[Snyk] Upgrade swagger-client from 3.10.9 to 3.18.4

[snyk-bot]

Snyk has created this PR to upgrade swagger-client from 3.10.9 to 3.18.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 27 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2022-02-02.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LODASH-608086	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: swagger-client

• 3.18.4 - 2022-02-02
  

  3.18.4 (2022-02-02)

  Bug Fixes

  • specmap: suppress merging examples (#2437) (2a88e2a)
• 3.18.3 - 2022-01-25
  

  3.18.3 (2022-01-25)

  Bug Fixes

  • security: update cross-fetch to >=3.1.5 (#2431) (275249f)
• 3.18.2 - 2022-01-19
  

  3.18.2 (2022-01-19)

  Bug Fixes

  • normalizeSwagger: fix regression in swagger normalization (1f9db2b)
• 3.18.1 - 2022-01-14
  

  3.18.1 (2022-01-14)

  Bug Fixes

  • specmap: fix deep merging when applying patch (#2324) (65fcd22)
• 3.18.0 - 2021-12-21
  

  3.18.0 (2021-12-21)

  Features

  • add support aborting requests in tags interface (7b6bdc2), closes #2349
• 3.17.0 - 2021-10-14
  

  3.17.0 (2021-10-14)

  Features

  • switch buffer to native Uint8Array (#2288) (e96702f), closes #2243

  Other changes

  • replace lodash utils with native JavaScript alternatives (1556f58, e3d4ef3, af2b86c)
  • replace Buffer.isBuffer with ArrayBuffer.isView (eae9bbc)
• 3.16.1 - 2021-09-10
  

  3.16.1 (2021-09-10)

  Bug Fixes

  • security: depend on min version of lodash >= 4.17.21 (374ef79)
• 3.16.0 - 2021-08-20
  

  3.16.0 (2021-08-20)

  Features

  • deps: bump formdata-node from 3.7.0 to 4.0.0 (#2196) (3da4ae8)
  • formdata: add compatibility layer that transforms Buffers into Blobs
• 3.15.0 - 2021-08-09
  

  3.15.0 (2021-08-09)

  Features

  • deps: bump js-yaml from 3.14.1 to 4.1.0 (3937607), closes #2026 #1970
  • build: unify how we use cross-fetch to reduce resulting bundle size (1e8839c)
• 3.14.1 - 2021-07-27
  

  3.14.1 (2021-07-27)

  Bug Fixes

  • package: add additional mappings for browser field (db0cd91), closes #2154
• 3.14.0 - 2021-07-27
• 3.13.7 - 2021-07-17
• 3.13.6 - 2021-07-07
• 3.13.5 - 2021-05-26
• 3.13.3 - 2021-05-07
• 3.13.2 - 2021-03-30
• 3.13.1 - 2021-02-11
• 3.13.0 - 2021-02-11
• 3.12.2 - 2021-01-19
• 3.12.1 - 2020-11-26
• 3.12.0 - 2020-10-29
• 3.11.1 - 2020-10-01
• 3.11.0 - 2020-09-17
• 3.10.13 - 2020-09-14
• 3.10.12 - 2020-07-13
• 3.10.11 - 2020-07-07
• 3.10.10 - 2020-07-06
• 3.10.9 - 2020-06-25

from swagger-client GitHub release notes

Commit messages

Package name: swagger-client

• 7cae7c4 chore(release): cut the 3.18.4 release [skip ci]
• 2a88e2a fix(specmap): suppress merging examples (Update Japanese messages swagger-api/swagger-ui#2437)
• 2bd283a chore(deps-dev): bump lint-staged from 12.3.2 to 12.3.3 (JSON object into enum - different keys and values swagger-api/swagger-ui#2442)
• e8b56c1 chore(deps-dev): bump terser-webpack-plugin from 5.3.0 to 5.3.1 (Response Message's Example Value not shown swagger-api/swagger-ui#2441)
• 6c72d6b chore(deps-dev): bump webpack from 5.67.0 to 5.68.0 (When shebang contains parameters init inputs. swagger-api/swagger-ui#2440)
• 4e6d8d3 chore(deps): migrate .whitesource configuration file to inheritance mode (swagger ui doesn't get base path when swagger uses snake case for schema json swagger-api/swagger-ui#2434)
• e0003d0 chore(deps-dev): bump eslint from 8.7.0 to 8.8.0 (Model rendering does not respect minimum value swagger-api/swagger-ui#2436)
• 20d733c chore(deps-dev): bump lint-staged from 12.3.1 to 12.3.2 (Posting an associative array alongside with formdata doest work swagger-api/swagger-ui#2435)
• 7f502f6 chore(release): cut the 3.18.3 release [skip ci]
• c37be04 chore(deps-dev): update node-fetch dev dep to v2.6.7
• 275249f fix(security): update cross-fetch to >=3.1.5 (OAuth2 application flow losing token after authorization request has been sent with IdentityServer3 swagger-api/swagger-ui#2431)
• 1ddbf98 chore(deps-dev): bump @ babel/core from 7.16.10 to 7.16.12 (Using allof in an array in response body generates blank examples swagger-api/swagger-ui#2430)
• dfcb921 chore(deps-dev): bump webpack-cli from 4.9.1 to 4.9.2 (Fix font src attribute swagger-api/swagger-ui#2429)
• c5b1f45 chore(deps-dev): bump lint-staged from 12.2.2 to 12.3.1 (Enhancing $ref to point to sub elements of a model swagger-api/swagger-ui#2428)
• 34f3ff6 chore(deps-dev): bump webpack from 5.66.0 to 5.67.0 (Download file broken since 2.2.3 swagger-api/swagger-ui#2427)
• eae36f3 chore(deps-dev): bump @ babel/preset-env from 7.16.10 to 7.16.11 (update swagger-js version swagger-api/swagger-ui#2426)
• 5387893 chore(deps-dev): bump @ commitlint/cli from 16.0.3 to 16.1.0 (Feature: add responseHooks option for callbacks on responses swagger-api/swagger-ui#2424)
• 67f6a6b chore(deps-dev): bump lint-staged from 12.2.1 to 12.2.2 (UI omits the accept (Response Content Type) dropdown for non-JSON response swagger-api/swagger-ui#2425)
• f13d552 chore(deps-dev): bump @ commitlint/cli from 16.0.2 to 16.0.3 (SwaggerUI always adding security header swagger-api/swagger-ui#2422)
• 4b1cda5 chore(deps-dev): bump @ babel/plugin-transform-runtime (Swagger-UI does not fully respect schemes (when using https) swagger-api/swagger-ui#2423)
• d6cdadd chore(deps-dev): bump @ babel/core from 7.16.7 to 7.16.10 (Embedding Swagger UI swagger-api/swagger-ui#2420)
• a70482a chore(deps-dev): bump lint-staged from 12.2.0 to 12.2.1 (to get swagger file on openfire server swagger-api/swagger-ui#2421)
• 1413df3 chore(deps-dev): bump @ babel/preset-env from 7.16.8 to 7.16.10 (reset.css loaded twice swagger-api/swagger-ui#2419)
• afbc5ba chore(release): cut the 3.18.2 release [skip ci]

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs