RFC: migration from swagger-node-express to OpenAPI 3
See original GitHub issueIt has some vulns and it’s poorly maintained. Can we switch out to a different swagger library or so?
Can we follow: https://gist.github.com/camsjams/6c6ac145324786006972bedbf25ce1c4 ?
https://www.npmjs.com/advisories/782
I did find that it does appear to be possible to update swagger-node-express lodash dep to something that isn’t vulnerable and while that will provide some security and stability for a short period it’s only a short term fix. The proper fix appears to be a shift to openAPI… Anyone want this challenge? @muxator would you like a short term fix for now which will incur technical debt or do you want to wait for a longer term fix and risk someone exploiting the vuln on a live site? FWIW I’m not sure the vuln can be exploited through our implementation.
API functionality can be tested with cd src
then npm test
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (8 by maintainers)
https://openapi.tools/
Closing this.
For documentation’s sake: this was implemented by #3786, and released in 1.8.3.