Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency io.springfox:springfox-swagger-ui to v2.10.0 [SECURITY] #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 26, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
io.springfox:springfox-swagger-ui 2.6.1 -> 2.10.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2019-17495

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@​import within the JSON data was a functional attack method.


Release Notes

springfox/springfox (io.springfox:springfox-swagger-ui)

v2.10.0

Compare Source

v2.9.2: Release

Compare Source

2.9.2 Release

JUDITH VRUGT, NATIONAL GEOGRAPHIC YOUR SHOT
© JUDITH VRUGT, NATIONAL GEOGRAPHIC YOUR SHOT

Thank you for the patience with this release. More importantly, thank you for your contributions in helping identify bugs and issues and improving the library with your contributions!

Pull requests and contributions

Bugs

Feature

  • (#​2180) Is it possible to document OAuth 2 scopes for different HTTP methods? feature @​Beontra

v2.9.1

Compare Source

v2.8.0: Release

Compare Source

fqysubvfts-t7odkrfjckdifehvab0gwofzhj7tydc0uglagsdnfmzfsja1ureau0bk_nhohzaxypli0omwuxrdklzhbyy7fr9bei21ciclo01ztnfl9v9bpbbswgk-tneeak0kr990thliabpsimd8wpkncfvwmesnakphpa9hredbcmnnmzeok-ulizut9elguzgu5usuo04jxp7sitnsbq7vovg
Photograph by Margaret Krzepkowski

Thank you everyone for your contributions.

While this release still doesnt support OpenAPI 1.0 spec, it does bring support for the new swagger-ui look thanks to @​kasecato!! 🙇

Apologies for the delayed release schedule of 2.8.0. Much of the work in this release was to shore up the library for significant work in the near future to support in 2.9.0

  • OpenAPI spec 3.0
  • Set the stage for fixing bugs related to Swagger 1.2 Spec. This is the penultimate release with support for swagger1

2.9.0 will be the last supported release for Java 6/Java 7. Much of 2.9.0 will focus on Improvements in the model rendering thanks to @​MaksimOrlov! 🙇 (support @​JsonView, better support for rendering the same models in request/response, inheritance support). Please note the deprecation warnings to prepare for breaking changes in 3.0.0.

Pull Requests

(#​2178) Change regex in Paths.java to handle expressions/constraints correctly @​nobe0716
(#​2174) fix fmt maintenanc @​silenceshell
(#​2169) Swagger ui 3.x suggested improvements feature @​kasecato
(#​2160) Fix conversion of byte to integer with max / min bug @​avdv
(#​2153) Upgrading Swagger UI to 3.7.0 @​kasecato
(#​2144) Allow ApiModelProperties on methods to be discovered from superclasses @​RoyJacobs
(#​2106) Add support for exclusive ranges handling @​filiphr
(#​2103) Fix some tests under windows @​apixandru
(#​2101) Fix Remapping issue @​apixandru
(#​2081) Fix child expansion context creation bug @​gzsombor
(#​2069) Optimise HandlerMethodResolver.getMemberMethods maintenance @​simongajdosech
(#​2066) Added error handling around "duplicate" request handlers @​mate1983
(#​2048) Support explicit ordering for Tags @​jroweboy
(#​2040) Use Guava 20.0 throughout the project maintenance @​Thunderforge
(#​2014) Fix markdown @​koppor
(#​2013) Fixed merging headers from the already existing request with the supplied request @​pvanassen
(#​1988) custom the web page title as swagger.title when had set it @​rainplus
(#​1974) Add default property support on model properties feature @​matrosovs
(#​1956) @​ApiModelProperty example string does not escape char "" from JSON example @​heapifyman
(#​1952) Fix to recognize @​Param as query parameter in EntitySearchExtractor know @​viruscamp
(#​1943) Wrong API resource path in Swagger 1.2 @​mathieuales
(#​1942) Model classes having names containing integers are not detected as array @​mathieuales
(#​1917) Consumes / Produces media-types on the document level aren't copied and merged anymore with the operation level consumes / produces media-types. @​mzeijen
(#​1914) Provide proprty pattern annotation support @​simonamc
(#​1897) Correct spelling and typos @​naXa777
(#​1878) Preserve tags order in documentation builder @​rainoko
(#​1868) Create EntitySaveExtractor.java @​jadhavsuhas
(#​1838) Fix a mixed up part in the Getting Started guide for Docket @​PeterWippermann
(#​1837) Minor update of Docket's JavaDoc @​PeterWippermann
(#​1829) JacksonEnumDeterminer to handle JsonFormat.Shape.Object @​yelhouti

Features

(#​2177) Paths.sanitizeRequestMappingPattern fix @​nobe0716
(#​2139) Should support "title" property, set via @​ApiModel annotation. @​ngbalk
(#​2088) @​ApiParam(allowableValues = "range(0, infinity)") does not work @​filiphr
(#​2063) Added support for Pageable resolved parameter @​avillev
(#​2057) Swagger-ui don't render additionalProperties duplicate @​deblockt
(#​2026) Produces/Consumes do not maintain order @​jgaribay21
(#​2023) Is it possible to disable globalResponseMessage configuration partially. duplicate @​dohoon
(#​2021) @​ApiModelProperty.allowEmptyValue = true/false does not emit "allowEmptyValue" in swagger.json @​bill
(#​2000) Upgrade to latest version of Swagger UI (3.1.5) duplicate @​madheshr
(#​1960) Upgrade to swagger-ui 3.0 duplicate @​alex
(#​1957) springfox doesn't work with spring boot 2.0 and spring data Kay-RC2 duplicate @​shashankitmaster
(#​1955) Add support for inclusive and exclusive ranges for allowable values @​JohnNiang
(#​1946) collectionFormat problem @​vitek499
(#​1936) configuration for adding dynamic api-key(access token value). duplicate @​akashgupta08
(#​1919) Add support to rename ApiModel property name in Model Attributes @​peterjurkovic
(#​1901) Pattern Bean Validations API (JSR-303) support for Request Parameters help wanted @​simonamc
(#​1900) Tag custom ordering @​rainoko
(#​1818) JsonFormat for enum and other cases @​yelhouti
(#​1729) Status of support for v3.0.2 of Swagger UI duplicate @​JLLeitschuh

Maintenance

(#​2161) How to set a default value to a field of a model? in progress @​michele
(#​2093) swagger-ui.html appears to be empty documentation @​silentsnooc
(#​2090) When using AlternateTypeRuleConvention ApiModelProperty annotation does not work @​snimavat
(#​2031) How to get object in response body in autogenerated swagger.json file documentation @​rajat
(#​2029) ApiImplicitParam with empty datatype fails when we try it out documentation @​ljp510016132
(#​1995) View APIs from different Spring Cloud Instances registered in Eureka documentation @​s
(#​1971) Vavr/Javaslang Jackson module support documentation @​Sir4ur0n
(#​1954) Multiple swagger JSON's in swagger-ui.html documentation @​dreambrother
(#​1950) Document support customized param using HandlerMethodArgumentResolver documentation @​neil4dong
(#​1916) Consumes and produces media-types defined on Docket are incorrectly merged together with consumes/produces media-types that are defined on a resource level @​mzeijen
(#​1913) Space getting added to oAuth scope while making authorization request documentation @​mojaiq
(#​1904) Nondeterministic output for Models used in multiple controllers documentation @​kevinm416
(#​1899) Upgrade libraries @​dilipkrish
(#​1896) Wrong spelling and typos in code @​naXa777
(#​1882) @​RepositoryRestResource -- ApiParam definition for the JPA methods always defines the @​Param as "body" type parameter @​aniruthmp
(#​1875) Tags should be orderable @​rainoko
(#​1870) The lasted version supported for Swagger UI 3.x? @​maliqiang
(#​1865) Can't test the configuration 404 not found documentation @​pinkyjain26
(#​1833) Different guava versions in dependencies @​Dimok74
(#​1704) Document springfox oauth2 documentation duplicate @​kidshg

Bugs

(#​2165) AlternateTypeRules doesn't work as expected @​crmky
(#​2148) 2.7.1-SNAPSHOT NullPointerException when attempting to view http://localhost:8080/v2/api-docs @​beardy247
(#​2138) java.util.Optional<java.time.OffsetDateTime> disappears from request params duplicate @​bohdan
(#​2135) No qualifying bean error when launching spring 5.0.x application with springfox duplicate @​gauravphoenix
(#​2133) Optional @​kitsjory
(#​2132) @​ApiModelProperty has no effect on some variables (name starting with one lowercase) not-reproducable @​bbrenne
(#​2118) Request type mapping doesn't work if using both RequestBody and ModelAttribute on the same parameter @​andrea
(#​2114) @​RequestParam and @​PathVariable annotated parameters should not be expanded @​loxal
(#​2111) Application startup failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'documentationPluginsBootstrapper' @​shobhit921
(#​2107) @​ApiParam ignores certain properties duplicate @​milosonator
(#​2097) Swagger 2 : Getting "type": "ref" when using @​RequestPart duplicate @​jrishabh198
(#​2096) @​ApiParam is ignored on ValueObjects wrapped with @​JsonCreator @​dkellenb
(#​2080) NullPointerException in handlerPackage duplicate @​ejuniorasas
(#​2072) Springfox generates Api-Doc for non-exported Repositories @​stoetti
(#​2053) @​PathVariable work with Parameter Converter strangely duplicate @​cxl086
(#​2039) Endpoints with the same path and parameters but different headers some times cause java.lang.IllegalArgumentException: Multiple entries with same key @​joaoacmota
(#​2025) SpringFox-Data-Rest 2.7.0: Missing camelCase with generated Associations operationIds @​stoetti
(#​2015) Add support for generics not-reproducable wontfix @​raderio
(#​2012) Duplicated swagger.json document not-reproducable @​cesartl
(#​2011) OperationBuilder mergeResponseMessages overwrites headers @​pvanassen
(#​1999) Generated JSON for endpoints with PathVariables converted to non-trivial objects is incorrect duplicate @​joel
(#​1998) PathVarible composed of Custom Objects are not parsed correctly duplicate @​frbo42
(#​1965) @​RequestPart annotation not rendering models correctly @​pratapyelugula
(#​1963) Spring Data Rest Integration doesn't document repository method parameters correctly @​thombergs
(#​1961) Springfox - Authorization value didn't update after Authorize confirmed.. @​thomasharin
(#​1941) swagger-ui does not remove java string escape char "" from @​ApiModelProperty example @​heapifyman
(#​1932) BasePathAwareController docs aren't base path aware @​fquinner
(#​1926) Can't be filtered by ignoredParameterTypes not-reproducable @​heyuxian
(#​1924) Unable to define host in Swagger 1.2 @​mathieuales
(#​1906) Swagger shows wrong id field using Spring Data Rest duplicate @​drenda
(#​1894) @​EnableSwagger2 breaking my unit tests not-reproducable @​rawadrifai
(#​1890) Can't declare Docket in multiple Configuration classes not-reproducable @​lorenzobenvenuti
(#​1887) @​ApiResponses tag does not override default responses not-reproducable @​muff1nman
(#​1880) Wrong API resource path in Swagger 1.2 @​mathieuales
(#​1876) NullPointerException with Spring Data Rest integration @​drenda
(#​1866) 2.7.0 does not list PATCH methods from Spring Data Rest @​jadhavsuhas
(#​1864) @​NotNull not working to mark field as required @​sddakoty
(#​1860) [Spring boot] @​EnableAspectJAutoProxy cause endpoint scanning failed duplicate @​jdupont22
(#​1841) Overloaded method does not respect the "tag" option @​jackmatt2
(#​1839) Primary keys are added to path parameters for Spring Data Rest Entities POST request after upgrading to 2.7.0 @​jadhavsuhas
(#​1830) CORS headers disappeared after upgrading to 2.7.0 not-reproducable @​gionn
(#​1804) Api key input missing in swagger ui after upgrading version to 2.6.1 @​prajapatkiran
(#​1781) Swagger JSON generated by SpringFox shows 'Consumes' for GET and DELETE operations @​dcp65
(#​1672) Swagger-UI giving 405 (Method not allowed) when called not-reproducable @​GarrettMosier

v2.7.0: Release

Compare Source

springfox-270
Photo credit Mark Summers via National Geographic

Thank you for being patient with this release. This is packed with bug fixes (over 40 of them) and over 15 new features.

Many thanks to those contributing with feature requests, questions, bug reports and most importantly helping out with pull requests. With time being such a premium, its getting harder and harder to address without the contributions of the many listed below.

Significant changes in this release

  • This includes a re-write of the spring-data-rest support
  • Preparation for removing deprecations that will be removed support 3.0 of Open API spec. Also this release is no longer verified as compatible with spring 3.x. Also it requires spring 4.2.x and greater
  • Libraries have been upgraded especially jackson to 2.8.x and guava to 18.0

PRs (Thank you 🙇)

#​1806 Update PropertySourcedRequestMappingHandlerMapping.java @​OzgaRobert
#​1793 [#​1770] Remove the requirement for property sources placeholder @​dilipkrish
#​1782 Model property vendor extension @​philippejulien
#​1776 Fix Swagger version error in documentation @​ersinciftci
#​1761 Vendor Extensions for API Info and Documentation @​jkgentry
#​1758 Use double backtick to prevent miss parsing @​naxhh
#​1741 1740 @​JsonUnwrapped is ignored by schema generation test @​StepanLeybo
#​1730 Fix a typo at the common-problems documentation file @​florianrusch
#​1717 Adding vendorExtensions in apiKey class @​cfernandezh
#​1702 Make ApiResourceController methods public @​psyho
#​1699 Make Swagger2Controller respect basePath even if a host is not set @​asdcdow
#​1693 Fix for https://github.com/springfox/springfox/issues/1653 @​pjskyboy
#​1667 #​1666 allowableValues blank for Optional parameter @​madgnome
#​1660 waffle.io Badge maintenance @​waffle
#​1617 Updated swagger-ui version to 2.2.8 @​acourtiol
#​1593 OAuth2 not initialized when clientSecret undefined @​gonzalad
#​1589 Apply ApiParam hidden attribute to parameters @​defshine
#​1576 Added support for composed bean validation constraints @​jamesbassett
#​1371 JSR-303 for Request parameters, Fix Allowable values not displayed in Apidocs, Externalizing Api Descriptions @​jfiala

Features

#​1759 Support for property vendor extensions @​philippejulien
#​1707 Removal of "swagger-ui.html" from uri path causes swagger-ui JavaScript error @​LukeHackett
#​1636 VendorExtension support in ApiKey @​mlstocks
#​1627 Error with group handling response @​marchc
#​1592 OAuth2 clientSecret shouldn't be required for implicit flow @​gonzalad
#​1590 springfox-data-rest : Pageable not supported duplicate @​tooms4444
#​1544 [Feature request] JDK8 JSR310 types support @​cbornet
#​1497 springfox-staticdocs : Update to last swagger2markup version @​orevial
#​1490 Infer alternate type rules using serializers and deserializers @​justcoon
#​1423 @​RequestParam with placeholders syntax like ${x.y} @​blelem
#​1413 Ability to set VendorExtensions on ApiInfo? @​michael-pratt
#​1367 Springfox overwrites swagger path entries with the same base path but with different content types @​codecounselor
#​1299 Feature Request: Upgrade swagger2markup version to v1.0.0 duplicate @​fayndee
#​1227 Bean Validations API (JSR-303) support for Request Parameters @​jfiala
#​1169 Add Support For Documenting Services In Grails Projects @​dilipkrish
#​1008 Models with different packages are not represented uniquely in the generated swagger document @​tenstriker
#​824 Support vendor extensions in operations @​cbornet
#​1736 Spring-Data-Rest support for property references

Maintenance

#​1701 Make ApiResourceController methods public @​psyho
#​1694 Fixed the intermittent build failures @​dilipkrish
#​1675 Why generic method names are being generated for Spring Data Rest? @​tahir
#​1653 springfox-data-rest: 2.6.1 spring-data-rest: 2.6 RepositoryRestHandlerMapping constructor broken @​cbbs
#​1644 Update library to support for Spring 5 @​binkley
#​1628 swagger-ui 2.2.10 @​IanSwift
#​1621 2.6.1 breaks @​Value placeholder replacement @​2is10
#​1505 Release process fails when updating the documentation @​dilipkrish

Bugs

#​1797 How to write a custom ApiListingScannerPlugin? @​indrabasak
#​1786 StackOverflowError In 2.6.1 @​tcsw1221
#​1785 @​ApiOperation "response" value causing docs to ignore model annotations @​bfinleyui
#​1780 ConcurrentModificationException on startup with -20170420.041823-43 @​gionn
#​1778 javax @​Valid annotation makes parameter as requestbody-parameter @​jmattheis
#​1775 Swagger version error in documentation @​ersinciftci
#​1772 BasePath can't be defined without host @​astafev
#​1770 SNAPSHOT breaks @​Value placeholder replacement @​stacysimpson
#​1767 Unable to implement and use ApiListingScannerPlugin @​stacysimpson
#​1749 Error resolving $ref pointer for input DTO @​gionn
#​1746 How to override API-Documentation of generated endpoints (spring-data-rest) @​florianrusch
#​1734 swagger ui not showing the default parameter value zero @​liudonghua123
#​1732 Default value of "supportedSubmitMethods" in springfox.js @​thadc23
#​1727 Jackson required/optional @​raderio
#​1726 @​Size is not working @​raderio
#​1725 If you have both Read and Write operation in single Controller readOnly do not work. But if only Write it works. @​dzmitryhil
#​1724 Swagger methods in multiple groups being renamed @​nitin02
#​1708 @​EnableSwagger2 interfering with application configuration. @​rycentious
#​1706 X-Forwarded-Port NumberFormatException: For input string: "443,443" looking-for-contributions @​sixcorners
#​1698 [BUG] custom swagger endpoint returns a 404. Default endpoint works. @​ahatzz11
#​1697 Problem with direct model substitution @​cbornet
#​1677 OAuth2 request adds vendorExtension scope to all auth requests @​pmlido
#​1676 Invalid attributes that starts with x or y @​isolisduran
#​1670 Question: how to use @​ApiParam annotation on a parameter defined in an interface? @​taxone
#​1666 AllowableValues blank for Optional parameter @​madgnome
#​1651 ResponseHeaders do not preserve lexical ordering question @​ahatzz11
#​1648 Operation ordering is not working @​neil
#​1632 Invalid response model for class with name "File" @​dreambrother
#​1623 Swagger annotations like @​ApiParam, @​ApiOperation annotation work for Spring Data Rest operations @​taxone
#​1615 api_docs shows content but swagger-ui (2.6.1) is empty @​StefanSchubert
#​1613 HTML code in API description in ignored using springfox-swagger-ui 2.6.1 @​anouarchattouna
#​1605 Response with a byte array does not work as expected @​maukito
#​1603 StackOverflowError on swagger generation @​jmattheis
#​1597 @​ApiParam value is not respected @​sta
#​1594 IndexOutofBoundException when using unbounded Map models @​sac10nikam
#​1588 springfox-data-rest : @​Param annotation not supported @​tooms4444
#​1580 Can't expand the operation when I set @​Api tags by chinese wontfix @​letorn
#​1571 2.6.1 Cannot read property of custom enum list @​jearton
#​1569 When using ApiKey "keyname" is mapped incorrectly in progress @​jmattheis
#​1507 Broken basePath with AbstractPathProvider in version 2.5.0 of springfox-swagger2 @​danielbcorreia
#​1435 Setting a Custom basePath Requires Setting a Static Host in 2.5 looking-for-contributions @​asdcdow


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants