Skip to content

R11DT-3830 - [axios] - Swagger-UI security vulnerability#203

Merged
OS-joaomurgeiro merged 1 commit intob11from
R11DT-3830-axios-vul
Apr 17, 2026
Merged

R11DT-3830 - [axios] - Swagger-UI security vulnerability#203
OS-joaomurgeiro merged 1 commit intob11from
R11DT-3830-axios-vul

Conversation

@OS-joaomurgeiro
Copy link
Copy Markdown

@OS-joaomurgeiro OS-joaomurgeiro commented Apr 15, 2026

Description

Pin swagger-client to "=3.37.2" to overcome CVE-2025-62718.

While we are at it, tackle other security vulnerabilities in the repo ( pin dompurify to "=3.4.0" and pin lodash to "=4.18.1" ) and minimize dev vulnerabilities.

Result:

image

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@OS-joaomurgeiro OS-joaomurgeiro self-assigned this Apr 15, 2026
@OS-joaomurgeiro OS-joaomurgeiro requested a review from a team as a code owner April 15, 2026 16:41
rmb-guerra
rmb-guerra previously approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown

@rmb-guerra rmb-guerra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@OS-joaomurgeiro OS-joaomurgeiro merged commit f8211aa into b11 Apr 17, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rmb-guerra rmb-guerra rmb-guerra approved these changes

@osjlopes osjlopes Awaiting requested review from osjlopes osjlopes is a code owner automatically assigned from OutSystems/rd-o11-frontend-runtime

@mvios mvios Awaiting requested review from mvios mvios is a code owner automatically assigned from OutSystems/rd-o11-frontend-runtime

@OS-rodrigolopes OS-rodrigolopes Awaiting requested review from OS-rodrigolopes OS-rodrigolopes is a code owner automatically assigned from OutSystems/rd-o11-frontend-runtime

@OS-josecunha OS-josecunha Awaiting requested review from OS-josecunha OS-josecunha is a code owner automatically assigned from OutSystems/rd-o11-frontend-runtime

@OS-miguelfreitas OS-miguelfreitas Awaiting requested review from OS-miguelfreitas

@OS-alexandretome OS-alexandretome Awaiting requested review from OS-alexandretome

Assignees

@OS-joaomurgeiro OS-joaomurgeiro

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@OS-joaomurgeiro @OS-miguelfreitas @OS-alexandretome @rmb-guerra