+
Skip to content

update swagger ui - 5.22.0 - cve #6117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 5, 2025
Merged

update swagger ui - 5.22.0 - cve #6117

merged 1 commit into from
Jun 5, 2025

Conversation

denis-yuen
Copy link
Member

@denis-yuen denis-yuen commented Jun 4, 2025
edited
Loading

Description
Update for CVE-2024-47875 CVE-2025
dompurify inside swagger-ui

Review Instructions
Look for a little clipboard icon for copying URL fragments (screenshot attached).
Also the openapi badge shows 3.0 instead of just 3 in prep for 3.1 which this is compatible with.

Issue
https://ucsc-cgl.atlassian.net/browse/SEAB-7179

Security and Privacy

If there are any concerns that require extra attention from the security team, highlight them here and check the box when complete.

  • Security and Privacy assessed

e.g. Does this change...

  • Any user data we collect, or data location?
  • Access control, authentication or authorization?
  • Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

  • Check that you pass the basic style checks and unit tests by running mvn clean install
  • Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
  • Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
  • If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
  • Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
  • Do not serve user-uploaded binary images through the Dockstore API
  • Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
  • Do not create cookies, although this may change in the future
  • If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

@denis-yuen denis-yuen self-assigned this Jun 4, 2025
@denis-yuen
Copy link
Member Author

Contains two hints that we're on a newer swagger-ui, could also load an openapi 3.1
Screenshot from 2025-06-04 15-45-38

@codecov Codecov
Copy link

codecov bot commented Jun 4, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.17%. Comparing base (21521eb) to head (e963b18).
Report is 1 commits behind head on develop.

Additional details and impacted files 
@@              Coverage Diff              @@
##             develop    #6117      +/-   ##
=============================================
- Coverage      74.18%   74.17%   -0.01%     
+ Complexity      5660     5659       -1     
=============================================
  Files            389      389              
  Lines          20331    20331              
  Branches        2100     2100              
=============================================
- Hits           15082    15081       -1     
  Misses          4247     4247              
- Partials        1002     1003       +1
Flag Coverage Δ
bitbuckettests 25.93% <ø> (-0.01%) ⬇️
hoverflytests 27.62% <ø> (ø)
integrationtests 56.08% <ø> (ø)
languageparsingtests 10.82% <ø> (ø)
localstacktests 21.34% <ø> (ø)
toolintegrationtests 29.90% <ø> (ø)
unit-tests_and_non-confidential-tests 26.31% <ø> (ø)
workflowintegrationtests 37.36% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jun 4, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@denis-yuen denis-yuen marked this pull request as ready for review June 4, 2025 20:28
@denis-yuen denis-yuen requested review from a team, kathy-t and svonworl and removed request for a team June 4, 2025 21:09
@denis-yuen denis-yuen merged commit 0230f0b into develop Jun 5, 2025
24 checks passed
@denis-yuen denis-yuen deleted the feature/swagger-ui-update branch June 5, 2025 17:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@svonworl svonworl svonworl approved these changes

+1 more reviewer

@kathy-t kathy-t kathy-t approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@denis-yuen denis-yuen

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@denis-yuen @kathy-t @svonworl
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载