fix(deps): bump react-syntax-highlighter to 16.0.0

[jaeminkim87]

Description

This PR updates the react-syntax-highlighter dependency in swagger-ui-react to v16.0.0, resolving a moderate PrismJS vulnerability (GHSA-x7hr-w5r2-h6wg).

This issue occurs only within the swagger-ui-react package, due to its dependency chain:

swagger-ui-react → react-syntax-highlighter → refractor → prismjs

As of [email protected] , the vulnerability has been patched.

Motivation and Context

Running npm audit in the swagger-ui-react package reports the following issue:

prismjs  <1.30.0
Severity: moderate
PrismJS DOM Clobbering vulnerability - https://github.com/advisories/GHSA-x7hr-w5r2-h6wg
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/refractor/node_modules/prismjs
  refractor  <=4.6.0
  Depends on vulnerable versions of prismjs
  node_modules/refractor
    react-syntax-highlighter  6.0.0 - 15.6.6
    Depends on vulnerable versions of refractor
    node_modules/react-syntax-highlighter

11 vulnerabilities (10 moderate, 1 high)

This update removes the vulnerable dependency and clears all audit warnings specific to swagger-ui-react.

After upgrading, audit results show:

No other vulnerable packages were modified by this PR.

8 vulnerabilities (7 moderate, 1 high)

References:

• Advisory: GHSA-x7hr-w5r2-h6wg
• Release note: react-syntax-highlighter v16.0.0

How Has This Been Tested?

• Verified syntax highlighting behavior in Swagger UI React components.
• Ensured there were no regressions or rendering differences after dependency update.
• Confirmed npm audit shows zero vulnerabilities for swagger-ui-react.

Screenshots (if appropriate):

N/A

Checklist

My PR contains...

• Dependency changes (any modification to dependencies in package.json)
• Bug fixes (non-breaking change which fixes an issue)

My changes...

• are breaking changes to a public API (config options, System API, major UI change, etc).
• are breaking changes to a private API (Redux, component props, utility functions, etc.).
• are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
• are not breaking changes.

Documentation

• My changes do not require a change to the project documentation.

Automated tests

• My changes can not or do not need to be tested.
• My changes can and should be tested by unit and/or integration tests.
• All new and existing tests passed.

[robert-hebel-sb]

hey @jaeminkim87 👋
thank you for creating this PR 💟
could you run npm i command and commit updated package-lock.json as well?

[jaeminkim87]

Thanks for the feedback! @robert-hebel-sb
I’ve run npm i and committed the updated package-lock.json.

[swagger-bot]

🎉 This PR is included in version 5.30.2 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀