vulnerabilities error with swagger-ui-express

scottie1984 / swagger-ui-express

Adds middleware to your express app to serve the Swagger UI bound to your Swagger document. This acts as living documentation for your API hosted from within your app.

MIT License

1.41k stars 225 forks source link

vulnerabilities error with swagger-ui-express #276

Closed mstephanysilva closed 2 years ago

mstephanysilva commented 2 years ago

Hello! Even though I'm updating swagger-ui-express to version 4.2.0 I'm getting the vulnerability error in the npm audit fix command. Apparently there is a problem using versions below 4.13.0 of swagger-ui-dist. Vulnerability details was reported on this link https://github.com/advisories/GHSA-qrmm-w75w-3wpx. Is there a possibility this is causing the error? error

rudemex commented 2 years ago

the swagger-ui-dist dependency has already uploaded an improvement patch, it is a matter of waiting for an update.

https://github.com/swagger-api/swagger-ui/releases/tag/v4.1.3

andreainnocenti commented 2 years ago

@scottie1984 can you take a look at this issue please? our integration pipelines are failing due to this security issue

scottie1984 commented 2 years ago

Fixed in 4.3.0 https://github.com/scottie1984/swagger-ui-express/releases/tag/4.3.0