Skip to content

IOEXT-1849: Update swagger-client to ^3.36.2 to fix CVE-2026-26996#108

Merged
pru55e11 merged 1 commit intomasterfrom
IOEXT-1849-update-swagger-client
Mar 31, 2026
Merged

IOEXT-1849: Update swagger-client to ^3.36.2 to fix CVE-2026-26996#108
pru55e11 merged 1 commit intomasterfrom
IOEXT-1849-update-swagger-client

Conversation

@pru55e11
Copy link
Copy Markdown
Contributor

@pru55e11 pru55e11 commented Feb 21, 2026
edited
Loading

Update swagger-client from ^3.35.6 to ^3.36.2. The previous version range could resolve to versions that pulled in minimatch <10.2.1 transitively, which is vulnerable to ReDoS (CVE-2026-26996, CVSS 7.5-8.7 HIGH). The updated swagger-client resolves minimatch@10.2.2 via @swagger-api/apidom-reference, eliminating the vulnerability.

Jira: https://jira.corp.adobe.com/browse/IOEXT-1849

Description

Related Issue

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • I have signed the Adobe Open Source CLA.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 21, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@pru55e11 pru55e11 force-pushed the IOEXT-1849-update-swagger-client branch from ad579c4 to 88b9f34 Compare February 21, 2026 02:16
@pru55e11
IOEXT-1849: Update swagger-client to ^3.36.2 to fix CVE-2026-26996
8d686f0 
Update swagger-client from ^3.35.6 to ^3.36.2. The previous version range
could resolve to versions that pulled in minimatch <10.2.1 transitively,
which is vulnerable to ReDoS (CVE-2026-26996, CVSS 7.5-8.7 HIGH). The updated
swagger-client resolves minimatch@10.2.2 via @swagger-api/apidom-reference,
eliminating the vulnerability.

Jira: https://jira.corp.adobe.com/browse/IOEXT-1849
@pru55e11 pru55e11 force-pushed the IOEXT-1849-update-swagger-client branch from 88b9f34 to 8d686f0 Compare February 21, 2026 02:17
@thedoc31
Copy link
Copy Markdown

thedoc31 commented Mar 13, 2026

@purplecabbage @shazron @pru55e11 When can we get a release including this?

@pru55e11 pru55e11 merged commit 82947c3 into master Mar 31, 2026
11 checks passed
@pru55e11 pru55e11 deleted the IOEXT-1849-update-swagger-client branch March 31, 2026 00:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shazron shazron shazron approved these changes

@purplecabbage purplecabbage purplecabbage approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@pru55e11 @thedoc31 @shazron @purplecabbage