Update dependency org.webjars:swagger-ui to v3.44.0 (main)

[mend-for-github-com]

This PR contains the following updates:

Package	Type	Update	Change
org.webjars:swagger-ui (source)	compile	minor	3.13.0 -> 3.44.0

By merging this PR, the issue #118 will be automatically resolved and closed:

Severity	CVSS Score	CVE	Reachability
Medium	4.3	CVE-2018-25031

---

Release Notes

swagger-api/swagger-ui (org.webjars:swagger-ui)

v3.44.0: Swagger UI v3.44.0 Released!

Compare Source

Bug Fixes

• info: use externalDocsUrl check to render Link (#​6997) (b7d3d1c)
• lint: use semicolons + closing link in html (#​6951) (17093f2)
• lint: put script tag in body in oauth2-redirect.html (#​6958)

Features

• models: collapsed schema content should be clickable (#​6942) (0e6dc04)
• verbose Failed to fetch error (#​6938) (4db2edc)
• docs: sample datepicker plugin with json schema components (#​6939) (ba74c02)

v3.43.0: Swagger UI v3.43.0 Released!

Compare Source

Features

• use example gen for multiple example value retainer examples (#​6920) (fad81f8)
• validate nullable (#​6928) (a2a561e)

Bug Fixes

• support OAuth2 PKCE when using the OIDC authorization_code flow (#​6914) (5e69d3c)
• sample-gen: enum without type should be handled by sample-gen (#​6912) (7ead9ba)

Other

swagger-cllient: version bump to 3.13.1

v3.42.0: Swagger UI v3.42.0 Released!

Compare Source

Features

• enhance parameter validation (#​6878) (5c4dfc2)
• sample-gen multi and form media-type (#​6874) (8ed6c34)

Bug Fixes

• responseBody: json response highlighting (#​6871) (13fea13), closes #​6508

v3.41.1: Swagger UI v3.41.1 Released!

Compare Source

Bug Fixes

• swagger-ui-react: src filename extension to transpile (#​6876) (e538e26)

v3.40.0: Swagger UI v3.40.0 Released!

Compare Source

Features

• doc: added introduction (#​6806) (d80cc40)
• docker: add docker support for persist authorization variable (#​6832) (a7ba55a)
• group / sort parameters by location (#​6745) (ddaee4e)

Bug Fixes

• sample-gen: should render additionalProperties in example (#​6821) (35cb925)
• sample-gen: should return json literal example (#​6827) (a2f7917)
• sample-gen: should return xml literal example (#​6822) (59b42bb)
• spec-selector: isMediaTypeSchemaPropertiesEqual should handle case where literal media-types are equal. (#​6820) (25433c4)
• style: code should should wrap line (#​6831) (7087210), closes #​6764

v3.38.0: Swagger UI v3.38.0 Released!

Compare Source

Features

• auth: Add OpenID Connect Discovery (OICD) support (#​3517) (#​6549) (0807687)

Bug Fixes

• components: fix keys rendering in React 16 using .entrySeq() (#​6685) (20a8987)
• security fixes applied in [email protected], [email protected], and [email protected]

v3.37.2: Swagger UI v3.37.2 Released!

Compare Source

• chore: update swagger-js to v3.12.1 which brings better support for $ref resolving (#​4765) (#​5625 )
• chore(release): fix release v3.37.1 release
• chore(package): allow auto-update of swagger-client (d3fb9ab)

v3.37.0: Swagger UI v3.37.0 Released!

Compare Source

Features

• swagger-ui-react: add support for layout prop (#​6639) (a6673d7)

Bug Fixes

• examples: properly update memoized value in non-schema case (#​6641) (d2ef8f3), closes #​6631
• xml: example generation if an array has an example (#​6634) (24225e4), closes #​6627

v3.36.2: Swagger UI v3.36.2 Released!

Compare Source

Bug Fixes

• duplicate labels in Servers UI (#​6568) (1f10240)
• externalDocs url for tags when using swagger v2.0 (#​6579) (6db4def)
• schema example: xml gen should follow json gen behavior (#​6555) (288c89b), closes #​6470 #​6540 #​4943
• cypress: oas3-request-body-required flakineess (#​6583) (64ae7af)

v3.36.1: Swagger UI v3.36.1 Released!

Compare Source

• swagger-client: update to v3.12.0. Fixes nested allOf/oneOf schema resolution in #​5194, #​5923, #​4672

Bug Fixes

• cypress: oas3-multiple-media-types flakiness (#​6571) (3925b0c), closes #​6570

v3.36.0: Swagger UI v3.36.0 Released!

Compare Source

Features

• support for showExtensions on Response objects (#​6535) (6a4e52a)

Bug Fixes

• auth: Allow PKCE for legacy AccessCode OAuth2 Grant Type (#​6011) (5a87c8a), closes #​6010
• auth: support for oauth2 relative url (#​6546) (0a807d6)
• auth: add additional autoFocus for http-auth component (#​6527) (8e3e059), closes #​6483
• response examples should respect media-type (#​6456) (87ab4e9)
• duplicate downloading of remote config (#​6544) (50e5f65)
• oauth redirect HTML title tag (#​6533) (17f140b)

v3.35.2: Swagger UI v3.35.2 Released!

Compare Source

Bug Fixes

• oas3: switching media types should update schema properties (#​6518) (3905fad), closes #​6201 #​6250 #​6476

• requestBody: hide read only properties (#​6490) (5065613)

• missing commas in response header values #​6183 (#​6515) (99fda81)

• add autofocus to auth fields (#​6483) (65ea764)

• style: preventing long strings from overflowing (#​5934) (#​6507) (4b2fddd)

• jest: add stub for errActions to prevent unhandled promise rejections #​6365 (#​6495) (537ad6d)

• jest: unknown prop initialValue on input tag (#​6506) (1af8678)

v3.35.1: Swagger UI v3.35.1 Released!

Compare Source

Bug Fixes

• parameter-row: rendering of default/example values of 0 (#​6454) (797929f)

• syntax-highlighter: configuration for Examples (#​6455) (b5e8081), closes #​5259

• examples multipart array sample generation for items (#​6461) (f4bdf2f)

• filter: avoid filtering by the strings "true/false" when enabled (#​6477) (aa53ec2)

• style: inconsistent background colors in code sections (#​6472) (1b11d5c)

• deprecate from "new Buffer" to "Buffer.from" (#​6489) (6c5e91d)

v3.35.0: Swagger UI v3.35.0 Released!

Compare Source

Bug Fixes

• auth: both array and Im.List scopes can be added to redirectURL (#​6416) (95fd3e7)
• swagger-ui-react: Use oneOfType in spec prop validation (fix #​6399) (#​6400) (52360a0)
• sample schema should stringify string values for content-type: text/json (#​6431) (ad630cc), closes #​6412
• try-it-out: required boolean default value set to empty string (#​6449) (f5c709f), closes #​6429

Features

• curl: configuration setting to pass additional options to curl command for "Try it out" (#​6288) (cbe99c8)
• swagger-ui-react: add deeplinking as prop (#​6424) (6b12f15)

v3.34.0: Swagger UI v3.34.0 Released!

Compare Source

Features

• Preserve authorization on browser refresh and close/reopen (#​5939) (96aecc8)
• build: use core-js@3 (#​6410) (ac41813)

Refactor

• build: increase maxEntrypointSize for core-js@3 (#​6419)
• csp: Update how the JavaScript run function is invoked in oauth2-redirect.html (#​6393)

v3.32.5: Swagger UI v3.32.5 Released!

Compare Source

Bug Fixes

• operationTag: verify selectedServer exists before invoking (#​6335) (580e906)

v3.32.3: Swagger UI v3.32.3 Released!

Compare Source

This release is intended to enable npm to include es2015 bundle files. There are no source code changes in this release.

Bug Fixes

• build: add es-bundle to .npmignore non-exclusion list (#​6328) (560b428)

v3.32.1: Swagger UI 3.32.1 Released!

Compare Source

This release should properly include swagger-ui-es-bundle and swagger-ui-es-bundle-core in the /dist directory. There are no other source code changes in this release.

Bug Fixes

• build: initialize new es-bundle files (#​6304) (c362329)

v3.31.1: Swagger UI 3.31.1 Released!

Compare Source

Bug Fixes

• swagger-ui-react: updated babel config file target (#​6277) (7a6999b)

v3.30.0: Swagger UI 3.30.0 Released!

Compare Source

Features

• syntax highlighting of code section (#​6236) (a73783b)

Security

• housekeeping(deps): [email protected] [security] (#​6230)

v3.28.0: Swagger UI 3.28.0 Released!

Compare Source

Bug Fixes

• avoid mapping Immutable.Map as React children (#​6165) (93020e2)
• render Common Extensions properly in React 16 (#​5930) (e1e4d5b)

Features

• Display nullable for object model itself (#​5660) (#​5868) (41e595b)

v3.27.0: Swagger UI 3.27.0 Released!

Compare Source

Features

• model view: hide applicable readOnly and writeOnly properties (#​5832) (f8dd4e6)
• model view Added onLoad()s and tweaker onToggle() to support ScrollTo functionality for Models (#​5237)
• Copy response to clipboard #​4300 (#​5278) (973e1f7)
• Display example value in Swagger ReadOnly documentation mode (#​4422) (ca1b19a)
• swagger-ui-react: add displayOperationId config support (#​5795) (bd1b297)

Bug Fixes

• remove clipboard inline svg from a file with SASS (#​6148) (eeb0b73)
• curlify agnostic to order of header values (#​6152) (b86e8e9), closes #​6082
• Docker: case where SWAGGER_ROOT in conjunction with BASE_URL does not work (#​6147)
• Call DomPurify.addHook only if it exists (#​5428)

Docs

• Docs: Demonstrate a simple Webpack setup (#​5185)

v3.26.1: Swagger UI 3.26.1 Released!

Compare Source

⚠️ This release includes a security update with Markdown render.

Features

• New OAUTH_SCOPES configuration property to select all/none/user_list to OAuth scopes popup (#​6037) (275c8f2)
• Docker New SWAGGER_JSON_URL option to allow remote urls from Docker (#​6122)
• Docker VALIDATOR_URL now has options to disable the validation badge (#​5994)
• Various style improvements (#​6014) (#​5578) (#​5478)

Bug Fixes

• Markdown: render markdown in more secure way (a616cb4)
• Docker allow local ref's to be served by nginx (#​5565) (f353974)
• Docker support variables in auth urls (#​5913) (21f5149)

v3.26.0: Swagger UI 3.26.0 Released!

Compare Source

Features

• Allow to skip submitting empty values in form data (#​5830) (b9b32c9)
• Add empty data param to cURL if no POST request body was given (#​6017)

Bug Fixes

• set default supportedSubmitMethods (#​6030) (3b6942c)
• OAS3 upload file when array items are type=string format=binary (#​6040)
• support generated curl for PUT and PATCH requests (#​5960)
• flaky test: bugs/4641 use wait on route alias (#​6048) (5bbd3e7)

Housekeeping

• SwaggerClient version 3.10.6
• dependency updates

v3.25.5: Swagger UI 3.25.5 Released!

Compare Source

Bug Fixes

• entries can now be generally used again as a key name. special handling of non-FormData entries removed (#​6036) (68185dd), closes #​6033

v3.25.4: Swagger UI 3.25.4 Released!

Compare Source

Bug Fixes

• bump swagger-client to version 3.10.4 and return back compatibility with node.js >= 4
• allow entries as property name (#​6025) (3a65070)

v3.25.3: Swagger UI 3.25.3 Released!

Compare Source

Changelog

• housekeeping: update release-it config
• housekeeping: bump swagger-client version with package-lock (#​6008)
• housekeeping: update dev-e2e-cypress-open script name (#​6005)

Bug Fixes

• curl array support within multipart/form-data (#​3838) (#​5999) (96c7b4c)
• jsonSchemaComponent file/files (#​5997) (#​6000) (65597d1)

v3.25.2: Swagger UI 3.25.2 Released!

Compare Source

Changelog

• feature: JsonSchema components are now ImmutableJS compliant (#​5952)
• fix: remove clearValidation from onTryoutClick (#​5955)

v3.25.1: Swagger UI 3.25.1 Released!

Compare Source

No release summary included.

Changelog

• improvement: render OAS3 parameter type formats (#​5796)
• improvement: showCommonExtensions support for OAS3 parameters (#​5901)
• improvement: support for supportedSubmitMethods property in react component (#​5376)
• improvement: do not require basic password in UI (#​5812)
• improvement: add isShownKey prop to Operation to allow overriding (#​5196)
• fix(docker-image): send relative HTTP 301s from within container (#​5409)
• fix: expanding model when query param showExtensions=true exists (#​5918)
• fix: incorrect PropType in Model ImmutablePureComponent (#​5921)
• fix: OAS3 online validator badge (#​5909)
• housekeeping: add static distribution file documentation (#​5095)
• housekeeping: update plugin api component for failSilently (#​5953)

v3.25.0: Swagger UI 3.25.0 Released!

Compare Source

No release summary included.

Changelog

• feature(swagger-ui-react): defaultModelExpandDepth and plugins props (#​5594)
• improvement: clear auth information from memory when logging out (#​5316)
• improvement: use type 'password' instead of text for client secret (#​5262)
• housekeeping(docs): https path for unpkg link (#​5769)
• housekeeping: fix logo size (#​5702)
• housekeeping: fix npm run lint and npm test on Windows (#​5737)
• housekeeping: npm audit fix (#​5718, #​5772, #​5805)

v3.24.3: Swagger UI 3.24.3 Released!

Compare Source

Changelog

• housekeeping: npm audit fix (#​5718)

v3.24.2: Swagger UI 3.24.2 Released!

Compare Source

This release reverts Swagger UI's upgrade to redux@^4 (via #​5569), which was causing test failures in downstream projects.

v3.24.0: Swagger UI 3.24.0 Released!

Compare Source

Changelog

• feature: add PKCE support for OAuth2 Authorization Code flows (#​5361)
• fix: parameterMacro functionality for OAS3 (#​5617)
• fix(validateParam): validate JSON values + support Parameter.content (#​5657)
• fix: overweight dependencies in PKCE implementation (#​5658)

v3.23.11: Swagger UI 3.23.11 Released!

Compare Source

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

Changelog

• fix: mitigate "sequential @import chaining" vulnerability (via #​5616)

v3.23.8: Swagger UI 3.23.8 Released!

Compare Source

This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#​5583) that was introduced in v3.23.7.

v3.23.5: Swagger UI 3.23.5 Released!

Compare Source

This release includes a fix to our Markdown parsing implementation that should resolve display issues with certain Markdown strings.

Changelog

• fix: remove problematic Markdown optimization (via #​5520)

v3.23.4: Swagger UI 3.23.4 Released!

Compare Source

Changelog

• housekeeping: @kyleshockey/js-yaml -> js-yaml (via #​5511)
• housekeeping: more npm audit resolutions (via #​5509)
• housekeeping: non-breaking dependency updates (via #​5515)

v3.23.2: Swagger UI 3.23.2 Released!

Compare Source

This release includes improvements to our Docker container permissions, bug fixes for OpenAPI 3.0 rendering of Responses and Request Bodies, and resolution of most npm audit warnings visible to consumers.

Channgelog

• improvement: allow Swagger UI Docker containers to run as non-root users (via #​5476)
• fix: empty ModelExample rendering in a Response w/o content (via #​5504)
• fix: use null as a notSetValue for examplesForMediaType (via #​5503)
• housekeeping: resolve (almost) all npm audit warnings (via #​5457)

v3.23.0: Swagger UI 3.23.0 Released!

Compare Source

This release includes support for OpenAPI 3.0's Examples Object within Parameter, Request Body, and Response Objects.

Changelog

• feature: Multiple Examples for OpenAPI 3 Parameters, Request Bodies, and Responses (via #​5427)

Internal API notes

Several things have moved around internally.

If you make heavy use of the Plugin API, this may be of concern to you:

• the Parameterscomponent no longer has a wrapComponent in OpenAPI 3.0. Version-specific logic is now contained within one component.
• ParameterRow now needs oas3Actions and oas3Selectors as props.
• Response now needs path and method as props.
• Responses' shouldComponentUpdate check has been removed, it now re-renders as the Redux store changes.
• RequestBodyEditor has been heavily modified. It is no longer aware of the underlying request body or schema, and only concerns itself with the string value being edited. It will now also update its own internal state if the value prop given to it changes.

v3.22.2: Swagger UI 3.22.2 Released!

Compare Source

Changelog

• improvement: OAS3 $ref friendly-name regex in model.jsx (via #​5334)
• improvement: add isShown check to 's prop expanded logic (via #​5331)
• improvement: relax schema description styling so Markdown can be effective (via #​5340)
• security: CVE-2018-20834 (non-user-facing, via #​5368)

v3.22.1: Swagger UI 3.22.1 Released!

Compare Source

[email protected] lacked the changes that were advertised for it in that version - specifically, docExpansion support was missing.

[email protected] is now available with the new changes. See #​5294 for more information.

Changelog

• improvement: error message when rendering XML example (via #​5253)
• fix: refuse to render non-string Markdown field values (via #​5295)

v3.22.0: Swagger UI 3.22.0 Released!

Compare Source

This release introduces a new configuration option (withCredentials) which allows control of Swagger UI's underlying Fetch/XHR instance's credential inclusion mode. You may find this option helpful if your API requires an authentication/authorization scheme that Swagger UI doesn't directly support, but can be handled out-of-band by your browser.

Also notable: GitHub Flavored Markdown table syntax is now supported in our OpenAPI 3 Markdown parser, swagger-ui-react's underlying UI system object is now exposed in the onComplete prop callback, react-addons-perf is removed from our dependencies to avoid BSD+Patents licensing, and we've improved how Markdown is rendered across Swagger UI.

Changelog

• feature: add withCredentials configuration key (via #​5149)
• improvement: expose system object in swagger-ui-react's onComplete callback (via #​5221)
• improvement: support GFM table syntax in OpenAPI 3.0 (via #​5224)
• improvement: expose docExpansion as a prop in swagger-ui-react (via #​5242)
• fix: Markdown styling nits and inconsistencies (via #​5235)
• fix: generate gzipped Docker assets at runtime (via #​5219)
• housekeeping: bump minimum Cypress version (via #​5233)
• housekeeping: remove react-addons-perf dependency (via #​5229)
• housekeeping: fix typo in README (via #​5246)

v3.20.9: Swagger UI 3.20.9 Released!

Compare Source

This release contains a security fix that addresses a cross-site scripting vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

This release also changes Swagger UI's OperationSummary component to better tolerate badly-formed (i.e., non-string) summary fields.

Changelog:

• fix: gracefully handle non-string operation summaries (via #​5189, #​5191)
• fix: sanitize URLs used for OAuth auth flow (via #​5190)

v3.20.8: Swagger UI 3.20.8 Released!

Compare Source

Summary

This release contains styling fixes, support for x-www-form-urlencoded bodies without explicitly-defined request properties, and non-material security fixes from upstream modules.

In order to take advantage of the new X-Requested-With header in OAuth2 token requests, cross-origin APIs (which require CORS configuration) needs to send Access-Control-Allow-Headers: X-Requested-With as part of the OPTIONS response for your token endpoint. A CORS library will handle this for you - visit https://enable-cors.org for more guidance.

Changelog

• improvement: better operation path + summary overflow styling (via #​5184)
• improvement: set X-Requested-With to prevent browser authentication dialog (via #​4934)
• fix: provide JSON editor for x-www-form-urlencoded bodies lacking properties (via #​5180)
• housekeeping: bump minimum lodash version (via #​5156)

v3.20.5: Swagger UI 3.20.5 Released!

Compare Source

Interface changes: None.

Changelog:

• improvement: support Markdown in header descriptions (via #​5120)
• improvement: add individual CSS classes to info items (via #​5051)
• improvement: show description fields in form-data request bodies (via #​5073)
• improvement: render request body description as Markdown (via #​5078)
• fix: non-typesafe spec selector (via #​5121)
• fix: tag-level deep link escaping inconsistencies (via #​5117)
• fix: Immutable property access pattern (via #​5112)
• fix: only apply instance-strip transformer to schema errors (via #​5110)

v3.20.3: Swagger UI 3.20.3 Released!

Compare Source

Interface changes: none.

Changelog:

• improvement: generate default oauth2RedirectUrl based on page location (via #​5085)
• improvement: add Schema/Model switching to ModelExample component (via #​5080)
• housekeeping: branding updates (via #​5084)

v3.20.2: Swagger UI 3.20.2 Released!

Compare Source

Interface changes: none.

Changelog:

• improvement: OAuth2 UI and test suite (via #​5066)
• fix: fall back to default configuration options in subtree resolver calls (via #​5063)
• fix: label models section as Schemas in OpenAPI 3 (via #​5065)

v3.20.1: Swagger UI 3.20.1 Released!

Compare Source

Private interface changes:

• specSelectors.operationConsumes was removed in favor of the new specSelectors.consumesOptionsFor selector.

Changelog:

• improvement: hide Servers/Schemes/Authorize section when it's empty (via #​4950)
• bugfix: only append type flag to curl if type is defined (via #​5041)
• bugfix: apply css only on first child label and span for section header (via #​4970)
• bugfix: path-item $ref produces/consumes inheritance (via #​5049)

v3.20.0: Swagger UI 3.20.0 Released!

Compare Source

Interface changes: none.

Changelog:

• feature: sample value generation for uuid, hostname, ipv4, & ipv6 formats (via #​5033)
• feature: sample value generation for date formats (via #​5024)
• improve(docker): bail out + provide helpful error if injection fails (via #​5007)
• bugfix: legacy Docker variables being overridden by default values (via #​5006)
• bugfix: prevent object inheritance mutations in recursive sampleXmlFromSchema calls (via #​5034)
• bugfix: resolve referenced securitySchemes (via #​5028)
• docs(installation): fix link to configuration.md (via #​5009)
• housekeeping: remove Topbar CWM & unneeded empty lines (via #​5018)
• housekeeping: .js -> .jsx file extensions (via #​5014)

v3.19.5: Swagger UI 3.19.5 Released!

Compare Source

Interface changes: A handful of Docker environment variables were added and deprecated, see #​4965 and #​4987 for more information.

Changelog:

• feature: full-spectrum runtime Docker configuration (via #​4965)
• feature: Docker OAuth block support (via #​4987)
• fix(packaging): move webpack-dev-server to devDependencies (via #​4984)
• housekeeping: move to browser-compatible xml fork (via #​4985)

v3.19.4: Swagger UI 3.19.4 Released!

Compare Source

Interface changes: whitespaced tags and operation IDs are now percent-encoded when included in deep links. Links generated by older 3.x versions of Swagger UI should continue to work as before, but support for them will be dropped in the next major version of Swagger UI.

Changelog:

• improve(deeplinking): support utf16 tags and IDs (via #​4921)
• improve(try-it-out): support RFC5987 Content-Disposition formats (via #​4952)
• bug(deeplinking): properly handle whitespaced & underscored tags/ids (via #​4953)

Additional work around deep linking was also made in #​4960 and #​4958.

v3.19.0: Swagger UI 3.19.0 Released!

Compare Source

Interface changes: added CONFIG_URL option for Docker image.

Changelog:

• feat(docker): allow configUrl to be used in Docker (via #​4881)
• fix(docker): make shell script executable (via #​4876)
• fix: tolerate callback parameter values in ParameterRow (via #​4873)
• fix: safeguard Models from non-object schema content (via #​4868)

v3.18.2: Swagger UI 3.18.2 Released!

[Compare Source](https://redirect.githu