- New top-level field - `webhooks`. This allows describing out-of-band webhooks that are available as part of the API.
- New top-level field - `jsonSchemaDialect`. This allows defining of a default `$schema` value for Schema Objects
- The Info Object has a new `summary` field.
- The License Object now has a new `identifier` field for SPDX licenses. This `identifier` field is mutually exclusive with the `url` field. Either can be used in OpenAPI 3.1 definitions.
- Components Object now has a new entry `pathItems`, to allow for reusable Path Item Objects to be defined within a valid OpenAPI document.
- `License` and `Contact` components are now exported and available via `getComponent`
- New version predicates and selectors for `isOpenAPI30` and `isOpenAPI31`. This avoids needing to change the usage of `isOAS3` selector.
- New OAS3 components: `Webhooks`
- New OAS3 wrapped components: `Info`, `License`
* Added tooling for appending OAS3 relative URLs to selected Server
Info
* Terms of service URL
* Contact URL
* License URL
* External Docs URL
Tag
* Tag External Docs URL
Operation
* Operation External Docs
** Operation Tag
Co-authored-by: Tim Lai <timothy.lai@gmail.com>
This commit changes markdown sanitization behaviour in following way:
class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.
The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.
* v3.17.6
* release(3.17.6): rebuild dist
* add failing tests
* fix Link component
* fix OnlineValidatorBadge component
* switch from <a> to <Link> in operation components
* make Markdown inputs safe
* use Link component in Info block, for target safety
* add eslint rule for unsafe `target` usage
