[Snyk] Upgrade express-openapi-validator from 5.2.0 to 5.3.1 #951

cdimascio · 2024-08-26T10:19:47Z

Snyk has created this PR to upgrade express-openapi-validator from 5.2.0 to 5.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released on 21 days ago.

Release notes

Package name: express-openapi-validator

5.3.1 - 2024-08-05
(2024-08-05)
- Stripped query params for req.url branch arm (#942) (26d06c4), closes #942
- Update LICENSE (20727ff)
- version 5.2.1 (aace73c)
- FIX: issue #917 (#935) (8e66d3f), closes #917 #935
- fix: upgrade @ apidevtools/json-schema-ref-parser from 11.6.2 to 11.6.4 (#937) (f148eeb), closes #937
- fix: upgrade ajv from 8.14.0 to 8.15.0 (#938) (a1ea81f), closes #938
- fix: upgrade express-openapi-validator from 5.1.6 to 5.2.0 (#936) (2d75db4), closes #936
- chore(deps-dev): bump braces from 3.0.2 to 3.0.3 (#928) (093bd3c), closes #928
(2024-06-02)
- Add express as peer dependency (#907) (4e8bc84), closes #907
- Add multipart fix when does not exist any body (#905) (5c98d17), closes #905
- add reponse serializer tests for arrays (bbbd160)
- pass coerceTypes through (#809) (8f7c678), closes #809
- Support async operation handler resolver (#921) (a4a7175), closes #921
- upgrade ajv (a708132)
- upgrade example 3 (43cccc8)
- upgrade example 4 (255f20f)
- v5.2.0 (42cb3ab)
- chore: apiSpec may be const literal (#854) (e35a07c), closes #854
- chore(dependencies): bump @ apidevtools/json-schema-ref-parser to 11.6.2 to prevent vulnerability (#9 (61ff0cf), closes #918
- chore(deps-dev): bump @ babel/traverse (#924) (5a04ea9), closes #924
- chore(deps): bump axios, @ nestjs/common, @ nestjs/core, @ nestjs/platform-express and @ nestjs/testing (b77150f), closes #925
- chore(deps): bump webpack and @ nestjs/cli in /examples/9-nestjs (#831) (c0c5f4c), closes #831
- fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.jso (87d173b), closes #911
- fix: package.json & package-lock.json to reduce vulnerabilities (#920) (898ceb7), closes #920
- fix: upgrade @ types/multer from 1.4.7 to 1.4.11 (#897) (a7d67e7), closes #897
- fix: upgrade path-to-regexp from 6.2.0 to 6.2.2 (#914) (bce2d6a), closes #914
5.1.6 (2024-02-11)
- Fixes for 881 - multiple specs w/validateRequests fail (#903) (766806b), closes #903
5.1.5 (2024-02-10)
- fixes write-only tests (8c53e58)
- Support writeOnly + required combination #149 (#756) (4f16ed2), closes #149 #756
- v5.1.5 (708f2f5)
5.1.4 (2024-02-09)
- add cookies to examples 1 and 2 (#891) (2c95d5b), closes #891
- Direct example broken link to the guide (00a9c8f)
- fixes badging for build and test (631fb7b)
- npm audit fix (#892) (2977c0a), closes #892
- Remove read only and write only fields (#895) (97617fd), closes #895 #627
- removes lodash.uniq and lodash.zipobject dependencies (#893) (1206802), closes #893
- Update CONTRIBUTING.md (6d67169)
- Update README.md (dffda28)
- Update README.md (bdd0d79)
- Update README.md (#896) (bb66916), closes #896
- v5.1.4 (b3d7483)
- v5.1.4 (509fa22)
- fix: #887 allow multiple params with wildcard (#898) (2d33d0a), closes #887 #898 #1
- docs: fix doc typo in README.md (#885) (8a81bf8), closes #885
5.1.3 (2024-01-27)
- CLS Context is lost after using multer middleware (#695) (40716fb), closes #695
- remove examples from schema (#890) (0ad49ec), closes #890
- v5.1.3 (f806690)
- v5.1.3 (e567701)
5.1.2 (2023-12-04)
- Normalize request body ContentTypes (#863) (0099b0d), closes #863
- Safer handling of multipart nested JSON body props (#878) (807e09c), closes #878
- v5.1.1 (4b0c989)
5.1.1 (2023-11-21)
- Pass-through HttpError caught in multipart handler (#867) (240c876), closes #867
- v5.1.0 (a9a3b0b)
- v5.1.1 (a4e62ac)
5.1.0 (2023-11-12)
- Allow optional use of req.url (#857) (f732379), closes #857
- Reorder upload and security middlewares (#866) (95543d6), closes #866 #865
- Update build and packaging scripts (#872) (dd4027f), closes #872
- update version locks (bb8d6b8)
- v5.1.0 (839f859)
5.0.5 (2023-08-23)
- #841 return error thrown in serDes deserializer (#842) (d029401), closes #841 #842
- fix documentation links (01950b7)
- fix example schema removal and upgrade patch version (495dabd)
- fixing default export function issue (#846) (268d38a), closes #846
- Remove body-parser deps in example (#845) (c73b7c1), closes #845
- Remove examples from apiDoc when validating requests (#774) (950d429), closes #774
- Resolve "reference resolves to more than one schema" errors when AJV processes OpenAPI document and (9d215be), closes #853
- v5.0.5 change history (b5cc33a)
5.0.4 (2023-04-30)
- Switch json-schema-ref-parser to non-deprecated package (#829) (f5bbce9), closes #829
- v5.0.4 (9b89c79)
- fix: Deserialize custom types with inline schemas (#823) (d53621d), closes #823
5.0.3 (2023-03-04)
- FIx serialization/deserialization in additionalProperties (#822) (a9067b8), closes #822
- Rename field error_code to errorCode in ValidationErrorItem (#819) (1a1b2cc), closes #819
- v5.0.3 (6e93a96)
- chore(deps): bump cookiejar from 2.1.2 to 2.1.4 in /examples/9-nestjs (#805) (07d9879), closes #805
- chore(deps): bump cookiejar from 2.1.3 to 2.1.4 (#806) (0da34f8), closes #806
- chore(deps): bump http-cache-semantics (#811) (7a779f6), closes #811
- chore(deps): bump http-cache-semantics (#813) (336683d), closes #813
- chore(deps): bump http-cache-semantics (#814) (3721092), closes #814
- chore(deps): bump http-cache-semantics (#816) (466e337), closes #816
- chore(deps): bump http-cache-semantics (#817) (582b395), closes #817
- chore(deps): bump http-cache-semantics in /examples/1-standard (#810) (e6ef9d3), closes #810
- chore(deps): bump http-cache-semantics in /examples/3-eov-operations (#812) (fd04b5e), closes #812
- chore(deps): bump http-cache-semantics in /examples/6-multi-file-spec (#815) (b2704b0), closes #815
- chore(deps): bump json5 from 1.0.1 to 1.0.2 in /examples/9-nestjs (#801) (30defdc), closes #801
- chore(deps): bump json5 in /examples/4-eov-operations-babel (#799) (a100192), closes #799
- fix: upgrade ajv from 8.11.0 to 8.11.2 (#797) (e774d4b), closes #797
- fix: upgrade body-parser from 1.19.0 to 1.20.1 (#798) (87a2000), closes #798
- fix: upgrade content-type from 1.0.4 to 1.0.5 (#818) (541d5f9), closes #818
5.0.2 (2023-02-11)
- v5.0.2 (3b0e70c)
- v5.0.2 (24ad64f)
- fix: objects in form-data (#730) (e5cb5d6), closes #730
5.0.1 (2023-01-09)
- enhance SchemaObject type (#697) (ca43431), closes #697
- implement github actions workflow (#793) (d415425), closes #793
- Update README.md (33da583)
- Update README.md (ccd981a)
- v5.0.1 (de0708b)
- chore(deps): bump ansi-regex from 3.0.0 to 3.0.1 in /examples/9-nestjs (#738) (60afead), closes #738
- chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /examples/1-standard (#764) (0d04305), closes #764
- chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /examples/9-nestjs (#760) (c1cf0d9), closes #760
- chore(deps): bump minimatch in /examples/2-standard-multiple-api-specs (#763) (fe5e95e), closes #763
- chore(deps): bump minimatch in /examples/3-eov-operations (#766) (3285f3a), closes #766
- chore(deps): bump minimatch in /examples/4-eov-operations-babel (#768) (5bcc81b), closes #768
- chore(deps): bump minimatch in /examples/5-custom-operation-resolver (#765) (b5b03b3), closes #765
- chore(deps): bump minimatch in /examples/6-multi-file-spec (#767) (e8f54e8), closes #767
- chore(deps): bump minimatch in /examples/7-response-date-serialization (#759) (9b9433e), closes #759
- chore(deps): bump minimatch in /examples/8-top-level-discriminator (#761) (46afe5c), closes #761
- chore(deps): bump minimist and @ nestjs/cli in /examples/9-nestjs (#769) (8d31f9a), closes #769
- chore(deps): bump terser from 5.7.2 to 5.14.2 in /examples/9-nestjs (#750) (a83ff9d), closes #750
- fix: upgrade body-parser from 1.19.0 to 1.19.1 (#689) (40736f8), closes #689
- fix: upgrade body-parser from 1.19.0 to 1.19.1 (

Snyk has created this PR to upgrade express-openapi-validator from 5.2.0 to 5.3.1. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/0ac9a5bd-9a7f-4c0e-bf8b-51d0bd4c4448?utm_source=github&utm_medium=referral&page=upgrade-pr

Snyk has created this PR to upgrade express-openapi-validator from 5.2.0 to 5.3.1. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/0ac9a5bd-9a7f-4c0e-bf8b-51d0bd4c4448?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io>

* change log * deps + change log * docs: add robertjustjones as a contributor for code, test (#659) * docs: update README.md [skip ci] * docs: update .all-contributorsrc [skip ci] Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com> Co-authored-by: Carmine DiMascio <cdimascio@gmail.com> * if requestBody required is false, allow empty requests (#665) * if requestBody required is false, allow empty requests * add test * v4.13.2 * update examples deps * audit fix lock * audit fix lock * update examples * (doc) describe detailed coercion behaviors * (chore) upgrade deps * Update openapi.validator.ts * chore(deps): bump normalize-url in /examples/8-top-level-discriminator (#673) Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1. - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](https://github.com/sindresorhus/normalize-url/commits) --- updated-dependencies: - dependency-name: normalize-url dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump glob-parent in /examples/8-top-level-discriminator (#674) Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/gulpjs/glob-parent/releases) - [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md) - [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2) --- updated-dependencies: - dependency-name: glob-parent dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * default export in handler #671 (#675) * v.4.13.4 * (doc) change history * fix json syntax in allcontributors file (#676) * docs: add zzgab as a contributor for code, test (#680) * docs: update README.md [skip ci] * docs: update .all-contributorsrc [skip ci] Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com> * Fixes on SerDes (#682) * Try catch serdes serialize and deserialize in order to avoid Internal Server Error and return BadRequest errors #601 * Fix incorrect serDes example #569 * Patch on serdes test and allow to use generated AJV out of Express usage (#684) * Try catch serdes serialize and deserialize in order to avoid Internal Server Error and return BadRequest errors #601 * Fix incorrect serDes example #569 * fix the unit test and change message to a more human friendly description of the error #601 * Allow to get the generated request AJV object in order to use it out of an OpenAPI and express usage (websocket...) #683 * Add documentation for OpenApiValidator.ajv function initialization usage #683 * ResponseValidator's Ajv can be useful too. So we return an object that contains both request ajv and response ajv : ```javascript ajvs = { req : 'Ajv object' res : 'Ajv object' } ``` #683 * fix the unit test and change message to a more human friendly description of the error #601 * Allow to get the generated request AJV object in order to use it out of an OpenAPI and express usage (websocket...) #683 * Add documentation for OpenApiValidator.ajv function initialization usage #683 * ResponseValidator's Ajv can be useful too. So we return an object that contains both request ajv and response ajv : ```javascript ajvs = { req : 'Ajv object' res : 'Ajv object' } ``` #683 * Revert commits in order to push only bug fixes #601 * Revert "ResponseValidator's Ajv can be useful too." This reverts commit 677cacfdde64eac870e54bdd3a07e2c2572e5daf. * Revert "Add documentation for OpenApiValidator.ajv function initialization usage" This reverts commit a727f2d20693601074c797a354bfb1f5bc7ed4ef. * Revert "Allow to get the generated request AJV object in order to use it out of an OpenAPI and express usage (websocket...)" This reverts commit ad3e785c9c1e441d13c589534a3a3c3cd33cfb18. * Revert "ResponseValidator's Ajv can be useful too. So we return an object that contains both request ajv and response ajv : ```javascript ajvs = { req : 'Ajv object' res : 'Ajv object' } ``` #683" This reverts commit 8fc7226e * Revert "Add documentation for OpenApiValidator.ajv function initialization usage" This reverts commit ecb8424da785f36e6910f160315c45f38d0cb64e. * Revert "Allow to get the generated request AJV object in order to use it out of an OpenAPI and express usage (websocket...)" This reverts commit 52429c529c844f523a3e28f4a13927344bdac8cc. Co-authored-by: Carmine DiMascio <cdimasci@amazon.com> * v4.13.5 * v4.13.6 * Update README migrate documentation to wiki * migrate README to wiki * chore(deps): bump follow-redirects in /examples/9-nestjs (#705) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.4 to 1.14.8. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.4...v1.14.8) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump node-fetch from 2.6.1 to 2.6.7 in /examples/9-nestjs (#711) Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7) --- updated-dependencies: - dependency-name: node-fetch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist from 1.2.5 to 1.2.6 in /examples/1-standard (#714) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/3-eov-operations (#715) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/2-standard-multiple-api-specs (#716) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/4-eov-operations-babel (#717) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/5-custom-operation-resolver (#718) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/8-top-level-discriminator (#719) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/8-top-level-discriminator (#720) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/7-response-date-serialization (#721) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/7-response-date-serialization (#722) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/6-multi-file-spec (#723) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/6-multi-file-spec (#724) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/5-custom-operation-resolver (#725) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/3-eov-operations (#726) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/2-standard-multiple-api-specs (#727) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump AJV to v8 (#713) * try upgrading to OAPIv3.1 * Remove 3.1-support related files * Const typings on formats * Set _discriminator as non-enumerable hide it from AJV (unknown keyword) * Refactor `x-eov-serdes` to ensure order of validation * Update AJV options handling * Update read/write only keywords * Add noop keywords * Use AJV Draft 4 to validate OpenAPI doc * Use `must` keyword to match AJV validations * Expected validation errors prefer `must` over `should`, `/` over `.` * Update README to reflect expected validation errors * Explicitly pass formats to ignore * Serdes validation errors contain more errors * Update example with expected AJV errors * Drop noisy test logs * Restore previous `Format` version * Add failing tests for undeclared x-* keywords Schema declares these are valid (via `patternProperties`) but AJV rejects on any unknown keywords * Detect `x-*` prefixes and declare as noop for Ajv * Update README to declare reserved vendor extension prefix * readOnly+writeOnly do not modify, and do attach errors * Remove test enforcing `x-eov-*` usage README still "reserves" these keywords, but do not explicitly enforce it * Rely on strictSchema=false to handle unknown keywords Remove all NOOP keywords * Explicitly pass strict=false to response validator test Options are usually set internally * Add types to serdes validator, auto-true if missing method * Rework serdes schema processor _slightly_ simplify schema, and document why complexity is necessary. Use custom keywords to allow "redacting" of confusing errors during validation Remove `jsonType` from serdes options (unused) * Update serdes test to reflect simpler validation messages * Consistent usage of / over . for json path Mirroring format of AJV * Add `eov` prefix to unknown query parameters flag Deprecate old version with console.warn * Create "normalized options" type that has stricter format Omits deprecated types/attributes. Allows skipping redundant checks/transforms that were already performed * Set defaults in one place * Add warnings for deprecated usage of options * Move options handling to `normalizeOptions`, add `ajvFormats` option * Update README to reflect new options behavior * Consistent `/` over `.` Matching AJV's internal json path errors * Remove unnecessary serDesInternal check `xEovAnyOf` effectively hides internal schemas and prevents infinite loop * Add `anyOf` test with serdes, expose all relevant errors * Simplify format overriding by applying in order, remove constant * Move redactable error to common types file * Tweak error redacting to only expose most relevant If request is not a string, message should not expose string-centric validations like format (even those "format" is invalid via serialization). Was wrongly exposed in 992cde00b2add2f6b5f59ba83cfd3bbac658bb38 * Refactor serdes (again...) to use keyword execution order So apparently AJV _does_ have some ability to enforce keyword ordering via `before`/`post`! Using those options, serdes schema gets a lot simpler and has more trivial error redacting * v4.14.0-beta.1 Co-authored-by: Essential Randomness <essential.randomn3ss@gmail.com> Co-authored-by: Carmine DiMascio <cdimasci@amazon.com> * v4.14.0-beta.1 * Update README.md * Bump multer to version that removes dicer as sub-dependency (#739) * Bump multer to version that removes dicer as sub-dependency * use lockfile that gets us 1.4.4-lts.1 and not just 1.4.4 * Revert "use lockfile that gets us 1.4.4-lts.1 and not just 1.4.4" This reverts commit 0f1934ea485684bdc292e35ca68b6431e378adeb. * Update lockfile without upgrading lockfileVersion * Bump multer to 1.4.5 * v4.14.0-beta.2 * update ansi-regex * fixed router parameters (#762) * Fix #699 serdes missed on items in a collection, with tests. (#704) Thanks @Fabiencdp. * v5.0.0 with ajv8 * Update README.md * Update README.md * chore(deps): bump minimatch in /examples/4-eov-operations-babel (#768) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/6-multi-file-spec (#767) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/3-eov-operations (#766) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/5-custom-operation-resolver (#765) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /examples/1-standard (#764) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/2-standard-multiple-api-specs (#763) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/8-top-level-discriminator (#761) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /examples/9-nestjs (#760) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/7-response-date-serialization (#759) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump terser from 5.7.2 to 5.14.2 in /examples/9-nestjs (#750) Bumps [terser](https://github.com/terser/terser) from 5.7.2 to 5.14.2. - [Release notes](https://github.com/terser/terser/releases) - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](https://github.com/terser/terser/commits) --- updated-dependencies: - dependency-name: terser dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex from 3.0.0 to 3.0.1 in /examples/9-nestjs (#738) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade body-parser from 1.19.0 to 1.19.1 (#691) Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.19.1. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/dc56b04d-b132-445b-bde8-64211be844c7?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade body-parser from 1.19.0 to 1.19.1 (#690) Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.19.1. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/0ac9a5bd-9a7f-4c0e-bf8b-51d0bd4c4448?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade body-parser from 1.19.0 to 1.19.1 (#689) Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.19.1. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/53639b22-8ff0-4bd5-97c3-ae30b20a20f4?utm_source=github&utm_medium=referral&page=upgrade-pr * chore(deps): bump minimist and @nestjs/cli in /examples/9-nestjs (#769) Bumps [minimist](https://github.com/minimistjs/minimist) to 1.2.6 and updates ancestor dependency [@nestjs/cli](https://github.com/nestjs/nest-cli). These dependencies need to be updated together. Updates `minimist` from 1.2.5 to 1.2.6 - [Release notes](https://github.com/minimistjs/minimist/releases) - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.6) Updates `@nestjs/cli` from 8.1.2 to 8.2.8 - [Release notes](https://github.com/nestjs/nest-cli/releases) - [Changelog](https://github.com/nestjs/nest-cli/blob/master/.release-it.json) - [Commits](https://github.com/nestjs/nest-cli/compare/8.1.2...8.2.8) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect - dependency-name: "@nestjs/cli" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * implement github actions workflow (#793) * implement github actions workflow * fix target * enhance SchemaObject type (#697) - Composition types: allOf, anyOf, oneOf and not are valid SchemaObjects * v5.0.1 * fix: objects in form-data (#730) Co-authored-by: dj <> * v5.0.2 * v5.0.2 * Rename field `error_code` to `errorCode` in `ValidationErrorItem` (#819) * FIx serialization/deserialization in additionalProperties (#822) * chore(deps): bump http-cache-semantics (#817) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade content-type from 1.0.4 to 1.0.5 (#818) Snyk has created this PR to upgrade content-type from 1.0.4 to 1.0.5. See this package in npm: https://www.npmjs.com/package/content-type See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps): bump http-cache-semantics (#816) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics in /examples/6-multi-file-spec (#815) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics (#814) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics (#813) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics in /examples/3-eov-operations (#812) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics (#811) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics in /examples/1-standard (#810) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cookiejar from 2.1.3 to 2.1.4 (#806) Bumps [cookiejar](https://github.com/bmeck/node-cookiejar) from 2.1.3 to 2.1.4. - [Release notes](https://github.com/bmeck/node-cookiejar/releases) - [Commits](https://github.com/bmeck/node-cookiejar/commits) --- updated-dependencies: - dependency-name: cookiejar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cookiejar from 2.1.2 to 2.1.4 in /examples/9-nestjs (#805) Bumps [cookiejar](https://github.com/bmeck/node-cookiejar) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/bmeck/node-cookiejar/releases) - [Commits](https://github.com/bmeck/node-cookiejar/commits) --- updated-dependencies: - dependency-name: cookiejar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump json5 in /examples/4-eov-operations-babel (#799) Bumps [json5](https://github.com/json5/json5) from 2.1.3 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v2.1.3...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade body-parser from 1.19.0 to 1.20.1 (#798) Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.20.1. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/c52478e1-4b5f-464b-9b43-e11455d66bba?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade ajv from 8.11.0 to 8.11.2 (#797) Snyk has created this PR to upgrade ajv from 8.11.0 to 8.11.2. See this package in npm: https://www.npmjs.com/package/ajv See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr * chore(deps): bump json5 from 1.0.1 to 1.0.2 in /examples/9-nestjs (#801) Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * v5.0.3 * Switch json-schema-ref-parser to non-deprecated package (#829) * switch json-schema-ref-parser to new package @apidevtools/json-schema-ref-parser * revert lockfile version to 1 * fix: Deserialize custom types with inline schemas (#823) * v5.0.4 * fix documentation links * Remove examples from apiDoc when validating requests (#774) Co-authored-by: Michael Eller <michael.eller@rakuten.com> * Resolve "reference resolves to more than one schema" errors when AJV processes OpenAPI document and encounters unknown properties whose values include an `id` parameter. (#853) * Fails to get past AJV error when schema includes `x-stoplight` property and is referenced. * Traverse the OpenAPI document, stripping all x-stoplight values. * fixing default export function issue (#846) Co-authored-by: Kesha Shah <keshashah@wolkus.com> * #841 return error thrown in serDes deserializer (#842) * Remove body-parser deps in example (#845) * chore: remove unused body-parser for examples/1-standard * chore: remove body-parser for examples/2-standard-multiple-api-specs * chore: remove unused body-parser for examples/3-eov-operations * chore: remove unused body-parser for examples/4-eov-operations-babel * chore: remove body-parser for examples/5-custom-operation-resolver * chore: remove body-parser for examples/6-multi-file-spec * chore: remove body-parser for examples/7-response-date-serialization * chore: remove body-parser for examples/8-top-level-discriminator * fix example schema removal and upgrade patch version * v5.0.5 change history * update version locks * Allow optional use of `req.url` (#857) * test: add test cases for new feature * feat: allow using req.url based on config --------- Co-authored-by: nikkegg <nik.vschenko@sylvera.io> * Reorder upload and security middlewares (#866) - Move multipart middleware after security middleware so that security handlers can abort request pipeline before uploads are processed. Fixes #865 * Update build and packaging scripts (#872) - Add compile:release npm script to build the package without source maps. Decreases unpacked size from ~350KB to ~250KB. - Remove :windows variants of npm scripts - Add rimraf to handle cross-platform dir removal - Set "ts-node": { "files": true } in tsconfig.json so that it's not necessary to set env var TS_NODE_FILES - Remove unused assets/README.md (it does not appear to have been used for many years according to npmjs.com) - Use includes "files": [...] property in package.json to indicate dist/ should be included in the built npm package rather than maintaining a list of everything that should be excluded in .npmignore (which has been deleted) - Incorporate above mentioned updates into build.sh * v5.1.0 * v5.1.0 * Pass-through HttpError caught in multipart handler (#867) - Consumers of express-openapi-validator have access to the custom error types via exported object: error (e.g. error.BadRequest). - If the multipart handler throws, for example from the multer storage engine, check whether the err instance is already an HttpError. If so, it can be passed-through as is. This is mostly useful for setting the HTTP status code. * v5.1.1 * Safer handling of multipart nested JSON body props (#878) If a multipart request body has schema oneOf, anyOf, or allOf, then automatic parsing of JSON properties throws. An object is expected. Fix the error today and add a TODO to add support for nested JSON props in multipart requests that utilize oneOf, anyOf, or allOf. * Normalize request body ContentTypes (#863) Co-authored-by: Ray Vincent <ray.vincent@zii.aero> * v5.1.1 * CLS Context is lost after using multer middleware (#695) related issue: https://github.com/expressjs/multer/issues/814 Used the solution described in the above link to fix the issue Co-authored-by: Alan Wang <alan@tacen.app> * remove examples from schema (#890) * v5.1.3 * v5.1.3 * add cookies to examples 1 and 2 (#891) * remove examples from schema * add cookies to example 1 and 2 * docs: fix doc typo in README.md (#885) * npm audit fix (#892) * remove examples from schema * add cookies to example 1 and 2 * audit-fix * removes lodash.uniq and lodash.zipobject dependencies (#893) * fixes badging for build and test * Remove read only and write only fields (#895) * Fix problems in current test read.only according to the schema * #627 Remove readonly fields in : - requests if ``validateRequest.removeAdditional`` configuration equals ``true`` or ```'all'`` or ``'failing'`` - responses if ``validateResponse.removeAdditional`` configuration equals ``true`` or ```'all'`` or ``'failing'`` No changes if ``validateRequest = true``, ``validateResponse = true``, ``validateRequest.removeAdditional : false``, ``validateResponse.removeAdditional : false`` Unit tests added to check the behaviour with removeAdditional : true. Fields removed and no error in response. * Update README.md (#896) * Update CONTRIBUTING.md * Update README.md * Update README.md * fix: #887 allow multiple params with wildcard (#898) * Add multiple path parameters with wildcard tests * Change regex to support multiple params when including file path params (#1) * Change regex to support multiple params when including URI path param * Update regex, remove unnecessary bracket --------- Co-authored-by: Guillermo Recalde <guillerecalde@users.noreply.github.com> * Direct example broken link to the guide * v5.1.4 * v5.1.4 * Support writeOnly + required combination #149 (#756) * fixes write-only tests * v5.1.5 * Fixes for 881 - multiple specs w/validateRequests fail (#903) * v5.1.6 * fix: upgrade @types/multer from 1.4.7 to 1.4.11 (#897) Snyk has created this PR to upgrade @types/multer from 1.4.7 to 1.4.11. See this package in npm: https://www.npmjs.com/package/@types/multer See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Add multipart fix when does not exist any body (#905) * fix: upgrade path-to-regexp from 6.2.0 to 6.2.2 (#914) * fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.json to reduce vulnerabilities (#911) * Add `express` as peer dependency (#907) * Support async operation handler resolver (#921) - Let users define operationHandlers.resolver as a synchronous or asynchronous function that returns a request handler - Make installOperationHandlers and asynchronous function that awaits a resolver promise (automatically wraps resolver with promise if needed) - Update operation handlers middleware to handle an async installOperationHandlers. * fix: package.json & package-lock.json to reduce vulnerabilities (#920) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps): bump webpack and @nestjs/cli in /examples/9-nestjs (#831) Bumps [webpack](https://github.com/webpack/webpack) to 5.76.2 and updates ancestor dependency [@nestjs/cli](https://github.com/nestjs/nest-cli). These dependencies need to be updated together. Updates `webpack` from 5.73.0 to 5.76.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.73.0...v5.76.2) Updates `@nestjs/cli` from 8.2.8 to 9.3.0 - [Release notes](https://github.com/nestjs/nest-cli/releases) - [Changelog](https://github.com/nestjs/nest-cli/blob/master/.release-it.json) - [Commits](https://github.com/nestjs/nest-cli/compare/8.2.8...9.3.0) --- updated-dependencies: - dependency-name: webpack dependency-type: indirect - dependency-name: "@nestjs/cli" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(dependencies): bump @apidevtools/json-schema-ref-parser to 11.6.2 to prevent vulnerability (#918) * chore(deps): bump axios, @nestjs/common, @nestjs/core, @nestjs/platform-express and @nestjs/testing (#925) Removes [axios](https://github.com/axios/axios). It's no longer used after updating ancestor dependencies [axios](https://github.com/axios/axios), [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common), [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core), [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express) and [@nestjs/testing](https://github.com/nestjs/nest/tree/HEAD/packages/testing). These dependencies need to be updated together. Removes `axios` Updates `@nestjs/common` from 8.0.11 to 10.3.8 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.8/packages/common) Updates `@nestjs/core` from 8.4.7 to 10.3.8 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.8/packages/core) Updates `@nestjs/platform-express` from 8.4.7 to 10.3.8 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.8/packages/platform-express) Updates `@nestjs/testing` from 8.4.7 to 10.3.8 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.8/packages/testing) --- updated-dependencies: - dependency-name: axios dependency-type: indirect - dependency-name: "@nestjs/common" dependency-type: direct:production - dependency-name: "@nestjs/core" dependency-type: direct:production - dependency-name: "@nestjs/platform-express" dependency-type: direct:production - dependency-name: "@nestjs/testing" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @babel/traverse (#924) Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.15.4 to 7.24.6. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.6/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * upgrade example 4 * upgrade example 3 * upgrade ajv * chore: apiSpec may be const literal (#854) Co-authored-by: Carmine DiMascio <cdimascio@gmail.com> * pass coerceTypes through (#809) Co-authored-by: Carmine DiMascio <cdimascio@gmail.com> * add reponse serializer tests for arrays * v5.2.0 * v5.2.0 * Update LICENSE * chore(deps-dev): bump braces from 3.0.2 to 3.0.3 (#928) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Stripped query params for req.url branch arm (#942) Co-authored-by: g-radam <859802+g-radam@users.noreply.github.com> * fix: upgrade ajv from 8.14.0 to 8.15.0 (#938) Snyk has created this PR to upgrade ajv from 8.14.0 to 8.15.0. See this package in npm: ajv See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade @apidevtools/json-schema-ref-parser from 11.6.2 to 11.6.4 (#937) Snyk has created this PR to upgrade @apidevtools/json-schema-ref-parser from 11.6.2 to 11.6.4. See this package in npm: @apidevtools/json-schema-ref-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade express-openapi-validator from 5.1.6 to 5.2.0 (#936) Snyk has created this PR to upgrade express-openapi-validator from 5.1.6 to 5.2.0. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/0ac9a5bd-9a7f-4c0e-bf8b-51d0bd4c4448?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * FIX: issue #917 (#935) Co-authored-by: Dušan Miška <dusan.miska@lucis.si> * version 5.2.1 * version 5.3.1 * fix: upgrade express-openapi-validator from 5.1.6 to 5.2.0 (#944) Snyk has created this PR to upgrade express-openapi-validator from 5.1.6 to 5.2.0. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/dc56b04d-b132-445b-bde8-64211be844c7?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: correct security schema logic for OR verification (#946) * version 5.3.2 * fix: upgrade @apidevtools/json-schema-ref-parser from 11.6.4 to 11.7.0 (#947) Snyk has created this PR to upgrade @apidevtools/json-schema-ref-parser from 11.6.4 to 11.7.0. See this package in npm: @apidevtools/json-schema-ref-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps-dev): bump ws from 7.5.5 to 7.5.10 in /examples/9-nestjs (#930) Bumps [ws](https://github.com/websockets/ws) from 7.5.5 to 7.5.10. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/7.5.5...7.5.10) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump braces in /examples/8-top-level-discriminator (#929) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade ajv from 8.15.0 to 8.17.1 (#945) Snyk has created this PR to upgrade ajv from 8.15.0 to 8.17.1. See this package in npm: ajv See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps-dev): bump @babel/traverse in /examples/9-nestjs (#948) Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.15.4 to 7.25.4. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.4/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * version 5.3.3 * Update README.md * Use lenient resolver type (#956) In #921, a stronger type applied to OperationHandlerOptions['resolver'] so that end users would have an idea of what the parameters are for their custom resolvers. It went too far in stipulating a return type. Set the return type to unknown and let users decide how much type safety they need in their resolver. Fixes #952 * Change AJV allErrors default and support user setting (#955) * Support setting allErrors for AJV validation AJV recommends setting option `allErrors` to `false` in production. pdate `createAjv()` to respect the user's setting. Avoid introducing a breaking change by defaulting to `true` when not defined by the user. Add tests: 1. Make sure `AjvOptions` sets the value appropriately based on whether the end user defined `allErrors` or not. 2. When validating requests, make sure the number of errors reported (when multiple occur) is 1 when `allErrors` is `false`. The `allErrors` configuration for OpenAPISchemaValidator is not changed by this commit since that validation is for trusted content. Fixes #954 * (Revisions) Support setting allErrors for AJV validation - Do not set allErrors by default **breaking change** * (Revisions) Support setting allErrors for AJV validation - Allow allErrors to be set on requests and responses independently * v5.3.4 * update README * [StepSecurity] ci: Harden GitHub Actions (#959) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> * chore(deps): bump webpack and @nestjs/cli in /examples/9-nestjs (#953) Bumps [webpack](https://github.com/webpack/webpack) to 5.94.0 and updates ancestor dependency [@nestjs/cli](https://github.com/nestjs/nest-cli). These dependencies need to be updated together. Updates `webpack` from 5.76.2 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.76.2...v5.94.0) Updates `@nestjs/cli` from 9.3.0 to 10.4.5 - [Release notes](https://github.com/nestjs/nest-cli/releases) - [Changelog](https://github.com/nestjs/nest-cli/blob/master/.release-it.json) - [Commits](https://github.com/nestjs/nest-cli/compare/9.3.0...10.4.5) --- updated-dependencies: - dependency-name: webpack dependency-type: indirect - dependency-name: "@nestjs/cli" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump braces in /examples/4-eov-operations-babel (#957) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump braces in /examples/5-custom-operation-resolver (#958) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade express-openapi-validator from 5.2.0 to 5.3.1 (#951) Snyk has created this PR to upgrade express-openapi-validator from 5.2.0 to 5.3.1. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/0ac9a5bd-9a7f-4c0e-bf8b-51d0bd4c4448?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Fix changelog breaking changes notice (#961) The breaking change included in entry (2024-08-31) was not added correctly. Fix it. * fix: Dereference path parameters (#962) The OpenAPI spec loader has a `discoverRoutes` method which explores an OpenAPI document and gathers information about the paths and parameters used. The list of discovered path parameters is used to install parameter-specific middleware in `src/openapi.validator.ts#installPathParams` Path parameters declared with `$ref` were not detected in the `discoverRoutes` implementation, leading to the un-coerced values being used. By dereferencing each path parameter when building this list, we should see the same behavior for referenced path parameters and for inline path parameters. Closes https://github.com/cdimascio/express-openapi-validator/issues/803 * v5.3.5 * chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /examples/9-nestjs (#964) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump braces in /examples/7-response-date-serialization (#963) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade express-openapi-validator from 5.2.0 to 5.3.1 (#960) Snyk has created this PR to upgrade express-openapi-validator from 5.2.0 to 5.3.1. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/dc56b04d-b132-445b-bde8-64211be844c7?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Update README.md * Update README.md * bodyParsers is deprecated so update with expess bodyParsers (#974) * Change path-to-regexp 6.2.2 to 6.3.0 * express version update * bodyParsers is deprecated so update with expess bodyParsers * update express to 4.21.0 * v5.3.6 * feat(path-to-regexp): path-to-regexp 8.1.0 update (#976) * feat(path-to-regexp): path-to-regexp update to 8.1.0 * feat(path-to-regexp): cleanup notes for PR * feat(path-to-regexp): potential version bump if approved * feat(path-to-regexp): pr change request + added notes for changes --------- Co-authored-by: fkeefer <fkeefer@signiant.com> Co-authored-by: Carmine DiMascio <cdimascio@gmail.com> * fix: upgrade @types/multer from 1.4.11 to 1.4.12 (#983) Snyk has created this PR to upgrade @types/multer from 1.4.11 to 1.4.12. See this package in npm: @types/multer See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * v5.3.7 * fix: examples/3-eov-operations/package.json & examples/3-eov-operations/package-lock.json to reduce vulnerabilities (#989) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.json to reduce vulnerabilities (#988) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: examples/2-standard-multiple-api-specs/package.json & examples/2-standard-multiple-api-specs/package-lock.json to reduce vulnerabilities (#987) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: examples/1-standard/package.json & examples/1-standard/package-lock.json to reduce vulnerabilities (#986) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Update README.md * Update README.md * chore(deps): bump body-parser and @nestjs/platform-express (#990) Bumps [body-parser](https://github.com/expressjs/body-parser) to 1.20.3 and updates ancestor dependency [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express). These dependencies need to be updated together. Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3) Updates `@nestjs/platform-express` from 10.3.8 to 10.4.3 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.4.3/packages/platform-express) --- updated-dependencies: - dependency-name: body-parser dependency-type: indirect - dependency-name: "@nestjs/platform-express" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json & package-lock.json to reduce vulnerabilities (#993) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade express-openapi-validator from 5.3.6 to 5.3.7 (#995) Snyk has created this PR to upgrade express-openapi-validator from 5.3.6 to 5.3.7. See this package in npm: https://www.npmjs.com/package/express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/dc56b04d-b132-445b-bde8-64211be844c7?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps): bump cookie and cookie-parser (#996) Bumps [cookie](https://github.com/jshttp/cookie) to 0.7.1 and updates ancestor dependency [cookie-parser](https://github.com/expressjs/cookie-parser). These dependencies need to be updated together. Updates `cookie` from 0.4.1 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](https://github.com/jshttp/cookie/compare/v0.4.1...v0.7.1) Updates `cookie-parser` from 1.4.6 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](https://github.com/expressjs/cookie-parser/compare/1.4.6...1.4.7) --- updated-dependencies: - dependency-name: cookie dependency-type: indirect - dependency-name: cookie-parser dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump path-to-regexp (#997) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](https://github.com/pillarjs/path-to-regexp/compare/v6.2.0...v6.3.0) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.json to reduce vulnerabilities (#994) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * example 6 enhancements * Create SECURITY.md (#999) * fix: add cookie support for HTTP bearer authentication (#949) * fix: add cookie support for HTTP bearer authentication - Updated validateHttp() to handle bearer tokens in both authorization header and cookies. - Adapted logic to ensure flexibility for projects using HTTP-only cookies instead of headers for authentication. * fix: Refine HTTP authentication validation based on code review feedback - Maintain existing error for missing Authorization header - Add specific error for cookie authentication when specified in security scheme - Consider both Authorization header and cookie for bearer token validation * fix: Revert unintended code style changes made during previous commit * fix: Revert unintended code style changes made during previous commit * fix: fix: update validateHttp to handle missing auth headers properly - Restructure Basic auth validation to check header existence first - Maintain original error messages for non-cookie authentication - Add proper cookie authentication check when specified - Fix undefined.includes() error in Basic auth validation * v5.3.8 * chore(deps): bump cookie and express in /examples/3-eov-operations (#1002) Bumps [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.1) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](https://github.com/expressjs/express/compare/4.19.2...4.21.1) --- updated-dependencies: - dependency-name: cookie dependency-type: indirect - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: fix authHeader without `cookie-parser` middleware (#1003) [express-openapi-validator v5.8.3][1] and 79424b2 (fix: add cookie support for HTTP bearer authentication (#949), 2024-10-27) breaks HTTP bearer authentication when the `cookie-parser` middleware is not present (and therefore `req.cookies` is not present). [1]: https://github.com/cdimascio/express-openapi-validator/releases/tag/v5.3.8 Fixes: 79424b26137fd0ad2e73f37b689e9ade2618bbc4 * v5.3.9 * fix: upgrade express-openapi-validator from 5.3.6 to 5.3.7 (#1001)…

* handle req.query mutations for express 5 * handle req.query mutations for express 5 * Update README.md * Update README.md * allow mutation for express 5 validaiton (#1043) Co-authored-by: carmine <carmine@everco.ai> * v5.4.3 * update README * handle req.query mutations for express 5 * handle req.query mutations for express 5 * test(express-5): change routes in tests to new path route syntax (#1036) * caches pre-processed resolved schemas * update change history * Update README.md (#1033) * Update README.md * Update README.md * Fix history (#1049) * change log * deps + change log * docs: add robertjustjones as a contributor for code, test (#659) * docs: update README.md [skip ci] * docs: update .all-contributorsrc [skip ci] Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com> Co-authored-by: Carmine DiMascio <cdimascio@gmail.com> * if requestBody required is false, allow empty requests (#665) * if requestBody required is false, allow empty requests * add test * v4.13.2 * update examples deps * audit fix lock * audit fix lock * update examples * (doc) describe detailed coercion behaviors * (chore) upgrade deps * Update openapi.validator.ts * chore(deps): bump normalize-url in /examples/8-top-level-discriminator (#673) Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1. - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](https://github.com/sindresorhus/normalize-url/commits) --- updated-dependencies: - dependency-name: normalize-url dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump glob-parent in /examples/8-top-level-discriminator (#674) Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/gulpjs/glob-parent/releases) - [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md) - [Commits](https://github.com/gulpjs/glob-parent/compare/v5.1.1...v5.1.2) --- updated-dependencies: - dependency-name: glob-parent dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * default export in handler #671 (#675) * v.4.13.4 * (doc) change history * fix json syntax in allcontributors file (#676) * docs: add zzgab as a contributor for code, test (#680) * docs: update README.md [skip ci] * docs: update .all-contributorsrc [skip ci] Co-authored-by: allcontributors[bot] <46447321+allcontributors[bot]@users.noreply.github.com> * Fixes on SerDes (#682) * Try catch serdes serialize and deserialize in order to avoid Internal Server Error and return BadRequest errors #601 * Fix incorrect serDes example #569 * Patch on serdes test and allow to use generated AJV out of Express usage (#684) * Try catch serdes serialize and deserialize in order to avoid Internal Server Error and return BadRequest errors #601 * Fix incorrect serDes example #569 * fix the unit test and change message to a more human friendly description of the error #601 * Allow to get the generated request AJV object in order to use it out of an OpenAPI and express usage (websocket...) #683 * Add documentation for OpenApiValidator.ajv function initialization usage #683 * ResponseValidator's Ajv can be useful too. So we return an object that contains both request ajv and response ajv : ```javascript ajvs = { req : 'Ajv object' res : 'Ajv object' } ``` #683 * fix the unit test and change message to a more human friendly description of the error #601 * Allow to get the generated request AJV object in order to use it out of an OpenAPI and express usage (websocket...) #683 * Add documentation for OpenApiValidator.ajv function initialization usage #683 * ResponseValidator's Ajv can be useful too. So we return an object that contains both request ajv and response ajv : ```javascript ajvs = { req : 'Ajv object' res : 'Ajv object' } ``` #683 * Revert commits in order to push only bug fixes #601 * Revert "ResponseValidator's Ajv can be useful too." This reverts commit 677cacfdde64eac870e54bdd3a07e2c2572e5daf. * Revert "Add documentation for OpenApiValidator.ajv function initialization usage" This reverts commit a727f2d20693601074c797a354bfb1f5bc7ed4ef. * Revert "Allow to get the generated request AJV object in order to use it out of an OpenAPI and express usage (websocket...)" This reverts commit ad3e785c9c1e441d13c589534a3a3c3cd33cfb18. * Revert "ResponseValidator's Ajv can be useful too. So we return an object that contains both request ajv and response ajv : ```javascript ajvs = { req : 'Ajv object' res : 'Ajv object' } ``` #683" This reverts commit 8fc7226e * Revert "Add documentation for OpenApiValidator.ajv function initialization usage" This reverts commit ecb8424da785f36e6910f160315c45f38d0cb64e. * Revert "Allow to get the generated request AJV object in order to use it out of an OpenAPI and express usage (websocket...)" This reverts commit 52429c529c844f523a3e28f4a13927344bdac8cc. Co-authored-by: Carmine DiMascio <cdimasci@amazon.com> * v4.13.5 * v4.13.6 * Update README migrate documentation to wiki * migrate README to wiki * chore(deps): bump follow-redirects in /examples/9-nestjs (#705) Bumps [follow-redirects](https://github.com/follow-redirects/follow-redirects) from 1.14.4 to 1.14.8. - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](https://github.com/follow-redirects/follow-redirects/compare/v1.14.4...v1.14.8) --- updated-dependencies: - dependency-name: follow-redirects dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump node-fetch from 2.6.1 to 2.6.7 in /examples/9-nestjs (#711) Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.1 to 2.6.7. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](https://github.com/node-fetch/node-fetch/compare/v2.6.1...v2.6.7) --- updated-dependencies: - dependency-name: node-fetch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist from 1.2.5 to 1.2.6 in /examples/1-standard (#714) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/3-eov-operations (#715) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/2-standard-multiple-api-specs (#716) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/4-eov-operations-babel (#717) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/5-custom-operation-resolver (#718) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/8-top-level-discriminator (#719) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/8-top-level-discriminator (#720) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/7-response-date-serialization (#721) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/7-response-date-serialization (#722) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/6-multi-file-spec (#723) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimist in /examples/6-multi-file-spec (#724) Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/5-custom-operation-resolver (#725) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/3-eov-operations (#726) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex in /examples/2-standard-multiple-api-specs (#727) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump AJV to v8 (#713) * try upgrading to OAPIv3.1 * Remove 3.1-support related files * Const typings on formats * Set _discriminator as non-enumerable hide it from AJV (unknown keyword) * Refactor `x-eov-serdes` to ensure order of validation * Update AJV options handling * Update read/write only keywords * Add noop keywords * Use AJV Draft 4 to validate OpenAPI doc * Use `must` keyword to match AJV validations * Expected validation errors prefer `must` over `should`, `/` over `.` * Update README to reflect expected validation errors * Explicitly pass formats to ignore * Serdes validation errors contain more errors * Update example with expected AJV errors * Drop noisy test logs * Restore previous `Format` version * Add failing tests for undeclared x-* keywords Schema declares these are valid (via `patternProperties`) but AJV rejects on any unknown keywords * Detect `x-*` prefixes and declare as noop for Ajv * Update README to declare reserved vendor extension prefix * readOnly+writeOnly do not modify, and do attach errors * Remove test enforcing `x-eov-*` usage README still "reserves" these keywords, but do not explicitly enforce it * Rely on strictSchema=false to handle unknown keywords Remove all NOOP keywords * Explicitly pass strict=false to response validator test Options are usually set internally * Add types to serdes validator, auto-true if missing method * Rework serdes schema processor _slightly_ simplify schema, and document why complexity is necessary. Use custom keywords to allow "redacting" of confusing errors during validation Remove `jsonType` from serdes options (unused) * Update serdes test to reflect simpler validation messages * Consistent usage of / over . for json path Mirroring format of AJV * Add `eov` prefix to unknown query parameters flag Deprecate old version with console.warn * Create "normalized options" type that has stricter format Omits deprecated types/attributes. Allows skipping redundant checks/transforms that were already performed * Set defaults in one place * Add warnings for deprecated usage of options * Move options handling to `normalizeOptions`, add `ajvFormats` option * Update README to reflect new options behavior * Consistent `/` over `.` Matching AJV's internal json path errors * Remove unnecessary serDesInternal check `xEovAnyOf` effectively hides internal schemas and prevents infinite loop * Add `anyOf` test with serdes, expose all relevant errors * Simplify format overriding by applying in order, remove constant * Move redactable error to common types file * Tweak error redacting to only expose most relevant If request is not a string, message should not expose string-centric validations like format (even those "format" is invalid via serialization). Was wrongly exposed in 992cde00b2add2f6b5f59ba83cfd3bbac658bb38 * Refactor serdes (again...) to use keyword execution order So apparently AJV _does_ have some ability to enforce keyword ordering via `before`/`post`! Using those options, serdes schema gets a lot simpler and has more trivial error redacting * v4.14.0-beta.1 Co-authored-by: Essential Randomness <essential.randomn3ss@gmail.com> Co-authored-by: Carmine DiMascio <cdimasci@amazon.com> * v4.14.0-beta.1 * Update README.md * Bump multer to version that removes dicer as sub-dependency (#739) * Bump multer to version that removes dicer as sub-dependency * use lockfile that gets us 1.4.4-lts.1 and not just 1.4.4 * Revert "use lockfile that gets us 1.4.4-lts.1 and not just 1.4.4" This reverts commit 0f1934ea485684bdc292e35ca68b6431e378adeb. * Update lockfile without upgrading lockfileVersion * Bump multer to 1.4.5 * v4.14.0-beta.2 * update ansi-regex * fixed router parameters (#762) * Fix #699 serdes missed on items in a collection, with tests. (#704) Thanks @Fabiencdp. * v5.0.0 with ajv8 * Update README.md * Update README.md * chore(deps): bump minimatch in /examples/4-eov-operations-babel (#768) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/6-multi-file-spec (#767) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/3-eov-operations (#766) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/5-custom-operation-resolver (#765) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /examples/1-standard (#764) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/2-standard-multiple-api-specs (#763) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/8-top-level-discriminator (#761) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch from 3.0.4 to 3.1.2 in /examples/9-nestjs (#760) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump minimatch in /examples/7-response-date-serialization (#759) Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2. - [Release notes](https://github.com/isaacs/minimatch/releases) - [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump terser from 5.7.2 to 5.14.2 in /examples/9-nestjs (#750) Bumps [terser](https://github.com/terser/terser) from 5.7.2 to 5.14.2. - [Release notes](https://github.com/terser/terser/releases) - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](https://github.com/terser/terser/commits) --- updated-dependencies: - dependency-name: terser dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump ansi-regex from 3.0.0 to 3.0.1 in /examples/9-nestjs (#738) Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade body-parser from 1.19.0 to 1.19.1 (#691) Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.19.1. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/dc56b04d-b132-445b-bde8-64211be844c7?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade body-parser from 1.19.0 to 1.19.1 (#690) Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.19.1. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/0ac9a5bd-9a7f-4c0e-bf8b-51d0bd4c4448?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade body-parser from 1.19.0 to 1.19.1 (#689) Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.19.1. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/53639b22-8ff0-4bd5-97c3-ae30b20a20f4?utm_source=github&utm_medium=referral&page=upgrade-pr * chore(deps): bump minimist and @nestjs/cli in /examples/9-nestjs (#769) Bumps [minimist](https://github.com/minimistjs/minimist) to 1.2.6 and updates ancestor dependency [@nestjs/cli](https://github.com/nestjs/nest-cli). These dependencies need to be updated together. Updates `minimist` from 1.2.5 to 1.2.6 - [Release notes](https://github.com/minimistjs/minimist/releases) - [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md) - [Commits](https://github.com/minimistjs/minimist/compare/v1.2.5...v1.2.6) Updates `@nestjs/cli` from 8.1.2 to 8.2.8 - [Release notes](https://github.com/nestjs/nest-cli/releases) - [Changelog](https://github.com/nestjs/nest-cli/blob/master/.release-it.json) - [Commits](https://github.com/nestjs/nest-cli/compare/8.1.2...8.2.8) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect - dependency-name: "@nestjs/cli" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * implement github actions workflow (#793) * implement github actions workflow * fix target * enhance SchemaObject type (#697) - Composition types: allOf, anyOf, oneOf and not are valid SchemaObjects * v5.0.1 * fix: objects in form-data (#730) Co-authored-by: dj <> * v5.0.2 * v5.0.2 * Rename field `error_code` to `errorCode` in `ValidationErrorItem` (#819) * FIx serialization/deserialization in additionalProperties (#822) * chore(deps): bump http-cache-semantics (#817) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade content-type from 1.0.4 to 1.0.5 (#818) Snyk has created this PR to upgrade content-type from 1.0.4 to 1.0.5. See this package in npm: https://www.npmjs.com/package/content-type See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps): bump http-cache-semantics (#816) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics in /examples/6-multi-file-spec (#815) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics (#814) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics (#813) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics in /examples/3-eov-operations (#812) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics (#811) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump http-cache-semantics in /examples/1-standard (#810) Bumps [http-cache-semantics](https://github.com/kornelski/http-cache-semantics) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/kornelski/http-cache-semantics/releases) - [Commits](https://github.com/kornelski/http-cache-semantics/compare/v4.1.0...v4.1.1) --- updated-dependencies: - dependency-name: http-cache-semantics dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cookiejar from 2.1.3 to 2.1.4 (#806) Bumps [cookiejar](https://github.com/bmeck/node-cookiejar) from 2.1.3 to 2.1.4. - [Release notes](https://github.com/bmeck/node-cookiejar/releases) - [Commits](https://github.com/bmeck/node-cookiejar/commits) --- updated-dependencies: - dependency-name: cookiejar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump cookiejar from 2.1.2 to 2.1.4 in /examples/9-nestjs (#805) Bumps [cookiejar](https://github.com/bmeck/node-cookiejar) from 2.1.2 to 2.1.4. - [Release notes](https://github.com/bmeck/node-cookiejar/releases) - [Commits](https://github.com/bmeck/node-cookiejar/commits) --- updated-dependencies: - dependency-name: cookiejar dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump json5 in /examples/4-eov-operations-babel (#799) Bumps [json5](https://github.com/json5/json5) from 2.1.3 to 2.2.3. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v2.1.3...v2.2.3) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade body-parser from 1.19.0 to 1.20.1 (#798) Snyk has created this PR to upgrade body-parser from 1.19.0 to 1.20.1. See this package in npm: https://www.npmjs.com/package/body-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/c52478e1-4b5f-464b-9b43-e11455d66bba?utm_source=github&utm_medium=referral&page=upgrade-pr * fix: upgrade ajv from 8.11.0 to 8.11.2 (#797) Snyk has created this PR to upgrade ajv from 8.11.0 to 8.11.2. See this package in npm: https://www.npmjs.com/package/ajv See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr * chore(deps): bump json5 from 1.0.1 to 1.0.2 in /examples/9-nestjs (#801) Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/json5/json5/releases) - [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md) - [Commits](https://github.com/json5/json5/compare/v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: json5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * v5.0.3 * Switch json-schema-ref-parser to non-deprecated package (#829) * switch json-schema-ref-parser to new package @apidevtools/json-schema-ref-parser * revert lockfile version to 1 * fix: Deserialize custom types with inline schemas (#823) * v5.0.4 * fix documentation links * Remove examples from apiDoc when validating requests (#774) Co-authored-by: Michael Eller <michael.eller@rakuten.com> * Resolve "reference resolves to more than one schema" errors when AJV processes OpenAPI document and encounters unknown properties whose values include an `id` parameter. (#853) * Fails to get past AJV error when schema includes `x-stoplight` property and is referenced. * Traverse the OpenAPI document, stripping all x-stoplight values. * fixing default export function issue (#846) Co-authored-by: Kesha Shah <keshashah@wolkus.com> * #841 return error thrown in serDes deserializer (#842) * Remove body-parser deps in example (#845) * chore: remove unused body-parser for examples/1-standard * chore: remove body-parser for examples/2-standard-multiple-api-specs * chore: remove unused body-parser for examples/3-eov-operations * chore: remove unused body-parser for examples/4-eov-operations-babel * chore: remove body-parser for examples/5-custom-operation-resolver * chore: remove body-parser for examples/6-multi-file-spec * chore: remove body-parser for examples/7-response-date-serialization * chore: remove body-parser for examples/8-top-level-discriminator * fix example schema removal and upgrade patch version * v5.0.5 change history * update version locks * Allow optional use of `req.url` (#857) * test: add test cases for new feature * feat: allow using req.url based on config --------- Co-authored-by: nikkegg <nik.vschenko@sylvera.io> * Reorder upload and security middlewares (#866) - Move multipart middleware after security middleware so that security handlers can abort request pipeline before uploads are processed. Fixes #865 * Update build and packaging scripts (#872) - Add compile:release npm script to build the package without source maps. Decreases unpacked size from ~350KB to ~250KB. - Remove :windows variants of npm scripts - Add rimraf to handle cross-platform dir removal - Set "ts-node": { "files": true } in tsconfig.json so that it's not necessary to set env var TS_NODE_FILES - Remove unused assets/README.md (it does not appear to have been used for many years according to npmjs.com) - Use includes "files": [...] property in package.json to indicate dist/ should be included in the built npm package rather than maintaining a list of everything that should be excluded in .npmignore (which has been deleted) - Incorporate above mentioned updates into build.sh * v5.1.0 * v5.1.0 * Pass-through HttpError caught in multipart handler (#867) - Consumers of express-openapi-validator have access to the custom error types via exported object: error (e.g. error.BadRequest). - If the multipart handler throws, for example from the multer storage engine, check whether the err instance is already an HttpError. If so, it can be passed-through as is. This is mostly useful for setting the HTTP status code. * v5.1.1 * Safer handling of multipart nested JSON body props (#878) If a multipart request body has schema oneOf, anyOf, or allOf, then automatic parsing of JSON properties throws. An object is expected. Fix the error today and add a TODO to add support for nested JSON props in multipart requests that utilize oneOf, anyOf, or allOf. * Normalize request body ContentTypes (#863) Co-authored-by: Ray Vincent <ray.vincent@zii.aero> * v5.1.1 * CLS Context is lost after using multer middleware (#695) related issue: https://github.com/expressjs/multer/issues/814 Used the solution described in the above link to fix the issue Co-authored-by: Alan Wang <alan@tacen.app> * remove examples from schema (#890) * v5.1.3 * v5.1.3 * add cookies to examples 1 and 2 (#891) * remove examples from schema * add cookies to example 1 and 2 * docs: fix doc typo in README.md (#885) * npm audit fix (#892) * remove examples from schema * add cookies to example 1 and 2 * audit-fix * removes lodash.uniq and lodash.zipobject dependencies (#893) * fixes badging for build and test * Remove read only and write only fields (#895) * Fix problems in current test read.only according to the schema * #627 Remove readonly fields in : - requests if ``validateRequest.removeAdditional`` configuration equals ``true`` or ```'all'`` or ``'failing'`` - responses if ``validateResponse.removeAdditional`` configuration equals ``true`` or ```'all'`` or ``'failing'`` No changes if ``validateRequest = true``, ``validateResponse = true``, ``validateRequest.removeAdditional : false``, ``validateResponse.removeAdditional : false`` Unit tests added to check the behaviour with removeAdditional : true. Fields removed and no error in response. * Update README.md (#896) * Update CONTRIBUTING.md * Update README.md * Update README.md * fix: #887 allow multiple params with wildcard (#898) * Add multiple path parameters with wildcard tests * Change regex to support multiple params when including file path params (#1) * Change regex to support multiple params when including URI path param * Update regex, remove unnecessary bracket --------- Co-authored-by: Guillermo Recalde <guillerecalde@users.noreply.github.com> * Direct example broken link to the guide * v5.1.4 * v5.1.4 * Support writeOnly + required combination #149 (#756) * fixes write-only tests * v5.1.5 * Fixes for 881 - multiple specs w/validateRequests fail (#903) * v5.1.6 * fix: upgrade @types/multer from 1.4.7 to 1.4.11 (#897) Snyk has created this PR to upgrade @types/multer from 1.4.7 to 1.4.11. See this package in npm: https://www.npmjs.com/package/@types/multer See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Add multipart fix when does not exist any body (#905) * fix: upgrade path-to-regexp from 6.2.0 to 6.2.2 (#914) * fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.json to reduce vulnerabilities (#911) * Add `express` as peer dependency (#907) * Support async operation handler resolver (#921) - Let users define operationHandlers.resolver as a synchronous or asynchronous function that returns a request handler - Make installOperationHandlers and asynchronous function that awaits a resolver promise (automatically wraps resolver with promise if needed) - Update operation handlers middleware to handle an async installOperationHandlers. * fix: package.json & package-lock.json to reduce vulnerabilities (#920) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps): bump webpack and @nestjs/cli in /examples/9-nestjs (#831) Bumps [webpack](https://github.com/webpack/webpack) to 5.76.2 and updates ancestor dependency [@nestjs/cli](https://github.com/nestjs/nest-cli). These dependencies need to be updated together. Updates `webpack` from 5.73.0 to 5.76.2 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.73.0...v5.76.2) Updates `@nestjs/cli` from 8.2.8 to 9.3.0 - [Release notes](https://github.com/nestjs/nest-cli/releases) - [Changelog](https://github.com/nestjs/nest-cli/blob/master/.release-it.json) - [Commits](https://github.com/nestjs/nest-cli/compare/8.2.8...9.3.0) --- updated-dependencies: - dependency-name: webpack dependency-type: indirect - dependency-name: "@nestjs/cli" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(dependencies): bump @apidevtools/json-schema-ref-parser to 11.6.2 to prevent vulnerability (#918) * chore(deps): bump axios, @nestjs/common, @nestjs/core, @nestjs/platform-express and @nestjs/testing (#925) Removes [axios](https://github.com/axios/axios). It's no longer used after updating ancestor dependencies [axios](https://github.com/axios/axios), [@nestjs/common](https://github.com/nestjs/nest/tree/HEAD/packages/common), [@nestjs/core](https://github.com/nestjs/nest/tree/HEAD/packages/core), [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express) and [@nestjs/testing](https://github.com/nestjs/nest/tree/HEAD/packages/testing). These dependencies need to be updated together. Removes `axios` Updates `@nestjs/common` from 8.0.11 to 10.3.8 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.8/packages/common) Updates `@nestjs/core` from 8.4.7 to 10.3.8 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.8/packages/core) Updates `@nestjs/platform-express` from 8.4.7 to 10.3.8 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.8/packages/platform-express) Updates `@nestjs/testing` from 8.4.7 to 10.3.8 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.3.8/packages/testing) --- updated-dependencies: - dependency-name: axios dependency-type: indirect - dependency-name: "@nestjs/common" dependency-type: direct:production - dependency-name: "@nestjs/core" dependency-type: direct:production - dependency-name: "@nestjs/platform-express" dependency-type: direct:production - dependency-name: "@nestjs/testing" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump @babel/traverse (#924) Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.15.4 to 7.24.6. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.6/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * upgrade example 4 * upgrade example 3 * upgrade ajv * chore: apiSpec may be const literal (#854) Co-authored-by: Carmine DiMascio <cdimascio@gmail.com> * pass coerceTypes through (#809) Co-authored-by: Carmine DiMascio <cdimascio@gmail.com> * add reponse serializer tests for arrays * v5.2.0 * v5.2.0 * Update LICENSE * chore(deps-dev): bump braces from 3.0.2 to 3.0.3 (#928) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Stripped query params for req.url branch arm (#942) Co-authored-by: g-radam <859802+g-radam@users.noreply.github.com> * fix: upgrade ajv from 8.14.0 to 8.15.0 (#938) Snyk has created this PR to upgrade ajv from 8.14.0 to 8.15.0. See this package in npm: ajv See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade @apidevtools/json-schema-ref-parser from 11.6.2 to 11.6.4 (#937) Snyk has created this PR to upgrade @apidevtools/json-schema-ref-parser from 11.6.2 to 11.6.4. See this package in npm: @apidevtools/json-schema-ref-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade express-openapi-validator from 5.1.6 to 5.2.0 (#936) Snyk has created this PR to upgrade express-openapi-validator from 5.1.6 to 5.2.0. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/0ac9a5bd-9a7f-4c0e-bf8b-51d0bd4c4448?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * FIX: issue #917 (#935) Co-authored-by: Dušan Miška <dusan.miska@lucis.si> * version 5.2.1 * version 5.3.1 * fix: upgrade express-openapi-validator from 5.1.6 to 5.2.0 (#944) Snyk has created this PR to upgrade express-openapi-validator from 5.1.6 to 5.2.0. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/dc56b04d-b132-445b-bde8-64211be844c7?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: correct security schema logic for OR verification (#946) * version 5.3.2 * fix: upgrade @apidevtools/json-schema-ref-parser from 11.6.4 to 11.7.0 (#947) Snyk has created this PR to upgrade @apidevtools/json-schema-ref-parser from 11.6.4 to 11.7.0. See this package in npm: @apidevtools/json-schema-ref-parser See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps-dev): bump ws from 7.5.5 to 7.5.10 in /examples/9-nestjs (#930) Bumps [ws](https://github.com/websockets/ws) from 7.5.5 to 7.5.10. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/compare/7.5.5...7.5.10) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump braces in /examples/8-top-level-discriminator (#929) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade ajv from 8.15.0 to 8.17.1 (#945) Snyk has created this PR to upgrade ajv from 8.15.0 to 8.17.1. See this package in npm: ajv See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps-dev): bump @babel/traverse in /examples/9-nestjs (#948) Bumps [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) from 7.15.4 to 7.25.4. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.25.4/packages/babel-traverse) --- updated-dependencies: - dependency-name: "@babel/traverse" dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * version 5.3.3 * Update README.md * Use lenient resolver type (#956) In #921, a stronger type applied to OperationHandlerOptions['resolver'] so that end users would have an idea of what the parameters are for their custom resolvers. It went too far in stipulating a return type. Set the return type to unknown and let users decide how much type safety they need in their resolver. Fixes #952 * Change AJV allErrors default and support user setting (#955) * Support setting allErrors for AJV validation AJV recommends setting option `allErrors` to `false` in production. pdate `createAjv()` to respect the user's setting. Avoid introducing a breaking change by defaulting to `true` when not defined by the user. Add tests: 1. Make sure `AjvOptions` sets the value appropriately based on whether the end user defined `allErrors` or not. 2. When validating requests, make sure the number of errors reported (when multiple occur) is 1 when `allErrors` is `false`. The `allErrors` configuration for OpenAPISchemaValidator is not changed by this commit since that validation is for trusted content. Fixes #954 * (Revisions) Support setting allErrors for AJV validation - Do not set allErrors by default **breaking change** * (Revisions) Support setting allErrors for AJV validation - Allow allErrors to be set on requests and responses independently * v5.3.4 * update README * [StepSecurity] ci: Harden GitHub Actions (#959) Signed-off-by: StepSecurity Bot <bot@stepsecurity.io> * chore(deps): bump webpack and @nestjs/cli in /examples/9-nestjs (#953) Bumps [webpack](https://github.com/webpack/webpack) to 5.94.0 and updates ancestor dependency [@nestjs/cli](https://github.com/nestjs/nest-cli). These dependencies need to be updated together. Updates `webpack` from 5.76.2 to 5.94.0 - [Release notes](https://github.com/webpack/webpack/releases) - [Commits](https://github.com/webpack/webpack/compare/v5.76.2...v5.94.0) Updates `@nestjs/cli` from 9.3.0 to 10.4.5 - [Release notes](https://github.com/nestjs/nest-cli/releases) - [Changelog](https://github.com/nestjs/nest-cli/blob/master/.release-it.json) - [Commits](https://github.com/nestjs/nest-cli/compare/9.3.0...10.4.5) --- updated-dependencies: - dependency-name: webpack dependency-type: indirect - dependency-name: "@nestjs/cli" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump braces in /examples/4-eov-operations-babel (#957) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump braces in /examples/5-custom-operation-resolver (#958) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade express-openapi-validator from 5.2.0 to 5.3.1 (#951) Snyk has created this PR to upgrade express-openapi-validator from 5.2.0 to 5.3.1. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/0ac9a5bd-9a7f-4c0e-bf8b-51d0bd4c4448?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Fix changelog breaking changes notice (#961) The breaking change included in entry (2024-08-31) was not added correctly. Fix it. * fix: Dereference path parameters (#962) The OpenAPI spec loader has a `discoverRoutes` method which explores an OpenAPI document and gathers information about the paths and parameters used. The list of discovered path parameters is used to install parameter-specific middleware in `src/openapi.validator.ts#installPathParams` Path parameters declared with `$ref` were not detected in the `discoverRoutes` implementation, leading to the un-coerced values being used. By dereferencing each path parameter when building this list, we should see the same behavior for referenced path parameters and for inline path parameters. Closes https://github.com/cdimascio/express-openapi-validator/issues/803 * v5.3.5 * chore(deps-dev): bump braces from 3.0.2 to 3.0.3 in /examples/9-nestjs (#964) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump braces in /examples/7-response-date-serialization (#963) Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: upgrade express-openapi-validator from 5.2.0 to 5.3.1 (#960) Snyk has created this PR to upgrade express-openapi-validator from 5.2.0 to 5.3.1. See this package in npm: express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/dc56b04d-b132-445b-bde8-64211be844c7?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Update README.md * Update README.md * bodyParsers is deprecated so update with expess bodyParsers (#974) * Change path-to-regexp 6.2.2 to 6.3.0 * express version update * bodyParsers is deprecated so update with expess bodyParsers * update express to 4.21.0 * v5.3.6 * feat(path-to-regexp): path-to-regexp 8.1.0 update (#976) * feat(path-to-regexp): path-to-regexp update to 8.1.0 * feat(path-to-regexp): cleanup notes for PR * feat(path-to-regexp): potential version bump if approved * feat(path-to-regexp): pr change request + added notes for changes --------- Co-authored-by: fkeefer <fkeefer@signiant.com> Co-authored-by: Carmine DiMascio <cdimascio@gmail.com> * fix: upgrade @types/multer from 1.4.11 to 1.4.12 (#983) Snyk has created this PR to upgrade @types/multer from 1.4.11 to 1.4.12. See this package in npm: @types/multer See this project in Snyk: https://app.snyk.io/org/cdimascio/project/f63fb44e-f154-45ba-b1f0-20d49ea578ce?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * v5.3.7 * fix: examples/3-eov-operations/package.json & examples/3-eov-operations/package-lock.json to reduce vulnerabilities (#989) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.json to reduce vulnerabilities (#988) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: examples/2-standard-multiple-api-specs/package.json & examples/2-standard-multiple-api-specs/package-lock.json to reduce vulnerabilities (#987) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: examples/1-standard/package.json & examples/1-standard/package-lock.json to reduce vulnerabilities (#986) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-PATHTOREGEXP-7925106 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * Update README.md * Update README.md * chore(deps): bump body-parser and @nestjs/platform-express (#990) Bumps [body-parser](https://github.com/expressjs/body-parser) to 1.20.3 and updates ancestor dependency [@nestjs/platform-express](https://github.com/nestjs/nest/tree/HEAD/packages/platform-express). These dependencies need to be updated together. Updates `body-parser` from 1.20.2 to 1.20.3 - [Release notes](https://github.com/expressjs/body-parser/releases) - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md) - [Commits](https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3) Updates `@nestjs/platform-express` from 10.3.8 to 10.4.3 - [Release notes](https://github.com/nestjs/nest/releases) - [Commits](https://github.com/nestjs/nest/commits/v10.4.3/packages/platform-express) --- updated-dependencies: - dependency-name: body-parser dependency-type: indirect - dependency-name: "@nestjs/platform-express" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: package.json & package-lock.json to reduce vulnerabilities (#993) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: upgrade express-openapi-validator from 5.3.6 to 5.3.7 (#995) Snyk has created this PR to upgrade express-openapi-validator from 5.3.6 to 5.3.7. See this package in npm: https://www.npmjs.com/package/express-openapi-validator See this project in Snyk: https://app.snyk.io/org/cdimascio/project/dc56b04d-b132-445b-bde8-64211be844c7?utm_source=github&utm_medium=referral&page=upgrade-pr Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(deps): bump cookie and cookie-parser (#996) Bumps [cookie](https://github.com/jshttp/cookie) to 0.7.1 and updates ancestor dependency [cookie-parser](https://github.com/expressjs/cookie-parser). These dependencies need to be updated together. Updates `cookie` from 0.4.1 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](https://github.com/jshttp/cookie/compare/v0.4.1...v0.7.1) Updates `cookie-parser` from 1.4.6 to 1.4.7 - [Release notes](https://github.com/expressjs/cookie-parser/releases) - [Changelog](https://github.com/expressjs/cookie-parser/blob/master/HISTORY.md) - [Commits](https://github.com/expressjs/cookie-parser/compare/1.4.6...1.4.7) --- updated-dependencies: - dependency-name: cookie dependency-type: indirect - dependency-name: cookie-parser dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump path-to-regexp (#997) Bumps [path-to-regexp](https://github.com/pillarjs/path-to-regexp) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/pillarjs/path-to-regexp/releases) - [Changelog](https://github.com/pillarjs/path-to-regexp/blob/master/History.md) - [Commits](https://github.com/pillarjs/path-to-regexp/compare/v6.2.0...v6.3.0) --- updated-dependencies: - dependency-name: path-to-regexp dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: examples/4-eov-operations-babel/package.json & examples/4-eov-operations-babel/package-lock.json to reduce vulnerabilities (#994) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-COOKIE-8163060 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * example 6 enhancements * Create SECURITY.md (#999) * fix: add cookie support for HTTP bearer authentication (#949) * fix: add cookie support for HTTP bearer authentication - Updated validateHttp() to handle bearer tokens in both authorization header and cookies. - Adapted logic to ensure flexibility for projects using HTTP-only cookies instead of headers for authentication. * fix: Refine HTTP authentication validation based on code review feedback - Maintain existing error for missing Authorization header - Add specific error for cookie authentication when specified in security scheme - Consider both Authorization header and cookie for bearer token validation * fix: Revert unintended code style changes made during previous commit * fix: Revert unintended code style changes made during previous commit * fix: fix: update validateHttp to handle missing auth headers properly - Restructure Basic auth validation to check header existence first - Maintain original error messages for non-cookie authentication - Add proper cookie authentication check when specified - Fix undefined.includes() error in Basic auth validation * v5.3.8 * chore(deps): bump cookie and express in /examples/3-eov-operations (#1002) Bumps [cookie](https://github.com/jshttp/cookie) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together. Updates `cookie` from 0.6.0 to 0.7.1 - [Release notes](https://github.com/jshttp/cookie/releases) - [Commits](https://github.com/jshttp/cookie/compare/v0.6.0...v0.7.1) Updates `express` from 4.19.2 to 4.21.1 - [Release notes](https://github.com/expressjs/express/releases) - [Changelog](https://github.com/expressjs/express/blob/4.21.1/History.md) - [Commits](https://github.com/expressjs/express/compare/4.19.2...4.21.1) --- updated-dependencies: - dependency-name: cookie dependency-type: indirect - dependency-name: express dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot…

cdimascio merged commit 5b0058d into master Sep 1, 2024
6 checks passed

cdimascio deleted the snyk-upgrade-05053dcf0e0286f6d9581ecddcdf1c42 branch September 1, 2024 04:52

This was referenced Nov 5, 2024

[Snyk] Upgrade express-openapi-validator from 5.3.6 to 5.3.7 #1007

Closed

[Snyk] Upgrade express-openapi-validator from 5.3.6 to 5.3.7 #1008

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade express-openapi-validator from 5.2.0 to 5.3.1 #951

[Snyk] Upgrade express-openapi-validator from 5.2.0 to 5.3.1 #951

cdimascio commented Aug 26, 2024

(2024-08-05)

(2024-06-02)

5.1.6 (2024-02-11)

5.1.5 (2024-02-10)

5.1.4 (2024-02-09)

5.1.3 (2024-01-27)

5.1.2 (2023-12-04)

5.1.1 (2023-11-21)

5.1.0 (2023-11-12)

5.0.5 (2023-08-23)

5.0.4 (2023-04-30)

5.0.3 (2023-03-04)

5.0.2 (2023-02-11)

5.0.1 (2023-01-09)

[Snyk] Upgrade express-openapi-validator from 5.2.0 to 5.3.1 #951

[Snyk] Upgrade express-openapi-validator from 5.2.0 to 5.3.1 #951

Conversation

cdimascio commented Aug 26, 2024

Snyk has created this PR to upgrade express-openapi-validator from 5.2.0 to 5.3.1.

(2024-08-05)

(2024-06-02)

5.1.6 (2024-02-11)

5.1.5 (2024-02-10)

5.1.4 (2024-02-09)

5.1.3 (2024-01-27)

5.1.2 (2023-12-04)

5.1.1 (2023-11-21)

5.1.0 (2023-11-12)

5.0.5 (2023-08-23)

5.0.4 (2023-04-30)

5.0.3 (2023-03-04)

5.0.2 (2023-02-11)

5.0.1 (2023-01-09)