Upgrade versions of redoc and swagger plugins

javalin / javalin-openapi

Annotation processor for compile-time OpenAPI & JsonSchema, with out-of-the-box support for Javalin 5.x, Swagger & ReDoc

https://github.com/javalin/javalin-openapi/wiki

Apache License 2.0

45 stars 17 forks source link

Upgrade versions of redoc and swagger plugins #225

Open mourjo opened 1 month ago

mourjo commented 1 month ago

Use latest versions of the swagger plugin and redoc plugin.

Fixes vulnerable dependencies from maven:org.webjars:swagger-ui:3.52.5 CVE-2021-46708 6.1 Improper Restriction of Rendered UI Layers or Frames vulnerability with Medium severity found CVE-2018-25031 4.3 Improper Input Validation vulnerability with Medium severity found

dzikoysk commented 3 weeks ago

We're keeping the same versions on purpose, they're introducing breaking changes quite often and these CVEs are usually not really an issue for us. Did you test these 2 new versions? :thinking: