Update dependency swagger-ui to v3.23.11 - autoclosed

[uriel-mend-app]

This PR contains the following updates:

Package	Type	Update	Change
swagger-ui	dependencies	minor	3.2.2 -> 3.23.11

By merging this PR, the issue #45 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	9.8	CVE-2019-17495
Medium	5.5	WS-2018-0593
Medium	5.0	WS-2019-0171
Medium	5.0	WS-2019-0172

---

Release Notes

swagger-api/swagger-ui

v3.23.11

Compare Source

⚠️ This release contains a security fix that addresses a CSS-based input field value exfiltration vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

Changelog

• fix: mitigate "sequential @import chaining" vulnerability (via #​5616)

v3.23.10

Compare Source

This release fixes two bugs: one visual issue within static documentation, and another within runtime validation for Array-typed parameters.

Changelog

• fix: <Select disabled> for type: string + enum schemas (#​5601)
• fix: accept string-represented values in required array runtime validation (#​5609)

v3.23.9

Compare Source

This release changes the default value for the validatorUrl configuration option from https://online.swagger.io/validator to https://validator.swagger.io/validator.

v3.23.8

Compare Source

This release fixes an issue with Swagger 2.0 required body parameter runtime validation (#​5583) that was introduced in v3.23.7.

v3.23.7

Compare Source

This release includes new support for display and Try-It-Out functionality of OAS 3.0 Parameter.content values.

Changelog

• feature: support for Parameter.content (#​5571)
• housekeeping(dev-deps): [email protected]
• 43db164 2019-08-27 | docs: clarify that preauthorizeApiKey works for OAS3 Bearer auth too (#​5566)

v3.23.6

Compare Source

This release fixes a React warning originating in Swagger UI and a CSS class name collision with Bootstrap 4.0.

It also includes several in-range updates to minimum dependency versions.

Changelog

• fix: React warning related to "true" used as boolean (via #​5497)
• fix: remove .col class that causes collision with Bootstrap (via #​5541)

v3.23.5

Compare Source

This release includes a fix to our Markdown parsing implementation that should resolve display issues with certain Markdown strings.

Changelog

• fix: remove problematic Markdown optimization (via #​5520)

v3.23.4

Compare Source

Changelog

• housekeeping: @kyleshockey/js-yaml -> js-yaml (via #​5511)
• housekeeping: more npm audit resolutions (via #​5509)
• housekeeping: non-breaking dependency updates (via #​5515)

v3.23.3

Compare Source

This release resolves an undeclared dependency issue visible in [email protected] due to usage of @babel/runtime-corejs2. No source changes were made.

See #​5505 for more information.

v3.23.2

Compare Source

This release includes improvements to our Docker container permissions, bug fixes for OpenAPI 3.0 rendering of Responses and Request Bodies, and resolution of most npm audit warnings visible to consumers.

Channgelog

• improvement: allow Swagger UI Docker containers to run as non-root users (via #​5476)
• fix: empty ModelExample rendering in a Response w/o content (via #​5504)
• fix: use null as a notSetValue for examplesForMediaType (via #​5503)
• housekeeping: resolve (almost) all npm audit warnings (via #​5457)

v3.23.1

Compare Source

This release fixes a couple of minor regressions introduced in v3.23.0, and also includes improvements to our module sizes and sourcemap quality.

Changelog

• fix: Swagger 2.0 Response.examples (via #​5464 + #​5465)
• fix: enum Select crashes when selecting the empty value (via #​5463)
• housekeeping: upgrade to webpack@4 (via #​5454)
• housekeeping: upgrade to babel@7 (via #​5450)

Note: [email protected] was unpublished due to a bad build being pushed to npm. It will be updated again with the next release of Swagger UI.

v3.23.0

Compare Source

This release includes support for OpenAPI 3.0's Examples Object within Parameter, Request Body, and Response Objects.

Changelog

• feature: Multiple Examples for OpenAPI 3 Parameters, Request Bodies, and Responses (via #​5427)

Internal API notes

Several things have moved around internally.

If you make heavy use of the Plugin API, this may be of concern to you:

• the Parameterscomponent no longer has a wrapComponent in OpenAPI 3.0. Version-specific logic is now contained within one component.
• ParameterRow now needs oas3Actions and oas3Selectors as props.
• Response now needs path and method as props.
• Responses' shouldComponentUpdate check has been removed, it now re-renders as the Redux store changes.
• RequestBodyEditor has been heavily modified. It is no longer aware of the underlying request body or schema, and only concerns itself with the string value being edited. It will now also update its own internal state if the value prop given to it changes.

v3.22.3

Compare Source

No source changes.

This release moves Swagger UI to [email protected].

v3.22.2

Compare Source

Changelog

• improvement: OAS3 $ref friendly-name regex in model.jsx (via #​5334)
• improvement: add isShown check to 's prop expanded logic (via #​5331)
• improvement: relax schema description styling so Markdown can be effective (via #​5340)
• security: CVE-2018-20834 (non-user-facing, via #​5368)

v3.22.1

Compare Source

[email protected] lacked the changes that were advertised for it in that version - specifically, docExpansion support was missing.

[email protected] is now available with the new changes. See #​5294 for more information.

Changelog

• improvement: error message when rendering XML example (via #​5253)
• fix: refuse to render non-string Markdown field values (via #​5295)

v3.22.0

Compare Source

This release introduces a new configuration option (withCredentials) which allows control of Swagger UI's underlying Fetch/XHR instance's credential inclusion mode. You may find this option helpful if your API requires an authentication/authorization scheme that Swagger UI doesn't directly support, but can be handled out-of-band by your browser.

Also notable: GitHub Flavored Markdown table syntax is now supported in our OpenAPI 3 Markdown parser, swagger-ui-react's underlying UI system object is now exposed in the onComplete prop callback, react-addons-perf is removed from our dependencies to avoid BSD+Patents licensing, and we've improved how Markdown is rendered across Swagger UI.

Changelog

• feature: add withCredentials configuration key (via #​5149)
• improvement: expose system object in swagger-ui-react's onComplete callback (via #​5221)
• improvement: support GFM table syntax in OpenAPI 3.0 (via #​5224)
• improvement: expose docExpansion as a prop in swagger-ui-react (via #​5242)
• fix: Markdown styling nits and inconsistencies (via #​5235)
• fix: generate gzipped Docker assets at runtime (via #​5219)
• housekeeping: bump minimum Cypress version (via #​5233)
• housekeeping: remove react-addons-perf dependency (via #​5229)
• housekeeping: fix typo in README (via #​5246)

v3.21.0

Compare Source

This release marks the introduction of a new flavor of Swagger UI: swagger-ui-react.

This new module exports a component for use in React applications, and allows you to use any React version you'd like, without fear of colliding with Swagger UI's internal React version.

We recommend that anyone using Swagger UI within a React application migrate to this module, instead of continuing to mount Swagger UI onto a React-created DOM node by ID.

This release also includes some fixes that improve Swagger UI's handling of rare edge cases in the resolver engine.

Note: this release was also erroneously pushed out as v3.20.10 - both versions' contents are identical.

Changelog

• feature: swagger-ui-react module (via #​5207)
• improvement(docker): gzip static files (via #​5199)
• improvement: gracefully render malformed and empty requestBodies (via #​5208)
• improvement: subtree resolver batch handling (via #​5193)

v3.20.10

Compare Source

v3.20.9

Compare Source

This release contains a security fix that addresses a cross-site scripting vulnerability. If you use Swagger UI to display untrusted OpenAPI documents, you should upgrade to this version ASAP.

This release also changes Swagger UI's OperationSummary component to better tolerate badly-formed (i.e., non-string) summary fields.

Changelog:

• fix: gracefully handle non-string operation summaries (via #​5189, #​5191)
• fix: sanitize URLs used for OAuth auth flow (via #​5190)

v3.20.8

Compare Source

Summary

This release contains styling fixes, support for x-www-form-urlencoded bodies without explicitly-defined request properties, and non-material security fixes from upstream modules.

In order to take advantage of the new X-Requested-With header in OAuth2 token requests, cross-origin APIs (which require CORS configuration) needs to send Access-Control-Allow-Headers: X-Requested-With as part of the OPTIONS response for your token endpoint. A CORS library will handle this for you - visit https://enable-cors.org for more guidance.

Changelog

• improvement: better operation path + summary overflow styling (via #​5184)
• improvement: set X-Requested-With to prevent browser authentication dialog (via #​4934)
• fix: provide JSON editor for x-www-form-urlencoded bodies lacking properties (via #​5180)
• housekeeping: bump minimum lodash version (via #​5156)

v3.20.7

Compare Source

Interface changes: none.

Changelog:

• improvement: generate non-smart Markdown quotes (via #​5162)
• improvement(docker): smaller images via no-cache option (via #​5157)
• fix: coerce multipart initial property values to string (via #​5166)
• fix: gracefully handle malformed global tags array in taggedOperations selector (via #​5159)
• fix: don't trigger url remote document load if urls is provided (via #​5161)
• housekeeping: corresponding changes for swagger-api/swagger-editor#​1935 (via #​5170)
• housekeeping: losslessly crush PNG images with pingo (via #​5158)

v3.20.6

Compare Source

Interface changes: none.

Changelog:

• improvement(docker): avoid caching mounted json/yml/yaml assets (via #​5151)
• bug: parameter allowEmptyValue + required interactions (via #​5142)
• housekeeping: add React compatibility issue to readme (via #​5141)

v3.20.5

Compare Source

Interface changes: None.

Changelog:

• improvement: support Markdown in header descriptions (via #​5120)
• improvement: add individual CSS classes to info items (via #​5051)
• improvement: show description fields in form-data request bodies (via #​5073)
• improvement: render request body description as Markdown (via #​5078)
• fix: non-typesafe spec selector (via #​5121)
• fix: tag-level deep link escaping inconsistencies (via #​5117)
• fix: Immutable property access pattern (via #​5112)
• fix: only apply instance-strip transformer to schema errors (via #​5110)

v3.20.4

Compare Source

Interface changes: none.

Changelog:

• fix: urls.primaryName functionality regression (via #​5097)

v3.20.3

Compare Source

Interface changes: none.

Changelog:

• improvement: generate default oauth2RedirectUrl based on page location (via #​5085)
• improvement: add Schema/Model switching to ModelExample component (via #​5080)
• housekeeping: branding updates (via #​5084)

v3.20.2

Compare Source

Interface changes: none.

Changelog:

• improvement: OAuth2 UI and test suite (via #​5066)
• fix: fall back to default configuration options in subtree resolver calls (via #​5063)
• fix: label models section as Schemas in OpenAPI 3 (via #​5065)

v3.20.1

Compare Source

Private interface changes:

• specSelectors.operationConsumes was removed in favor of the new specSelectors.consumesOptionsFor selector.

Changelog:

• improvement: hide Servers/Schemes/Authorize section when it's empty (via #​4950)
• bugfix: only append type flag to curl if type is defined (via #​5041)
• bugfix: apply css only on first child label and span for section header (via #​4970)
• bugfix: path-item $ref produces/consumes inheritance (via #​5049)

v3.20.0

Compare Source

Interface changes: none.

Changelog:

• feature: sample value generation for uuid, hostname, ipv4, & ipv6 formats (via #​5033)
• feature: sample value generation for date formats (via #​5024)
• improve(docker): bail out + provide helpful error if injection fails (via #​5007)
• bugfix: legacy Docker variables being overridden by default values (via #​5006)
• bugfix: prevent object inheritance mutations in recursive sampleXmlFromSchema calls (via #​5034)
• bugfix: resolve referenced securitySchemes (via #​5028)
• docs(installation): fix link to configuration.md (via #​5009)
• housekeeping: remove Topbar CWM & unneeded empty lines (via #​5018)
• housekeeping: .js -> .jsx file extensions (via #​5014)

v3.19.5

Compare Source

Interface changes: A handful of Docker environment variables were added and deprecated, see #​4965 and #​4987 for more information.

Changelog:

• feature: full-spectrum runtime Docker configuration (via #​4965)
• feature: Docker OAuth block support (via #​4987)
• fix(packaging): move webpack-dev-server to devDependencies (via #​4984)
• housekeeping: move to browser-compatible xml fork (via #​4985)

v3.19.4

Compare Source

Interface changes: whitespaced tags and operation IDs are now percent-encoded when included in deep links. Links generated by older 3.x versions of Swagger UI should continue to work as before, but support for them will be dropped in the next major version of Swagger UI.

Changelog:

• improve(deeplinking): support utf16 tags and IDs (via #​4921)
• improve(try-it-out): support RFC5987 Content-Disposition formats (via #​4952)
• bug(deeplinking): properly handle whitespaced & underscored tags/ids (via #​4953)

Additional work around deep linking was also made in #​4960 and #​4958.

v3.19.3

Compare Source

This release was made specifically to fix inconsistent plugin behavior related to multiple invocations of Swagger UI, which was patched in #​4923.

v3.19.2

Compare Source

This release fixes a regression (#​4912), in which some OpenAPI 3 definitions would not have their Servers block rendered.

v3.19.1

Compare Source

Interface changes: none.

Changelog:

• improvement: nest Servers within Schemes container (via #​4911)
• improvement: multipart + formencoded rendering (via #​4910)
• fix: add client_id and client_secret to form when type is request-body (via #​4213)

v3.19.0

Compare Source

Interface changes: added CONFIG_URL option for Docker image.

Changelog:

• feat(docker): allow configUrl to be used in Docker (via #​4881)
• fix(docker): make shell script executable (via #​4876)
• fix: tolerate callback parameter values in ParameterRow (via #​4873)
• fix: safeguard Models from non-object schema content (via #​4868)

v3.18.3

Compare Source

Interface changes: none.

Changelog:

• bugfix: gracefully handle empty request bodies (via #​4859)
• bugfix: resolved model data invalidation (via #​4858)
• bugfix: remove remaining reference to Titillium webfont (via #​4840)
• housekeeping: integrate Cypress in main test script (via #​4847)
• fix(deeplinking): expand containing tag when expanding an operation (via #​4837)

v3.18.2

Compare Source

Interface changes: none.

Changelog:

• improvement: omit deprecated fields in examples (via #​4758)
• improvement: use nginx base Docker image (via #​4796)
• improvement: urlencoded Request Body rendering (via #​4823)
• fix: deep link fragment escaping (via #​4832)
• fix: invalid Operation element IDs for multi-word tags & operationIds (via #​4538, #​4828)
• fix: incorrect usage of lodash.lowerCase (via #​4200)
• meta: introduce Cypress end-to-end testing (via #​4827)

v3.18.1

Compare Source

Interface changes: none.

Changelog:

• improvement: slim down Docker build context (via #​4799)
• improvement: move operation JumpToPath (via #​4760)
• improvement: include more error data from authorization call (via #​4801)

v3.18.0

Compare Source

⚠️ This release contains security fixes. If your OpenAPI documents link to untrusted external URLs, you should upgrade.

Interface changes:

• You may experience issues with this version if you're importing Swagger UI in a non-browser environment (which we don't officially support). Consider loading JSDom beforehand, so that Swagger UI has the DOM APIs it needs access to.
• Links throughout Swagger UI now render with rel="noopener noreferrer", which blocks linked pages from accessing window.opener and the Referrer header.

Changelog:

• feature: "Send empty value" controls for allowEmptyValue parameters (via #​4788)
• bugfix(security): anchor tag safety (via #​4789)
• bugfix: default to empty object for pathItems in updateJsonSpec wrap-action (via #​4785)

v3.17.6

Compare Source

Interface changes: none.

Changelog:

• improvement: allow viewing model when Try-It-Out is enabled (via #​4723)
• bugfix(try-it-out): stringify numerical initial values in ParameterRow (via #​4767)

v3.17.5

Compare Source

Interface changes: none.

Changelog:

• improvement: refactor Operation component structure (via #​4686)
• improvement: bundle size reductions (#​4713)
• housekeeping: add http-server as a dev-dependency, need for serve-static. (via #​4728)

v3.17.3

Compare Source

Interface changes: none.

Changelog:

• improvement: stop loading resources from third party CDN (via #​4598)
• improvement: handle more invalid Swagger/OpenAPI version values gracefully (via #​4699)
• bugfix: exchange function name of component Try-it-out (via #​4687)
• bugfix: handle formencoded array data correctly (via #​4704)
• bugfix: don't stringify non-object sample values (via #​4704)
• bugfix: support multimedia media types for file upload (#​4705)
• housekeeping: add extraneous module linting (via #​4697)
• housekeeping: migrate back to reselect@2 (via #​4696)
• housekeeping: use bundlesize for status checks (via #​4701)

v3.17.2

Compare Source

Interface changes: none.

Changelog:

• improvement: hash-keyed Try-It-Out parameter value storage (via #​4670)
• improvement: re-enable and improve Models jump-to-path (via #​4671)
• bugfix: respect null values in examples (via #​4679)
• housekeeping: update & clean up various dependencies (via #​4543)

v3.17.1

Compare Source

Interface changes: BaseLayout was changed - if you've copied it into your application, you can copy over the new, simplified version.

Changelog:

• improvement: use HTTPS for Petstore (via #​4652)
• bugfix: nested object schema sample generation (via #​4648)
• housekeeping: simplify BaseLayout by creating new container components (via #​4604)
• reverted: dev-only performance tracking (via #​4636)

v3.17.0

Compare Source

Interface changes: none.

Changelog:

• feature: helpful render gating based on document version (via #​4614)
• fix: disable empty values for required + enumerated params (via #​4615)
• fix: initially unset required booleans (via #​4613)
• fix: don't nest urls configuration via docker (via #​4601)
• housekeeping: refactor deep linking into <OperationTag> (via #​4349)

v3.16.0

Compare Source

Interface changes: none.

Changelog:

• feature: OAS3 form and binary media support (via #​4592)
• improvement: disable mangling in the npm module build (via #​4583)
• improvement: resolve URLs for validation service against the page location (via #​4580)
• improvement: add npm start script (via #​4572)

v3.15.0

Compare Source

Interface changes: Docker images are now tagged without a leading v, e.g. 3.15.0 instead of v3.15.10.

Changelog:

• feature: OAS3 object parameter Try-It-Out support (via #​4563)
• improvement: drop leading v from Docker image names (via #​4567)
• bugfix: remove href from Swagger logo (via #​4566)
• bugfix: respect OAS3 parameter default values (via $4561)

v3.14.2

Compare Source

Interface changes: none.

Changelog:

• bugfix: allow Safari browsers to attempt downloading Blob data in Try-It-Out (via #​4541)
• bugfix(a11y): increase model text contract (via #​4540)
• bugfix: always display locally-available title prpoerty as the name for a model, if it is available (via #​4542)

v3.14.1

Compare Source

Interface changes: none.

Changelog:

• improvement: sanitize Markdown via dompurify (via #​4513)
• improvement: timestamps and intelligent file extensions for downloadable live responses (via #​4508)
• meta: multiple issue templates, to encourage higher-quality reports (via #​4519)

v3.14.0

Compare Source

Interface changes: added showCommonExtensions option.

Changelog:

• feature: showCommonExtensions option to show pattern, minLength, maxLength, minimum, and maximum fields for Parameters (via #​4245)
• feature: request and response interceptors can now control remote configuration connections (via #​4489)
• bugfix: path item $ref'd operations are now able to store their metadata correctly (via #​4489)

v3.13.6

Compare Source

Fixes a regression related to parameter normalization that was causing an infinite loop; see https:/swagger-api/swagger-ui/issues/4466 and https:/swagger-api/swagger-ui/issues/4467.

v3.13.5

Compare Source

Interface changes: none.

Changelog:

• enhancement: don't block scrolling if HighlightCode is not scrollable (via #​4463)
• bugfix: Callbacks now render correctly when provided by reference (via #​4454)
• bugfix: HTTP auth form no longer incorrectly retains old credentials (via #​4394)

v3.13.4

Compare Source

Interface changes: you no longer need to include the <svg> tag in your HTML when you run Swagger-UI - the SVG data is now bundled in with the rest of the app!

Changelog:

• improvement: provide svg assets through React instead of relying on HTML context (via #​4429)
• improvement: scrollable & downloadable HighlightCode, which is very useful for large text responses (via #​4397)
• improvement: fully control the <Schemes> select list through Redux application state (via #​4436)
• improvement: attempt to display Blob responses as text before giving up on display altogether (via #​4437)
• improvement: better HTTP scheme display logic and messaging (via #​4430)
• bugfix: patch model rendering for Swagger 2.0 body parameters (via #​4424)

v3.13.3

Compare Source

(released on Friday, April 6, 2018)

Interface changes: you can now return a Promise from a requestInterceptor or responseInterceptor and Swagger-UI will wait for it to resolve.

Changelog:

• improvement: display parameter enum and default in documentation (via #​4191)
• bugfix: operationIds subject to normalization no longer cause layout misfires (via #​4410)
• bugfix: pass error information to JsonSchemaForm correctly (via #​4416)
• bugfix: relatively resolve OAuth token URLs (via #​4180)
• bugfix: correctly consider initOAuth's additionalQueryStringParams option (via #​4419)

v3.13.2

Compare Source

Interface changes: none.

Changelog:

• bugfix: change docker MAINTAINER usage to LABEL (via #​4370)
• bugfix: path item $ref rendering (via #​4381)
• bugfix: header access in Edge (via #​4383)
• bugfix: $$ref display in examples (via #​4392)

v3.13.1

Compare Source

Interface changes: none.

Changelog:

• bugfix: spec and docExpansion options now work together (via #​4358)
• bugfix: empty example keys are no longer placed in model displays for examples (via #​4365)

v3.13.0

Compare Source

Interface changes: Added onComplete config option; preauthorizeApiKey and preauthorizeBasic instance methods.

Changelog:

• feature: onComplete config option (#​4322)
• feature: preauthorization (#​4339)
• improvement: show possible reasons when url fetch fails (#​4295)
• bugfix: default to empty ImmutableMap when schema is missing (#​4341)
• bugfix: remove $$ref key from example if it exists (#​4333)
• refactor: create InfoUrl and InfoBasePath (#​4330)

v3.12.1

Compare Source

Interface changes: none.

Changelog:

• improvement: validator image hides until it is loaded (via #​4287)
• improvement: html sanitizer allows image src to be data: scheme (via #​4236)
• improvement: model properties and metadata more reliably sit on their own lines (via #​4236)

v3.12.0

Compare Source

Interface changes: none.

Changelog:

• feature: read Swagger 2.0 non-body parameter x-example fields and use them as initial values (via #​3538)
• improvement: urls and deepLinking options now play well together, by using location.replaceState to update the urls.primaryName setting in the browser query string (via #​4181)
• improvement: filter is now housed within a plugin, which allows custom filtering logic through the plugin system (via #​4255)
• improvement: generate more sensible example values when using anyOf and oneOf (via #​4136)
• improvement: add Close button to OAuth dialog, rename Done to Close elsewhere (via #​4212)
• improvement: add button to reset request body value when the user modifies it (via #​4185)
• fix: blob file download in internet explorer (via #​4256)
• fix: try-it-out consumes value regression (#​4265)
• fix: callback display regression, by using complete spec path to request resolved subtrees (via #​4272)
• fix: remote $ref resolution regression, by passing baseDoc to Swagger-Client (via #​4273)
• fix: deeplinked operation resolution on page load (via #​4281)
• dependency: upgraded to [email protected] to solve a fatal error experienced by a small subset of users (via #​4270)

v3.11.0

Compare Source

This release includes significant improvements to Swagger-UI's performance. The concept of an entirely-resolved spec representation has been done away with in favor of resolved subtrees: as the user expands operations and models in Swagger-UI, work is done to resolve only the parts needed for display. This allows us to do initial renders more quickly and paves the way for a more responsive editing experience in Swagger-Editor.

As a result, there are some breaking changes to various private APIs (mostly spec facilities that focus on the resolved state). If you run custom plugins that rely on that data, you'll want to check for compatibility before upgrading.

As a reminder: breaking private API changes result in a minor version bump, not a major bump.

Interface changes:

• defaultModelsExpandDepth behavior has changed; the default 1 value now leaves all models collapsed for performance reasons related to the new lazy resolution.
• specResolved is no longer updated by default; plugins that rely on it should move to specJson or specJsonWithResolvedSubtrees.

Changelog:

• feature: lazy resolver (via #​4249)
• improvement: show OAuth error message when auth fails (via #​4058)
• fix: allow more valid GUIDs (via #​4252)
• fix: bump lodash dependency due to potential vulnerability (via #​4224)

v3.10.0

Compare Source

Interface changes: added supportedSubmitMethods option to public API.

Changelog:

• feature: supportedSubmitMethods option for disabling Try-It-Out based on operation method (via #​4186)
• improvement: allow more HTML attributes to pass through the HTML sanitizer (via #​4194)
• improvement: remove CPU-taxing Execute button animation (#​4204)
• improvement: visibility & accessibility (via #​4202)
• bugfix: use mutated URL for request URL in live response display (via #​4117)

v3.9.3

Compare Source

Interface changes: none.

• Improvement (a11y): add titles and ARIA labels to elements (via #​4130, 4127)
• Bugfix (rendering): improve spacing and punctuation in parameter enum display (via #​4144)
• Bugfix (rendering): right-align tag expand/collapse button, even when the tag has no description (via #​4129)
• Bugfix (try-it-out): surface parameter validation error messages to OAS3 users (via #​4162)

v3.9.2

Compare Source

Interface changes: none.

• Improvement: allow urls option to be specified in Docker (via #​4044)
• Improvement: give Content-Disposition: attachment priority over Content-Type when choosing to display or offer download of a response (via #​4140)
• Performance: remove produces/consumes default setters from OperationContainer (via #​4137)
• Bugfix: support cross-frame object reference quirk in IE11 (#​4128)
• Bugfix: force border-box box styling in main stylesheet (via #​4121)
• Bugfix: bail out Servers selection component to the first server if the currently selected server URL becomes invalid (via #​4139)

v3.9.1

Compare Source

Interface changes: none.

• Enhancement (docker): added a symlink to the nginx directry so swagger.json can be modified within the container (via #​4024)
• Enhancement (packaging): swagger-ui npm module now includes Standalone Preset (via #​4101)
• Enhancement (try-it-out): added extraction of quoted file name from Content-Disposition header (via #​4035)
• Enhancement (docker): added option to serve Swagger-UI on a custom port within the container (via #​4086)
• Bugfix: removed extraneous required prop in ModelCollapse that was causing Proptypes errors in users' React projects (via #​4100)
• Bugfix: format: uuid is no longer case-sensitive (via #​4102)

v3.9.0

Compare Source

Interface changes: one core plugin API change, no public API changes.

Introduced a breaking function signature change to errActions.newThrownErr action creator (from (err, action) to (err)) and err_new_thrown_err action payload (stopped nesting error content under error key in payload, now the error is the payload).

• Feature: added error catcher for statePlugin interfaces; prevents errors in plugin code from crashing entire application instance (via #​4067)
  • The only downside to this is that some errors are now a bit harder to trace! Set a breakpoint at console.error and walk down the stack to see what's going wrong.
• Feature: display error content when definition/config load fails (via #​4069)
• Feature: display parameter enums, defaults, and examples when not in Try-It-Out mode (via #​3977)
• Improvement: added hasOwnProperty checks to a handful of for...in loops (via #​4043)
• Improvement: now using nginx location to set Docker base url instead of moving things around the filesystem (via #​4073)
• Improvement: brought parameter model property description styling in line with styling for.... everything else (via #​4075)
• Bugfix: check for Promise on global/window object, which makes IE11 a very happy browser (via #​4077)
• Housekeeping: used zopflipng to compress PNG assets in repo (via #​4037)
• Housekeeping: added maintainer documentation for PR merging workflow (via #​4076)

v3.8.1

Compare Source

• Bugfix: added this binding to afterLoad plugin interface to expose raw plugin context (via #​4059)
• Performance regression fix: Models section no longer makes wasteful renders due to specPath inequality (via #​4060)

v3.8.0

Compare Source

Interface changes:

• plugins may now expose an afterLoad method in order to make changes to the top-level system after the plugin is merged into the system.
• the undocumented initialState parameter now allows removal of default keys by setting its value to undefined in the parameter.

---

• Feature: afterLoad plugin