chore(dev-dependency): update express

scottie1984 / swagger-ui-express

Adds middleware to your express app to serve the Swagger UI bound to your Swagger document. This acts as living documentation for your API hosted from within your app.

MIT License

1.43k stars 229 forks source link

chore(dev-dependency): update express #374

Closed rolandsusans closed 1 week ago

rolandsusans commented 2 months ago

chore(dev-dependency): update express

This pull request updates the express dependency in the package.json file to ensure compatibility with the latest features and security patches.

Dependency updates:

package.json: Updated express from version ^4.19.2 to ^4.21.0.

IlmariKu commented 2 months ago

Yep, please merge this @scottie1984. There's 3 high security vulnerabilities with the express-dependency.

body-parser  <1.20.3
Severity: high
body-parser vulnerable to denial of service when url encoding is enabled - https://github.com/advisories/GHSA-qwcr-r2fm-qrc7

body-parser@1.20.2
node_modules/body-parser
  body-parser@"1.20.2" from express@4.19.2
  node_modules/express
    express@"^4.19.2" from the root project
    peer express@">=4.0.0 || >=5.0.0-beta" from swagger-ui-express@5.0.0
    node_modules/swagger-ui-express
      swagger-ui-express@"^5.0.0" from the root project

Edwin-WB-Li commented 1 month ago

Uncaught ReferenceError: SwaggerUIBundle is not defined at window.onload with SwaggerUI on typescript #339

Help fix this problem

rawmind commented 1 week ago

@scottie1984 could you push it to npm too? thanks!