[Snyk] Upgrade swagger-ui from 5.11.0 to 5.15.1

[dooman87]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade swagger-ui from 5.11.0 to 5.15.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 18 versions ahead of your current version.
• The recommended version was released 25 days ago, on 2024-04-11.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Template Injection SNYK-JS-DOMPURIFY-6474511	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
	Improper Access Control SNYK-JS-UNDICI-6564963	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit
	Improper Authorization SNYK-JS-UNDICI-6564964	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: swagger-ui

• 5.15.1 - 2024-04-11
  

  5.15.1 (2024-04-11)

  Bug Fixes

  • spec: format validation errors for nested parameters (#9775) (0f395c2), closes #9774
• 5.15.0 - 2024-04-10
  

  5.15.0 (2024-04-10)

  Bug Fixes

  • json-schema-2020-12-samples: apply string constraints sensibly (#9796) (b6b0d28), closes #9739
  • oas31: allow override names of top level schemas (#9787) (111e420), closes #9713
  • oas3: compensate for JSON Schemas left unresolved by swagger-client (#9794) (3bea389), closes #9790

  Features

  • json-schema-2020-12-sample: introduce option API (#9795) (7db9c98), closes #9739
• 5.14.0 - 2024-04-08
  

  5.14.0 (2024-04-08)

  Bug Fixes

  • docker: fix CVE-2024-27983 related to Node.js (#9786) (a94dd28)

  Features

  • consolidate syntax highlighting code into standalone plugin (#9783) (7260005)
• 5.13.0 - 2024-03-29
  

  5.13.0 (2024-03-29)

  Bug Fixes

  • oas3: add support for oneOf/anyOf JSON Schema keywords in request-body rendering (#9767) (ed983eb), closes #9763
  • oas3: fix getting initial values for request body in OpenAPI 3.x (#9762) (8086d97), closes #9745

  Features

  • plugins: expose JSON Schema merging mechanism from samples plugins (#9766) (6a493fb), closes #9765
• 5.12.3 - 2024-03-27
  

  5.12.3 (2024-03-27)

  Bug Fixes

  • json-schema-2020-12-samples: fix constraints for integer example values (#9749) (c002e59), closes #9740
• 5.12.2 - 2024-03-26
  

  5.12.2 (2024-03-26)

  Bug Fixes

  • fix failed v5.12.1 release (#9748) (7101272)
  • try-it-out: fix issues related to building requests from parameters (#9746) (b2e673d), closes #9550
• 5.12.1 - 2024-03-26
  

  5.12.1 (2024-03-26)

  Caution

  This is a failed release. Please don't use it.

• 5.12.0 - 2024-03-13
  

  5.12.0 (2024-03-13)

  Bug Fixes

  • oas3: escape regular expression before using it (#9691) (b1d7e4b)
  • request-snipppets: fix issues in escaping Powershell (#9692) (8561f3c)
  • spec: format multi message validation errors (#9687) (99bf8fc)

  Features

  • style: add max-height for curl example (#9179) (6dbcd45)
• 5.11.10 - 2024-03-06
  

  5.11.10 (2024-03-06)

  Bug Fixes

  • avoid rendering empty response schemas (#9667) (32e7ce4), closes #9666
  • oas31: render responses with empty content field (#9664) (e2be707), closes #9199
• 5.11.9 - 2024-03-04
  

  5.11.9 (2024-03-04)

  Bug Fixes

  • fix regression in definition resolution (#9658) (6154396), closes #9645
• 5.11.8 - 2024-02-23
• 5.11.7 - 2024-02-16
• 5.11.6 - 2024-02-15
• 5.11.5 - 2024-02-15
• 5.11.4 - 2024-02-14
• 5.11.3 - 2024-02-07
• 5.11.2 - 2024-01-29
• 5.11.1 - 2024-01-26
• 5.11.0 - 2024-01-08

from swagger-ui GitHub release notes

Commit messages

Package name: swagger-ui

• 6160b10 refactor(json-schema-2020-12-samples): design formatAPI consistent with mediatypeAPI and encoderAPI (#9799)
• 0f395c2 fix(spec): format validation errors for nested parameters (#9775)
• 3b72ee1 refactor: consolidate all JSON Schema 5 rendering code into json-schema-5 plugin (#9798)
• 46c849b docs(configuration): fix wrong syntaxHighlight option name (#9776)
• 13aa3bf chore(release): cut the v5.15.0 release
• 3bea389 fix(oas3): compensate for JSON Schemas left unresolved by swagger-client (#9794)
• b6b0d28 fix(json-schema-2020-12-samples): apply string constraints sensibly (#9796)
• 7db9c98 feat(json-schema-2020-12-sample): introduce option API (#9795)
• 1267c04 chore(deps-dev): bump eslint-plugin-jest from 27.9.0 to 28.2.0 (#9793)
• 6e91056 chore(deps): bump dompurify from 3.0.11 to 3.1.0 (#9789)
• 111e420 fix(oas31): allow override names of top level schemas (#9787)
• af538a3 chore(deps): bump dependabot/fetch-metadata from 1.6.0 to 2.0.0 (#9729)
• 7bcf090 chore(release): cut the v5.14.0 release
• a94dd28 fix(docker): fix CVE-2024-27983 related to Node.js (#9786)
• ac0d2a3 refactor(syntax-highlighting): use component wrapping for syntax highlighting activation (#9784)
• 7260005 feat: consolidate syntax highlighting code into standalone plugin (#9783)
• f844319 chore(deps-dev): bump sass from 1.72.0 to 1.74.1 (#9781)
• 4a5a879 chore(deps): bump swagger-client from 3.26.4 to 3.26.5 (#9780)
• 086ffeb chore(deps-dev): bump @ babel/core from 7.24.3 to 7.24.4 (#9778)
• 5e95ffa chore(deps): bump @ babel/runtime-corejs3 from 7.24.1 to 7.24.4 (#9779)
• cf13000 chore(deps-dev): bump @ babel/preset-env from 7.24.3 to 7.24.4 (#9777)
• 3110954 chore(deps-dev): bump postcss-preset-env from 9.5.3 to 9.5.4 (#9773)
• a0b164b chore(deps-dev): bump cypress from 13.7.1 to 13.7.2 (#9772)
• 1735ea8 chore(deps-dev): bump postcss-preset-env from 9.5.2 to 9.5.3 (#9770)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs