Update dependency swagger-ui to v3.38.0

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
swagger-ui	dependencies	minor	3.2.2 -> 3.38.0

By merging this PR, the issue #55 will be automatically resolved and closed:

Severity	CVSS Score	CVE
Critical	9.8	CVE-2019-17495
Critical	9.8	CVE-2022-37601
Critical	9.1	CVE-2019-10744
High	7.5	CVE-2018-14732
High	7.5	CVE-2021-33623
High	7.4	CVE-2020-8203
High	7.3	CVE-2018-3750
High	7.2	CVE-2021-23337
High	7.1	CVE-2022-46175
Medium	6.5	CVE-2018-3721
Medium	6.5	CVE-2019-1010266
Medium	6.5	WS-2019-0172
Medium	6.1	WS-2017-3770
Medium	5.6	CVE-2018-16487
Medium	5.4	WS-2018-0593
Medium	5.3	CVE-2020-28500
Medium	5.3	CVE-2020-7608
Medium	5.3	CVE-2020-7693
Medium	5.3	CVE-2021-26539
Medium	5.3	CVE-2021-26540
Medium	5.3	WS-2019-0540
Medium	4.3	WS-2019-0171
Low	2.6	CVE-2020-15168

---

Release Notes

swagger-api/swagger-ui (swagger-ui)

v3.38.0: Swagger UI v3.38.0 Released!

Compare Source

Features

• auth: Add OpenID Connect Discovery (OICD) support (#​3517) (#​6549) (0807687)

Bug Fixes

• components: fix keys rendering in React 16 using .entrySeq() (#​6685) (20a8987)
• security fixes applied in [email protected], [email protected], and [email protected]

v3.37.2: Swagger UI v3.37.2 Released!

Compare Source

• chore: update swagger-js to v3.12.1 which brings better support for $ref resolving (#​4765) (#​5625 )
• chore(release): fix release v3.37.1 release
• chore(package): allow auto-update of swagger-client (d3fb9ab)

v3.37.1: Swagger UI v3.37.1 Released!

Compare Source

Warning

This is a failed release which is identical to v3.37.0. Please install v3.37.2 instead.

v3.37.0: Swagger UI v3.37.0 Released!

Compare Source

Features

• swagger-ui-react: add support for layout prop (#​6639) (a6673d7)

Bug Fixes

• examples: properly update memoized value in non-schema case (#​6641) (d2ef8f3), closes #​6631
• xml: example generation if an array has an example (#​6634) (24225e4), closes #​6627

v3.36.2: Swagger UI v3.36.2 Released!

Compare Source

Bug Fixes

• duplicate labels in Servers UI (#​6568) (1f10240)
• externalDocs url for tags when using swagger v2.0 (#​6579) (6db4def)
• schema example: xml gen should follow json gen behavior (#​6555) (288c89b), closes #​6470 #​6540 #​4943
• cypress: oas3-request-body-required flakineess (#​6583) (64ae7af)

v3.36.1: Swagger UI v3.36.1 Released!

Compare Source

• swagger-client: update to v3.12.0. Fixes nested allOf/oneOf schema resolution in #​5194, #​5923, #​4672

Bug Fixes

• cypress: oas3-multiple-media-types flakiness (#​6571) (3925b0c), closes #​6570

v3.36.0: Swagger UI v3.36.0 Released!

Compare Source

Features

• support for showExtensions on Response objects (#​6535) (6a4e52a)

Bug Fixes

• auth: Allow PKCE for legacy AccessCode OAuth2 Grant Type (#​6011) (5a87c8a), closes #​6010
• auth: support for oauth2 relative url (#​6546) (0a807d6)
• auth: add additional autoFocus for http-auth component (#​6527) (8e3e059), closes #​6483
• response examples should respect media-type (#​6456) (87ab4e9)
• duplicate downloading of remote config (#​6544) (50e5f65)
• oauth redirect HTML title tag (#​6533) (17f140b)

v3.35.2: Swagger UI v3.35.2 Released!

Compare Source

Bug Fixes

• oas3: switching media types should update schema properties (#​6518) (3905fad), closes #​6201 #​6250 #​6476

• requestBody: hide read only properties (#​6490) (5065613)

• missing commas in response header values #​6183 (#​6515) (99fda81)

• add autofocus to auth fields (#​6483) (65ea764)

• style: preventing long strings from overflowing (#​5934) (#​6507) (4b2fddd)

• jest: add stub for errActions to prevent unhandled promise rejections #​6365 (#​6495) (537ad6d)

• jest: unknown prop initialValue on input tag (#​6506) (1af8678)

v3.35.1: Swagger UI v3.35.1 Released!

Compare Source

Bug Fixes

• parameter-row: rendering of default/example values of 0 (#​6454) (797929f)

• syntax-highlighter: configuration for Examples (#​6455) (b5e8081), closes #​5259

• examples multipart array sample generation for items (#​6461) (f4bdf2f)

• filter: avoid filtering by the strings "true/false" when enabled (#​6477) (aa53ec2)

• style: inconsistent background colors in code sections (#​6472) (1b11d5c)

• deprecate from "new Buffer" to "Buffer.from" (#​6489) (6c5e91d)

v3.35.0: Swagger UI v3.35.0 Released!

Compare Source

Bug Fixes

• auth: both array and Im.List scopes can be added to redirectURL (#​6416) (95fd3e7)
• swagger-ui-react: Use oneOfType in spec prop validation (fix #​6399) (#​6400) (52360a0)
• sample schema should stringify string values for content-type: text/json (#​6431) (ad630cc), closes #​6412
• try-it-out: required boolean default value set to empty string (#​6449) (f5c709f), closes #​6429

Features

• curl: configuration setting to pass additional options to curl command for "Try it out" (#​6288) (cbe99c8)
• swagger-ui-react: add deeplinking as prop (#​6424) (6b12f15)

v3.34.0: Swagger UI v3.34.0 Released!

Compare Source

Features

• Preserve authorization on browser refresh and close/reopen (#​5939) (96aecc8)
• build: use core-js@3 (#​6410) (ac41813)

Refactor

• build: increase maxEntrypointSize for core-js@3 (#​6419)
• csp: Update how the JavaScript run function is invoked in oauth2-redirect.html (#​6393)

v3.33.0: Swagger UI v3.33.0 Released!

Compare Source

Bug Fixes

• curlify: for -d, handle Immutable vs non-Immutable cases (#​6349) (0c60696)
• curlify: replace all occurrences of $ (#​6354) (89d57fc)
• Add entrySeq() to bodyProperties.map() (#​6267) (0199b47)
• Allowing servers dropdown to change when oas3Actions.setSelectedServer is called (#​6358) (5123b47), closes #​6351
• Updating select to pass in a better prop; updating test to do a better check (#​6385) (6ad418d), closes #​6372
• models view when object key contains deprecated:true (#​6371) (d4eea4d), closes #​6369
• style: servers environment select (#​6367) (7a63ba3)
• style: restore wrapping of long text in pre blocks (#​6377)

Features

• migrate unit tests to Jest (#​6353) (1a27c0a)

v3.32.5: Swagger UI v3.32.5 Released!

Compare Source

Bug Fixes

• operationTag: verify selectedServer exists before invoking (#​6335) (580e906)

v3.32.4: Swagger UI v3.32.4 Released!

Compare Source

Bug Fixes

• remove unused and redux@4 non-compliant system method inside 'err' reducer (#​6330) (6742cbd)
• deps: revert to redux@3 and react-redux@4 (#​6331) (e82aaae)

v3.32.3: Swagger UI v3.32.3 Released!

Compare Source

This release is intended to enable npm to include es2015 bundle files. There are no source code changes in this release.

Bug Fixes

• build: add es-bundle to .npmignore non-exclusion list (#​6328) (560b428)

v3.32.2: Swagger UI v3.32.2 Released!

Compare Source

Bug Fixes

• Models: onLoad should check this.props.layoutSelectors method (#​6307) (168d0ae), closes #​6305
• cypress: deep-linking tests should use cy.location (#​6309) (02e0515)
• cypress: tests should fail on uncaught exception (#​6308) (471c24d), closes #​6305
• cypress: use less restrictive 'include.text' assertion (#​6312)
• build: css stylesheets bundle config and dependency updates (#​6315) (20b32d8)

Security Update

• deps: update react-syntax-highlighter from 12.2.1 to 13.5.0, which includes dependency security update fixed by [email protected] (#​6312)

Additional dependency updates via #​6317, #​6316, #​6313, #​6310

v3.32.1: Swagger UI 3.32.1 Released!

Compare Source

This release should properly include swagger-ui-es-bundle and swagger-ui-es-bundle-core in the /dist directory. There are no other source code changes in this release.

Bug Fixes

• build: initialize new es-bundle files (#​6304) (c362329)

v3.32.0: Swagger UI 3.32.0 Released!

Compare Source

Features

• build: SwaggerUI now also has an es2015 bundle artifact (#​6291) (2eaa6c1)
• swagger-ui-react: SwaggerUI-React now also includes an es2015 module (#​6303) (c575324)

Bug Fixes

• Models: use specPath for isShownKey to toggle models (#​6200) (084b236)
• curl: escape $ in curl request bodies and headers (#​6245) (225a915), closes #​5390
• OAS3: relative urls is now supported (#​5341) (d9f5691)
• OAS3: servers component update on definition change (#​6280) (22668ee)
• requestInterceptor: use async/await to support return new Promise (#​6279) (abcc383), closes #​4778
• html specify charset utf-8 in html script declaration (#​6278) (d7d166d), closes #​5311

v3.31.1: Swagger UI 3.31.1 Released!

Compare Source

Bug Fixes

• swagger-ui-react: updated babel config file target (#​6277) (7a6999b)

v3.31.0: Swagger UI 3.31.0 Released!

Compare Source

Bug Fixes

• try-it-out: Better tooltips for min/max validations (#​6266) (4cbae09)
• style: make paths try to stay on single line in opblock (#​6243) (cfede14)
• style: Replace an inline styles with propClass (#​6265) (bd9117d)

Features

• Display minProperties an maxProperties for object schemas (#​6272) (fd5a59a)
• swagger-ui-react: option for showMutatedRequest (#​6273) (b99ebe7)
• swagger-ui-react: support for presets and defaultModelsExpandDepth (#​6275) (aebfccc)

v3.30.2: Swagger UI 3.30.2 Released!

Compare Source

Fixes

• Remove LodashModuleReplacementPlugin that made v3.30.1 unusable (#​6255). Fixes #​6249.

v3.30.1: Swagger UI 3.30.1 Released!

Compare Source

Housekeeping

• Webpack optimizations to reduce bundle size to <1 MiB. (#​6244) (#​6248)

This build was reduced to 963 KiB

v3.30.0: Swagger UI 3.30.0 Released!

Compare Source

Features

• syntax highlighting of code section (#​6236) (a73783b)

Security

• housekeeping(deps): [email protected] [security] (#​6230)

v3.29.0: Swagger UI 3.29.0 Released!

Compare Source

Features

• RequestBody: set default true for 'send empty value' (#​6228) (b68942c), closes #​6203
• RequestBody: validation support for required fields (#​6223) (2fd1e40), closes #​5181

Fixes

• Docker: Bug where SWAGGER_JSON is used without mount (#​6212), closes #​6211

Housekeeping

• Deps [email protected] (#​6216)
• Config: increase max bundle size to 1024 KiB (#​6231)

Reverts

• feat: Allow to skip submitting empty values in form data (#​5830) (1b6cb7d), closes #​6203
• Revert "revert: feat: Allow to skip submitting empty values in form data (#​5830)" (#​6227) (eacc7b9), closes #​5830 #​6227

v3.28.0: Swagger UI 3.28.0 Released!

Compare Source

Bug Fixes

• avoid mapping Immutable.Map as React children (#​6165) (93020e2)
• render Common Extensions properly in React 16 (#​5930) (e1e4d5b)

Features

• Display nullable for object model itself (#​5660) (#​5868) (41e595b)

v3.27.0: Swagger UI 3.27.0 Released!

Compare Source

Features

• model view: hide applicable readOnly and writeOnly properties (#​5832) (f8dd4e6)
• model view Added onLoad()s and tweaker onToggle() to support ScrollTo functionality for Models (#​5237)
• Copy response to clipboard #​4300 (#​5278) (973e1f7)
• Display example value in Swagger ReadOnly documentation mode (#​4422) (ca1b19a)
• swagger-ui-react: add displayOperationId config support (#​5795) (bd1b297)

Bug Fixes

• remove clipboard inline svg from a file with SASS (#​6148) (eeb0b73)
• curlify agnostic to order of header values (#​6152) (b86e8e9), closes #​6082
• Docker: case where SWAGGER_ROOT in conjunction with BASE_URL does not work (#​6147)
• Call DomPurify.addHook only if it exists (#​5428)

Docs

• Docs: Demonstrate a simple Webpack setup (#​5185)

v3.26.2: Swagger UI 3.26.2 Released!

Compare Source

Bug Fixes

• update corrupted swagger-client from v3.10.6 to v3.10.7

v3.26.1: Swagger UI 3.26.1 Released!

Compare Source

⚠️ This release includes a security update with Markdown render.

Features

• New OAUTH_SCOPES configuration property to select all/none/user_list to OAuth scopes popup (#​6037) (275c8f2)
• Docker New SWAGGER_JSON_URL option to allow remote urls from Docker (#​6122)
• Docker VALIDATOR_URL now has options to disable the validation badge (#​5994)
• Various style improvements (#​6014) (#​5578) (#​5478)

Bug Fixes

• Markdown: render markdown in more secure way (a616cb4)
• Docker allow local ref's to be served by nginx (#​5565) (f353974)
• Docker support variables in auth urls (#​5913) (21f5149)

v3.26.0: Swagger UI 3.26.0 Released!

Compare Source

Features

• Allow to skip submitting empty values in form data (#​5830) (b9b32c9)
• Add empty data param to cURL if no POST request body was given (#​6017)

Bug Fixes

• set default supportedSubmitMethods (#​6030) (3b6942c)
• OAS3 upload file when array items are type=string format=binary (#​6040)
• support generated curl for PUT and PATCH requests (#​5960)
• flaky test: bugs/4641 use wait on route alias (#​6048) (5bbd3e7)

Housekeeping

• SwaggerClient version 3.10.6
• dependency updates

v3.25.5: Swagger UI 3.25.5 Released!

Compare Source

Bug Fixes

• entries can now be generally used again as a key name. special handling of non-FormData entries removed (#​6036) (68185dd), closes #​6033

v3.25.4: Swagger UI 3.25.4 Released!

Compare Source

Bug Fixes

• bump swagger-client to version 3.10.4 and return back compatibility with node.js >= 4
• allow entries as property name (#​6025) (3a65070)

v3.25.3: Swagger UI 3.25.3 Released!

Compare Source

Changelog

• housekeeping: update release-it config
• housekeeping: bump swagger-client version with package-lock (#​6008)
• housekeeping: update dev-e2e-cypress-open script name (#​6005)

Bug Fixes

• curl array support within multipart/form-data (#​3838) (#​5999) (96c7b4c)
• jsonSchemaComponent file/files (#​5997) (#​6000) (65597d1)

v3.25.2: Swagger UI 3.25.2 Released!

Compare Source

Changelog

• feature: JsonSchema components are now ImmutableJS compliant (#​5952)
• fix: remove clearValidation from onTryoutClick (#​5955)

v3.25.1: Swagger UI 3.25.1 Released!

Compare Source

No release summary included.

Changelog

• improvement: render OAS3 parameter type formats (#​5796)
• improvement: showCommonExtensions support for OAS3 parameters (#​5901)
• improvement: support for supportedSubmitMethods property in react component (#​5376)
• improvement: do not require basic password in UI (#​5812)
• improvement: add isShownKey prop to Operation to allow overriding (#​5196)
• fix(docker-image): send relative HTTP 301s from within container (#​5409)
• fix: expanding model when query param showExtensions=true exists (#​5918)
• fix: incorrect PropType in Model ImmutablePureComponent (#​5921)
• fix: OAS3 online validator badge (#​5909)
• housekeeping: add static distribution file documentation (#​5095)
• housekeeping: update plugin api component for failSilently (#​5953)

v3.25.0: Swagger UI 3.25.0 Released!

Compare Source

No release summary included.

Changelog

• feature(swagger-ui-react): defaultModelExpandDepth and plugins props (#​5594)
• improvement: clear auth information from memory when logging out (#​5316)
• improvement: use type 'password' instead of text for client secret (#​5262)
• housekeeping(docs): https path for unpkg link (#​5769)
• housekeeping: fix logo size (#​5702)
• housekeeping: fix npm run lint and npm test on Windows (#​5737)
• housekeeping: npm audit fix (#​5718, #​5772, #​5805)

v3.24.3: Swagger UI 3.24.3 Released!

Compare Source

Changelog

• housekeeping: npm audit fix (#​5718)

v3.24.2: Swagger UI 3.24.2 Released!

Compare Source

This release reverts Swagger UI's upgrade to redux@^4 (via #​5569), which was causing test failures in downstream projects.

v3.24.1: Swagger UI 3.24.1 Released!

Compare Source

⚠️ This release includes security updates. You should upgrade to this version if you use Swagger UI to render untrusted documents.

Specifically, this version updates Swagger UI's dompurify dependency to ^2.0.7, which mitigates our exposure to dompurify's mXSS vulnerability that was disclosed earlier this week.

Changelog

• fix: code highlight styles are now only applied pre.microlight (#​5673)
• housekeeping: npm audit resolutions (#​5681)
• housekeeping(deps): redux v4 (#​5569)
• housekeeping(deps): redux-immutable v4 (#​5639)
• housekeeping(dev-deps): babel monorepo (#​5682)
• housekeeping(dev-deps): [email protected] (#​5683)

v3.24.0: Swagger UI 3.24.0 Released!

Compare Source

Changelog

• feature: add PKCE support for OAuth2 Authorization Code flows (#​5361)
• fix: parameterMacro functionality for OAS3 (#​5617)
• fix(validateParam): validate JSON values + support Parameter.content (#​5657)
• fix: overweight dependencies in PKCE implementation (#​5658)

v3.23.11: Swagger UI 3.23.11 Released!

Compare Source

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

Changelog

• fix: mitigate "sequential @import chaining" vulnerability (via #​5616)

v3.23.10: Swagger UI 3.23.10 Released!

Compare Source

This release fixes two bugs: one visual issue within static documentation, and another within runtime validation for Array-typed parameters.

Changelog

• fix: <Select disabled> for type: string + enum schemas (#​5601)
• fix: accept string-represented values in required array runtime validation (#​5609)

v3.23.9: Swagger UI 3.23.9 Released!

Compare Source

This release changes the default value for the validatorUrl configuration option from https://online.swagger.io/validator to https://validator.swagger.io/validator.

v3.23.8: Swagger UI 3.23.8 Released!

Compare Source

This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#​5583) that was introduced in v3.23.7.

v3.23.7: Swagger UI 3.23.7 Released!

Compare Source

This release includes new support for display and Try-It-Out functionality of OAS 3.0 Parameter.content values.

Changelog

• feature: support for Parameter.content (#​5571)
• housekeeping(dev-deps): [email protected]
• 43db164 2019-08-27 | docs: clarify that preauthorizeApiKey works for OAS3 Bearer auth too (#​5566)

v3.23.6: Swagger UI 3.23.6 Released!

Compare Source

This release fixes a React warning originating in Swagger UI and a CSS class name collision with Bootstrap 4.0.

It also includes several in-range updates to minimum dependency versions.

Changelog

• fix: React warning related to "true" used as boolean (via #​5497)
• fix: remove .col class that causes collision with Bootstrap (via #​5541)

v3.23.5: Swagger UI 3.23.5 Released!

Compare Source

This release includes a fix to our Markdown parsing implementation that should resolve display issues with certain Markdown strings.

Changelog

• fix: remove problematic Markdown optimization (via #​5520)

v3.23.4: Swagger UI 3.23.4 Released!

Compare Source

Changelog

• housekeeping: @kyleshockey/js-yaml -> js-yaml (via #​5511)
• housekeeping: more npm audit resolutions (via #​5509)
• housekeeping: non-breaking dependency updates (via #​5515)

v3.23.3: Swagger UI 3.23.3 Released!

Compare Source

This release resolves an undeclared dependency issue visible in [email protected] due to usage of @babel/runtime-corejs2. No source changes were made.

See #​5505 for more information.

v3.23.2: Swagger UI 3.23.2 Released!

Compare Source

This release includes improvements to our Docker container permissions, bug fixes for OpenAPI 3.0 rendering of Responses and Request Bodies, and resolution of most npm audit warnings v

[dev-mend-for-github-com]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json