Update dependency io.springfox:springfox-swagger-ui to v2.10.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
io.springfox:springfox-swagger-ui	2.7.0 -> 2.10.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2019-17495

A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@​import within the JSON data was a functional attack method.

---

Release Notes

springfox/springfox (io.springfox:springfox-swagger-ui)

v2.10.0

Compare Source

v2.9.2: Release

Compare Source

2.9.2 Release

© JUDITH VRUGT, NATIONAL GEOGRAPHIC YOUR SHOT

Thank you for the patience with this release. More importantly, thank you for your contributions in helping identify bugs and issues and improving the library with your contributions!

Pull requests and contributions

• (#​2492) Added missing backtick @​TwinProduction
• (#​2465) X-Forwarded-Prefix should replace basePath in newer spring versions @​rainoko
• (#​2464) Remove replaceAll with trim @​ctruzzi
• (#​2434) Add csrf token support @​olOwOlo
• (#​2429) Remove output related to fixed issue (#​1244) #​2428 @​haelduksf
• (#​2404) Using media type to determine correct param type when expanding param… @​andyRokit

Bugs

• (#​2502) OperationContext only finds SecurityContext's by path ignoring methods
  @​robinsonmark
• (#​2481) ConditionalOnWebApplication not found after upgrading to 2.9.0 duplicate @​gionn
• (#​2461) 2.8.0 /swagger-resource/configuration/ui does not set Accept header properly @​OverDrone
• (#​2446) ApiParam allowableValues string with spaces is not supported @​uriparush
• (#​2438) Upgrade to SpringFox 2.9.0 causes failures in Spring Boot 2.0.2.RELEASE @​james
• (#​2428) description = "@​Size: Min - Max (until #​1244 gets fixed)" when param annotated with @​Min and/or @​Max but #​1244 is already fixed @​haelduksf
• (#​2423) Query Parameter extracted from Object doesn't recognize public field without getter @​kintomiko
• (#​2415) JSR-303: Size annotation on Path Param generates maximum/minimum, but on Model generates maxLength/minLength @​retinaburn
• (#​2401) Present multipart object attributes as "formData" duplicate @​andyRokit
• (#​2376) Model attribute expansion should respect form/query parameter type
  @​dilipkrish
• (#​2498) Path Parameter generated having unsupported properties duplicate @​FossilBlade
• (#​2481) ConditionalOnWebApplication not found after upgrading to 2.9.0 duplicate @​gionn
• (#​2466) There is no jar in maven repo.Why? duplicate @​litttlefisher
• (#​2441) Upgrading from 2.8.0 to 2.9.0 causes SpringBootTest to stop working duplicate @​maraswrona
• (#​2401) Present multipart object attributes as "formData" duplicate @​andyRokit
• (#​755) o.s.data.domain.Pageable - automatically add @​ApiImplicitParams? can-use-for-docs duplicate @​steve

Feature

• (#​2180) Is it possible to document OAuth 2 scopes for different HTTP methods? feature @​Beontra

v2.9.1

Compare Source

v2.8.0: Release

Compare Source

Photograph by Margaret Krzepkowski

Thank you everyone for your contributions.

While this release still doesnt support OpenAPI 1.0 spec, it does bring support for the new swagger-ui look thanks to @​kasecato!! 🙇

Apologies for the delayed release schedule of 2.8.0. Much of the work in this release was to shore up the library for significant work in the near future to support in 2.9.0

• OpenAPI spec 3.0
• Set the stage for fixing bugs related to Swagger 1.2 Spec. This is the penultimate release with support for swagger1

2.9.0 will be the last supported release for Java 6/Java 7. Much of 2.9.0 will focus on Improvements in the model rendering thanks to @​MaksimOrlov! 🙇 (support @​JsonView, better support for rendering the same models in request/response, inheritance support). Please note the deprecation warnings to prepare for breaking changes in 3.0.0.

Pull Requests

(#​2178) Change regex in Paths.java to handle expressions/constraints correctly @​nobe0716
(#​2174) fix fmt maintenanc @​silenceshell
(#​2169) Swagger ui 3.x suggested improvements feature @​kasecato
(#​2160) Fix conversion of byte to integer with max / min bug @​avdv
(#​2153) Upgrading Swagger UI to 3.7.0 @​kasecato
(#​2144) Allow ApiModelProperties on methods to be discovered from superclasses @​RoyJacobs
(#​2106) Add support for exclusive ranges handling @​filiphr
(#​2103) Fix some tests under windows @​apixandru
(#​2101) Fix Remapping issue @​apixandru
(#​2081) Fix child expansion context creation bug @​gzsombor
(#​2069) Optimise HandlerMethodResolver.getMemberMethods maintenance @​simongajdosech
(#​2066) Added error handling around "duplicate" request handlers @​mate1983
(#​2048) Support explicit ordering for Tags @​jroweboy
(#​2040) Use Guava 20.0 throughout the project maintenance @​Thunderforge
(#​2014) Fix markdown @​koppor
(#​2013) Fixed merging headers from the already existing request with the supplied request @​pvanassen
(#​1988) custom the web page title as swagger.title when had set it @​rainplus
(#​1974) Add default property support on model properties feature @​matrosovs
(#​1956) @​ApiModelProperty example string does not escape char "" from JSON example @​heapifyman
(#​1952) Fix to recognize @​Param as query parameter in EntitySearchExtractor know @​viruscamp
(#​1943) Wrong API resource path in Swagger 1.2 @​mathieuales
(#​1942) Model classes having names containing integers are not detected as array @​mathieuales
(#​1917) Consumes / Produces media-types on the document level aren't copied and merged anymore with the operation level consumes / produces media-types. @​mzeijen
(#​1914) Provide proprty pattern annotation support @​simonamc
(#​1897) Correct spelling and typos @​naXa777
(#​1878) Preserve tags order in documentation builder @​rainoko
(#​1868) Create EntitySaveExtractor.java @​jadhavsuhas
(#​1838) Fix a mixed up part in the Getting Started guide for Docket @​PeterWippermann
(#​1837) Minor update of Docket's JavaDoc @​PeterWippermann
(#​1829) JacksonEnumDeterminer to handle JsonFormat.Shape.Object @​yelhouti

Features

(#​2177) Paths.sanitizeRequestMappingPattern fix @​nobe0716
(#​2139) Should support "title" property, set via @​ApiModel annotation. @​ngbalk
(#​2088) @​ApiParam(allowableValues = "range(0, infinity)") does not work @​filiphr
(#​2063) Added support for Pageable resolved parameter @​avillev
(#​2057) Swagger-ui don't render additionalProperties duplicate @​deblockt
(#​2026) Produces/Consumes do not maintain order @​jgaribay21
(#​2023) Is it possible to disable globalResponseMessage configuration partially. duplicate @​dohoon
(#​2021) @​ApiModelProperty.allowEmptyValue = true/false does not emit "allowEmptyValue" in swagger.json @​bill
(#​2000) Upgrade to latest version of Swagger UI (3.1.5) duplicate @​madheshr
(#​1960) Upgrade to swagger-ui 3.0 duplicate @​alex
(#​1957) springfox doesn't work with spring boot 2.0 and spring data Kay-RC2 duplicate @​shashankitmaster
(#​1955) Add support for inclusive and exclusive ranges for allowable values @​JohnNiang
(#​1946) collectionFormat problem @​vitek499
(#​1936) configuration for adding dynamic api-key(access token value). duplicate @​akashgupta08
(#​1919) Add support to rename ApiModel property name in Model Attributes @​peterjurkovic
(#​1901) Pattern Bean Validations API (JSR-303) support for Request Parameters help wanted @​simonamc
(#​1900) Tag custom ordering @​rainoko
(#​1818) JsonFormat for enum and other cases @​yelhouti
(#​1729) Status of support for v3.0.2 of Swagger UI duplicate @​JLLeitschuh

Maintenance

(#​2161) How to set a default value to a field of a model? in progress @​michele
(#​2093) swagger-ui.html appears to be empty documentation @​silentsnooc
(#​2090) When using AlternateTypeRuleConvention ApiModelProperty annotation does not work @​snimavat
(#​2031) How to get object in response body in autogenerated swagger.json file documentation @​rajat
(#​2029) ApiImplicitParam with empty datatype fails when we try it out documentation @​ljp510016132
(#​1995) View APIs from different Spring Cloud Instances registered in Eureka documentation @​s
(#​1971) Vavr/Javaslang Jackson module support documentation @​Sir4ur0n
(#​1954) Multiple swagger JSON's in swagger-ui.html documentation @​dreambrother
(#​1950) Document support customized param using HandlerMethodArgumentResolver documentation @​neil4dong
(#​1916) Consumes and produces media-types defined on Docket are incorrectly merged together with consumes/produces media-types that are defined on a resource level @​mzeijen
(#​1913) Space getting added to oAuth scope while making authorization request documentation @​mojaiq
(#​1904) Nondeterministic output for Models used in multiple controllers documentation @​kevinm416
(#​1899) Upgrade libraries @​dilipkrish
(#​1896) Wrong spelling and typos in code @​naXa777
(#​1882) @​RepositoryRestResource -- ApiParam definition for the JPA methods always defines the @​Param as "body" type parameter @​aniruthmp
(#​1875) Tags should be orderable @​rainoko
(#​1870) The lasted version supported for Swagger UI 3.x? @​maliqiang
(#​1865) Can't test the configuration 404 not found documentation @​pinkyjain26
(#​1833) Different guava versions in dependencies @​Dimok74
(#​1704) Document springfox oauth2 documentation duplicate @​kidshg

Bugs

(#​2165) AlternateTypeRules doesn't work as expected @​crmky
(#​2148) 2.7.1-SNAPSHOT NullPointerException when attempting to view http://localhost:8080/v2/api-docs @​beardy247
(#​2138) java.util.Optional<java.time.OffsetDateTime> disappears from request params duplicate @​bohdan
(#​2135) No qualifying bean error when launching spring 5.0.x application with springfox duplicate @​gauravphoenix
(#​2133) Optional @​kitsjory
(#​2132) @​ApiModelProperty has no effect on some variables (name starting with one lowercase) not-reproducable @​bbrenne
(#​2118) Request type mapping doesn't work if using both RequestBody and ModelAttribute on the same parameter @​andrea
(#​2114) @​RequestParam and @​PathVariable annotated parameters should not be expanded @​loxal
(#​2111) Application startup failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'documentationPluginsBootstrapper' @​shobhit921
(#​2107) @​ApiParam ignores certain properties duplicate @​milosonator
(#​2097) Swagger 2 : Getting "type": "ref" when using @​RequestPart duplicate @​jrishabh198
(#​2096) @​ApiParam is ignored on ValueObjects wrapped with @​JsonCreator @​dkellenb
(#​2080) NullPointerException in handlerPackage duplicate @​ejuniorasas
(#​2072) Springfox generates Api-Doc for non-exported Repositories @​stoetti
(#​2053) @​PathVariable work with Parameter Converter strangely duplicate @​cxl086
(#​2039) Endpoints with the same path and parameters but different headers some times cause java.lang.IllegalArgumentException: Multiple entries with same key @​joaoacmota
(#​2025) SpringFox-Data-Rest 2.7.0: Missing camelCase with generated Associations operationIds @​stoetti
(#​2015) Add support for generics not-reproducable wontfix @​raderio
(#​2012) Duplicated swagger.json document not-reproducable @​cesartl
(#​2011) OperationBuilder mergeResponseMessages overwrites headers @​pvanassen
(#​1999) Generated JSON for endpoints with PathVariables converted to non-trivial objects is incorrect duplicate @​joel
(#​1998) PathVarible composed of Custom Objects are not parsed correctly duplicate @​frbo42
(#​1965) @​RequestPart annotation not rendering models correctly @​pratapyelugula
(#​1963) Spring Data Rest Integration doesn't document repository method parameters correctly @​thombergs
(#​1961) Springfox - Authorization value didn't update after Authorize confirmed.. @​thomasharin
(#​1941) swagger-ui does not remove java string escape char "" from @​ApiModelProperty example @​heapifyman
(#​1932) BasePathAwareController docs aren't base path aware @​fquinner
(#​1926) Can't be filtered by ignoredParameterTypes not-reproducable @​heyuxian
(#​1924) Unable to define host in Swagger 1.2 @​mathieuales
(#​1906) Swagger shows wrong id field using Spring Data Rest duplicate @​drenda
(#​1894) @​EnableSwagger2 breaking my unit tests not-reproducable @​rawadrifai
(#​1890) Can't declare Docket in multiple Configuration classes not-reproducable @​lorenzobenvenuti
(#​1887) @​ApiResponses tag does not override default responses not-reproducable @​muff1nman
(#​1880) Wrong API resource path in Swagger 1.2 @​mathieuales
(#​1876) NullPointerException with Spring Data Rest integration @​drenda
(#​1866) 2.7.0 does not list PATCH methods from Spring Data Rest @​jadhavsuhas
(#​1864) @​NotNull not working to mark field as required @​sddakoty
(#​1860) [Spring boot] @​EnableAspectJAutoProxy cause endpoint scanning failed duplicate @​jdupont22
(#​1841) Overloaded method does not respect the "tag" option @​jackmatt2
(#​1839) Primary keys are added to path parameters for Spring Data Rest Entities POST request after upgrading to 2.7.0 @​jadhavsuhas
(#​1830) CORS headers disappeared after upgrading to 2.7.0 not-reproducable @​gionn
(#​1804) Api key input missing in swagger ui after upgrading version to 2.6.1 @​prajapatkiran
(#​1781) Swagger JSON generated by SpringFox shows 'Consumes' for GET and DELETE operations @​dcp65
(#​1672) Swagger-UI giving 405 (Method not allowed) when called not-reproducable @​GarrettMosier

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.