Skip to content

update swagger-ui version#250

Closed
dhmlau wants to merge 2 commits intomasterfrom
update-dep
Closed

update swagger-ui version#250
dhmlau wants to merge 2 commits intomasterfrom
update-dep

Conversation

@dhmlau
Copy link
Member

@dhmlau dhmlau commented Sep 22, 2018

Description

When running npm i in this module, I got the following warning:

npm WARN deprecated swagger-ui@2.2.10: No longer maintained, please upgrade to swagger-ui@3.

This PR will update swagger-ui version in package.json.

@dhmlau dhmlau requested a review from bajtos as a code owner September 22, 2018 02:47
@dhmlau dhmlau self-assigned this Sep 22, 2018
virkt25
virkt25 reviewed Sep 24, 2018
View reviewed changes
Copy link

@virkt25 virkt25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Guessing 3.x has breaking changes?

@bajtos
Copy link
Member

bajtos commented Sep 24, 2018

Upgrading to swagger-ui@3 is a lot of effort. See #209 for the previous attempt made by @STRML .

The following issue is the biggest blocker:

loopback-swagger need to produce auth metadata - see strongloop/loopback-swagger#65

The pull request also says:

The npm package no longer exports a bundle. I'm not sure if this is intentional. For this reason, I've added a dev-only script to copy from github releases.

I think this is no longer relevant, we are successfully using https://www.npmjs.com/package/swagger-ui-dist in LB4.

bajtos
bajtos reviewed Sep 24, 2018
View reviewed changes
package.json
"loopback-swagger": "^5.0.0",
"strong-globalize": "^4.1.1",
"swagger-ui": "^2.2.5"
"swagger-ui": "^2.2.10"
Copy link
Member

@bajtos bajtos Sep 24, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request mentions upgrade to swagger-ui@3, but this change is upgrading only to 2.2.10. Since we are already using ^ version specifier, such change is not necessary at all - npm is going to install 2.2.10 anyway.

Copy link
Member Author

@dhmlau dhmlau Sep 30, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason I submit this PR is to get rid of the vulnerabilities. I thought the warnings go away when I change the version number. Let me try that again. thanks!

@dhmlau dhmlau mentioned this pull request Jan 30, 2019
Closed
2 tasks
@dhmlau
Copy link
Member Author

dhmlau commented Jan 30, 2019

Based on @bajtos' above comment and #254 is opened to investigate the work involved in upgrading swagger-ui version, I'm closing this PR.

@dhmlau dhmlau closed this Jan 30, 2019
@bajtos bajtos deleted the update-dep branch January 31, 2019 09:04
This was referenced Feb 4, 2019
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@bajtos bajtos bajtos left review comments

@virkt25 virkt25 virkt25 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@dhmlau dhmlau

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dhmlau @bajtos @virkt25