Update dependency swagger-typescript-api to ^13.12.4#222
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
e6df5dd to
8f5d846
Compare
8f5d846 to
129b7bc
Compare
129b7bc to
577f3fc
Compare
577f3fc to
32ca482
Compare
32ca482 to
1a22a6f
Compare
5b3cf96 to
a41bdc2
Compare
a41bdc2 to
a27434b
Compare
a27434b to
8662fde
Compare
f6cc0cc to
0a9af9f
Compare
0a9af9f to
7cf1dbb
Compare
7cf1dbb to
9882387
Compare
6e3ad09 to
cd7f1c6
Compare
b0d2c06 to
0d1e495
Compare
0ac3781 to
226e0fd
Compare
896b8b1 to
94a5e60
Compare
94a5e60 to
0f15d18
Compare
c320a6e to
8bd94dc
Compare
70d5d94 to
c0933ee
Compare
ab2e554 to
7be9036
Compare
7be9036 to
109b19a
Compare
5be9a4a to
3022533
Compare
f44b183 to
262a55b
Compare
023facb to
0030fbe
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^13.0.22→^13.12.4^13.0.23→^13.12.4Release Notes
acacode/swagger-typescript-api (swagger-typescript-api)
v13.12.4Compare Source
Patch Changes
5a327e9Thanks @js2me! - Security: Potential SSRF via URL input in Request.download()#1803
7bd2b17Thanks @morgan-coded! - Handle object-shaped not schemas without crashingv13.12.3Compare Source
Patch Changes
77a5bbcThanks @js2me! - update deps to latestv13.12.2Compare Source
Patch Changes
#1779
306d59aThanks @js2me! - Fix code injection via unescaped enum string values in generated TypeScript enumsMalicious OpenAPI specs could embed arbitrary JavaScript in
components.schemas.*.enumstring values.Ts.StringValuewrapped values in double quotes without escaping, allowing attackers to break out of generated enum declarations and inject code that executes at module load when consumers import the generated client. Enum string values are now properly escaped.Reported by @thegr1ffyn: GHSA-5f94-x226-ccpm.
#1779
306d59aThanks @js2me! - Fix code injection via unescapedservers[0].urlin generated axios and fetch HTTP clientsMalicious OpenAPI specs could embed arbitrary JavaScript in
servers[0].url. The value was interpolated raw into string literals in generated client constructors, allowing computed-property-key injection and arbitrary code execution when consumers instantiatedHttpClientorApi(axios) or imported the generated module (fetch).apiConfig.baseUrlis now escaped once at the source before template rendering.Reported by @thegr1ffyn: GHSA-38c3-wv3c-v3xj (axios), GHSA-hqj5-cw9f-rx67 (fetch).
#1779
306d59aThanks @js2me! - Fix code injection via unescaped OpenAPI path strings in generated method bodiesMalicious OpenAPI specs could embed arbitrary JavaScript in path keys. Values were interpolated raw into template literals in generated API methods, so
${…}expressions ran with full process privileges on every call to the affected method. Route paths are now escaped for template-literal insertion while preserving deliberate${paramName}interpolations for declared path parameters.Reported by @thegr1ffyn: GHSA-w284-33mx-6g9v.
#1779
306d59aThanks @js2me! - Fix authorization-token exfiltration and SSRF via spec$refduring remote schema resolutionWhen generating from a remote OpenAPI spec, the generator walked every external
$refand fetched anyhttp(s)://URL without validating the target. A malicious spec could force HTTP requests to loopback, RFC-1918, link-local (including cloud metadata at 169.254.169.254), or internal hostnames reachable from the generator process. Redirect chains were also followed without re-validation.Remote schema fetches now enforce a defense-in-depth policy:
localhost$reftargets remain allowed--urlspec source even on loopback (local development)authorizationTokenonly to same-origin remote URLs, not cross-origin$reftargetsReported by @thegr1ffyn: GHSA-h754-fxp7-88wx, GHSA-x36r-4347-pm5x.
v13.12.1Compare Source
Patch Changes
caa2874Thanks @js2me! - update all deps to latest (patch + minor deps, no major updates)v13.12.0Compare Source
Minor Changes
691559aThanks @js2me! - AddenumStyle: "const-enum"to generate TypeScriptconst enumdeclarations for schema enums and the built-inContentType.v13.11.2Compare Source
Patch Changes
691d07dThanks @js2me! - Fix schema type name resolution when preferExistingSchemaNamesForExternalRefs is falseWhen
preferExistingSchemaNamesForExternalRefsis disabled, schema components with external refs were not re-parsed with the correct type name formatter, leading to incorrect type names in generated output. Now the formatter is precommitted with existing component names and affected schemas are re-parsed.v13.11.1Compare Source
Patch Changes
bfad977Thanks @js2me! - fixed preferExistingSchemaNamesForExternalRefs parameterv13.11.0Compare Source
Minor Changes
f5cb2daThanks @js2me! - Fix external file$refresolution and add cleaner schema naming for split OpenAPI specs.Bug fixes
./SidecarConfig.yaml,./models/sidecar-config.yaml) without producing ghost types such asSidecarConfigYamlthat were referenced in generated output but never exported.models,definitions, and.as schema components instead of misclassifying them as OpenAPI component sections..yaml,.yml, and.jsonextensions.components.schemas.export interfacedeclarations (e.g. multipleNovaEntityNovaEntity) and TypeScript merge conflicts.pathItemsas a validcomponentssection when resolving JSON pointer segments.New option
preferExistingSchemaNamesForExternalRefs(CLI:--prefer-existing-schema-names-for-external-refs).When enabled, if an external schema file name matches an existing local component name (e.g.
./Specification.yaml→Specification), the generator reuses the local schema name instead of emitting redundant names likeSpecificationSpecificationorNovaEntityNovaEntity.Local
$ref-only components are eagerly resolved before parsing.Tests
paths-2regression tests for remote OpenAPI specs with relative cross-file refs (CICD Spec Manager fixture).paths-2-prefer-existing-schema-namestests for the new naming option, including strict TypeScript checks of generated snapshot output viatsc.Patch Changes
6d00192Thanks @Upgrade220! - FixContentTypein http-client not respectingenumStyle: "union". It now generates a plain type alias instead of an enum, and all call sites emit string literals instead ofContentType.Jsonetc.v13.10.0Compare Source
Minor Changes
9d493e8Thanks @Upgrade220! - AddenumStyleoption ("enum" | "union" | "const") to control enum output format."const"generatesas constobjects with a companion type alias, including the built-inContentTypein the http-client.generateUnionEnumsis deprecated in favor ofenumStyle: "union".Patch Changes
fed24c6Thanks @Upgrade220! - Fix: combined query params object now correctly gets a default value of{}when all its fields are optional and no path params are present (extractRequestParams mode)v13.9.3Compare Source
Patch Changes
ef8114dThanks @js2me! - correct processing parse swagger 2.0 schema as async taskv13.9.2Compare Source
Patch Changes
81d8dabThanks @js2me! - better typings for swaggerSchema, originalSchema and resolvedSwaggerSchemav13.9.1Compare Source
Patch Changes
#1466
e109c9aThanks @k1rd3rf! - Add possibility to change default request paramsUseful when overriding the http client, and you want to make sure the request params are set.
Can be set to
""in order to not make it optional.v13.9.0Compare Source
Minor Changes
58c6818Thanks @js2me! - local fragment ref partial support (#..)v13.8.0Compare Source
Minor Changes
1a1f5b6Thanks @js2me! - support gitlab repository files external refs74d16fbThanks @js2me! - support github repository files external refsv13.7.2Compare Source
Patch Changes
5f6b28aThanks @js2me! - yet another fix of the issue #1433 (incorrect yaml multiline parsing)v13.7.1Compare Source
Patch Changes
189ad98Thanks @js2me! - fixed normalization external refs in swagger schemav13.7.0Compare Source
Minor Changes
beccbaaThanks @js2me! - AddtypeNameSeparatorconfig option for joiningtypePrefix, type name,and
typeSuffixinTypeNameFormatter.This separator is primarily effective with
disableFormatTypeNames: true,or when custom
hooks.onFormatTypeNamepreserves separators withoutnormalization.
162739aThanks @js2me! - AdddisableFormatTypeNamesoption to disable type name formattingand normalization in the generator.
When enabled, generated names keep raw separators (for example,
Foo_BarstaysFoo_Bar), which prevents collisions caused bystartCase-based normalization (such asFoo_BarandFooBarboth becoming
FooBar).The option is available in config and via CLI as
--disable-format-type-names, and is covered by a dedicatedspec test in
tests/spec/disableFormatTypeNames.Patch Changes
#1726
1b60264Thanks @mlewando-cp! - Dedupe colliding TypeScript identifiers produced by theTypeNameFormatter.Two OpenAPI schema keys that differ only in separator placement — e.g.
Foo_BarandFooBar— used to collapse to the same identifier viastartCase+ whitespace-strip and emit twoexport interface FooBardeclarations (TS2717 whenever the shapes differed).
TypeNameFormatternow exposes aprecommit(rawNames)method the generatorcalls once after loading schema components and before schema parsing. It
resolves every raw name in two passes — canonical names (raw === formatted
output) claim their slot first, then non-canonical names suffix-until-free —
so user-declared identifiers like
FooBar1are preserved regardless ofsource order, and collisions deterministically produce
FooBar,FooBar1,FooBar2, … References to each schema (including inline generics in routehandlers) stay consistent with the emitted
export interfacedeclarations.format()is now a pure cache lookup with a fallback for names discoveredafter precommit (enum keys,
extractEnums/extractResponsesresults). Allformatting logic is concentrated in a single private
computeFormattedNamehelper, so the new behavior composes cleanly with
disableFormatTypeNamesand
typeNameSeparator.Fixes #1724.
v13.6.11Compare Source
Patch Changes
586d60bThanks @tenenger7125! - Add: null to allOf intersection types with nullable(true)v13.6.10Compare Source
Patch Changes
08026efThanks @js2me! - add servers field to route info rawv13.6.9Compare Source
Patch Changes
756f5aaThanks @js2me! - rich typings and data for parsed route raw datav13.6.8Compare Source
Patch Changes
8414b3cThanks @js2me! - Fix extracted response/error type names colliding with existing schemas. Add tests.v13.6.7Compare Source
Patch Changes
4603a7eThanks @js2me! - fixed bug #1668 (random of type names)v13.6.6Compare Source
Patch Changes
d57ecdcThanks @js2me! - fix bug #1433 (incorrect yaml multiline files)v13.6.5Compare Source
Patch Changes
bd68761Thanks @js2me! - fixed bug linked with unused query param (bug #1433 , 1 point)v13.6.4Compare Source
Patch Changes
df7147eThanks @js2me! - fixed bug #1433 (multiline descriptions bug)v13.6.3Compare Source
Patch Changes
41bdc18Thanks @js2me! - fixed convertation format: json\blob for responses with extractResponseBody flag41bdc18Thanks @js2me! - fixcontentTypesinternal field for routev13.6.2Compare Source
Patch Changes
1f1ba56Thanks @js2me! - add internal pass data for binary checks responsesv13.6.1Compare Source
Patch Changes
586d60bThanks @tenenger7125! - Add: null to allOf intersection types with nullable(true)v13.6.0Compare Source
Minor Changes
c4b02dbThanks @js2me! - paths with"produces"with binary mime types only should return only binary type -Blobv13.5.0Compare Source
Minor Changes
1ed598bThanks @js2me! - add missingstring->byteconvertaion (Blob)v13.4.0Compare Source
Minor Changes
f2f27aaThanks @js2me! - supportcontentMediaTypeproperty#1643
7f76066Thanks @nolannbiron! - Wrap Record types in Partial for propertyNamesv13.3.1Compare Source
Patch Changes
96f5b8dThanks @js2me! - fixes #551 issue (@type property in interfaces)f032ff1Thanks @js2me! - fixed #893 issue639c3aeThanks @js2me! - fixed #1536 issuev13.3.0Compare Source
Minor Changes
#1434
6d977ddThanks @js2me! - partial support external paths by ref (#447)#1434
6d977ddThanks @js2me! - added partial support links property (jsdoc ref only)v13.2.18Compare Source
Patch Changes
#1620
def2833Thanks @smorimoto! - RestoreobjectAssignutility with es-toolkit to fixcodeGenConstructsandprimitiveTypeConstructsoptions. The lodash-to-es-toolkit migration (#1562) replacedobjectAssignwithObject.assign, which broke function-form arguments and deep merging. This restores both behaviors: functions are called with the current struct before merging, and nested properties are preserved via deep merge.#1611
92a2d46Thanks @smorimoto! - Escape*/sequences in generated JSDoc content to prevent comment injection from OpenAPI fields.v13.2.17Compare Source
Patch Changes
#1603
19a4d29Thanks @clicktodev! - Fix missing closing angle bracket indescribeReturnTypefunction's default case, which produced malformed return type syntaxPromise<HttpResponse<T, E>instead ofPromise<HttpResponse<T, E>>.#1606
0528831Thanks @smorimoto! - Replace Yarn with Bun as the package manager.v13.2.16Compare Source
Patch Changes
#1459
6b485ddThanks @smorimoto! - Downgrade eta from 4.0.1 to 3.5.0 to fix module resolution error.After the upgrade to eta@4.0.1 in version 13.2.11, API generation started
failing with
ERR_PACKAGE_PATH_NOT_EXPORTED: No "exports" main defined in eta/package.json. This issue is caused by incorrect package exportconfiguration in eta@4.0.1, which is tracked in the upstream repository.
Downgrading to eta@3.5.0 resolves the module resolution error whilst
maintaining compatibility with the existing template system.
Fixes #1427.
v13.2.15Compare Source
Patch Changes
afc2448Thanks @js2me! - added ability to override usageSchema and originalSchema after onInit hook and before all other operationsv13.2.14Compare Source
Patch Changes
#1398
d987aeeThanks @k1rd3rf! - Fix modular template to always generate class property syntax.The modular template was incorrectly using object method syntax (
:and,) when route.namespace was present, introduced by PR #1326. Thiscaused TypeScript syntax errors in generated code.
The modular template should always generate class properties with arrow
functions (
=and;), regardless of namespace presence.This resolves the issue reported in #1366 where version 13.2.8 generated
invalid TypeScript code with modular templates.
v13.2.13Compare Source
Patch Changes
#1424
aa79764Thanks @smorimoto! - Ensure discriminator mappings use union enum literals.Resolve discriminator mapping generation to use literal values when
generateUnionEnumsis enabled to avoid emitting enum member references.Add regression coverage that snapshots the discriminator output with
union enums.
#1422
724b0cdThanks @smorimoto! - Replacejs-yamlwithyaml.Switch YAML parsing from
js-yamltoyaml. Update the resolver touse
YAML.parsewhenJSON.parsefails. Removejs-yamland its types,add
yamlas a runtime dependency. No public API changes.v13.2.12Compare Source
Patch Changes
#1420
426433bThanks @smorimoto! - Move@types/lodashandopenapi-typesto dependencies.These type packages are referenced by the published declarations, so consumers
require them at install time for correct type resolution. Moving them from
devDependenciesprevents downstream TypeScript errors whilst having noruntime impact.
v13.2.11Compare Source
Patch Changes
#1390
5897e4bThanks @MatanAvneri! - Fix being able to call getComponentByRef from templates.#1393
9a7c788Thanks @RoCat! - Ensure discriminators are just after enums in components list to avoid cyclic errors.#1416
cd127a9Thanks @smorimoto! - Fix fetch client response parsing without re-reading body.v13.2.10Compare Source
Patch Changes
7b7351fThanks @js2me! - Fix missing exported interfaces and types.v13.2.9Compare Source
Patch Changes
#1384
0caea2cThanks @smorimoto! - Fix enum const parsing for substrings of primitive types.#1381
ba052f4Thanks @smorimoto! - Support extracting request parameters for routes that only declare path parameters, such asDELETEmethods.#1382
792e96cThanks @smorimoto! - Fix enum string value quoting when schema type mismatches.#1385
859fc64Thanks @smorimoto! - Avoid response cloning in fetch HTTP client to prevent memory leaks (#779).#1383
8191970Thanks @smorimoto! - Automatically extract enums when using enum names as values.#1376
bec35e8Thanks @smorimoto! - MergeGenerateApiParamsBaseintoGenerateApiConfigurationto remove duplicated type definitions and expose missing configuration fields. Document configuration defaults with JSDoc tags.#1378
912e521Thanks @smorimoto! - Allow partialextractingOptionsingenerateApiconfiguration.#1380
fec0a09Thanks @smorimoto! - Add test verifying primitive + objectanyOfunions.#1376
bec35e8Thanks @smorimoto! - Restoremodularoption typing ingenerateApiparameters.#1379
339a167Thanks @smorimoto! - Support synchronousrequirein templates using Node'screateRequire.v13.2.8Compare Source
Patch Changes
#1326
99b5f50Thanks @thejhh! - Fix TypeScript generation failure for operationIds starting with numbersWhat: Fixed an issue where operationIds starting with numbers (e.g., "123getUser") would cause TypeScript generation to fail due to invalid identifier names.
Why: OperationIds that start with numbers are not valid JavaScript identifiers, causing syntax errors in the generated TypeScript code.
How: Modified the template logic to quote property names for invalid identifiers. OperationIds starting with numbers are now generated as quoted properties (e.g.,
"123GetUser": ...) instead of unquoted invalid identifiers.This resolves GitHub issue #952.
#1008
c2d3e6aThanks @frazar! - Fix handling of FormData inputs in Fetch HTTP clientPreviously, when users passed a
FormDataobject directly to the Fetchclient's
multipart/form-dataformatter, it would incorrectly attempt to useObject.keys()on the FormData instance, which returns an empty array. Thiscaused the FormData to be processed incorrectly.
The fix adds a type check to return FormData instances unchanged, allowing
users to have full control over FormData construction when needed whilst
maintaining backwards compatibility for object inputs. This aligns the Fetch
client behaviour with the existing Axios client implementation.
This resolves issues where users needed to send multipart requests with
multiple entries for the same key, which is only possible with direct FormData
manipulation.
v13.2.7Compare Source
Patch Changes
36fc899Thanks @js2me! - add missing required state for query param with $refv13.2.6Compare Source
Patch Changes
fe125cbThanks @js2me! - better extracting description for request body extacting typesv13.2.5Compare Source
Patch Changes
790feceThanks @js2me! - added support x-propertyNames, propertyNames for object typesv13.2.4Compare Source
Patch Changes
9552c0aThanks @js2me! - added support of x-enum-descriptions propertyv13.2.3Compare Source
Patch Changes
a87883bThanks @smorimoto! - Bump Biome to 2.0.v13.2.2Compare Source
Patch Changes
87da340Thanks @smorimoto! - Pin versions of internal Biome packages.v13.2.1Compare Source
Patch Changes
#1620
def2833Thanks @smorimoto! - RestoreobjectAssignutility with es-toolkit to fixcodeGenConstructsandprimitiveTypeConstructsoptions. The lodash-to-es-toolkit migration (#1562) replacedobjectAssignwithObject.assign, which broke function-form arguments and deep merging. This restores both behaviors: functions are called with the current struct before merging, and nested properties are preserved via deep merge.#1611
92a2d46Thanks @smorimoto! - Escape*/sequences in generated JSDoc content to prevent comment injection from OpenAPI fields.v13.2.0Compare Source
Minor Changes
1039ff1Thanks @gletournel! - Add support for json:api content type.Patch Changes
#1225
a013686Thanks @smorimoto! - Update the internal Biome to latest beta release.#1266
469ded7Thanks @dependabot! - Update the internal Biome to latest beta release.#1235
0e251bbThanks @smorimoto! - Fix typos in CLI option description and warning message.#1270
c79625eThanks @smorimoto! - Removerequiredfield from command definitions for now.v13.1.3Compare Source
Patch Changes
3cc0194Thanks @smorimoto! - Searchswagger-typescript-api.configinstead ofconfigby default.v13.1.2Compare Source
Patch Changes
1cb1c9cThanks @smorimoto! - IntegrategenerateCommandarguments and run method into main command.v13.1.1Compare Source
Patch Changes
e477b58Thanks @RoXuS! - Ensure enums are at the top of the components to avoid issue on recursive schema parsing.v13.1.0Compare Source
Minor Changes
ea1df18Thanks @smorimoto! - Usec12for wider configuration file format support.Patch Changes
#1171
c1cc45aThanks @smorimoto! - Fix TypeScript declaration file path.#1149
9d2d66aThanks @smorimoto! - Re-add TypeScript definitions for better type support.#1145
73f6bfdThanks @smorimoto! - Replace Prettier with Biome as the code formatter to improve performance during the code generation phase.#1141
821bfadThanks @dding-g! - Remove redundantunion-enumsoption in favor ofgenerate-union-enums.v13.0.28Compare Source
Patch Changes
6851bdcThanks @smorimoto! - Fix description forclientoption ingenerateCommand.#1121
5eadf67Thanks @takayukioda! - Fix to not useno-prefix in options.edca5deThanks @smorimoto! - Fix option name forgenerateUnionEnumsingenerateCommand.9fa8f41Thanks @smorimoto! - Sort the CLI arguments alphabetically.v13.0.27Compare Source
Patch Changes
c5e8d45](https://redirect.github.cConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.