Update dependency swagger-ui to v3.38.0

[dev-mend-for-github.1485827954.workers.dev]

This PR contains the following updates:

Package	Type	Update	Change
swagger-ui	dependencies	minor	3.2.2 -> 3.38.0

By merging this PR, the issue #1 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability
Critical	9.3	CVE-2018-3750
Critical	9.3	CVE-2019-17495
Critical	9.3	CVE-2022-37601
High	8.8	CVE-2019-10744
High	8.7	CVE-2021-33623
High	8.7	CVE-2022-24772
High	8.7	CVE-2024-4068
High	8.7	CVE-2024-4068
High	8.6	CVE-2022-1650
High	8.2	CVE-2022-24771
High	7.7	CVE-2021-23424
High	7.1	CVE-2018-3721
High	7.1	CVE-2019-1010266
Medium	6.9	CVE-2021-26539
Medium	6.9	CVE-2021-26540
Medium	6.9	CVE-2022-25887
Medium	6.6	CVE-2021-23337
Medium	6.6	WS-2022-0008
Medium	6.5	WS-2019-0172
Medium	6.3	CVE-2018-16487
Medium	6.3	CVE-2022-24773
Medium	6.1	CVE-2022-46175
Medium	6.1	WS-2017-3770
Medium	5.5	CVE-2020-28500
Medium	5.4	WS-2018-0593
Medium	5.3	CVE-2022-0122
Medium	5.3	CVE-2022-0235
Medium	5.3	WS-2019-0540
Medium	4.8	CVE-2020-7608
Medium	4.3	WS-2019-0171
Low	2.9	CVE-2020-7693

---

Release Notes

swagger-api/swagger-ui (swagger-ui)

v3.38.0: Swagger UI v3.38.0 Released!

Compare Source

Features

• auth: Add OpenID Connect Discovery (OICD) support (#​3517) (#​6549) (0807687)

Bug Fixes

• components: fix keys rendering in React 16 using .entrySeq() (#​6685) (20a8987)
• security fixes applied in [email protected], [email protected], and [email protected]

v3.37.2: Swagger UI v3.37.2 Released!

Compare Source

• chore: update swagger-js to v3.12.1 which brings better support for $ref resolving (#​4765) (#​5625 )
• chore(release): fix release v3.37.1 release
• chore(package): allow auto-update of swagger-client (d3fb9ab)

v3.37.1: Swagger UI v3.37.1 Released!

Compare Source

Warning

This is a failed release which is identical to v3.37.0. Please install v3.37.2 instead.

v3.37.0: Swagger UI v3.37.0 Released!

Compare Source

Features

• swagger-ui-react: add support for layout prop (#​6639) (a6673d7)

Bug Fixes

• examples: properly update memoized value in non-schema case (#​6641) (d2ef8f3), closes #​6631
• xml: example generation if an array has an example (#​6634) (24225e4), closes #​6627

v3.36.2: Swagger UI v3.36.2 Released!

Compare Source

Bug Fixes

• duplicate labels in Servers UI (#​6568) (1f10240)
• externalDocs url for tags when using swagger v2.0 (#​6579) (6db4def)
• schema example: xml gen should follow json gen behavior (#​6555) (288c89b), closes #​6470 #​6540 #​4943
• cypress: oas3-request-body-required flakineess (#​6583) (64ae7af)

v3.36.1: Swagger UI v3.36.1 Released!

Compare Source

• swagger-client: update to v3.12.0. Fixes nested allOf/oneOf schema resolution in #​5194, #​5923, #​4672

Bug Fixes

• cypress: oas3-multiple-media-types flakiness (#​6571) (3925b0c), closes #​6570

v3.36.0: Swagger UI v3.36.0 Released!

Compare Source

Features

• support for showExtensions on Response objects (#​6535) (6a4e52a)

Bug Fixes

• auth: Allow PKCE for legacy AccessCode OAuth2 Grant Type (#​6011) (5a87c8a), closes #​6010
• auth: support for oauth2 relative url (#​6546) (0a807d6)
• auth: add additional autoFocus for http-auth component (#​6527) (8e3e059), closes #​6483
• response examples should respect media-type (#​6456) (87ab4e9)
• duplicate downloading of remote config (#​6544) (50e5f65)
• oauth redirect HTML title tag (#​6533) (17f140b)

v3.35.2: Swagger UI v3.35.2 Released!

Compare Source

Bug Fixes

• oas3: switching media types should update schema properties (#​6518) (3905fad), closes #​6201 #​6250 #​6476

• requestBody: hide read only properties (#​6490) (5065613)

• missing commas in response header values #​6183 (#​6515) (99fda81)

• add autofocus to auth fields (#​6483) (65ea764)

• style: preventing long strings from overflowing (#​5934) (#​6507) (4b2fddd)

• jest: add stub for errActions to prevent unhandled promise rejections #​6365 (#​6495) (537ad6d)

• jest: unknown prop initialValue on input tag (#​6506) (1af8678)

v3.35.1: Swagger UI v3.35.1 Released!

Compare Source

Bug Fixes

• parameter-row: rendering of default/example values of 0 (#​6454) (797929f)

• syntax-highlighter: configuration for Examples (#​6455) (b5e8081), closes #​5259

• examples multipart array sample generation for items (#​6461) (f4bdf2f)

• filter: avoid filtering by the strings "true/false" when enabled (#​6477) (aa53ec2)

• style: inconsistent background colors in code sections (#​6472) (1b11d5c)

• deprecate from "new Buffer" to "Buffer.from" (#​6489) (6c5e91d)

v3.35.0: Swagger UI v3.35.0 Released!

Compare Source

Bug Fixes

• auth: both array and Im.List scopes can be added to redirectURL (#​6416) (95fd3e7)
• swagger-ui-react: Use oneOfType in spec prop validation (fix #​6399) (#​6400) (52360a0)
• sample schema should stringify string values for content-type: text/json (#​6431) (ad630cc), closes #​6412
• try-it-out: required boolean default value set to empty string (#​6449) (f5c709f), closes #​6429

Features

• curl: configuration setting to pass additional options to curl command for "Try it out" (#​6288) (cbe99c8)
• swagger-ui-react: add deeplinking as prop (#​6424) (6b12f15)

v3.34.0: Swagger UI v3.34.0 Released!

Compare Source

Features

• Preserve authorization on browser refresh and close/reopen (#​5939) (96aecc8)
• build: use core-js@3 (#​6410) (ac41813)

Refactor

• build: increase maxEntrypointSize for core-js@3 (#​6419)
• csp: Update how the JavaScript run function is invoked in oauth2-redirect.html (#​6393)

v3.33.0: Swagger UI v3.33.0 Released!

Compare Source

Bug Fixes

• curlify: for -d, handle Immutable vs non-Immutable cases (#​6349) (0c60696)
• curlify: replace all occurrences of $ (#​6354) (89d57fc)
• Add entrySeq() to bodyProperties.map() (#​6267) (0199b47)
• Allowing servers dropdown to change when oas3Actions.setSelectedServer is called (#​6358) (5123b47), closes #​6351
• Updating select to pass in a better prop; updating test to do a better check (#​6385) (6ad418d), closes #​6372
• models view when object key contains deprecated:true (#​6371) (d4eea4d), closes #​6369
• style: servers environment select (#​6367) (7a63ba3)
• style: restore wrapping of long text in pre blocks (#​6377)

Features

• migrate unit tests to Jest (#​6353) (1a27c0a)

v3.32.5: Swagger UI v3.32.5 Released!

Compare Source

Bug Fixes

• operationTag: verify selectedServer exists before invoking (#​6335) (580e906)

v3.32.4: Swagger UI v3.32.4 Released!

Compare Source

Bug Fixes

• remove unused and redux@4 non-compliant system method inside 'err' reducer (#​6330) (6742cbd)
• deps: revert to redux@3 and react-redux@4 (#​6331) (e82aaae)

v3.32.3: Swagger UI v3.32.3 Released!

Compare Source

This release is intended to enable npm to include es2015 bundle files. There are no source code changes in this release.

Bug Fixes

• build: add es-bundle to .npmignore non-exclusion list (#​6328) (560b428)

v3.32.2: Swagger UI v3.32.2 Released!

Compare Source

Bug Fixes

• Models: onLoad should check this.props.layoutSelectors method (#​6307) (168d0ae), closes #​6305
• cypress: deep-linking tests should use cy.location (#​6309) (02e0515)
• cypress: tests should fail on uncaught exception (#​6308) (471c24d), closes #​6305
• cypress: use less restrictive 'include.text' assertion (#​6312)
• build: css stylesheets bundle config and dependency updates (#​6315) (20b32d8)

Security Update

• deps: update react-syntax-highlighter from 12.2.1 to 13.5.0, which includes dependency security update fixed by [email protected] (#​6312)

Additional dependency updates via #​6317, #​6316, #​6313, #​6310

v3.32.1: Swagger UI 3.32.1 Released!

Compare Source

This release should properly include swagger-ui-es-bundle and swagger-ui-es-bundle-core in the /dist directory. There are no other source code changes in this release.

Bug Fixes

• build: initialize new es-bundle files (#​6304) (c362329)

v3.32.0: Swagger UI 3.32.0 Released!

Compare Source

Features

• build: SwaggerUI now also has an es2015 bundle artifact (#​6291) (2eaa6c1)
• swagger-ui-react: SwaggerUI-React now also includes an es2015 module (#​6303) (c575324)

Bug Fixes

• Models: use specPath for isShownKey to toggle models (#​6200) (084b236)
• curl: escape $ in curl request bodies and headers (#​6245) (225a915), closes #​5390
• OAS3: relative urls is now supported (#​5341) (d9f5691)
• OAS3: servers component update on definition change (#​6280) (22668ee)
• requestInterceptor: use async/await to support return new Promise (#​6279) (abcc383), closes #​4778
• html specify charset utf-8 in html script declaration (#​6278) (d7d166d), closes #​5311

v3.31.1: Swagger UI 3.31.1 Released!

Compare Source

Bug Fixes

• swagger-ui-react: updated babel config file target (#​6277) (7a6999b)

v3.31.0: Swagger UI 3.31.0 Released!

Compare Source

Bug Fixes

• try-it-out: Better tooltips for min/max validations (#​6266) (4cbae09)
• style: make paths try to stay on single line in opblock (#​6243) (cfede14)
• style: Replace an inline styles with propClass (#​6265) (bd9117d)

Features

• Display minProperties an maxProperties for object schemas (#​6272) (fd5a59a)
• swagger-ui-react: option for showMutatedRequest (#​6273) (b99ebe7)
• swagger-ui-react: support for presets and defaultModelsExpandDepth (#​6275) (aebfccc)

v3.30.2: Swagger UI 3.30.2 Released!

Compare Source

Fixes

• Remove LodashModuleReplacementPlugin that made v3.30.1 unusable (#​6255). Fixes #​6249.

v3.30.1: Swagger UI 3.30.1 Released!

Compare Source

Housekeeping

• Webpack optimizations to reduce bundle size to <1 MiB. (#​6244) (#​6248)

This build was reduced to 963 KiB

v3.30.0: Swagger UI 3.30.0 Released!

Compare Source

Features

• syntax highlighting of code section (#​6236) (a73783b)

Security

• housekeeping(deps): [email protected] [security] (#​6230)

v3.29.0: Swagger UI 3.29.0 Released!

Compare Source

Features

• RequestBody: set default true for 'send empty value' (#​6228) (b68942c), closes #​6203
• RequestBody: validation support for required fields (#​6223) (2fd1e40), closes #​5181

Fixes

• Docker: Bug where SWAGGER_JSON is used without mount (#​6212), closes #​6211

Housekeeping

• Deps [email protected] (#​6216)
• Config: increase max bundle size to 1024 KiB (#​6231)

Reverts

• feat: Allow to skip submitting empty values in form data (#​5830) (1b6cb7d), closes #​6203
• Revert "revert: feat: Allow to skip submitting empty values in form data (#​5830)" (#​6227) (eacc7b9), closes #​5830 #​6227

v3.28.0: Swagger UI 3.28.0 Released!

Compare Source

Bug Fixes

• avoid mapping Immutable.Map as React children (#​6165) (93020e2)
• render Common Extensions properly in React 16 (#​5930) (e1e4d5b)

Features

• Display nullable for object model itself (#​5660) (#​5868) (41e595b)

v3.27.0: Swagger UI 3.27.0 Released!

Compare Source

Features

• model view: hide applicable readOnly and writeOnly properties (#​5832) (f8dd4e6)
• model view Added onLoad()s and tweaker onToggle() to support ScrollTo functionality for Models (#​5237)
• Copy response to clipboard #​4300 (#​5278) (973e1f7)
• Display example value in Swagger ReadOnly documentation mode (#​4422) (ca1b19a)
• swagger-ui-react: add displayOperationId config support (#​5795) (bd1b297)

Bug Fixes

• remove clipboard inline svg from a file with SASS (#​6148) (eeb0b73)
• curlify agnostic to order of header values (#​6152) (b86e8e9), closes #​6082
• Docker: case where SWAGGER_ROOT in conjunction with BASE_URL does not work (#​6147)
• Call DomPurify.addHook only if it exists (#​5428)

Docs

• Docs: Demonstrate a simple Webpack setup (#​5185)

v3.26.2: Swagger UI 3.26.2 Released!

Compare Source

Bug Fixes

• update corrupted swagger-client from v3.10.6 to v3.10.7

v3.26.1: Swagger UI 3.26.1 Released!

Compare Source

⚠️ This release includes a security update with Markdown render.

Features

• New OAUTH_SCOPES configuration property to select all/none/user_list to OAuth scopes popup (#​6037) (275c8f2)
• Docker New SWAGGER_JSON_URL option to allow remote urls from Docker (#​6122)
• Docker VALIDATOR_URL now has options to disable the validation badge (#​5994)
• Various style improvements (#​6014) (#​5578) (#​5478)

Bug Fixes

• Markdown: render markdown in more secure way (a616cb4)
• Docker allow local ref's to be served by nginx (#​5565) (f353974)
• Docker support variables in auth urls (#​5913) (21f5149)

v3.26.0: Swagger UI 3.26.0 Released!

Compare Source

Features

• Allow to skip submitting empty values in form data (#​5830) (b9b32c9)
• Add empty data param to cURL if no POST request body was given (#​6017)

Bug Fixes

• set default supportedSubmitMethods (#​6030) (3b6942c)
• OAS3 upload file when array items are type=string format=binary (#​6040)
• support generated curl for PUT and PATCH requests (#​5960)
• flaky test: bugs/4641 use wait on route alias (#​6048) (5bbd3e7)

Housekeeping

• SwaggerClient version 3.10.6
• dependency updates

v3.25.5: Swagger UI 3.25.5 Released!

Compare Source

Bug Fixes

• entries can now be generally used again as a key name. special handling of non-FormData entries removed (#​6036) (68185dd), closes #​6033

v3.25.4: Swagger UI 3.25.4 Released!

Compare Source

Bug Fixes

• bump swagger-client to version 3.10.4 and return back compatibility with node.js >= 4
• allow entries as property name (#​6025) (3a65070)

v3.25.3: Swagger UI 3.25.3 Released!

Compare Source

Changelog

• housekeeping: update release-it config
• housekeeping: bump swagger-client version with package-lock (#​6008)
• housekeeping: update dev-e2e-cypress-open script name (#​6005)

Bug Fixes

• curl array support within multipart/form-data (#​3838) (#​5999) (96c7b4c)
• jsonSchemaComponent file/files (#​5997) (#​6000) (65597d1)

v3.25.2: Swagger UI 3.25.2 Released!

Compare Source

Changelog

• feature: JsonSchema components are now ImmutableJS compliant (#​5952)
• fix: remove clearValidation from onTryoutClick (#​5955)

v3.25.1: Swagger UI 3.25.1 Released!

Compare Source

No release summary included.

Changelog

• improvement: render OAS3 parameter type formats (#​5796)
• improvement: showCommonExtensions support for OAS3 parameters (#​5901)
• improvement: support for supportedSubmitMethods property in react component (#​5376)
• improvement: do not require basic password in UI (#​5812)
• improvement: add isShownKey prop to Operation to allow overriding (#​5196)
• fix(docker-image): send relative HTTP 301s from within container (#​5409)
• fix: expanding model when query param showExtensions=true exists (#​5918)
• fix: incorrect PropType in Model ImmutablePureComponent (#​5921)
• fix: OAS3 online validator badge (#​5909)
• housekeeping: add static distribution file documentation (#​5095)
• housekeeping: update plugin api component for failSilently (#​5953)

v3.25.0: Swagger UI 3.25.0 Released!

Compare Source

No release summary included.

Changelog

• feature(swagger-ui-react): defaultModelExpandDepth and plugins props (#​5594)
• improvement: clear auth information from memory when logging out (#​5316)
• improvement: use type 'password' instead of text for client secret (#​5262)
• housekeeping(docs): https path for unpkg link (#​5769)
• housekeeping: fix logo size (#​5702)
• housekeeping: fix npm run lint and npm test on Windows (#​5737)
• housekeeping: npm audit fix (#​5718, #​5772, #​5805)

v3.24.3: Swagger UI 3.24.3 Released!

Compare Source

Changelog

• housekeeping: npm audit fix (#​5718)

v3.24.2: Swagger UI 3.24.2 Released!

Compare Source

This release reverts Swagger UI's upgrade to redux@^4 (via #​5569), which was causing test failures in downstream projects.

v3.24.1: Swagger UI 3.24.1 Released!

Compare Source

⚠️ This release includes security updates. You should upgrade to this version if you use Swagger UI to render untrusted documents.

Specifically, this version updates Swagger UI's dompurify dependency to ^2.0.7, which mitigates our exposure to dompurify's mXSS vulnerability that was disclosed earlier this week.

Changelog

• fix: code highlight styles are now only applied pre.microlight (#​5673)
• housekeeping: npm audit resolutions (#​5681)
• housekeeping(deps): redux v4 (#​5569)
• housekeeping(deps): redux-immutable v4 (#​5639)
• housekeeping(dev-deps): babel monorepo (#​5682)
• housekeeping(dev-deps): [email protected] (#​5683)

v3.24.0: Swagger UI 3.24.0 Released!

Compare Source

Changelog

• feature: add PKCE support for OAuth2 Authorization Code flows (#​5361)
• fix: parameterMacro functionality for OAS3 (#​5617)
• fix(validateParam): validate JSON values + support Parameter.content (#​5657)
• fix: overweight dependencies in PKCE implementation (#​5658)

v3.23.11: Swagger UI 3.23.11 Released!

Compare Source

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

Changelog

• fix: mitigate "sequential @import chaining" vulnerability (via #​5616)

v3.23.10: Swagger UI 3.23.10 Released!

Compare Source

This release fixes two bugs: one visual issue within static documentation, and another within runtime validation for Array-typed parameters.

Changelog

• fix: <Select disabled> for type: string + enum schemas (#​5601)
• fix: accept string-represented values in required array runtime validation (#​5609)

v3.23.9: Swagger UI 3.23.9 Released!

Compare Source

This release changes the default value for the validatorUrl configuration option from https://online.swagger.io/validator to https://validator.swagger.io/validator.

v3.23.8: Swagger UI 3.23.8 Released!

Compare Source

This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#​5583) that was introduced in v3.23.7.

v3.23.7: Swagger UI 3.23.7 Released!

Compare Source

This release includes new support for display and Try-It-Out functionality of OAS 3.0 Parameter.content values.

Changelog

• feature: support for Parameter.content (#​5571)
• housekeeping(dev-deps): [email protected]
• 43db164 2019-08-27 | docs: clarify that preauthorizeApiKey works for OAS3 Bearer auth too (#​5566)

v3.23.6: Swagger UI 3.23.6 Released!

Compare Source

This release fixes a React warning originating in Swagger UI and a CSS class name collision with Bootstrap 4.0.

It also includes several in-range updates to minimum dependency versions.

Changelog

• fix: React warning related to "true" used as boolean (via #​5497)
• fix: remove .col class that causes collision with Bootstrap (via #​5541)

v3.23.5: Swagger UI 3.23.5 Released!

Compare Source

This release includes a fix to our Markdown parsing implementation that should resolve display issues with certain Markdown strings.

C

[dev-mend-for-github.1485827954.workers.dev]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json