Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade swagger-ui from 5.11.0 to 5.17.7 #134

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

leika
Copy link
Contributor

@leika leika commented May 31, 2024

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade swagger-ui from 5.11.0 to 5.17.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 30 versions ahead of your current version.

  • The recommended version was released on 22 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Uncontrolled resource consumption
SNYK-JS-BRACES-6838727
554 Proof of Concept
high severity Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728
554 No Known Exploit
medium severity Template Injection
SNYK-JS-DOMPURIFY-6474511
554 Proof of Concept
medium severity Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
554 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-SWAGGERCLIENT-6836803
554 No Known Exploit
low severity Permissive Cross-domain Policy with Untrusted Domains
SNYK-JS-UNDICI-6252336
554 No Known Exploit
low severity Improper Access Control
SNYK-JS-UNDICI-6564963
554 No Known Exploit
low severity Improper Authorization
SNYK-JS-UNDICI-6564964
554 No Known Exploit
Release notes
Package name: swagger-ui
  • 5.17.7 - 2024-05-09

    5.17.7 (2024-05-09)

    Bug Fixes

    • components: render parameter extensions in the description column (#9883) (1367a8f)
    • json-schema-5: allow collapsing for primitive models (#9639) (450bb99), closes #9595
    • render null values included in enum (#9683) (0dd9afa)
  • 5.17.6 - 2024-05-07

    5.17.6 (2024-05-07)

    Bug Fixes

    • swagger-ui-react: display definition defined as YAML or JSON string (#9918) (6ae2c1f), closes #9915
    • system: allow wrapping components both from presets and plugins (#9919) (877470b), closes #7232
  • 5.17.5 - 2024-05-06

    5.17.5 (2024-05-06)

    Bug Fixes

    • config: perform configuration synchronously (5fa60ce)
    • try-it-out: fix parsing null values when building requests (#9914) (fc7410b)
  • 5.17.4 - 2024-05-06

    5.17.4 (2024-05-06)

    Bug Fixes

    • security: remove patch-package production dependency (#9909) (cb9a06f)
  • 5.17.3 - 2024-04-30

    5.17.3 (2024-04-30)

    Bug Fixes

    • distribute proper source maps in npm distribution packages (#9877) (8c90d5d), closes #9101
    • swagger-ui-react: call onComplete hook with system instance (#9895) (3f67b08), closes #9876
  • 5.17.2 - 2024-04-25

    5.17.2 (2024-04-25)

    Bug Fixes

    • config: remove system config source (#9875) (333e5e3), closes #5148
    • allow to create SwaggerUI instances without rendering to the DOM container by default
  • 5.17.1 - 2024-04-24

    5.17.1 (2024-04-24)

    Bug Fixes

    • json-schema-2020-12-samples: skip anyOf and oneOf while merging schemas (#9853) (f7373a0), closes #9198
    • utils: fix validation for required values without specified type (#9863) (6fccf9e), closes #8007
    • deps: eliminate runtime errors related to traverse library
    • upstream fixes in swagger-client (v3.27.1, v3.27.2)
  • 5.17.0 - 2024-04-22

    5.17.0 (2024-04-22)

    Features

    • config: expose config and make it overridable (#9862) (17d50a6)
    • swagger-ui-react: rewrite into SSR compatible function component (#9855) (351191b), closes #9243
  • 5.16.2 - 2024-04-19

    5.16.2 (2024-04-19)

    Bug Fixes

    • swagger-ui-react: avoid triggering implicit system rendering (#9847) (3a671c6), closes #9846
  • 5.16.1 - 2024-04-18

    5.16.1 (2024-04-18)

    Bug Fixes

  • 5.16.0 - 2024-04-18
  • 5.15.2 - 2024-04-15
  • 5.15.1 - 2024-04-11
  • 5.15.0 - 2024-04-10
  • 5.14.0 - 2024-04-08
  • 5.13.0 - 2024-03-29
  • 5.12.3 - 2024-03-27
  • 5.12.2 - 2024-03-26
  • 5.12.1 - 2024-03-26
  • 5.12.0 - 2024-03-13
  • 5.11.10 - 2024-03-06
  • 5.11.9 - 2024-03-04
  • 5.11.8 - 2024-02-23
  • 5.11.7 - 2024-02-16
  • 5.11.6 - 2024-02-15
  • 5.11.5 - 2024-02-15
  • 5.11.4 - 2024-02-14
  • 5.11.3 - 2024-02-07
  • 5.11.2 - 2024-01-29
  • 5.11.1 - 2024-01-26
  • 5.11.0 - 2024-01-08
from swagger-ui GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade swagger-ui from 5.11.0 to 5.17.7.

See this package in npm:
swagger-ui

See this project in Snyk:
https://app.snyk.io/org/leika/project/cf7fd23c-9b5c-4f72-8aeb-086f9864e120?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment