diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-03 22:28:27 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-03-03 22:28:42 +0000 |
commit | 6ae37f4da7ffbff4f5055f31396859f16ff7416d (patch) | |
tree | 4a81b4fd773ad9005e729820c1cc8f9652a8a6be | |
parent | 5a35a6727ae314dbd05c3b5cb54994f76cf08a1e (diff) | |
download | gitlab-ce-6ae37f4da7ffbff4f5055f31396859f16ff7416d.tar.gz |
Add latest changes from gitlab-org/security/gitlab@13-8-stable-ee
-rw-r--r-- | changelogs/unreleased/security-upgrade-swagger-ui.yml | 5 | ||||
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | yarn.lock | 8 |
3 files changed, 10 insertions, 5 deletions
diff --git a/changelogs/unreleased/security-upgrade-swagger-ui.yml b/changelogs/unreleased/security-upgrade-swagger-ui.yml new file mode 100644 index 00000000000..280dd92e23e --- /dev/null +++ b/changelogs/unreleased/security-upgrade-swagger-ui.yml @@ -0,0 +1,5 @@ +--- +title: Fix XSS vulnerability for swagger file viewer +merge_request: +author: +type: security diff --git a/package.json b/package.json index a5ca4851efa..9ba62279962 100644 --- a/package.json +++ b/package.json @@ -134,7 +134,7 @@ "stickyfilljs": "^2.1.0", "string-hash": "1.1.3", "style-loader": "^1.3.0", - "swagger-ui-dist": "^3.32.4", + "swagger-ui-dist": "^3.43.0", "three": "^0.84.0", "three-orbit-controls": "^82.1.0", "three-stl-loader": "^1.0.4", diff --git a/yarn.lock b/yarn.lock index e21ccf83cc9..4fe6994ca4b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11454,10 +11454,10 @@ svg-tags@^1.0.0: resolved "https://registry.yarnpkg.com/svg-tags/-/svg-tags-1.0.0.tgz#58f71cee3bd519b59d4b2a843b6c7de64ac04764" integrity sha1-WPcc7jvVGbWdSyqEO2x95krAR2Q= -swagger-ui-dist@^3.32.4: - version "3.32.4" - resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-3.32.4.tgz#6fa920a99e38eaaf129580ac158cf730494a2190" - integrity sha512-3qUqK131a5nqGdDJhLflTNzvrjZgjBlINYNx+Jm5lw/Va88Lcu5iyjUupY3Js/Kf326z1XtXkrr6TbvE6r925g== +swagger-ui-dist@^3.43.0: + version "3.43.0" + resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-3.43.0.tgz#b064a2cec1d27776f9a124bc70423cfa0bbc0d3f" + integrity sha512-PtE+g23bNbYv8qqAVoPBqNQth8hU5Sl5ZsQ7gHXlO5jlCt31dVTiKI9ArHIT1b23ZzUYTnKsFgPYYFoiWyNCAw== symbol-observable@^1.0.2: version "1.2.0" |