Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Upgrade swagger-ui-react from 4.12.0 to 4.19.1 #12047

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade swagger-ui-react from 4.12.0 to 4.19.1 #12047

wants to merge 1 commit into from

Conversation

terrytangyuan
Copy link
Member

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade swagger-ui-react from 4.12.0 to 4.19.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 25 versions ahead of your current version.
  • The recommended version was released 4 months ago, on 2023-06-12.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Cross-site Scripting (XSS)
SNYK-JS-BRAINTREESANITIZEURL-3330766		 484/1000
Why? Has a fix available, CVSS 5.4		 No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@snyk-bot
fix: upgrade swagger-ui-react from 4.12.0 to 4.19.1
ed08fd4 
Snyk has created this PR to upgrade swagger-ui-react from 4.12.0 to 4.19.1.

See this package in npm:


See this project in Snyk:
https://app.snyk.io/org/terrytangyuan/project/39510b2b-fea4-422d-aa9e-9b6802cde6a5?utm_source=github&utm_medium=referral&page=upgrade-pr
@agilgur5 agilgur5 added type/dependencies PRs and issues specific to updating dependencies javascript Pull requests that update Javascript dependencies labels Oct 20, 2023
@agilgur5
Copy link
Member

agilgur5 commented Oct 20, 2023
edited
Loading

@terrytangyuan thought you turned off Snyk per #11844 (comment)?

It is also failing on DCO, PR check, and deduping deps. I was going to make a similar PR myself after #12036 as this was the one UI dep that needed a manual update and test. So we can close this out in favor of that anyway.

But do want to make sure your settings are correctly off for Snyk 😅

@terrytangyuan terrytangyuan deleted the snyk-upgrade-a25dd0042577f83be4f4a2df6bd043d0 branch October 20, 2023 15:23
@terrytangyuan
Copy link
Member Author

Somehow it's changed back. I have no idea why. I just turned it off again.

@agilgur5 agilgur5 added the type/security Security related label Oct 20, 2023
@agilgur5 agilgur5 mentioned this pull request Oct 21, 2023
Merged
@agilgur5
Copy link
Member

Properly upgraded in #12058

@agilgur5 agilgur5 added the solution/duplicate This issue or PR is a duplicate of an existing one label Oct 21, 2023
@agilgur5 agilgur5 added solution/superseded This PR or issue has been superseded by another one (slightly different from a duplicate) and removed solution/duplicate This issue or PR is a duplicate of an existing one labels Feb 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@terrytangyuan terrytangyuan

Labels
javascript Pull requests that update Javascript dependencies solution/superseded This PR or issue has been superseded by another one (slightly different from a duplicate) type/dependencies PRs and issues specific to updating dependencies type/security Security related
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@terrytangyuan @agilgur5 @snyk-bot