[Snyk] Upgrade swagger-ui from 3.25.0 to 3.48.0

[snyk-bot]

Snyk has created this PR to upgrade swagger-ui from 3.25.0 to 3.48.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 48 versions ahead of your current version.
• The recommended version was released a month ago, on 2021-04-29.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-FASTJSONPATCH-595663	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Insecure Defaults SNYK-JS-SWAGGERUI-572012	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-DOMPURIFY-1035544	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-DOMPURIFY-1016634	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-AUTOLINKER-73494	482/1000 Why? Proof of Concept exploit, CVSS 7.5	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-AUTOLINKER-564438	482/1000 Why? Proof of Concept exploit, CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: swagger-ui

• 3.48.0 - 2021-04-29
  

  3.48.0 (2021-04-29)

  Bug Fixes

  • authorization: include oauth endpoint description (#7195) (5906dfa)
  • syntaxHighlighter: request and response examples for json cases (#7199) (92f1507)
  • try-it-out: required properties (#7206) (53829f1)

  Features

  • docs: make webpack-getting-started more universal (#7191) (f239965)
• 3.47.1 - 2021-04-15
  

  3.47.1 (2021-04-15)

  [email protected] was a valid but incomplete release. This release should contain downstream release jobs.

• 3.47.0 - 2021-04-15
  

  3.47.0 (2021-04-15)

  Features

  • remove node_native option from request snippets plugin (#7181) (2373a83)
  • dev: migrate to local-web-server (#7174) (01c8de4)

  Bug Fixes

  • update snippet generator map to support React 16 (#7154) (7fc2780)
• 3.46.0 - 2021-03-31
  

  3.46.0 (2021-03-31)

  Features

  • sample-gen: infer implicit type and validation constraint types (#7117) (032bd71)
  • download of text/csv now uses .csv extension (#7141) (75865f3)
  • markdown sanitization of form tag (#7146) (f5b84e5)

  Bug Fixes

  • add aria label to select element for content types (#7133) (4abbc62)
  • array constraint validation only if value was provided (#7112) (4103e0f)

  Other

  • swagger-client: bump to v3.13.2
• 3.45.1 - 2021-03-19
  

  3.45.1 (2021-03-19)

  Bug Fixes

  • response examples fallback (#7065) (9a2b646)
  • cypress: tweak to ensure an element exists before test (#7074) (d17a81e)
• 3.45.0 - 2021-03-11
  

  3.45.0 (2021-03-11)

  Features

  • request snippets plugin (#6910) (8405fa0)
  • sample gen should incorporate schema validation constraint (#7043) (3ead825)

  Bug Fixes

  • auth: support pkce when using basic auth header (#7038) (f23a9d6)
  • auth: url change should flush auth (#7046) (219d886)
  • sample-gen: allOf, oneOf lifting should consider properties and items (#7041) (f9e54a2)
  • sample-gen: xml attr with media-type example value (#7045) (902241c)
  • ui: prevent example select from overflowing (#7060) (0723622)
  • preserve multipart file part position in requestData (#7008) (15b8c0c)
• 3.44.1 - 2021-03-04
  

  3.44.1 (2021-03-04)

  Bug Fixes

  • json schema array items (#7007) (2016c18)
  • multipart enum initial value not set (#7004) (68bd61a)
  • optional empty validation (#7003) (d32bd1a)
• 3.44.0 - 2021-02-25
  

  3.44.0 (2021-02-25)

  Bug Fixes

  • info: use externalDocsUrl check to render Link (#6997) (b7d3d1c)
  • lint: use semicolons + closing link in html (#6951) (17093f2)
  • lint: put script tag in body in oauth2-redirect.html (#6958)

  Features

  • models: collapsed schema content should be clickable (#6942) (0e6dc04)
  • verbose Failed to fetch error (#6938) (4db2edc)
  • docs: sample datepicker plugin with json schema components (#6939) (ba74c02)
• 3.43.0 - 2021-02-11
  

  3.43.0 (2021-02-11)

  Features

  • use example gen for multiple example value retainer examples (#6920) (fad81f8)
  • validate nullable (#6928) (a2a561e)

  Bug Fixes

  • support OAuth2 PKCE when using the OIDC authorization_code flow (#6914) (5e69d3c)
  • sample-gen: enum without type should be handled by sample-gen (#6912) (7ead9ba)

  Other

  swagger-cllient: version bump to 3.13.1

• 3.42.0 - 2021-02-04
  

  3.42.0 (2021-02-04)

  Features

  • enhance parameter validation (#6878) (5c4dfc2)
  • sample-gen multi and form media-type (#6874) (8ed6c34)

  Bug Fixes

  • responseBody: json response highlighting (#6871) (13fea13), closes #6508
• 3.41.1 - 2021-01-28
• 3.41.0 - 2021-01-28
• 3.40.0 - 2021-01-14
• 3.39.0 - 2021-01-07
• 3.38.0 - 2020-12-10
• 3.37.2 - 2020-11-26
• 3.37.1 - 2020-11-26
• 3.37.0 - 2020-11-19
• 3.36.2 - 2020-11-06
• 3.36.1 - 2020-10-29
• 3.36.0 - 2020-10-22
• 3.35.2 - 2020-10-15
• 3.35.1 - 2020-10-08
• 3.35.0 - 2020-10-01
• 3.34.0 - 2020-09-18
• 3.33.0 - 2020-09-10
• 3.32.5 - 2020-08-27
• 3.32.4 - 2020-08-20
• 3.32.3 - 2020-08-19
• 3.32.2 - 2020-08-19
• 3.32.1 - 2020-08-14
• 3.32.0 - 2020-08-14
• 3.31.1 - 2020-07-30
• 3.31.0 - 2020-07-30
• 3.30.2 - 2020-07-22
• 3.30.1 - 2020-07-21
• 3.30.0 - 2020-07-17
• 3.29.0 - 2020-07-17
• 3.28.0 - 2020-06-29
• 3.27.0 - 2020-06-18
• 3.26.2 - 2020-06-12
• 3.26.1 - 2020-06-11
• 3.26.0 - 2020-06-05
• 3.25.5 - 2020-05-28
• 3.25.4 - 2020-05-21
• 3.25.3 - 2020-05-14
• 3.25.2 - 2020-05-07
• 3.25.1 - 2020-04-24
• 3.25.0 - 2020-01-17

from swagger-ui GitHub release notes

Commit messages

Package name: swagger-ui

• f96bc13 chore(release): cut the v3.48.0 release
• 38c6e12 chore(deps): bump serialize-error from 2.1.0 to 8.1.0 (Fix LFS Locks over SSH (#6999) go-gitea/gitea#7223)
• 474320d chore(deps-dev): bump chromedriver from 87.0.7 to 90.0.0 (Top Contributors listing on repo/profile go-gitea/gitea#7189)
• 53829f1 fix: required properties (Two factor login redirects to favicon go-gitea/gitea#7206)
• 0e770b3 Merge pull request How to make gitea run again on RPi 3B given the arm7 build issues? go-gitea/gitea#7222 from swagger-api/dependabot/npm_and_yarn/dompurify-2.2.8
• 6c8bd1f chore(deps): bump dompurify from 2.2.7 to 2.2.8
• e30236f Merge pull request Show lfs config on admin panel go-gitea/gitea#7220 from swagger-api/dependabot/npm_and_yarn/open-8.0.7
• 61262e5 chore(deps-dev): bump open from 8.0.6 to 8.0.7
• f9cd521 Merge pull request Feat: import all repositories like gitlab go-gitea/gitea#7212 from swagger-api/dependabot/npm_and_yarn/postcss-8.2.13
• bc80a16 chore(deps-dev): bump postcss from 8.2.12 to 8.2.13
• f6029d5 Merge pull request Docs: https://docs.gitea.io/en-us/upgrade/ is blank go-gitea/gitea#7208 from swagger-api/dependabot/npm_and_yarn/eslint-7.25.0
• 8882379 chore(deps-dev): bump eslint from 7.24.0 to 7.25.0
• 45971f0 Merge pull request Allow colon between fixing word and issue go-gitea/gitea#7207 from swagger-api/dependabot/npm_and_yarn/postcss-8.2.12
• 904a9d3 chore(deps-dev): bump postcss from 8.2.10 to 8.2.12
• 9e069ff Merge pull request [Error 1053] Can't run gitea as a Windows Service go-gitea/gitea#7201 from swagger-api/dependabot/npm_and_yarn/babel/core-7.13.16
• 6376458 chore(deps-dev): bump @ babel/core from 7.13.15 to 7.13.16
• 910047f Merge pull request 'Fixes: #id' in commit message does not close issues go-gitea/gitea#7202 from swagger-api/dependabot/npm_and_yarn/babel/cli-7.13.16
• 9329846 chore(deps-dev): bump @ babel/cli from 7.13.14 to 7.13.16
• d4911fe Merge pull request Endpoint /login/oauth/access_token doesn't return Access-Control-Allow-Methods go-gitea/gitea#7204 from swagger-api/dependabot/npm_and_yarn/babel/register-7.13.16
• 1f6daa5 chore(deps-dev): bump @ babel/register from 7.13.14 to 7.13.16
• a89acd3 Merge pull request Move all mail related codes from models to services/mailer go-gitea/gitea#7200 from swagger-api/dependabot/npm_and_yarn/babel/runtime-corejs3-7.13.17
• 6824cd8 chore(deps): bump @ babel/runtime-corejs3 from 7.13.10 to 7.13.17
• 5906dfa fix(authorization): include oauth endpoint description (Detect noreply email address as user (#7133) go-gitea/gitea#7195)
• f239965 feat(docs): make webpack-getting-started more universal (comments on commit  go-gitea/gitea#7191)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs