Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update swagger-ui-bundle or vendor it #1412

Closed
aparcar opened this issue Aug 15, 2021 · 6 comments · Fixed by #1619
Closed

Update swagger-ui-bundle or vendor it #1412

aparcar opened this issue Aug 15, 2021 · 6 comments · Fixed by #1619
Labels
swagger ui
Milestone
Connexion 3.0

Comments

@aparcar
Copy link
Contributor

aparcar commented Aug 15, 2021

Description

The package swagger-ui-bundle wasn't updated in a long time and uses and outdated Swagger UI version. While there are pull requests to update the package, the maintainer did not update anything.

Expected behaviour

Have the latest and greatest Swagger UI available.

Actual behaviour

Have an outdated UI which i.e. can't correctly render definitions containing oneOf statements.

Steps to reproduce

Have a definition with a oneOf in it and the result will look like the following:

image

Additional info:

Output of the commands:

  • python --version
  • pip show connexion | grep "^Version\:"

Unrelated since it's an external package.
@RobbeSneyders
Copy link
Member

Thanks for the report @aparcar.
@dtkav do you have some time to look at the open PRs on the repo?

@aparcar
Copy link
Contributor Author

aparcar commented Aug 16, 2021

Maybe this helps spec-first/swagger_ui_bundle#19

@RobbeSneyders
Copy link
Member

Dropping 2.x would be an issue for connexion @aparcar.

@aparcar
Copy link
Contributor Author

aparcar commented Aug 17, 2021

Dropping 2.x would be an issue for connexion @aparcar.

Okay I reworked the PR to only update to 3.52.0

@hhromic hhromic mentioned this issue Aug 31, 2021
Closed
@RobbeSneyders RobbeSneyders added this to the Connexion 3.0 milestone May 9, 2022
@enicklas
Copy link

enicklas commented Jul 8, 2022

I would be interested in using a more recent Swagger UI as well.
Note that older Swagger UI versions (that are part of the currently used bundle) contain security vulnerabilities, e.g. https://nvd.nist.gov/vuln/detail/CVE-2018-25031

Thanks a lot!

@jayvdb
Copy link
Contributor

jayvdb commented Sep 13, 2022

Perhaps one of the other swagger-ui packages could be used: https://www.google.com/search?client=firefox-b-d&q=%22swagger-ui%22+site%3Apypi.org ?

@RobbeSneyders RobbeSneyders mentioned this issue Jan 7, 2023
Merged
RobbeSneyders added a commit that referenced this issue Jan 9, 2023
@RobbeSneyders
Switch to own maintained version of swagger-ui (#1619)
f064fd0 
Fixes #1412
Fixes #1516 

Since [swagger-ui-bundle](https://github.com/dtkav/swagger_ui_bundle) is
no longer maintained, I forked it under the spec-first organization as
[py-swagger-ui](https://github.com/spec-first/py-swagger-ui). This PR
updates connexion to use it instead.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
swagger ui
Projects
None yet
Milestone
Connexion 3.0
Development

Successfully merging a pull request may close this issue.

Switch to own maintained version of swagger-ui spec-first/connexion
4 participants
@jayvdb @enicklas @aparcar @RobbeSneyders