[Security] Bump swagger-ui from 3.23.5 to 3.24.0

[dependabot-preview]

Bumps swagger-ui from 3.23.5 to 3.24.0.

Release notes

Sourced from swagger-ui's releases.

Swagger UI 3.24.0 Released!

Changelog

• feature: add PKCE support for OAuth2 Authorization Code flows (#5361)
• fix: parameterMacro functionality for OAS3 (#5617)
• fix(validateParam): validate JSON values + support Parameter.content (#5657)
• fix: overweight dependencies in PKCE implementation (#5658)

Swagger UI 3.23.11 Released!

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

Changelog

• fix: mitigate "sequential @import chaining" vulnerability (via #5616)

Swagger UI 3.23.10 Released!

This release fixes two bugs: one visual issue within static documentation, and another within runtime validation for Array-typed parameters.

Changelog

• fix: <Select disabled> for type: string + enum schemas (#5601)
• fix: accept string-represented values in required array runtime validation (#5609)

Swagger UI 3.23.9 Released!

This release changes the default value for the validatorUrl configuration option from https://online.swagger.io/validator to https://validator.swagger.io/validator.

Swagger UI 3.23.8 Released!

This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#5583) that was introduced in v3.23.7.

Swagger UI 3.23.7 Released!

This release includes new support for display and Try-It-Out functionality of OAS 3.0 Parameter.content values.

Changelog

• feature: support for Parameter.content (#5571)
• housekeeping(dev-deps): [email protected]
• 43db164a 2019-08-27 | docs: clarify that preauthorizeApiKey works for OAS3 Bearer auth too (#5566)

Swagger UI 3.23.6 Released!

This release fixes a React warning originating in Swagger UI and a CSS class name collision with Bootstrap 4.0.

It also includes several in-range updates to minimum dependency versions.

Changelog

• fix: React warning related to "true" used as boolean (via #5497)
• fix: remove .col class that causes collision with Bootstrap (via #5541)

Commits

• 7e5974c release: v3.24.0
• 25025cb fix: overweight dependencies in PKCE implementation (#5658)
• 75a0e5d fix(validateParam): validate JSON parameter values + support `Parameter.conte...
• 71a17f8 housekeeping: use HTTPS links in README.md (#5651)
• 7317fff housekeeping: add homepage URL to package.json (#5652)
• 9253c0b improvement: add \<title> tag to oauth2-redirect.html (#5644)
• 139592e feat: add PKCE support for OAuth2 Authorization Code flows (#5361)
• 8cabcff housekeeping: document Docker OAUTH2_REDIRECT_URL option (#5641)
• fa351aa housekeeping: npm audit concerns (#5640)
• 93f7a82 housekeeping(deps): dompurify v2 (#5634)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[dependabot-preview]

We've just been alerted that this update fixes a security vulnerability:

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects swagger-ui
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.

Affected versions: ["< 3.23.11"]