JGoldman110 commented on issue #28381: URL: https://github.com/apache/airflow/issues/28381#issuecomment-1376674171
We could wait for this, but not sure when their next release is, seems latest connexion 2.14.1 was released in August 2022. Their forked swagger ui bundle includes two versions of the swagger UI as well `4.4.0` and `4.15.5`. I think there is an argument to include/manage the swagger UI version we want on airflow side that way in future we can upgrade independently of connexion and not carry multiple versions of the ui in airflow. The versions of swagger-ui `4.4.0` and `4.15.5` both support our current openapi spec version `3.0.3`. So if we were to wait or switch to new version of connexion when it is available, bumping the version should be fine. My vote would be to install on airflow side to resolve cve as soon as possible. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
