Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee

3 files changed, 10 insertions, 5 deletions

diff --git a/changelogs/unreleased/security-upgrade-swagger-ui.yml b/changelogs/unreleased/security-upgrade-swagger-ui.yml
new file mode 100644
index 00000000000..280dd92e23e
--- /dev/null
+++ b/changelogs/unreleased/security-upgrade-swagger-ui.yml
@@ -0,0 +1,5 @@
+---
+title: Fix XSS vulnerability for swagger file viewer
+merge_request:
+author:
+type: security
diff --git a/package.json b/package.json
index a5ca4851efa..9ba62279962 100644
--- a/package.json
+++ b/package.json
@@ -134,7 +134,7 @@
     "stickyfilljs": "^2.1.0",
     "string-hash": "1.1.3",
     "style-loader": "^1.3.0",
-    "swagger-ui-dist": "^3.32.4",
+    "swagger-ui-dist": "^3.43.0",
     "three": "^0.84.0",
     "three-orbit-controls": "^82.1.0",
     "three-stl-loader": "^1.0.4",
diff --git a/yarn.lock b/yarn.lock
index e21ccf83cc9..4fe6994ca4b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -11454,10 +11454,10 @@ svg-tags@^1.0.0:
   resolved "https://registry.yarnpkg.com/svg-tags/-/svg-tags-1.0.0.tgz#58f71cee3bd519b59d4b2a843b6c7de64ac04764"
   integrity sha1-WPcc7jvVGbWdSyqEO2x95krAR2Q=
 
-swagger-ui-dist@^3.32.4:
-  version "3.32.4"
-  resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-3.32.4.tgz#6fa920a99e38eaaf129580ac158cf730494a2190"
-  integrity sha512-3qUqK131a5nqGdDJhLflTNzvrjZgjBlINYNx+Jm5lw/Va88Lcu5iyjUupY3Js/Kf326z1XtXkrr6TbvE6r925g==
+swagger-ui-dist@^3.43.0:
+  version "3.43.0"
+  resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-3.43.0.tgz#b064a2cec1d27776f9a124bc70423cfa0bbc0d3f"
+  integrity sha512-PtE+g23bNbYv8qqAVoPBqNQth8hU5Sl5ZsQ7gHXlO5jlCt31dVTiKI9ArHIT1b23ZzUYTnKsFgPYYFoiWyNCAw==
 
 symbol-observable@^1.0.2:
   version "1.2.0"