fence
fence copied to clipboard
Published
20 hours ago •
uc-cdis
uc-cdis
[Snyk] Security upgrade swagger-ui from 3.52.5 to 4.16.1
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- openapis/package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4 |
Cross-site Scripting (XSS) SNYK-JS-BRAINTREESANITIZEURL-3330766 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: swagger-ui
The new version differs by 250 commits.- d3a1e94 revert: integrate [email protected] (#8426)
- 136456b chore(deps-dev): bump jsdom from 20.0.0 to 21.1.0 (#8417)
- cbeb912 chore(deps-dev): bump @ commitlint/config-conventional (#8423)
- 7b47886 chore(deps): bump @ braintree/sanitize-url from 6.0.0 to 6.0.2 (#8422)
- d95428e chore(deps-dev): bump @ babel/core from 7.14.6 to 7.21.0 (#8421)
- 7a6b924 chore(deps-dev): bump react-refresh from 0.11.0 to 0.14.0 (#8420)
- fe6ebc6 chore(deps-dev): bump json-server from 0.17.0 to 0.17.2 (#8419)
- b6648c5 chore(deps-dev): bump @ babel/cli from 7.16.8 to 7.21.0 (#8416)
- e00fefd chore(release): cut the v4.16.0 release
- d293555 feat: integrate [email protected] (#8415)
- 81e7eda chore(deps-dev): update dependencies (#8412)
- fd0b0a2 chore(deps-dev): bump jest from 28.1.3 to 29.4.3 (#8395)
- 11957fb chore: regenerate package-lock.json (#8411)
- 21cfda3 test(cypress): fix tests flakiness by stubbing httpbin.org requests (#8410)
- 6164292 feat: integrate [email protected] (#8405)
- aaf4843 ci(ga): add next branch to build and dependabot workflows (#8394)
- f924071 ci(ga): copy ga workflows from next (#8393)
- 33f2a0b ci(release): update npm token (#8385)
- e2e2920 ci(release): update github action for npm package (#8384)
- 812403e ci(release): update ga for swagger-ui-react to npm publish (#8382)
- 9fd26cd ci(release): github actions to release `next` branch (#8380)
- fb2eefc chore(deps): bump @ sideway/formula from 3.0.0 to 3.0.1 (#8375)
- 773a372 chore(SCA): remove all whitesource configs (#8371)
- 718924b chore(deps): bump json5 and babel-plugin-module-resolver (#8369)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
