Snyk has created this PR to upgrade swagger-ui-dist from 3.22.2 to 3.25.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 18 versions ahead of your current version.
The recommended version was released 2 months ago, on 2020-01-17.
⚠️This release includes security updates. You should upgrade to this version if you use Swagger UI to render untrusted documents.
Specifically, this version updates Swagger UI's dompurify dependency to ^2.0.7, which mitigates our exposure to dompurify's mXSS vulnerability that was disclosed earlier this week.
Changelog
fix: code highlight styles are now only applied pre.microlight (#5673)
⚠️This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.
This release changes the default value for the validatorUrl configuration option from https://online.swagger.io/validator to https://validator.swagger.io/validator.
Snyk has created this PR to upgrade swagger-ui-dist from 3.22.2 to 3.25.0.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: swagger-ui-dist
No release summary included.
Changelog
defaultModelExpandDepth
andplugins
props (#5594)npm run lint
andnpm test
on Windows (#5737)npm audit fix
(#5718, #5772, #5805)Changelog
npm audit fix
(#5718)This release reverts Swagger UI's upgrade to
redux@^4
(via #5569), which was causing test failures in downstream projects.Specifically, this version updates Swagger UI's
dompurify
dependency to^2.0.7
, which mitigates our exposure todompurify
's mXSS vulnerability that was disclosed earlier this week.Changelog
pre.microlight
(#5673)Changelog
parameterMacro
functionality for OAS3 (#5617)Parameter.content
(#5657)Changelog
@import
chaining" vulnerability (via #5616)This release fixes two bugs: one visual issue within static documentation, and another within runtime validation for Array-typed parameters.
Changelog
<Select disabled>
fortype: string
+enum
schemas (#5601)This release changes the default value for the
validatorUrl
configuration option fromhttps://online.swagger.io/validator
tohttps://validator.swagger.io/validator
.This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#5583) that was introduced in v3.23.7.
This release includes new support for display and Try-It-Out functionality of OAS 3.0
Parameter.content
values.Changelog
Parameter.content
(#5571)Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs