question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

RFC: migration from swagger-node-express to OpenAPI 3

See original GitHub issue

It has some vulns and it’s poorly maintained. Can we switch out to a different swagger library or so?

Can we follow: https://gist.github.com/camsjams/6c6ac145324786006972bedbf25ce1c4 ?

https://www.npmjs.com/advisories/782

I did find that it does appear to be possible to update swagger-node-express lodash dep to something that isn’t vulnerable and while that will provide some security and stability for a short period it’s only a short term fix. The proper fix appears to be a shift to openAPI… Anyone want this challenge? @muxator would you like a short term fix for now which will incur technical debt or do you want to wait for a longer term fix and risk someone exploiting the vuln on a live site? FWIW I’m not sure the vuln can be exploited through our implementation.

API functionality can be tested with cd src then npm test

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:8 (8 by maintainers)

github_iconTop GitHub Comments

1reaction
JohnMcLearcommented, Mar 22, 2020
0reactions
muxatorcommented, Apr 29, 2020

Closing this.

For documentation’s sake: this was implemented by #3786, and released in 1.8.3.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to Convert Your Existing APIs with Swagger Tools
Interested in migrating your existing APIs to OpenAPI specification 3.0? No worries, Swagger can make that easy for you! Learn more now.
Read more >
How to Convert Your Existing APIs with Swagger Tools
How can you get the most out of the OpenAPI 3.0 specification for your ... You may have APIs defined in Swagger 2.0...
Read more >
Migration from Swagger 2 to OpenAPI 3 - DEV Community ‍ ‍
Having your own API documented using Swagger 2 ready. Step 1 : getting ride of SpringFox dependencies. When we first implemented our Swagger,...
Read more >
Migration from Swagger 2 to OpenAPI 3 | by Erwan LE TUTOUR
Having your own API documented using Swagger 2 ready. Step 1 : getting ride of SpringFox dependencies. When we first implemented our Swagger,...
Read more >
Migrating from OpenAPI 3.0 to 3.1.0
To resolve the subset superset problem, contributors from both communities came together, and got these two specifications aligned. OpenAPI v3.0 ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found