Fix CVE-2026-27212: Update swiper peer dependency to ^12.1.2 by Copilot · Pull Request #9355 · microsoft/AdaptiveCards

Copilot · 2026-03-05T07:41:11Z

Related Issue

Description

swiper >= 6.5.1, < 12.1.2 has a prototype pollution vulnerability (CVE-2026-27212). Since npm 7+ auto-installs peer dependencies, consumers of adaptivecards were transitively exposed.

source/nodejs/adaptivecards/package.json: Bump peerDependencies.swiper from ^11.0.7 → ^12.1.2

 "peerDependencies": {
-  "swiper": "^11.0.7"
+  "swiper": "^12.1.2"
 }

Sample Card

N/A

How Verified

Confirmed swiper@11.0.7 is flagged by the GitHub Advisory Database under CVE-2026-27212 (prototype pollution, affected >= 6.5.1, < 12.1.2)
Confirmed swiper@12.1.2 returns no vulnerabilities from the same advisory database
No code behavior changes; this is a version constraint update only — no new unit tests required

Original prompt

This section details on the original issue you should resolve

<issue_title>Critical severity dependence through swiper (CVE-2026-27212)</issue_title>
<issue_description>The npm package adaptivecard contains a peer dependency on Swiper in the package.json. Since npm 7, peer dependencies are automatically installed. This currently installs a version of swiper with the CVE-2026-27212.

Please update the peer dependency of Swiper to version 12.1.2.

</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes Critical severity dependence through swiper (CVE-2026-27212) #9354

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Co-authored-by: pranav-gupta-msft <88364044+pranav-gupta-msft@users.noreply.github.com>

Initial plan

1a63296

Copilot AI assigned Copilot and pranav-gupta-msft Mar 5, 2026

Copilot started work on behalf of pranav-gupta-msft March 5, 2026 07:41 View session

chore: update swiper peer dependency to ^12.1.2 to fix CVE-2026-27212

1106cd7

Co-authored-by: pranav-gupta-msft <88364044+pranav-gupta-msft@users.noreply.github.com>

Copilot AI changed the title ~~[WIP] Update Swiper peer dependency to version 12.1.2~~ Fix CVE-2026-27212: Update swiper peer dependency to ^12.1.2 Mar 5, 2026

Copilot finished work on behalf of pranav-gupta-msft March 5, 2026 07:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix CVE-2026-27212: Update swiper peer dependency to ^12.1.2#9355

Fix CVE-2026-27212: Update swiper peer dependency to ^12.1.2#9355
Copilot wants to merge 2 commits intomainfrom
copilot/update-swiper-peer-dependency

Copilot AI commented Mar 5, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

Copilot AI commented Mar 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Related Issue

Description

Sample Card

How Verified

Comments on the Issue (you are @copilot in this section)

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Copilot AI commented Mar 5, 2026 •

edited

Loading