las2peer icon indicating copy to clipboard operation
las2peer copied to clipboard

Published 20 hours ago verified publisher icon rwth-acis

[ENH] Upgrade Swagger Dependencies

Open ThoreKr opened this issue 3 years ago • 1 comments

The restmapper pulls in a rather dated release of io.swagger:swagger-jersey2-jaxrs (Nov 2017).

There are two potential ways to fix this:

  1. Upgrade to 1.6.2; The 1. release has seen a couple of updates (last in June 2020) and seems not to break too many things. This however could already provide a couple of improvements, mostly because jersey pulls in jackson and that version is authoritative fol all other projects. There have been a couple of CVEs, mostly with medium severity and related to potential denial of service attacks.

  2. Upgrade to Swagger Core 2 This is a larger upgrade with probable impact on other services, as endpoint annotations have to be updated, but would provide the quite noteable milestone of OpenAPI 3.0 support.

Version Rereference. https://github.com/swagger-api/swagger-core#compatibility

ThoreKr avatar Jun 08 '21 10:06 ThoreKr

Upgraded to version 1.6.3 (see https://github.com/rwth-acis/las2peer/commit/6325aa5b759a27e96fe20b89d6fb54c37ad7cda7).

pdolif avatar Oct 13 '21 07:10 pdolif