[Snyk] Upgrade swagger-ui from 4.12.0 to 4.19.1

[MFIB00]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade swagger-ui from 4.12.0 to 4.19.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 26 versions ahead of your current version.
• The recommended version was released 8 months ago, on 2023-06-12.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	462/1000 Why? Proof of Concept exploit, CVSS 7.1	Proof of Concept
	Prototype Pollution SNYK-JS-AXIOS-6144788	462/1000 Why? Proof of Concept exploit, CVSS 7.1	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	462/1000 Why? Proof of Concept exploit, CVSS 7.1	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	462/1000 Why? Proof of Concept exploit, CVSS 7.1	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-BRAINTREESANITIZEURL-3330766	462/1000 Why? Proof of Concept exploit, CVSS 7.1	No Known Exploit
	Information Exposure SNYK-JS-UNDICI-5962466	462/1000 Why? Proof of Concept exploit, CVSS 7.1	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	462/1000 Why? Proof of Concept exploit, CVSS 7.1	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: swagger-ui

• 4.19.1 - 2023-06-12
  

  4.19.1 (2023-06-12)

  Bug Fixes

  • export standalone preset from the npm package (#8906) (cdd0bdd), closes #8163
  • request-body: fix immutable prop types validation (#8307) (07a08cd)
• 4.19.0 - 2023-05-24
  

  4.19.0 (2023-05-24)

  Bug Fixes

  • oas3: fix deep linking for Callbacks (#8691) (58b460d), closes #8556

  Features

  • auth: persist cookie based apiKey in document.cookie (#8689) (7ac9a8f), closes #8683

  Enhancements

  • docker: update Dockerfile base image to nginx:1.24.0-alpine (#8697) (da48ea1)
• 4.18.3 - 2023-04-26
• 4.18.2 - 2023-03-30
• 4.18.1 - 2023-03-10
• 4.18.0 - 2023-03-08
• 4.17.1 - 2023-03-06
• 4.17.0 - 2023-03-01
• 4.16.1 - 2023-02-25
• 4.16.0 - 2023-02-24
• 4.16.0-alpha.3 - 2023-02-15
• 4.16.0-alpha.2 - 2023-02-15
• 4.16.0-alpha.1 - 2023-02-14
• 4.15.5 - 2022-11-09
• 4.15.4 - 2022-11-09
  

  4.15.4 (2022-11-09)

  Reverts

  • patch-package: temporarily remove postinstall hook (#8287) (6cbee7e)
• 4.15.3 - 2022-11-08
• 4.15.2 - 2022-10-26
• 4.15.1 - 2022-10-25
• 4.15.0 - 2022-10-20
• 4.14.3 - 2022-10-11
• 4.14.2 - 2022-09-29
• 4.14.1 - 2022-09-22
• 4.14.0 - 2022-08-17
• 4.13.2 - 2022-08-02
• 4.13.1 - 2022-08-01
• 4.13.0 - 2022-07-19
• 4.12.0 - 2022-06-03

from swagger-ui GitHub release notes

Commit messages

Package name: swagger-ui

• 75a8f34 chore(deps): bump @ babel/runtime-corejs3 from 7.21.5 to 7.22.5 (rgw: fix memory leaks ceph/ceph#8918)
• a9d497c chore(deps-dev): bump jsdom from 21.1.1 to 22.1.0 (rgw: fix printing wrong X-Storage-Url in Swift's TempAuth. ceph/ceph#8726)
• 675c1c9 chore(deps-dev): bump eslint-plugin-jest from 26.9.0 to 27.2.1 (osd/PG: remove unused variable have ceph/ceph#8713)
• 07a08cd fix(request-body): fix immutable prop types validation (mon: paxos small optimization on store_state ceph/ceph#8307)
• cdd0bdd fix: export standalone preset from the npm package (mds: wrongly treat symlink inode as normal file/dir when symlink inode is stale on kcephfs ceph/ceph#8906)
• 75c78b0 ci(docker): add support for `repository_dispatch` event type (global: don't link lttng into libglobal ceph/ceph#8876)
• 49da686 ci(docker): provide better descriptions
• ad405d0 ci(docker): distinguish docker_ref and git_ref inputs (xio: remove unused mutex ceph/ceph#8874)
• 56838ed ci(docker): set provenance=false when building image
• f73b38b ci(docker): add initial workflow for creating multi platform Docker images (test/cli: fix crush related ut failure ceph/ceph#8732)
• 021a1d4 chore(deps-dev): bump @ commitlint/cli from 17.6.1 to 17.6.5 (test/encoding/readable.sh: fix make check for autotool ceph/ceph#8725)
• 3953fa1 chore(deps-dev): bump sinon from 15.0.4 to 15.1.0 ([DNM] rgw: reduce string copies in tempURL processing ceph/ceph#8722)
• 3aac5d8 chore(deps-dev): bump eslint from 8.37.0 to 8.41.0 (multi-dump.sh: fix usage function ceph/ceph#8719)
• b1745c1 chore(deps-dev): bump @ wojtekmaj/enzyme-adapter-react-17 (rgw/rgw_op.cc: avoid copying in for loops ceph/ceph#8718)
• 92f002f chore(deps-dev): bump webpack-dev-server from 4.11.1 to 4.15.0 (osd: make op_is_discardable check optional ceph/ceph#8717)
• bbe874d chore(deps-dev): bump rimraf from 5.0.0 to 5.0.1 (rpm: implement scriptlets for the post-split daemon packages ceph/ceph#8714)
• 9a5e609 chore(deps-dev): bump json-merger from 1.1.9 to 1.1.10 (cmake: use LINK_PRIVATE instead of PRIVATE for CMake version == 2.8.11 ceph/ceph#8715)
• 4f2fb10 chore(docker): update Dockerfile base image to nginx:1.25.0-alpine (doc: Correcting the sample python tempurl generation script. ceph/ceph#8712)
• f019691 chore(release): cut the v4.19.0 release
• 3151141 chore(deps-dev): bump css-loader from 6.7.3 to 6.7.4 (kv: add merge operator support, fix test ceph/ceph#8707)
• cf1430c chore(deps): bump swagger-client to v3.19.8 (rgw: object delete records timestamp, skip unneeded deletes ceph/ceph#8709)
• 20af5df chore(deps-dev): bump mini-css-extract-plugin from 2.7.5 to 2.7.6 (os/bluestore: use single key delete in rocksdb ceph/ceph#8708)
• 71dbcbd chore(deps-dev): bump jest-environment-jsdom from 29.4.3 to 29.5.0 (doc/release-notes: is, not will be, basis for LTS ceph/ceph#8706)
• c8f2500 chore(deps-dev): bump sass-loader from 12.6.0 to 13.3.0 (doc/release-notes: revise terminology ceph/ceph#8705)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs