feat: support validation of OpenAPI 3.1 definitions

[erunion]

🧰 Changes

There's a couple major additions here!

• Pulled across the already in-progress OpenAPI 3.1 support and got it fully working.
• Replaced the z-schema validation engine with ajv.
• Pulled in a soft-fork of @apidevtools/json-schema-ref-parser of mine that updates the internal YAML parser to not convert dates and times to JS Date objects because this breaks OAS validation (and there were a number of tests skipped here because of this -- these tests now get run). See fix: force YAML loading to confirm to JSON-compatible types APIDevTools/json-schema-ref-parser#247 for that upstream PR of mine.
• Forked better-ajv-errors and pulled that in. Also overhauled the error stack that we're supplying it so that we make an attempt to show the user the real problem that they've got and not an upstream side-effect.
  • This was a side-effect of moving to AJV because AJV returns a stack of parents and children and better-ajv-errors in most cases prefers the parent. In the event of somebody misplacing type in a parameter object better-ajv-errors would surface them a garbage "must match exactly one schema in oneOf" error further up in their API definition. With the work that I did here, we'll instead tell them "type does not belong here".
• Skipping a circular ref test that's currently broken with an upgrade of @apidevtools/json-schema-ref-parser. It's only broken for externally local file references so it should be okay for now to skip until a fix comes in upstream.
• Added a new option to the library to control if these improved errors are colorized or not.

👩‍🔬 Support for OpenAPI 3.1 definitions

There's been a WIP pull request for this support in swagger-parser since June (swagger-parser#171) but activity on it has stagnated too long for us.

Fortunately, and unfortunately for us, getting this PR working has required the replacement of the internal validator library of z-schema with Ajv. This was done for a few reasons:

• z-schema doesn't support JSON Schema Draft 7 (which OpenAPI 3.1 uses) yet so there required some hacks in place to get that working.
• With those fixes in place, z-schema can't handle x-* properties at the root level of an OAS 3.1 definition.
• We've never been happy with the way that this library, and z-schema, returns errors because unless you understand JSON pointers and JSON Schema internals they're usually gibbrish.

Since we're already here overhauling the internals of this library, we might as well go ham with more changes that we've long desired, which brings me to the other major change here.

💥 Overhauling error handling

Currently for an invalid schema swagger-parser will return an error block of the following:

Though this error block does tell you that type is not allowed at #/paths/Accounts/parameters/0, the contents of this error are not friendly for someone (particularly of the non-technical nature) not intimately familiar with OpenAPI. Thankfully there exists a library that Atlassian has called better-ajv-errors that can make this a lot easier to read:

better-ajv-errors unfortunately has a few hangups:

• It does not support Ajv 8. There's a PR to do this that's been sitting in review since April. :\
• This "prettified" CLI output only allows for colorized content, which because its underlying mechanism for styling is chalk is a non-starter for browser environments.

So we're now maintaining a fork! @readme/better-ajv-errors supports Ajv 8, allows for disabling colorization in the "pretty" output, and also a few other small improvements for reducing the amount of unnecessary noise.

tl;dr: error messages that swagger-parser are now clean, concise, and tell you exact where your problem is.

🧬 QA & Testing

See tests. 🥵

To manually see these error overhauls in action, you can run this code locally:

const SwaggerParser = require("./lib");

const spec = "https://api.apis.guru/v2/specs/xero.com/xero_accounting/2.9.4/openapi.yaml";

(async () => {
  let deref
  try {
    deref = await SwaggerParser.validate(spec);
    console.log(deref);
  } catch (err) {
    console.error(err.message);
  }
})();

[erunion]

This fails validation because type should be inside schema.

[erunion]

There's something with chalk and how it uses supports-color and how we're looking at err.message below to where colors are getting removed somewhere. This test works fine locally, it just fails in CI. Googling around it seems like this could be fixed with test snapshots but I'm not 100% sure. Skipping for now.

[erunion]

When parsing specs/circular/circular.yaml it has trouble loading the local person.yaml reference inside of definitions/person.yaml. Every other part of this test works just fine though, there's just a regression in @apidevtools/json-schema-ref-parser that was introduced in v9.0.7. Skipping for now.

[erunion]

All of these 3.1 specs pass now 🙂

[erunion]

The changes to this file look like a mess but I did a couple things:

• Update the error strings to match the new Ajv errors that are coming back.
• Removed exclusions that are no longer throwing errors.
• Alphabetized this whole list.

[Dashron]

nothing jumps out at me!

[Dashron]

so you must have paths or webhooks in 3.1?

[erunion]

yep