summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-03-03 22:28:38 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2021-03-03 22:28:58 +0000
commit5fc81825b645b13c3ecd49ec727bdf2162d15922 (patch)
tree368b93662efdfdd63acfacffa9a934c5ebb78deb
parentaf4486c9f7697f5186bcef08000ca954793bc31b (diff)
downloadgitlab-ce-5fc81825b645b13c3ecd49ec727bdf2162d15922.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-9-stable-ee
-rw-r--r--changelogs/unreleased/security-upgrade-swagger-ui.yml5
-rw-r--r--package.json2
-rw-r--r--yarn.lock8
3 files changed, 10 insertions, 5 deletions
diff --git a/changelogs/unreleased/security-upgrade-swagger-ui.yml b/changelogs/unreleased/security-upgrade-swagger-ui.yml
new file mode 100644
index 00000000000..280dd92e23e
--- /dev/null
+++ b/changelogs/unreleased/security-upgrade-swagger-ui.yml
@@ -0,0 +1,5 @@
+---
+title: Fix XSS vulnerability for swagger file viewer
+merge_request:
+author:
+type: security
diff --git a/package.json b/package.json
index eb39884a1d9..66fc0668431 100644
--- a/package.json
+++ b/package.json
@@ -126,7 +126,7 @@
"sql.js": "^0.4.0",
"string-hash": "1.1.3",
"style-loader": "^1.3.0",
- "swagger-ui-dist": "^3.32.4",
+ "swagger-ui-dist": "^3.43.0",
"three": "^0.84.0",
"three-orbit-controls": "^82.1.0",
"three-stl-loader": "^1.0.4",
diff --git a/yarn.lock b/yarn.lock
index 3d8f9242f54..d3b92e7e2f3 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -11421,10 +11421,10 @@ svg-tags@^1.0.0:
resolved "https://registry.yarnpkg.com/svg-tags/-/svg-tags-1.0.0.tgz#58f71cee3bd519b59d4b2a843b6c7de64ac04764"
integrity sha1-WPcc7jvVGbWdSyqEO2x95krAR2Q=
-swagger-ui-dist@^3.32.4:
- version "3.32.4"
- resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-3.32.4.tgz#6fa920a99e38eaaf129580ac158cf730494a2190"
- integrity sha512-3qUqK131a5nqGdDJhLflTNzvrjZgjBlINYNx+Jm5lw/Va88Lcu5iyjUupY3Js/Kf326z1XtXkrr6TbvE6r925g==
+swagger-ui-dist@^3.43.0:
+ version "3.43.0"
+ resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-3.43.0.tgz#b064a2cec1d27776f9a124bc70423cfa0bbc0d3f"
+ integrity sha512-PtE+g23bNbYv8qqAVoPBqNQth8hU5Sl5ZsQ7gHXlO5jlCt31dVTiKI9ArHIT1b23ZzUYTnKsFgPYYFoiWyNCAw==
symbol-observable@^1.0.2:
version "1.2.0"