge pull request #294 from Edalbrelord/master
- abc34ea Update swagger-ui-dist version to fix issue with oAuthRedirectUrl
- fbe5c6f Trim req.url from query params
- 512970a bump version of swagger-ui-dist due to security update
- aa3d56a Bumped version of swagger-ui-dist and moved js template usage
- ff10df4 Update README.md
- fe789d8 Update README.md
- d07439b Merge pull request #270 from jdgarcia/security-update
- 9011cdf Merge pull request #269 from artyhedgehog/patch-1
- e09c35f update swagger-ui-dist dependency to fix security vulnerabilities
- de8e7eb readme: fix broken link to swagger-jsdoc
- 5824af0 Merge pull request #236 from H3nSte1n/feature/Add_converage_section_to_readme
- da7b5ff feat: Remove Coverage headline from README
- b46e892 feat: Add coverage section to README
CompareNote: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs