JGoldman110 commented on issue #28381: URL: https://github.com/apache/airflow/issues/28381#issuecomment-1372358035
> Looking at the directory structure, swagger 3.52.0 is also present (as well as 2.2.10), both in almost exactly the same location. If we just excluded the connexion swaggerUI dep, might connexion automatically pick up the newer version? connexion is already using 3.52.0 as we are using openapi version [`3.0.3`](https://github.com/apache/airflow/blob/2.5.0/airflow/api_connexion/openapi/v1.yaml#L18), so I am unsure if this vulnerability is still executable if we are using swagger-ui 3.52.0, but the 2.2.10 version is present? https://github.com/spec-first/connexion/blob/2.14.1/connexion/options.py#L29-L31 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
