Skip to content

Can we update the required minimum version of Swashbuckle.AspNetCore.SwaggerGen? #220

Description

@mbp

This library depends on Swashbuckle.AspNetCore.SwaggerGen = 10.0.0

However, there is a transitive vulnerability on Microsoft.OpenAPI v2.3.0

Package 'Microsoft.OpenApi' 2.3.0 has a known high severity vulnerability, GHSA-v5pm-xwqc-g5wc

└── MicroElements.Swashbuckle.FluentValidation (v7.1.7)                                                                                                                                                                                       
    └── Swashbuckle.AspNetCore.SwaggerGen (v10.0.0)                                                                                                                                                                                           
      └── Swashbuckle.AspNetCore.Swagger (v10.0.0)                                                                                                                                                                                          
        └── Microsoft.OpenApi (v2.3.0)    

If you update the requirement to depend on Swashbuckle.AspNetCore.SwaggerGen 10.2.1, then this release updated to a non-vulnerable dependency: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/releases/tag/v10.2.1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions