Skip to content

Update dependency swagger-ui to v3.38.0 #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dev-mend-for-github.1485827954.workers.dev[bot]
Copy link

@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot commented Mar 21, 2023

This PR contains the following updates:

Package Type Update Change
swagger-ui dependencies minor 3.2.2 -> 3.38.0

By merging this PR, the issue #1 will be automatically resolved and closed:

Severity CVSS Score Vulnerability
Critical Critical 9.3 CVE-2018-3750
Critical Critical 9.3 CVE-2019-17495
Critical Critical 9.3 CVE-2022-37601
High High 8.8 CVE-2019-10744
High High 8.7 CVE-2021-33623
High High 8.7 CVE-2022-24772
High High 8.7 CVE-2024-4068
High High 8.7 CVE-2024-4068
High High 8.6 CVE-2022-1650
High High 8.2 CVE-2022-24771
High High 7.7 CVE-2021-23424
High High 7.1 CVE-2018-3721
High High 7.1 CVE-2019-1010266
Medium Medium 6.9 CVE-2021-26539
Medium Medium 6.9 CVE-2021-26540
Medium Medium 6.9 CVE-2022-25887
Medium Medium 6.6 CVE-2021-23337
Medium Medium 6.6 WS-2022-0008
Medium Medium 6.5 WS-2019-0172
Medium Medium 6.3 CVE-2018-16487
Medium Medium 6.3 CVE-2022-24773
Medium Medium 6.1 CVE-2022-46175
Medium Medium 6.1 WS-2017-3770
Medium Medium 5.5 CVE-2020-28500
Medium Medium 5.4 WS-2018-0593
Medium Medium 5.3 CVE-2022-0122
Medium Medium 5.3 CVE-2022-0235
Medium Medium 5.3 WS-2019-0540
Medium Medium 4.8 CVE-2020-7608
Medium Medium 4.3 WS-2019-0171
Low Low 2.9 CVE-2020-7693

Release Notes

swagger-api/swagger-ui (swagger-ui)

v3.38.0: Swagger UI v3.38.0 Released!

Compare Source

Features
Bug Fixes

v3.37.2: Swagger UI v3.37.2 Released!

Compare Source

v3.37.1: Swagger UI v3.37.1 Released!

Compare Source

Warning

This is a failed release which is identical to v3.37.0. Please install v3.37.2 instead.

v3.37.0: Swagger UI v3.37.0 Released!

Compare Source

Features
Bug Fixes

v3.36.2: Swagger UI v3.36.2 Released!

Compare Source

Bug Fixes

v3.36.1: Swagger UI v3.36.1 Released!

Compare Source

Bug Fixes

v3.36.0: Swagger UI v3.36.0 Released!

Compare Source

Features
Bug Fixes

v3.35.2: Swagger UI v3.35.2 Released!

Compare Source

Bug Fixes

v3.35.1: Swagger UI v3.35.1 Released!

Compare Source

Bug Fixes

v3.35.0: Swagger UI v3.35.0 Released!

Compare Source

Bug Fixes
Features
  • curl: configuration setting to pass additional options to curl command for "Try it out" (#​6288) (cbe99c8)
  • swagger-ui-react: add deeplinking as prop (#​6424) (6b12f15)

v3.34.0: Swagger UI v3.34.0 Released!

Compare Source

Features
Refactor
  • build: increase maxEntrypointSize for core-js@3 (#​6419)
  • csp: Update how the JavaScript run function is invoked in oauth2-redirect.html (#​6393)

v3.33.0: Swagger UI v3.33.0 Released!

Compare Source

Bug Fixes
Features

v3.32.5: Swagger UI v3.32.5 Released!

Compare Source

Bug Fixes
  • operationTag: verify selectedServer exists before invoking (#​6335) (580e906)

v3.32.4: Swagger UI v3.32.4 Released!

Compare Source

Bug Fixes
  • remove unused and redux@4 non-compliant system method inside 'err' reducer (#​6330) (6742cbd)
  • deps: revert to redux@3 and react-redux@4 (#​6331) (e82aaae)

v3.32.3: Swagger UI v3.32.3 Released!

Compare Source

This release is intended to enable npm to include es2015 bundle files. There are no source code changes in this release.

Bug Fixes
  • build: add es-bundle to .npmignore non-exclusion list (#​6328) (560b428)

v3.32.2: Swagger UI v3.32.2 Released!

Compare Source

Bug Fixes
Security Update
  • deps: update react-syntax-highlighter from 12.2.1 to 13.5.0, which includes dependency security update fixed by [email protected] (#​6312)

Additional dependency updates via #​6317, #​6316, #​6313, #​6310

v3.32.1: Swagger UI 3.32.1 Released!

Compare Source

This release should properly include swagger-ui-es-bundle and swagger-ui-es-bundle-core in the /dist directory. There are no other source code changes in this release.

Bug Fixes

v3.32.0: Swagger UI 3.32.0 Released!

Compare Source

Features
  • build: SwaggerUI now also has an es2015 bundle artifact (#​6291) (2eaa6c1)
  • swagger-ui-react: SwaggerUI-React now also includes an es2015 module (#​6303) (c575324)
Bug Fixes

v3.31.1: Swagger UI 3.31.1 Released!

Compare Source

Bug Fixes

v3.31.0: Swagger UI 3.31.0 Released!

Compare Source

Bug Fixes
Features
  • Display minProperties an maxProperties for object schemas (#​6272) (fd5a59a)
  • swagger-ui-react: option for showMutatedRequest (#​6273) (b99ebe7)
  • swagger-ui-react: support for presets and defaultModelsExpandDepth (#​6275) (aebfccc)

v3.30.2: Swagger UI 3.30.2 Released!

Compare Source

Fixes
  • Remove LodashModuleReplacementPlugin that made v3.30.1 unusable (#​6255). Fixes #​6249.

v3.30.1: Swagger UI 3.30.1 Released!

Compare Source

Housekeeping

This build was reduced to 963 KiB

v3.30.0: Swagger UI 3.30.0 Released!

Compare Source

Features
Security

v3.29.0: Swagger UI 3.29.0 Released!

Compare Source

Features
Fixes
  • Docker: Bug where SWAGGER_JSON is used without mount (#​6212), closes #​6211
Housekeeping
Reverts

v3.28.0: Swagger UI 3.28.0 Released!

Compare Source

Bug Fixes
Features

v3.27.0: Swagger UI 3.27.0 Released!

Compare Source

Features
  • model view: hide applicable readOnly and writeOnly properties (#​5832) (f8dd4e6)
  • model view Added onLoad()s and tweaker onToggle() to support ScrollTo functionality for Models (#​5237)
  • Copy response to clipboard #​4300 (#​5278) (973e1f7)
  • Display example value in Swagger ReadOnly documentation mode (#​4422) (ca1b19a)
  • swagger-ui-react: add displayOperationId config support (#​5795) (bd1b297)
Bug Fixes
  • remove clipboard inline svg from a file with SASS (#​6148) (eeb0b73)
  • curlify agnostic to order of header values (#​6152) (b86e8e9), closes #​6082
  • Docker: case where SWAGGER_ROOT in conjunction with BASE_URL does not work (#​6147)
  • Call DomPurify.addHook only if it exists (#​5428)
Docs
  • Docs: Demonstrate a simple Webpack setup (#​5185)

v3.26.2: Swagger UI 3.26.2 Released!

Compare Source

Bug Fixes
  • update corrupted swagger-client from v3.10.6 to v3.10.7

v3.26.1: Swagger UI 3.26.1 Released!

Compare Source

⚠️ This release includes a security update with Markdown render.

Features
  • New OAUTH_SCOPES configuration property to select all/none/user_list to OAuth scopes popup (#​6037) (275c8f2)
  • Docker New SWAGGER_JSON_URL option to allow remote urls from Docker (#​6122)
  • Docker VALIDATOR_URL now has options to disable the validation badge (#​5994)
  • Various style improvements (#​6014) (#​5578) (#​5478)
Bug Fixes

v3.26.0: Swagger UI 3.26.0 Released!

Compare Source

Features
  • Allow to skip submitting empty values in form data (#​5830) (b9b32c9)
  • Add empty data param to cURL if no POST request body was given (#​6017)
Bug Fixes
  • set default supportedSubmitMethods (#​6030) (3b6942c)
  • OAS3 upload file when array items are type=string format=binary (#​6040)
  • support generated curl for PUT and PATCH requests (#​5960)
  • flaky test: bugs/4641 use wait on route alias (#​6048) (5bbd3e7)
Housekeeping
  • SwaggerClient version 3.10.6
  • dependency updates

v3.25.5: Swagger UI 3.25.5 Released!

Compare Source

Bug Fixes
  • entries can now be generally used again as a key name. special handling of non-FormData entries removed (#​6036) (68185dd), closes #​6033

v3.25.4: Swagger UI 3.25.4 Released!

Compare Source

Bug Fixes
  • bump swagger-client to version 3.10.4 and return back compatibility with node.js >= 4
  • allow entries as property name (#​6025) (3a65070)

v3.25.3: Swagger UI 3.25.3 Released!

Compare Source

Changelog
  • housekeeping: update release-it config
  • housekeeping: bump swagger-client version with package-lock (#​6008)
  • housekeeping: update dev-e2e-cypress-open script name (#​6005)
Bug Fixes

v3.25.2: Swagger UI 3.25.2 Released!

Compare Source

Changelog
  • feature: JsonSchema components are now ImmutableJS compliant (#​5952)
  • fix: remove clearValidation from onTryoutClick (#​5955)

v3.25.1: Swagger UI 3.25.1 Released!

Compare Source

No release summary included.

Changelog
  • improvement: render OAS3 parameter type formats (#​5796)
  • improvement: showCommonExtensions support for OAS3 parameters (#​5901)
  • improvement: support for supportedSubmitMethods property in react component (#​5376)
  • improvement: do not require basic password in UI (#​5812)
  • improvement: add isShownKey prop to Operation to allow overriding (#​5196)
  • fix(docker-image): send relative HTTP 301s from within container (#​5409)
  • fix: expanding model when query param showExtensions=true exists (#​5918)
  • fix: incorrect PropType in Model ImmutablePureComponent (#​5921)
  • fix: OAS3 online validator badge (#​5909)
  • housekeeping: add static distribution file documentation (#​5095)
  • housekeeping: update plugin api component for failSilently (#​5953)

v3.25.0: Swagger UI 3.25.0 Released!

Compare Source

No release summary included.

Changelog
  • feature(swagger-ui-react): defaultModelExpandDepth and plugins props (#​5594)
  • improvement: clear auth information from memory when logging out (#​5316)
  • improvement: use type 'password' instead of text for client secret (#​5262)
  • housekeeping(docs): https path for unpkg link (#​5769)
  • housekeeping: fix logo size (#​5702)
  • housekeeping: fix npm run lint and npm test on Windows (#​5737)
  • housekeeping: npm audit fix (#​5718, #​5772, #​5805)

v3.24.3: Swagger UI 3.24.3 Released!

Compare Source

Changelog
  • housekeeping: npm audit fix (#​5718)

v3.24.2: Swagger UI 3.24.2 Released!

Compare Source

This release reverts Swagger UI's upgrade to redux@^4 (via #​5569), which was causing test failures in downstream projects.

v3.24.1: Swagger UI 3.24.1 Released!

Compare Source

⚠️ This release includes security updates. You should upgrade to this version if you use Swagger UI to render untrusted documents.

Specifically, this version updates Swagger UI's dompurify dependency to ^2.0.7, which mitigates our exposure to dompurify's mXSS vulnerability that was disclosed earlier this week.

Changelog

v3.24.0: Swagger UI 3.24.0 Released!

Compare Source

Changelog
  • feature: add PKCE support for OAuth2 Authorization Code flows (#​5361)
  • fix: parameterMacro functionality for OAS3 (#​5617)
  • fix(validateParam): validate JSON values + support Parameter.content (#​5657)
  • fix: overweight dependencies in PKCE implementation (#​5658)

v3.23.11: Swagger UI 3.23.11 Released!

Compare Source

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

Changelog
  • fix: mitigate "sequential @import chaining" vulnerability (via #​5616)

v3.23.10: Swagger UI 3.23.10 Released!

Compare Source

This release fixes two bugs: one visual issue within static documentation, and another within runtime validation for Array-typed parameters.

Changelog
  • fix: <Select disabled> for type: string + enum schemas (#​5601)
  • fix: accept string-represented values in required array runtime validation (#​5609)

v3.23.9: Swagger UI 3.23.9 Released!

Compare Source

This release changes the default value for the validatorUrl configuration option from https://online.swagger.io/validator to https://validator.swagger.io/validator.

v3.23.8: Swagger UI 3.23.8 Released!

Compare Source

This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#​5583) that was introduced in v3.23.7.

v3.23.7: Swagger UI 3.23.7 Released!

Compare Source

This release includes new support for display and Try-It-Out functionality of OAS 3.0 Parameter.content values.

Changelog

v3.23.6: Swagger UI 3.23.6 Released!

Compare Source

This release fixes a React warning originating in Swagger UI and a CSS class name collision with Bootstrap 4.0.

It also includes several in-range updates to minimum dependency versions.

Changelog
  • fix: React warning related to "true" used as boolean (via #​5497)
  • fix: remove .col class that causes collision with Bootstrap (via #​5541)

v3.23.5: Swagger UI 3.23.5 Released!

Compare Source

This release includes a fix to our Markdown parsing implementation that should resolve display issues with certain Markdown strings.

C

@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot added the security fix Security fix generated by Mend label Mar 21, 2023
@dev-mend-for-github.1485827954.workers.dev

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot force-pushed the whitesource-remediate/swagger-ui-3.x branch from 90a660a to 723a76f Compare June 21, 2023 00:30
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot changed the title Update dependency swagger-ui to v3.26.0 Update dependency swagger-ui to v3.38.0 Jun 21, 2023
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot force-pushed the whitesource-remediate/swagger-ui-3.x branch from 723a76f to 93d512d Compare May 4, 2024 00:12
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot changed the title Update dependency swagger-ui to v3.38.0 Update dependency swagger-ui to v3.23.11 May 4, 2024
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot force-pushed the whitesource-remediate/swagger-ui-3.x branch from 93d512d to 355e65c Compare June 3, 2024 00:18
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot changed the title Update dependency swagger-ui to v3.23.11 Update dependency swagger-ui to v3.38.0 Jun 3, 2024
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot changed the title Update dependency swagger-ui to v3.38.0 Update dependency swagger-ui to v3.38.0 - autoclosed Sep 10, 2024
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot deleted the whitesource-remediate/swagger-ui-3.x branch September 10, 2024 15:31
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot restored the whitesource-remediate/swagger-ui-3.x branch September 11, 2024 07:02
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot changed the title Update dependency swagger-ui to v3.38.0 - autoclosed Update dependency swagger-ui to v3.38.0 Sep 11, 2024
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot changed the title Update dependency swagger-ui to v3.38.0 Update dependency swagger-ui to v3.26.0 Jan 16, 2025
@dev-mend-for-github.1485827954.workers.dev dev-mend-for-github.1485827954.workers.dev bot changed the title Update dependency swagger-ui to v3.26.0 Update dependency swagger-ui to v3.38.0 Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants