kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,663 Commits 1 Branch 0 Tags
255142acd00d5e978d6faae5fdce532de103fc1b
Commit Graph

76 Commits

Author SHA1 Message Date
Vladimír Gorej
6e0cc0e491 fix(docker): address multiple HIGH security vulnerabilities (#10410) 2025-04-10 12:43:34 +02:00
Vladimír Gorej
3dc2cd6dc2 fix(docker): fix security issues CVE-2024-56171, CVE-2025-24928 (#10351) 2025-03-10 11:05:46 +01:00
Vladimír Gorej
80d56c9518 feat: apply cumulative update to address various issues (#10324) 2025-02-27 11:12:42 +01:00
dependabot[bot]
d194c832fb chore(deps): bump nginx from 1.27.3-alpine to 1.27.4-alpine (#10283) 
Bumps nginx from 1.27.3-alpine to 1.27.4-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-17 16:42:04 +01:00
dependabot[bot]
5bf8e57e1b chore(deps): bump nginx from 1.27.2-alpine to 1.27.3-alpine (#10231) 2024-12-02 23:51:27 +00:00
Dmytro Bondar
05b7aff80c chore(docker): disable apk cache (#10203) 
Refs #10192 
Refs #10198
 2024-11-07 12:25:08 +01:00
Vladimír Gorej
3e3dfc6cae fix(docker): return explicit Node.js installation (#10198) 
Refs #10195
 2024-11-05 22:00:52 +01:00
Vladimír Gorej
d849b746b6 chore(docker): remove explicit Node.js install (#10192) 2024-11-05 12:39:10 +01:00
dependabot[bot]
4d9ec4fb0e chore(deps): bump nginx from 1.27.0-alpine to 1.27.2-alpine (#10163) 2024-10-07 23:06:09 +00:00
dependabot[bot]
c47be91ce6 chore(deps): bump nginx from 1.26.0-alpine to 1.27.0-alpine (#9997) 2024-06-03 23:44:55 +00:00
dependabot[bot]
04d026f9a2 chore(deps): bump nginx from 1.25.5-alpine to 1.26.0-alpine (#9886) 2024-04-29 11:11:32 +00:00
dependabot[bot]
fee426b6aa chore(deps): bump nginx from 1.25.4-alpine to 1.25.5-alpine (#9859) 2024-04-22 11:08:53 +00:00
Vladimír Gorej
a94dd2808b fix(docker): fix CVE-2024-27983 related to Node.js (#9786) 2024-04-08 10:05:31 +02:00
Vladimír Gorej
363b3abbd6 fix(docker): fix libexpat vulnerability (#9602) 2024-02-15 11:16:05 +01:00
Vladimír Gorej
e60012736b fix(docker): fix libexpat vulnerability (#9601) 2024-02-15 10:59:34 +01:00
Vladimír Gorej
770fb9d2ad fix(docker): fix libexpat vulnerability (#9600) 2024-02-15 10:54:18 +01:00
Vladimír Gorej
f9ecb01aa8 fix(docker): disallow embedding SwaggerUI served from docker by default (#9520) 2024-01-26 15:57:18 +01:00
dependabot[bot]
11a53377ef chore(deps): bump nginx from 1.25.2-alpine to 1.25.3-alpine (#9348) 2023-10-30 11:34:53 +00:00
dependabot[bot]
4454cbeea8 chore(deps): bump nginx from 1.25.1-alpine to 1.25.2-alpine (#9149) 2023-08-21 11:22:58 +00:00
Vladimír Gorej
58f83b6195 fix(docker): fix libtiff NULL Pointer dereference issue (#9034) 
Refs https://security.snyk.io/vuln/SNYK-ALPINE317-TIFF-5747689
 2023-07-17 18:48:15 +02:00
Vladimír Gorej
45e9ece967 fix(docker): update libtiff to non-vulnerable version (#9033) 
Refs CVE-2023-0801
Refs 2ff8986dbc
 2023-07-17 18:35:32 +02:00
Vladimír Gorej
2ff8986dbc fix(docker): remove vulnerable libtiff (#9032) 
We will keep the removal in the image untill
it's fixed in upstream nginx base image.

Ref CVE-2023-0801
 2023-07-17 17:14:41 +02:00
dependabot[bot]
671b0f5f34 chore(deps): bump nginx from 1.25.0-alpine to 1.25.1-alpine (#8941) 2023-06-19 12:01:48 +00:00
Vladimír Gorej
1f7bb89217 refactor(docker): use templating to handle env variables (#8878) 
Refs #8877
 2023-06-02 16:05:08 +02:00
Vladimír Gorej
4f2fb10eb5 chore(docker): update Dockerfile base image to nginx:1.25.0-alpine (#8712) 
Refs #8697
 2023-05-25 12:53:24 +02:00
Ben Konicek
da48ea14b5 chore(docker): update Dockerfile base image to nginx:1.24.0-alpine (#8697) 
This update fixes following CVEs:
  - CVE-2023-29469
  - CVE-2023-28484⁠
 2023-05-24 12:11:01 +02:00
dependabot[bot]
b45938255b chore(deps): bump nginx from 1.23.3-alpine to 1.23.4-alpine (#8542) 2023-04-03 12:02:33 +00:00
Vladimír Gorej
a88f02bfef fix(docker): use vulnerability free Node.js=>18.14.1-r0 (#8440) 
Node.js@18.12.1-r0 got installed by default.
CVE-2023-24807 was manifesting in image security
scans.

Refs https://github.com/swagger-api/swagger-ui/actions/runs/4310624218/jobs/7519243077
 2023-03-02 15:56:54 +01:00
dependabot[bot]
f3c6a2552d chore(deps): bump nginx from 1.23.2-alpine to 1.23.3-alpine (#8327) 2022-12-19 11:11:22 +00:00
dependabot[bot]
95463759c6 chore(deps): bump nginx from 1.23.1-alpine to 1.23.2-alpine (#8247) 2022-10-24 11:15:49 +00:00
Vladimír Gorej
3524fdb2ef chore(security): use minimum 16.17.1-r0 in docker image (#8222) 2022-10-11 10:42:00 +02:00
dependabot[bot]
adde0fabbf chore(deps): bump nginx from 1.23.0-alpine to 1.23.1-alpine (#8121) 2022-07-25 11:29:22 +00:00
dependabot[bot]
a90de72b13 chore(deps): bump nginx from 1.21.6-alpine to 1.23.0-alpine (#8078) 
Bumps nginx from 1.21.6-alpine to 1.23.0-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-07-19 13:02:01 -07:00
Damien Léger
fb63df35b5 improvement(docker): smaller image (#7470) 2022-04-01 10:13:28 -07:00
Matthias Blümel
2879773f3f improvement(docker): migrate run.sh to docker-entrypoint.d-script (#7915) (#7916) 
Co-authored-by: Tim Lai <timothy.lai@gmail.com>
 2022-03-21 15:25:56 -07:00
dependabot[bot]
23c3eadb28 chore(deps): bump nginx from 1.21.5-alpine to 1.21.6-alpine (#7812) 2022-01-31 11:17:35 +00:00
dependabot[bot]
7cecd1e2eb chore(deps): bump nginx from 1.21.4-alpine to 1.21.5-alpine (#7731) 2022-01-03 11:19:05 +00:00
dependabot[bot]
0e5bc25466 chore(deps): bump nginx from 1.21.3-alpine to 1.21.4-alpine 
Bumps nginx from 1.21.3-alpine to 1.21.4-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2021-11-15 17:10:45 +01:00
dependabot[bot]
0a53e08ac5 chore(deps): bump nginx from 1.21-alpine to 1.21.3-alpine (#7585) 
Bumps nginx from 1.21-alpine to 1.21.3-alpine.

---
updated-dependencies:
- dependency-name: nginx
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vladimir Gorej <vladimir.gorej@gmail.com>
 2021-11-03 11:52:49 +01:00
Vladimir Gorej
3c9061e6b4 fix(Dockerfile): fix security issue in docker image 
Refs #7445
 2021-09-13 15:04:09 +03:00
Vladimir Gorej
325909fb6a build(docker): fix docker image Node.js security issue 
Refs #7445
 2021-08-11 10:04:57 +02:00
Christian Mehlmauer
5217366c09 add swagger url option (#6122) 2020-06-09 16:49:15 -07:00
renovate[bot]
703fc08d17 housekeeping(deps): update nginx docker tag to v1.19 (#6052) 
Co-authored-by: Renovate Bot <bot@renovateapp.com>
 2020-06-03 13:35:27 -07:00
renovate[bot]
408e6092f9 housekeeping(deps): update nginx docker tag to v1.17 (via #5485) 2019-08-22 22:11:37 -07:00
Jens Reimann
e435122e5e Allow this to run in a non-root enviroment 2019-07-23 11:37:59 +02:00
kyle
604c7b420f fix: generate gzipped Docker assets at runtime (via #5219) 2019-03-05 15:49:45 -08:00
Yann Odeyer
dd961ed401 improvement(docker): gzip static files (via #5199) 2019-03-01 21:06:40 -08:00
Drew Freyling
52ce2871a2 improvement(docker): smaller images via no-cache option (via #5157) 
* add no-cache option for smaller images

* move flag immediately after `apk`

adjusting to be as close to the example as possible: https://github.com/gliderlabs/docker-alpine/blob/master/docs/usage.md#disabling-cache
 2019-02-05 18:06:18 -06:00
Segev Finer
dd34393ea2 improvement(docker): avoid caching mounted json/yml/yaml assets (via #5151) 2019-02-02 00:14:48 -06:00
kyle
c6eb8edb5f feature: Docker OAuth block support (via #4987) 
* add `onFound` callback to schemas
* add warning to method docs (for #4957)
* implement Docker OAuth2 init block support
* update docs
* add OAUTH_SCOPE_SEPARATOR
* drop OAuth env from Dockerfile and run script
* don't indent the first oauth block line
* drop unused `dedent` import
* touch up warning message
* add more test cases
* return an empty block if no OAuth content is generated
* fix broken doc line
 2018-11-01 18:52:13 -04:00