Skip to content

chore(lapis-docs): bump js-yaml, swagger-ui and swagger-ui-react in /lapis-docs #1454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(lapis-docs): bump js-yaml, swagger-ui and swagger-ui-react in /lapis-docs #1454

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 26, 2025
edited
Loading

Bumps js-yaml, swagger-ui and swagger-ui-react. These dependencies needed to be updated together.
Updates js-yaml from 4.1.0 to 4.1.1

Changelog

Sourced from js-yaml's changelog.

[4.1.1] - 2025-11-12

Security

  • Fix prototype pollution issue in yaml merge (<<) operator.
Commits

Updates swagger-ui from 5.20.1 to 5.30.3

Release notes

Sourced from swagger-ui's releases.

v5.30.3

5.30.3 (2025-11-25)

Bug Fixes

  • deps: update vulnerable @​release-it/conventional-changelog to 10.0.2 (#10645) (6acfc6e)
  • deps: update vulnerable dependencies (js-yaml & glob) (#10644) (03cf01b)
  • utils: handle sanitizing multi-level relative paths (#10640) (58aff59), closes #4107

v5.30.2

5.30.2 (2025-11-04)

Bug Fixes

  • deps: bump react-syntax-highlighter to 16.0.0 (#10620) (270d96d)

v5.30.1

5.30.1 (2025-10-31)

Bug Fixes

  • prevent webook from crashing in case of openapi 3.0 (#10623) (e1ad309)

v5.30.0

5.30.0 (2025-10-27)

Features

v5.29.5

5.29.5 (2025-10-17)

Bug Fixes

  • core: handle complex value stringification in Property component (#10604) (0422415), closes #10535
  • correct spec paths for parameters, responses and request bodies (#10609) (583c4fb)

v5.29.4

5.29.4 (2025-10-10)

Bug Fixes

  • core: refactor UNSAFE_ lifecycle methods in ContentType and OperationContainer (#10373) (2814709), closes #10212

... (truncated)

Commits
  • 199761a chore(release): cut the 5.30.3 release
  • 6acfc6e fix(deps): update vulnerable @​release-it/conventional-changelog to 10.0.2 (#1...
  • 03cf01b fix(deps): update vulnerable dependencies (js-yaml & glob) (#10644)
  • 8d9142e chore(deps): bump actions/checkout from 5 to 6 (#10643)
  • 58aff59 fix(utils): handle sanitizing multi-level relative paths (#10640)
  • 85f0c5f chore(deps): bump js-yaml from 4.1.0 to 4.1.1 (#10637)
  • 7f75ee3 chore(deps): bump actions/setup-node from 5 to 6 (#10608)
  • 2067270 chore(deps): bump github/codeql-action from 3 to 4 (#10595)
  • 30d8f98 chore(release): cut the 5.30.2 release
  • 55160ce chore(deps): bump nginx from 1.29.2-alpine to 1.29.3-alpine (#10627)
  • Additional commits viewable in compare view

Updates swagger-ui-react from 5.20.1 to 5.30.3

Release notes

Sourced from swagger-ui-react's releases.

v5.30.3

5.30.3 (2025-11-25)

Bug Fixes

  • deps: update vulnerable @​release-it/conventional-changelog to 10.0.2 (#10645) (6acfc6e)
  • deps: update vulnerable dependencies (js-yaml & glob) (#10644) (03cf01b)
  • utils: handle sanitizing multi-level relative paths (#10640) (58aff59), closes #4107

v5.30.2

5.30.2 (2025-11-04)

Bug Fixes

  • deps: bump react-syntax-highlighter to 16.0.0 (#10620) (270d96d)

v5.30.1

5.30.1 (2025-10-31)

Bug Fixes

  • prevent webook from crashing in case of openapi 3.0 (#10623) (e1ad309)

v5.30.0

5.30.0 (2025-10-27)

Features

v5.29.5

5.29.5 (2025-10-17)

Bug Fixes

  • core: handle complex value stringification in Property component (#10604) (0422415), closes #10535
  • correct spec paths for parameters, responses and request bodies (#10609) (583c4fb)

v5.29.4

5.29.4 (2025-10-10)

Bug Fixes

  • core: refactor UNSAFE_ lifecycle methods in ContentType and OperationContainer (#10373) (2814709), closes #10212

... (truncated)

Commits
  • 199761a chore(release): cut the 5.30.3 release
  • 6acfc6e fix(deps): update vulnerable @​release-it/conventional-changelog to 10.0.2 (#1...
  • 03cf01b fix(deps): update vulnerable dependencies (js-yaml & glob) (#10644)
  • 8d9142e chore(deps): bump actions/checkout from 5 to 6 (#10643)
  • 58aff59 fix(utils): handle sanitizing multi-level relative paths (#10640)
  • 85f0c5f chore(deps): bump js-yaml from 4.1.0 to 4.1.1 (#10637)
  • 7f75ee3 chore(deps): bump actions/setup-node from 5 to 6 (#10608)
  • 2067270 chore(deps): bump github/codeql-action from 3 to 4 (#10595)
  • 30d8f98 chore(release): cut the 5.30.2 release
  • 55160ce chore(deps): bump nginx from 1.29.2-alpine to 1.29.3-alpine (#10627)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Nov 26, 2025
@vercel
Copy link

vercel bot commented Nov 26, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
lapis Ready Ready Preview Comment Dec 9, 2025 8:35am

@github-actions
Copy link
Contributor

github-actions bot commented Nov 26, 2025
edited
Loading

This is a preview of the changelog of the next release. If this branch is not up-to-date with the current main branch, the changelog may not be accurate. Rebase your branch on the main branch to get the most accurate changelog.

Note that this might contain changes that are on main, but not yet released.

Changelog:

0.7.0 (2025-12-09)

⚠ BREAKING CHANGES

  • lapis: make generateLineageIndex in the database config a string field
  • lapis: lapisAllowsRegexSearch on string metadata fields in the database config is not necessary anymore, regex search is always enabled for all string fields.
  • lapis: No longer support .* wildcard in advanced queries. Use ? syntax instead.
  • lapis: use dot symbol as string search regex separator
  • lapis2: throw exception on invalid variant query Maybe operator is case sensitive (in contrast to SQL and my naive user expectation) #797
  • lapis2: read data from SILO as NDJSON

Features

  • include link to GitHub issues in LapisInfo #692 (ea42ac2)
  • lapis-docs: document string search feature (ae098a9)
  • lapis-docs: give examples for boolean queries (#1470) (d211119)
  • lapis-docs: improve advanced queries docs (#1468) (6df0ed0)
  • lapis-docs: mark sections of the docs that are generated from the config (b2009eb), closes #928
  • lapis-docs: mention n-of syntax earlier (#1471) (d327c74)
  • lapis-e2e: adjust test data to SILO 0.8 (4d785a7)
  • lapis2-docs: document url encoded forms (8c3ba60), closes #765
  • lapis2: allow filtering for null (f680305)
  • lapis2: clear cache when SILO is restarting (6100bff)
  • lapis2: delete insertions metadata types #804 (dd0ecd1)
  • lapis2: implement boolean columns (7718b4f), closes #740
  • lapis2: make "maybe" mutation queries case-insensitive #797 (0af9c7f)
  • lapis2: read data from SILO as NDJSON (767b19d), closes #741
  • lapis2: stream data from SILO (8fcf360), closes #744
  • lapis2: support url encoded form POST requests (f2f62b1), closes #754
  • lapis2: use entrypoint.sh to allow passing JVM_OPTS through env variable (#823) (9b35b8a), closes #821
  • lapis: abort on startup when silo url has invalid syntax (373d662), closes #939
  • lapis: adapt to new generalized lineage system (508bc8e), closes #961
  • lapis: adapt to SILO changes that renamed the unaligned sequences to have the "unaligned_" prefix (#1225) (d669335)
  • lapis: add fields property to mutation endpoints (#1149) (4d8df3a), closes #1092
  • lapis: add siloVersion to response info (#1066) (c1edcf3)
  • lapis: add advanced queries feature (#1144) (b8e8ca8)
  • lapis: add aminoAcidMutationsOverTime (#1270) (c9adf26), closes #1214
  • lapis: add endpoint /sample/alignedAminoAcidSequences to download all genes at once (#1242) (36dfd5f)
  • lapis: add endpoint /sample/unalignedNucleotideSequences for multi-segmented organism to download several sequences at once (#1246) (f9275c2)
  • lapis: add endpoint to download all aligned segments (or a subset) at once (for multi segmented organisms) (#1235) (6207d32)
  • lapis: add example value to /phyloSubtree endpoints docs (#1337) (21e659e)
  • lapis: add healthcheck to Docker containers (0944990), closes #813
  • lapis: add instance name to landing page json (6c5f81b)
  • lapis: add LAPIS version to info response (#1019) (7d8d713)
  • lapis: add mostRecentCommonAncestor endpoint (#1277) (e062ebc)
  • lapis: add nucleotideMutationsOverTime endpoint (#1229) (cade8d9), closes #1205
  • lapis: add parameter fastaHeaderTemplate to customize the fasta header in sequences endpoints (#1258) (ac7fc29), closes #857
  • lapis: add phylo tree queries to variant filters (#1311) (26e3096)
  • lapis: add PhyloDescendantOf filter option (#1284) (d5681e0)
  • lapis: add phyloSubtree endpoint (#1293) (af5f2a3)
  • lapis: allow customizable filename for file downloads (817d3f4), closes #869
  • lapis: auto remove entries from cache when heap limit is reached (f804004)
  • lapis: automate access key rotation (#1429) (edbcfa7)
  • lapis: drop sorting by segment/gene from docs of sequence endpoints (#1268) (bc67a7c), closes #1248
  • lapis: ensure order preservation for muts and dateRanges in mutationsOverTime (#1317) (8d2c731)
  • lapis: expose the lineage definition files used by SILO (#1073) (2ac977c), closes #1034
  • lapis: for protected data, require >= 10 sequences per request (#1428) (4f4c429)
  • lapis: hint to which regex syntax is used in Swagger docs (ca4fcdc), closes #903
  • lapis: ignore false-positive compiler warning and add comment (#1174) (6c61a48)
  • lapis: implement landing page when calling / #856 (b886b7d)
  • lapis: make generateLineageIndex in the database config a string field (#1377) (3f02855)
  • lapis: make it possible to fetch sequences in JSON and NDJSON format (ba18956), closes #971
  • lapis: make thread count for SILO client configurable (#1352) (d541fb8)
  • lapis: mutationsOverTime endpoint: return total sequence count per dateRange (#1316) (b29c921)
  • lapis: omit sequences with null values in unaligned fasta downloads (f1931a6), closes #912
  • lapis: only allow regex search for fields that have lapisAllowsRegexSearch: true configured (d146717), closes #898
  • lapis: order CSV/TSV columns of aggregated/details data as specified in the request fields or as in the database config (6cf8704), closes #910
  • lapis: pass through coverage from SILO in mutation endpoints (#1094) (ed90514), closes #1091
  • lapis: regex filtering for string columns #898 (b3e7775)
  • lapis: rename phyloTreeNodeIdentifier as isPhyloTreeField (#1291) (ea4b5ba)
  • lapis: return empty lineage definitions when SILO returns an empty file (#1126) (64651ad)
  • lapis: stream JSON responses (#1053) (bfb5f99), closes #1047
  • lapis: support random with seed (#1426) (0773dcd)
  • lapis: support TSV with escaped special characters (#1295) (d2599f2)
  • lapis: throw error when filtering by "equals" and "regex" for the same string field (540d63a), closes #899
  • lapis: update CHANGELOG.md with details of backported LAPIS v0.5.19 (#1405) (00bdcfb)
  • lapis: use dot symbol as regex separator #908 (3728c7e)
  • lapis: validate that lapisAllowsRegexSearch-fields are of type string (97b3ce9)
  • lapis: validate that metadata fields do not contain the reserved character . (97b3ce9), closes #976
  • log to files again (additionally to stdout) #692 (1acedad)
  • log whether request was cached #717 (3de90f1)
  • return structured mutation and insertion responses #718 (af38e93)

Bug Fixes

  • lapis-docs: allow all hosts (#1129) (d0ea4e2), closes #1124
  • lapis-docs: config generator: dateToSortBy, partitionBy and features is optional (4e905e8)
  • lapis-docs: correct invalid gene in example (#1165) (42b79a2)
  • lapis-docs: fix condition when to show the "variant queries are not available" banner (#1186) (6fe60fe)
  • lapis-docs: fix link on landing page (d4137b3)
  • lapis-docs: mention how arrays must be supplied in form urlencoded requests (#1128) (4f24a76), closes #1089
  • lapis-docs: Sequence file naming scheme uses indexes now not names (1e7cd60)
  • lapis-e2e: fix invalid insertion indices (#1421) (53f2dab)
  • lapis-e2e: remove tests that rely on order without specifying lapis to sort output (#1163) (9d30e29)
  • lapis2-docs: relative links must not end with a / (992210d)
  • lapis2-docs: use relative links so that they work when deployed behind a proxy #725 (0cfa8ec)
  • lapis2: also log which line of the SILO response failed to parse (d1badea)
  • lapis2: bring back request id header in OpenAPI docs (eb75391), closes #627
  • lapis2: log request id again (26f83c9)
  • lapis2: only accept a single variant query in a request #798 (54df8e5)
  • lapis2: prefer zstd over gzip #738 (1fb67ac)
  • lapis2: throw exception on invalid variant query #797 (980806a)
  • lapis: add missing dataFormat to amino acid mutation GET endpoint in Swagger UI (#1160) (5c4dbe2), closes #1159
  • lapis: advanced queries: make .regex case-insensitive (#1198) (fd85fa5)
  • lapis: advanced queries: tell which metadata fields exist when finding an unknown one (#1209) (1011154)
  • lapis: allow advanced queries to be used with simple variant and metadata queries (#1212) (8a1409e)
  • lapis: also don't log the stack trace when SILO says that it's not available yet (#1376) (b4ee14d)
  • lapis: also regard request parameters for non-GET requests (#1427) (4c8cf32)
  • lapis: also return CSV header when there are no data (#1138) (aba1320), closes #1090
  • lapis: also return sequences that are null when requesting JSON or NDJSON (#1256) (a888965), closes #1255
  • lapis: always return a data version (#1467) (57e1cfa)
  • lapis: close connection to SILO if client cancels request to LAPIS (#1393) (17012a8)
  • lapis: don't show the single segmented sequence download when there are no nucleotide sequences (#1054) (f27f94b)
  • lapis: don't spam the log with stack traces when SILO can't be reached (#1373) (0e35d0f)
  • lapis: fix 500 server error in *mutationsOverTime endpoints (#1357) (d056d6c)
  • lapis: fix computation of downloaded file ending with multiple accept headers (3b679a8), closes #890
  • lapis: fix description of mutation objects in OpenApi spec (#1051) (c6f625e)
  • lapis: fix download file ending for csv-without-headers data format (65afba0), closes #871
  • lapis: fix response schema of /phyloSubtree in OpenAPI spec (#1336) (c3c3e75)
  • lapis: fix Swagger UI layout of GET requests (#1217) (70b0089), closes #1193
  • lapis: get rid of logger config deprecation warnings in the log (e7c3908), closes #972
  • lapis: increase maximum string length in JSON parser (#1332) (1765428)
  • lapis: make sure that the downloaded database config has all field that the original file had (#1327) (c10673c)
  • lapis: mutations over time need only aggregatedDataAccessKey (#1303) (baadcee)
  • lapis: never show whitelabel error page (eb03345), closes #890
  • lapis: nucleotideInsertionContains correctly handles segment (4776a3e)
  • lapis: only keep old log files for 30 days (#1111) (66952c5)
  • lapis: pass correctly escaped stop codon to SILO (be1bb87), closes #1105
  • lapis: prevent errors for mutationsOverTime endpoint and potentially other endpoints (#1322) (bed930b)
  • lapis: reject unknown data formats (#1093) (b1cc7fd), closes #1078
  • lapis: return proper error message when lineage definition from SILO is invalid YAML (#1117) (cdf9b63), closes #1104
  • lapis: truncate error details if they are too long (#1334) (b51157d)
  • speed up compressing responses #717 (1624580)
  • write empty string to CSV/TSV for null values #708 (c8872ba)

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/lapis-docs/multi-a31abc1e7a branch from e54ea6e to f504d54 Compare December 1, 2025 22:19
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/lapis-docs/multi-a31abc1e7a branch from f504d54 to cf3bffc Compare December 8, 2025 19:10
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/lapis-docs/multi-a31abc1e7a branch from cf3bffc to c498278 Compare December 9, 2025 08:32
@dependabot
chore(lapis-docs): bump js-yaml, swagger-ui and swagger-ui-react
16b7f52 
Bumps [js-yaml](https://github.com/nodeca/js-yaml), [swagger-ui](https://github.com/swagger-api/swagger-ui) and [swagger-ui-react](https://github.com/swagger-api/swagger-ui). These dependencies needed to be updated together.

Updates `js-yaml` from 4.1.0 to 4.1.1
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](nodeca/js-yaml@4.1.0...4.1.1)

Updates `swagger-ui` from 5.20.1 to 5.30.3
- [Release notes](https://github.com/swagger-api/swagger-ui/releases)
- [Changelog](https://github.com/swagger-api/swagger-ui/blob/master/.releaserc)
- [Commits](swagger-api/swagger-ui@v5.20.1...v5.30.3)

Updates `swagger-ui-react` from 5.20.1 to 5.30.3
- [Release notes](https://github.com/swagger-api/swagger-ui/releases)
- [Changelog](https://github.com/swagger-api/swagger-ui/blob/master/.releaserc)
- [Commits](swagger-api/swagger-ui@v5.20.1...v5.30.3)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.1.1
  dependency-type: direct:production
- dependency-name: swagger-ui
  dependency-version: 5.30.3
  dependency-type: direct:production
- dependency-name: swagger-ui-react
  dependency-version: 5.30.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/lapis-docs/multi-a31abc1e7a branch from c498278 to 16b7f52 Compare December 9, 2025 08:34
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 11, 2025

Looks like these dependencies are up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Dec 11, 2025
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/lapis-docs/multi-a31abc1e7a branch December 11, 2025 07:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant