chore(swagger): Upgrade SpringFox and Swagger #827
Conversation
| @@ -133,13 +129,13 @@ private BasePathProvider(String basePath, String documentationPath) { | |||
| } | |||
|
|
|||
| @Override | |||
| protected String applicationPath() { | |||
There was a problem hiding this comment.
They deprecated AbstractPathProvider in this version, and the docs are not great around path customization, so this is my current guess as to what needs to change, but needs testing. If anyone knows what effect basePath had in the original implementation, please let me know.
|
|
||
| @EnableSwagger2 |
There was a problem hiding this comment.
Following the (very light on detail) migration instructions here: https://github.com/springfox/springfox#migrating-from-existing-2x-version
luispollo
force-pushed
the
upgrade-springfox
branch
from
af9969e
to
8d31c9e
Compare
| @@ -127,7 +127,7 @@ dependencies { | |||
| api("io.mockk:mockk:1.10.0") | |||
| api("io.springfox:springfox-swagger-ui:${versions.springfoxSwagger}") | |||
| api("io.springfox:springfox-swagger2:${versions.springfoxSwagger}") | |||
| api("io.swagger:swagger-annotations:${versions.swagger}") | |||
| api("io.swagger.core.v3:swagger-annotations:${versions.swagger}") | |||
There was a problem hiding this comment.
This may break services using annotations, I'm not sure yet. Second thing to verify. SpringFox uses different deps for v2 and v3: https://github.com/springfox/springfox/blob/9722b7e3a41208bc3e7c0409aa3e63fc27a66f52/gradle/dependencies.gradle#L61-L68
|
This will need to be tested inside of Gate, too. |
|
Any updates on this? Would solve a Cross-Scripting XSS attack vulnerability that is in kork's current version of swagger-ui https://snyk.io/vuln/maven:io.springfox%3Aspringfox-swagger-ui |
Upgrades SpringFox, which brings with it a newer/better version of Swagger. Among other things, this fixes the forever-annoying issue with the Swagger UI not properly auto-scrolling and auto-expanding a linked API section.
I haven't been able to test this yet, hence the draft. Something in the updated dependency tree broke loading of one of keel's plugins. 😞 If anyone has some spare cycles and could try this with another service, it would be greatly appreciated.
Heads-up: the new version changes the Swagger UI path from
/swagger-ui.htmlto/swagger-ui/index.html. There's no way to customize that as far as I've seen. Not sure how big of a deal that would be.