JGoldman110 commented on issue #28381:
URL: https://github.com/apache/airflow/issues/28381#issuecomment-1371638000
The maintainer of `swagger-ui-bundle` has abandoned the project, and this is
a dependency of the `connexion[swagger-ui]` extra. I don't see any alternative
python package which bundles swagger-ui static files. One solution I see is
that we can remove `swagger-ui` extra for connexion package, add the static
swagger-ui files as a airflow vendor dependency and then set the following
connexion configuration to tell connexion where to find swagger static files.
```
@property
def openapi_console_ui_from_dir(self):
# type: () -> str
"""
Custom OpenAPI Console UI directory from where Connexion will serve
the static files.
Default: Connexion's vendored version of the OpenAPI Console UI.
"""
return self._options.get('swagger_path', self.swagger_ui_local_path)
```
@potiuk any thoughts on this approach? I guess you could make the argument
that `connexion` should make the fix, but maybe this could be a quick fix for
the CVE?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
