Merge branch 'master' into master

.github/dependabot.yaml

@@ -4,6 +4,7 @@ updates:
     directory: "/"
     schedule:
       interval: daily
+      time: "23:00"
     commit-message:
       prefix: "chore"
       include: "scope"
@@ -18,6 +19,7 @@ updates:
     # Check for updates once a week
     schedule:
       interval: "weekly"
+      time: "23:00"
 
   - package-ecosystem: "github-actions"
     target-branch: "master"

.github/workflows/codeql.yml

@@ -0,0 +1,63 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "master" ]
+  schedule:
+    - cron: '16 04 * * 2'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+        config: |
+          paths-ignore:
+            - 'dist/'
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/dependabot-merge.yml

@@ -17,7 +17,7 @@ jobs:
       # will not occur.
       - name: Dependabot metadata
         id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.6.0
+        uses: dependabot/fetch-metadata@v2.2.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
       # Here the PR gets approved.

.npmignore

@@ -6,11 +6,8 @@
 !dist/swagger-ui.js
 !dist/swagger-ui.js.map
 !dist/swagger-ui-bundle.js
-!dist/swagger-ui-bundle.js.map
 !dist/swagger-ui-standalone-preset.js
-!dist/swagger-ui-standalone-preset.js.map
 !dist/swagger-ui-es-bundle.js
-!dist/swagger-ui-es-bundle.js.map
 !dist/swagger-ui-es-bundle-core.js
 !dist/swagger-ui-es-bundle-core.js.map
 !dist/swagger-ui.css

Dockerfile

@@ -2,9 +2,9 @@
 # We don't declare them here — take a look at our docs.
 # https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md
 
-FROM nginx:1.25.4-alpine
+FROM nginx:1.27.0-alpine
 
-RUN apk add "nodejs"
+RUN apk update && apk add --no-cache "nodejs>=18.20.1-r0 "
 
 LABEL maintainer="char0n"
 

README.md

@@ -48,25 +48,25 @@ The OpenAPI Specification has undergone 5 revisions since initial creation in 20
 ## Documentation
 
 #### Usage
-- [Installation](docs/usage/installation.md)
-- [Configuration](docs/usage/configuration.md)
-- [CORS](docs/usage/cors.md)
-- [OAuth2](docs/usage/oauth2.md)
-- [Deep Linking](docs/usage/deep-linking.md)
-- [Limitations](docs/usage/limitations.md)
-- [Version detection](docs/usage/version-detection.md)
+- [Installation](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/installation.md)
+- [Configuration](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/configuration.md)
+- [CORS](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/cors.md)
+- [OAuth2](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/oauth2.md)
+- [Deep Linking](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/deep-linking.md)
+- [Limitations](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/limitations.md)
+- [Version detection](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/usage/version-detection.md)
 
 #### Customization
-- [Overview](docs/customization/overview.md)
-- [Plugin API](docs/customization/plugin-api.md)
-- [Custom layout](docs/customization/custom-layout.md)
+- [Overview](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/customization/overview.md)
+- [Plugin API](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/customization/plugin-api.md)
+- [Custom layout](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/customization/custom-layout.md)
 
 #### Development
-- [Setting up](docs/development/setting-up.md)
-- [Scripts](docs/development/scripts.md)
+- [Setting up](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/development/setting-up.md)
+- [Scripts](https://github.com/swagger-api/swagger-ui/blob/HEAD/docs/development/scripts.md)
 
 #### Contributing
-- [Contributing](https://github.com/swagger-api/.github/blob/master/CONTRIBUTING.md)
+- [Contributing](https://github.com/swagger-api/.github/blob/HEAD/CONTRIBUTING.md)
 
 ##### Integration Tests
 

SECURITY.md

@@ -9,11 +9,12 @@ If you believe you've found an exploitable security issue in Swagger UI,
 This is the list of versions of `swagger-ui` which are
 currently being supported with security updates.
 
-| Version  | Supported          | Notes                  |
-| -------- | ------------------ | ---------------------- |
-| 4.x      | :white_check_mark: |                        |
-| 3.x      | :x:                | End-of-life as of November 2021 |
-| 2.x      | :x:                | End-of-life as of 2017 |
+| Version | Supported          | Notes                           |
+|---------|--------------------|---------------------------------|
+| 5.x     | :white_check_mark: | Active LTS                      |
+| 4.x     | :x:                | End-of-life as of August 2023   |
+| 3.x     | :x:                | End-of-life as of November 2021 |
+| 2.x     | :x:                | End-of-life as of 2017          |
 
 ## Reporting a vulnerability
 

docs/customization/add-plugin.md

@@ -20,7 +20,7 @@ SwaggerUI({
 })
 ```
 
-Or if you're updating the core plugins.. you'll add it to the base preset: [src/core/presets/base.js](https://github.com/swagger-api/swagger-ui/blob/master/src/core/presets/base.js)
+Or if you're updating the core plugins.. you'll add it to the base preset: [src/core/presets/base/index.js](https://github.com/swagger-api/swagger-ui/blob/master/src/core/presets/base/index.js)
 
 Each Plugin is a function that returns an object. That object will get merged with the `system` and later bound to the state.
 Here is an example of each `type`

docs/customization/plugin-api.md

@@ -388,10 +388,6 @@ const MyWrapComponentPlugin = function(system) {
 }
 ```
 
-**Note:**
-
-If you have multiple plugins wrapping the same component, you may want to change the [`pluginsOptions.pluginLoadType`](/docs/usage/configuration.md#Plugins-options) parameter to `chain`.
-
 #### `rootInjects`
 
 The `rootInjects` interface allows you to inject values at the top level of the system.

docs/development/setting-up.md

@@ -11,9 +11,10 @@ Swagger UI includes a development server that provides hot module reloading and
 
 1. `git clone https://github.com/swagger-api/swagger-ui.git`
 2. `cd swagger-ui`
-3. `npm run dev`
-4. Wait a bit
-5. Open http://localhost:3200/
+3. `npm install`
+4. `npm run dev`
+5. Wait a bit
+6. Open http://localhost:3200/
 
 ### Using your own local api definition with local dev build
 

docs/usage/configuration.md

@@ -2,10 +2,9 @@
 
 ### How to configure
 
-Swagger UI accepts configuration parameters in four locations.
+Swagger UI accepts configuration parameters in three locations.
 
 From lowest to highest precedence:
-- The `swagger-config.yaml` in the project root directory, if it exists, is baked into the application
 - configuration object passed as an argument to Swagger UI (`SwaggerUI({ ... })`)
 - configuration document fetched from a specified `configUrl`
 - configuration items passed as key/value pairs in the URL query string
@@ -40,16 +39,9 @@ Read more about the plugin system in the [Customization documentation](/docs/cus
 Parameter name | Docker variable | Description
 --- | --- | -----
 <a name="layout"></a>`layout` | _Unavailable_ | `String="BaseLayout"`. The name of a component available via the plugin system to use as the top-level layout for Swagger UI.
-<a name="pluginsOptions"></a>`pluginsOptions` | _Unavailable_ | `Object`. A Javascript object to configure plugin integration and behaviors (see below).
 <a name="plugins"></a>`plugins` | _Unavailable_ | `Array=[]`. An array of plugin functions to use in Swagger UI.
 <a name="presets"></a>`presets` | _Unavailable_ | `Array=[SwaggerUI.presets.ApisPreset]`. An array of presets to use in Swagger UI. Usually, you'll want to include `ApisPreset` if you use this option.
 
-##### Plugins options
-
-Parameter name | Docker variable | Description
---- | --- | -----
-<a name="pluginLoadType"></a>`pluginLoadType` | _Unavailable_ | `String=["legacy", "chain"]`. Control behavior of plugins when targeting the same component with wrapComponent.<br/>- `legacy` (default) : last plugin takes precedence over the others<br/>- `chain` : chain wrapComponents when targeting the same core component, allowing multiple plugins to wrap the same component
-
 ##### Display
 
 <table role="table">
@@ -213,11 +205,11 @@ Parameter name | Docker variable | Description
         <td><em>Unavailable</em></td>
         <td>Set to <code>false</code> to deactivate syntax highlighting of
             payloads and cURL command, can be otherwise an object with the
-            <code>activate</code> and <code>theme</code> properties.
+            <code>activated</code> and <code>theme</code> properties.
         </td>
     </tr>
     <tr>
-        <td><a name="user-content-syntaxhighlight.activate"></a><code>syntaxHighlight.activate</code>
+        <td><a name="user-content-syntaxhighlight.activated"></a><code>syntaxHighlight.activated</code>
         </td>
         <td><em>Unavailable</em></td>
         <td><code>Boolean=true</code>. Whether syntax highlighting should be
@@ -279,7 +271,7 @@ Parameter name | Docker variable | Description
 }
 </code>
 </pre>
-            This is the default configuration section for the the
+            This is the default configuration section for the
             requestSnippets plugin.
         </td>
     </tr>