Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency org.webjars:swagger-ui to v3.44.0 (main) #140

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 30, 2024

This PR contains the following updates:

Package Type Update Change
org.webjars:swagger-ui (source) compile minor 3.13.0 -> 3.44.0

By merging this PR, the issue #118 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Medium Medium 4.3 CVE-2018-25031

Release Notes

swagger-api/swagger-ui (org.webjars:swagger-ui)

v3.44.0: Swagger UI v3.44.0 Released!

Compare Source

Bug Fixes
  • info: use externalDocsUrl check to render Link (#​6997) (b7d3d1c)
  • lint: use semicolons + closing link in html (#​6951) (17093f2)
  • lint: put script tag in body in oauth2-redirect.html (#​6958)
Features

v3.43.0: Swagger UI v3.43.0 Released!

Compare Source

Features
Bug Fixes
  • support OAuth2 PKCE when using the OIDC authorization_code flow (#​6914) (5e69d3c)
  • sample-gen: enum without type should be handled by sample-gen (#​6912) (7ead9ba)
Other

swagger-cllient: version bump to 3.13.1

v3.42.0: Swagger UI v3.42.0 Released!

Compare Source

Features
Bug Fixes

v3.41.1: Swagger UI v3.41.1 Released!

Compare Source

Bug Fixes
  • swagger-ui-react: src filename extension to transpile (#​6876) (e538e26)

v3.40.0: Swagger UI v3.40.0 Released!

Compare Source

Features
Bug Fixes

v3.38.0: Swagger UI v3.38.0 Released!

Compare Source

Features
Bug Fixes
  • components: fix keys rendering in React 16 using .entrySeq() (#​6685) (20a8987)
  • security fixes applied in highlight.js@10.4.1, node-fetch@2.6.1, and dot-prop@5.3.0

v3.37.2: Swagger UI v3.37.2 Released!

Compare Source

v3.37.0: Swagger UI v3.37.0 Released!

Compare Source

Features
Bug Fixes

v3.36.2: Swagger UI v3.36.2 Released!

Compare Source

Bug Fixes

v3.36.1: Swagger UI v3.36.1 Released!

Compare Source

Bug Fixes

v3.36.0: Swagger UI v3.36.0 Released!

Compare Source

Features
Bug Fixes

v3.35.2: Swagger UI v3.35.2 Released!

Compare Source

Bug Fixes

v3.35.1: Swagger UI v3.35.1 Released!

Compare Source

Bug Fixes

v3.35.0: Swagger UI v3.35.0 Released!

Compare Source

Bug Fixes
Features
  • curl: configuration setting to pass additional options to curl command for "Try it out" (#​6288) (cbe99c8)
  • swagger-ui-react: add deeplinking as prop (#​6424) (6b12f15)

v3.34.0: Swagger UI v3.34.0 Released!

Compare Source

Features
Refactor
  • build: increase maxEntrypointSize for core-js@3 (#​6419)
  • csp: Update how the JavaScript run function is invoked in oauth2-redirect.html (#​6393)

v3.32.5: Swagger UI v3.32.5 Released!

Compare Source

Bug Fixes
  • operationTag: verify selectedServer exists before invoking (#​6335) (580e906)

v3.32.3: Swagger UI v3.32.3 Released!

Compare Source

This release is intended to enable npm to include es2015 bundle files. There are no source code changes in this release.

Bug Fixes
  • build: add es-bundle to .npmignore non-exclusion list (#​6328) (560b428)

v3.32.1: Swagger UI 3.32.1 Released!

Compare Source

This release should properly include swagger-ui-es-bundle and swagger-ui-es-bundle-core in the /dist directory. There are no other source code changes in this release.

Bug Fixes

v3.31.1: Swagger UI 3.31.1 Released!

Compare Source

Bug Fixes

v3.30.0: Swagger UI 3.30.0 Released!

Compare Source

Features
Security
  • housekeeping(deps): lodash@4.17.19 [security] (#​6230)

v3.28.0: Swagger UI 3.28.0 Released!

Compare Source

Bug Fixes
Features

v3.27.0: Swagger UI 3.27.0 Released!

Compare Source

Features
  • model view: hide applicable readOnly and writeOnly properties (#​5832) (f8dd4e6)
  • model view Added onLoad()s and tweaker onToggle() to support ScrollTo functionality for Models (#​5237)
  • Copy response to clipboard #​4300 (#​5278) (973e1f7)
  • Display example value in Swagger ReadOnly documentation mode (#​4422) (ca1b19a)
  • swagger-ui-react: add displayOperationId config support (#​5795) (bd1b297)
Bug Fixes
  • remove clipboard inline svg from a file with SASS (#​6148) (eeb0b73)
  • curlify agnostic to order of header values (#​6152) (b86e8e9), closes #​6082
  • Docker: case where SWAGGER_ROOT in conjunction with BASE_URL does not work (#​6147)
  • Call DomPurify.addHook only if it exists (#​5428)
Docs
  • Docs: Demonstrate a simple Webpack setup (#​5185)

v3.26.1: Swagger UI 3.26.1 Released!

Compare Source

⚠️ This release includes a security update with Markdown render.

Features
  • New OAUTH_SCOPES configuration property to select all/none/user_list to OAuth scopes popup (#​6037) (275c8f2)
  • Docker New SWAGGER_JSON_URL option to allow remote urls from Docker (#​6122)
  • Docker VALIDATOR_URL now has options to disable the validation badge (#​5994)
  • Various style improvements (#​6014) (#​5578) (#​5478)
Bug Fixes

v3.26.0: Swagger UI 3.26.0 Released!

Compare Source

Features
  • Allow to skip submitting empty values in form data (#​5830) (b9b32c9)
  • Add empty data param to cURL if no POST request body was given (#​6017)
Bug Fixes
  • set default supportedSubmitMethods (#​6030) (3b6942c)
  • OAS3 upload file when array items are type=string format=binary (#​6040)
  • support generated curl for PUT and PATCH requests (#​5960)
  • flaky test: bugs/4641 use wait on route alias (#​6048) (5bbd3e7)
Housekeeping
  • SwaggerClient version 3.10.6
  • dependency updates

v3.25.5: Swagger UI 3.25.5 Released!

Compare Source

Bug Fixes
  • entries can now be generally used again as a key name. special handling of non-FormData entries removed (#​6036) (68185dd), closes #​6033

v3.25.4: Swagger UI 3.25.4 Released!

Compare Source

Bug Fixes
  • bump swagger-client to version 3.10.4 and return back compatibility with node.js >= 4
  • allow entries as property name (#​6025) (3a65070)

v3.25.3: Swagger UI 3.25.3 Released!

Compare Source

Changelog
  • housekeeping: update release-it config
  • housekeeping: bump swagger-client version with package-lock (#​6008)
  • housekeeping: update dev-e2e-cypress-open script name (#​6005)
Bug Fixes

v3.25.2: Swagger UI 3.25.2 Released!

Compare Source

Changelog
  • feature: JsonSchema components are now ImmutableJS compliant (#​5952)
  • fix: remove clearValidation from onTryoutClick (#​5955)

v3.25.1: Swagger UI 3.25.1 Released!

Compare Source

No release summary included.

Changelog
  • improvement: render OAS3 parameter type formats (#​5796)
  • improvement: showCommonExtensions support for OAS3 parameters (#​5901)
  • improvement: support for supportedSubmitMethods property in react component (#​5376)
  • improvement: do not require basic password in UI (#​5812)
  • improvement: add isShownKey prop to Operation to allow overriding (#​5196)
  • fix(docker-image): send relative HTTP 301s from within container (#​5409)
  • fix: expanding model when query param showExtensions=true exists (#​5918)
  • fix: incorrect PropType in Model ImmutablePureComponent (#​5921)
  • fix: OAS3 online validator badge (#​5909)
  • housekeeping: add static distribution file documentation (#​5095)
  • housekeeping: update plugin api component for failSilently (#​5953)

v3.25.0: Swagger UI 3.25.0 Released!

Compare Source

No release summary included.

Changelog
  • feature(swagger-ui-react): defaultModelExpandDepth and plugins props (#​5594)
  • improvement: clear auth information from memory when logging out (#​5316)
  • improvement: use type 'password' instead of text for client secret (#​5262)
  • housekeeping(docs): https path for unpkg link (#​5769)
  • housekeeping: fix logo size (#​5702)
  • housekeeping: fix npm run lint and npm test on Windows (#​5737)
  • housekeeping: npm audit fix (#​5718, #​5772, #​5805)

v3.24.3: Swagger UI 3.24.3 Released!

Compare Source

Changelog
  • housekeeping: npm audit fix (#​5718)

v3.24.2: Swagger UI 3.24.2 Released!

Compare Source

This release reverts Swagger UI's upgrade to redux@^4 (via #​5569), which was causing test failures in downstream projects.

v3.24.0: Swagger UI 3.24.0 Released!

Compare Source

Changelog
  • feature: add PKCE support for OAuth2 Authorization Code flows (#​5361)
  • fix: parameterMacro functionality for OAS3 (#​5617)
  • fix(validateParam): validate JSON values + support Parameter.content (#​5657)
  • fix: overweight dependencies in PKCE implementation (#​5658)

v3.23.11: Swagger UI 3.23.11 Released!

Compare Source

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

Changelog
  • fix: mitigate "sequential @import chaining" vulnerability (via #​5616)

v3.23.8: Swagger UI 3.23.8 Released!

Compare Source

This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#​5583) that was introduced in v3.23.7.

v3.23.5: Swagger UI 3.23.5 Released!

Compare Source

This release includes a fix to our Markdown parsing implementation that should resolve display issues with certain Markdown strings.

Changelog
  • fix: remove problematic Markdown optimization (via #​5520)

v3.23.4: Swagger UI 3.23.4 Released!

Compare Source

Changelog
  • housekeeping: @kyleshockey/js-yaml -> js-yaml (via #​5511)
  • housekeeping: more npm audit resolutions (via #​5509)
  • housekeeping: non-breaking dependency updates (via #​5515)

v3.23.2: Swagger UI 3.23.2 Released!

Compare Source

This release includes improvements to our Docker container permissions, bug fixes for OpenAPI 3.0 rendering of Responses and Request Bodies, and resolution of most npm audit warnings visible to consumers.

Channgelog
  • improvement: allow Swagger UI Docker containers to run as non-root users (via #​5476)
  • fix: empty ModelExample rendering in a Response w/o content (via #​5504)
  • fix: use null as a notSetValue for examplesForMediaType (via #​5503)
  • housekeeping: resolve (almost) all npm audit warnings (via #​5457)

v3.23.0: Swagger UI 3.23.0 Released!

Compare Source

This release includes support for OpenAPI 3.0's Examples Object within Parameter, Request Body, and Response Objects.

Changelog
  • feature: Multiple Examples for OpenAPI 3 Parameters, Request Bodies, and Responses (via #​5427)
Internal API notes

Several things have moved around internally.

If you make heavy use of the Plugin API, this may be of concern to you:

  • the Parameterscomponent no longer has a wrapComponent in OpenAPI 3.0. Version-specific logic is now contained within one component.
  • ParameterRow now needs oas3Actions and oas3Selectors as props.
  • Response now needs path and method as props.
  • Responses' shouldComponentUpdate check has been removed, it now re-renders as the Redux store changes.
  • RequestBodyEditor has been heavily modified. It is no longer aware of the underlying request body or schema, and only concerns itself with the string value being edited. It will now also update its own internal state if the value prop given to it changes.

v3.22.2: Swagger UI 3.22.2 Released!

Compare Source

Changelog
  • improvement: OAS3 $ref friendly-name regex in model.jsx (via #​5334)
  • improvement: add isShown check to 's prop expanded logic (via #​5331)
  • improvement: relax schema description styling so Markdown can be effective (via #​5340)
  • security: CVE-2018-20834 (non-user-facing, via #​5368)

v3.22.1: Swagger UI 3.22.1 Released!

Compare Source

swagger-ui-react@3.22.0 lacked the changes that were advertised for it in that version - specifically, docExpansion support was missing.

swagger-ui-react@3.22.1 is now available with the new changes. See #​5294 for more information.

Changelog
  • improvement: error message when rendering XML example (via #​5253)
  • fix: refuse to render non-string Markdown field values (via #​5295)

v3.22.0: Swagger UI 3.22.0 Released!

Compare Source

This release introduces a new configuration option (withCredentials) which allows control of Swagger UI's underlying Fetch/XHR instance's credential inclusion mode. You may find this option helpful if your API requires an authentication/authorization scheme that Swagger UI doesn't directly support, but can be handled out-of-band by your browser.

Also notable: GitHub Flavored Markdown table syntax is now supported in our OpenAPI 3 Markdown parser, swagger-ui-react's underlying UI system object is now exposed in the onComplete prop callback, react-addons-perf is removed from our dependencies to avoid BSD+Patents licensing, and we've improved how Markdown is rendered across Swagger UI.

Changelog
  • feature: add withCredentials configuration key (via #​5149)
  • improvement: expose system object in swagger-ui-react's onComplete callback (via #​5221)
  • improvement: support GFM table syntax in OpenAPI 3.0 (via #​5224)
  • improvement: expose docExpansion as a prop in swagger-ui-react (via #​5242)
  • fix: Markdown styling nits and inconsistencies (via #​5235)
  • fix: generate gzipped Docker assets at runtime (via #​5219)
  • housekeeping: bump minimum Cypress version (via #​5233)
  • housekeeping: remove react-addons-perf dependency (via #​5229)
  • housekeeping: fix typo in README (via #​5246)

v3.20.9: Swagger UI 3.20.9 Released!

Compare Source

This release contains a security fix that addresses a cross-site scripting vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

This release also changes Swagger UI's OperationSummary component to better tolerate badly-formed (i.e., non-string) summary fields.

Changelog:

  • fix: gracefully handle non-string operation summaries (via #​5189, #​5191)
  • fix: sanitize URLs used for OAuth auth flow (via #​5190)

v3.20.8: Swagger UI 3.20.8 Released!

Compare Source

Summary

This release contains styling fixes, support for x-www-form-urlencoded bodies without explicitly-defined request properties, and non-material security fixes from upstream modules.

In order to take advantage of the new X-Requested-With header in OAuth2 token requests, cross-origin APIs (which require CORS configuration) needs to send Access-Control-Allow-Headers: X-Requested-With as part of the OPTIONS response for your token endpoint. A CORS library will handle this for you - visit https://enable-cors.org for more guidance.

Changelog
  • improvement: better operation path + summary overflow styling (via #​5184)
  • improvement: set X-Requested-With to prevent browser authentication dialog (via #​4934)
  • fix: provide JSON editor for x-www-form-urlencoded bodies lacking properties (via #​5180)
  • housekeeping: bump minimum lodash version (via #​5156)

v3.20.5: Swagger UI 3.20.5 Released!

Compare Source

Interface changes: None.

Changelog:

  • improvement: support Markdown in header descriptions (via #​5120)
  • improvement: add individual CSS classes to info items (via #​5051)
  • improvement: show description fields in form-data request bodies (via #​5073)
  • improvement: render request body description as Markdown (via #​5078)
  • fix: non-typesafe spec selector (via #​5121)
  • fix: tag-level deep link escaping inconsistencies (via #​5117)
  • fix: Immutable property access pattern (via #​5112)
  • fix: only apply instance-strip transformer to schema errors (via #​5110)

v3.20.3: Swagger UI 3.20.3 Released!

Compare Source

Interface changes: none.

Changelog:

  • improvement: generate default oauth2RedirectUrl based on page location (via #​5085)
  • improvement: add Schema/Model switching to ModelExample component (via #​5080)
  • housekeeping: branding updates (via #​5084)

v3.20.2: Swagger UI 3.20.2 Released!

Compare Source

Interface changes: none.

Changelog:

  • improvement: OAuth2 UI and test suite (via #​5066)
  • fix: fall back to default configuration options in subtree resolver calls (via #​5063)
  • fix: label models section as Schemas in OpenAPI 3 (via #​5065)

v3.20.1: Swagger UI 3.20.1 Released!

Compare Source

Private interface changes:

  • specSelectors.operationConsumes was removed in favor of the new specSelectors.consumesOptionsFor selector.

Changelog:

  • improvement: hide Servers/Schemes/Authorize section when it's empty (via #​4950)
  • bugfix: only append type flag to curl if type is defined (via #​5041)
  • bugfix: apply css only on first child label and span for section header (via #​4970)
  • bugfix: path-item $ref produces/consumes inheritance (via #​5049)

v3.20.0: Swagger UI 3.20.0 Released!

Compare Source

Interface changes: none.

Changelog:

  • feature: sample value generation for uuid, hostname, ipv4, & ipv6 formats (via #​5033)
  • feature: sample value generation for date formats (via #​5024)
  • improve(docker): bail out + provide helpful error if injection fails (via #​5007)
  • bugfix: legacy Docker variables being overridden by default values (via #​5006)
  • bugfix: prevent object inheritance mutations in recursive sampleXmlFromSchema calls (via #​5034)
  • bugfix: resolve referenced securitySchemes (via #​5028)
  • docs(installation): fix link to configuration.md (via #​5009)
  • housekeeping: remove Topbar CWM & unneeded empty lines (via #​5018)
  • housekeeping: .js -> .jsx file extensions (via #​5014)

v3.19.5: Swagger UI 3.19.5 Released!

Compare Source

Interface changes: A handful of Docker environment variables were added and deprecated, see #​4965 and #​4987 for more information.

Changelog:

  • feature: full-spectrum runtime Docker configuration (via #​4965)
  • feature: Docker OAuth block support (via #​4987)
  • fix(packaging): move webpack-dev-server to devDependencies (via #​4984)
  • housekeeping: move to browser-compatible xml fork (via #​4985)

v3.19.4: Swagger UI 3.19.4 Released!

Compare Source

Interface changes: whitespaced tags and operation IDs are now percent-encoded when included in deep links. Links generated by older 3.x versions of Swagger UI should continue to work as before, but support for them will be dropped in the next major version of Swagger UI.

Changelog:

  • improve(deeplinking): support utf16 tags and IDs (via #​4921)
  • improve(try-it-out): support RFC5987 Content-Disposition formats (via #​4952)
  • bug(deeplinking): properly handle whitespaced & underscored tags/ids (via #​4953)

Additional work around deep linking was also made in #​4960 and #​4958.

v3.19.0: Swagger UI 3.19.0 Released!

Compare Source

Interface changes: added CONFIG_URL option for Docker image.

Changelog:

  • feat(docker): allow configUrl to be used in Docker (via #​4881)
  • fix(docker): make shell script executable (via #​4876)
  • fix: tolerate callback parameter values in ParameterRow (via #​4873)
  • fix: safeguard Models from non-object schema content (via #​4868)

v3.18.2: Swagger UI 3.18.2 Released!

[Compare Source](https://redirect.githu

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants