typescript-rest icon indicating copy to clipboard operation
typescript-rest copied to clipboard

Published 20 hours ago β€’ verified publisher icon thiagobustamante

[Snyk] Security upgrade swagger-ui-express from 4.1.6 to 4.2.0

Open snyk-bot opened this issue 3 years ago β€’ 2 comments
trafficstars

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 484/1000
Why? Has a fix available, CVSS 5.4		 User Interface (UI) Misrepresentation of Critical Information
SNYK-JS-SWAGGERUIDIST-2314884		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: swagger-ui-express The new version differs by 12 commits.
  • aa3d56a Bumped version of swagger-ui-dist and moved js template usage
  • ff10df4 Update README.md
  • fe789d8 Update README.md
  • d07439b Merge pull request #270 from jdgarcia/security-update
  • 9011cdf Merge pull request #269 from artyhedgehog/patch-1
  • e09c35f update swagger-ui-dist dependency to fix security vulnerabilities
  • de8e7eb readme: fix broken link to swagger-jsdoc
  • 5824af0 Merge pull request #236 from H3nSte1n/feature/Add_converage_section_to_readme
  • da7b5ff feat: Remove Coverage headline from README
  • b46e892 feat: Add coverage section to README
  • feb0664 Merge pull request #235 from tingstad/patch-1
  • 1699685 Update README - two swagger documents (typo)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 27 '22 16:01 snyk-bot

Codecov Report

Merging #169 (3277bf8) into master (43231ca) will not change coverage. The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #169   +/-   ##
=======================================
  Coverage   94.48%   94.48%           
=======================================
  Files          14       14           
  Lines        1070     1070           
  Branches      189      189           
=======================================
  Hits         1011     1011           
  Misses         57       57           
  Partials        2        2

Continue to review full report at Codecov.

Legend - Click here to learn more Ξ” = absolute <relative> (impact), ΓΈ = not affected, ? = missing data Powered by Codecov. Last update 43231ca...3277bf8. Read the comment docs.

codecov[bot] avatar Jan 27 '22 16:01 codecov[bot]

Hi when would this be merged?

mmxcrono avatar Feb 15 '23 04:02 mmxcrono