potiuk commented on code in PR #37638:
URL: https://github.com/apache/airflow/pull/37638#discussion_r1509367562
##########
pyproject.toml:
##########
@@ -83,7 +83,7 @@ dependencies = [
# The usage was added in #30596, seemingly only to override and improve
the default error message.
# Either revert that change or find another way, preferably without using
connexion internals.
# This limit can be removed after
https://github.com/apache/airflow/issues/35234 is fixed
- "connexion[flask]>=2.10.0,<3.0",
+ "connexion[flask,uvicorn,swagger-ui]>=3.0",
Review Comment:
Hey @Satoshi-Sh -> I looked at the history of swaggers, and I think we
should attempt to update the swagger-ui-dist instead (sorry :( - I hope
setting up the things in https://github.com/sudiptob2/airflow/pull/8 and the
hint from @Taragolis abobve - will help configuring the dist one.
The thing is that the one that we can install from PyPI is already pretty
old - and it's only a question of time when some vulnerabilities will be found
in it. If you look here -
https://pypi.org/project/swagger-ui-bundle/1.1.0/#files the one from November
bundles the javascript for swagger `4.15.5` which has been released a year ago
https://www.npmjs.com/package/swagger-ui-dist/v/4.15.5 where we are currently
at https://www.npmjs.com/package/swagger-ui-dist/v/5.11.8 released 7 days ago.
So if we could attempt to use the sdist one - that is way better. However it
might turn out that there will be a compatibility problem with the connexion
and 5.* line of swagger - @RobbeSneyders - maybe you can comment on that - do
you foresee any problem with attempting to use swager-ui-dist 5.* version with
Connexion 3 ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
