hughlunnon opened a new issue, #28381: URL: https://github.com/apache/airflow/issues/28381
### Apache Airflow version 2.5.0 ### What happened this issue https://github.com/apache/airflow/issues/18383 still isn't closed. It seems like the underlying swagger-ui bundle has been abandoned by its maintainer, and we should instead point swagger UI bundle to this version which is kept up-to-date https://github.com/bartsanchez/swagger_ui_bundle There are CVE scanner tools that notifies https://github.com/advisories/GHSA-c427-hjc3-wrfw using the apache/airflow:2.1.4 The python deps include swagger-ui-2.2.10 and swagger-ui-3.30.0 as part of the bundle. It is already included at ~/.local/lib/python3.6/site-packages/swagger_ui_bundle swagger-ui-2.2.10 swagger-ui-3.30.0 ### What you think should happen instead _No response_ ### How to reproduce _No response_ ### Operating System any ### Versions of Apache Airflow Providers _No response_ ### Deployment Docker-Compose ### Deployment details _No response_ ### Anything else _No response_ ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
