-
-
Notifications
You must be signed in to change notification settings - Fork 766
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE's in connexion #1516
Comments
These are all related to our dependency |
@RobbeSneyders it looks like swagger-ui-bundle has been abandoned. I don't think there's a need for the bundle as swagger-ui 3 supports OAS2.x specification as well - is it possible to change the dependency just to include swagger-ui (not the abandoned bundle)? |
Fixes #1412 Fixes #1516 Since [swagger-ui-bundle](https://github.com/dtkav/swagger_ui_bundle) is no longer maintained, I forked it under the spec-first organization as [py-swagger-ui](https://github.com/spec-first/py-swagger-ui). This PR updates connexion to use it instead.
Awesome, thanks a lot! Do you already have an estimate when this might be released? |
Twistlock found these CVE's in the latest connexion package 2.13.0:
https://nvd.nist.gov/vuln/detail/CVE-2019-17495
GHSA-cr3q-pqgq-m8c2
GHSA-qrmm-w75w-3wpx
GHSA-388g-jwpg-x6j4
GHSA-4f9m-pxwh-68hg
GHSA-cr3q-pqgq-m8c2
GHSA-qrmm-w75w-3wpx
Can you please update this package in order to fix these issues?
The text was updated successfully, but these errors were encountered: