exact copy of #6175
- I will point the uppy deps upgrade pr to this PR's branch
- no other changes needed in this branch as #6175 was reviewed and all
the comments were resolved
this should be the order of merge :
1. #6300
2. uppy deps upgrade ( yet to be raised )
3. merge this to main
4. merge biome changes #6244
@mifi let me know if you think otherwise.
---------
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
## Why
Recent npm supply-chain compromises showed that dependency installs and
shared CI caches can execute or preserve newly published malicious
packages before advisories catch up. This PR reduces that exposure for
this repo.
## What changed
- Made eligible Yarn installs immutable and removed shared dependency
caching from the manual CDN upload path; existing minimal age gate
remains unchanged.
## Validation
- Ran `git diff --check` across the prepared worktree.
- Audited this PR set for `pull_request_target` and release/deploy/CDN
cache reuse; patched actionable hits.
- Did not run the full test suite; this is a workflow/config-only
change.
## Summary
- replace QEMU-based multi-platform build in
`.github/workflows/companion-deploy.yml` with native runner matrix
builds
- build amd64 on `ubuntu-24.04` and arm64 on `ubuntu-24.04-arm`
- push architecture-specific tags (`edge-amd64`, `edge-arm64`) and
publish `transloadit/companion:edge` as a manifest that references both
- add explicit workflow permissions (`contents: read`) and keep workflow
expression formatting consistent
- remove conflicting `DOCKER_BUILDKIT`/`COMPOSE_DOCKER_CLI_BUILD` env
overrides from the docker job
## Validation
- `corepack yarn check:ci` ✅
- baseline full run before edits: `corepack yarn check:ci && corepack
yarn build && corepack yarn test` (test step had pre-existing failures
in `@uppy/utils` due `Promise.withResolvers` in this environment)
- parallel validation (Code Review + CodeQL) ✅
## TODO
- [ ] do the same for release?
https://github.com/transloadit/uppy/blob/main/.github/workflows/release.yml
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
Supersedes #6178.
This branch keeps the exact same final content as #6178, but splits
history for reviewability:
1. `chore(companion): rename source and test files from .js to .ts`
(pure `git mv`, no content changes)
2. `feat(companion): port Companion to TypeScript` (actual
content/type/schema/build updates)
Validation note:
- Final tree is byte-for-byte identical to `ts-companion`
(`7b5b16a298690b0492de4cc4fab744f998b45570`).
---------
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
fixes#6181
`uploadRemoteFile()` now treats one remote upload attempt as a single
queue-owned unit. Instead of queueing “request token” and “open
websocket / wait for upload” as two separate jobs, it now:
- acquires one queue slot
- reuses serverToken if resuming, otherwise requests a new
token
- immediately proceeds to the websocket/upload phase within
that same admitted attempt
That removes the stale-token race where Companion starts its 60s
socket-wait timer before the client’s websocket phase has actually been
admitted by the queue. Retries still reacquire the queue per attempt,
and existing abort/cancel behavior is
preserved.
refer
https://github.com/transloadit/uppy/issues/6181#issuecomment-4295036192
for more context about the bug
Fixes#6256
## Problem
When `fileManagerSelectionType` is set to `'folders'`, clicking the **My
Device** tab/button
still opens the file picker instead of the folder picker.
The inline "browse" link in the tagline correctly respects the setting,
but
`renderMyDeviceAcquirer` in `AddFiles.tsx` always called
`triggerFileInputClick`
regardless of the `fileManagerSelectionType` prop.
## Solution
`renderMyDeviceAcquirer` now reads `fileManagerSelectionType` and calls
`triggerFolderInputClick` when set to `'folders'`, or
`triggerFileInputClick`
for `'files'` and `'both'`.
For `'both'` mode, the button defaults to file selection because a
single
HTML `<input>` cannot handle both files and folders simultaneously
(`webkitdirectory` is all-or-nothing). The folder picker remains
accessible
via the tagline's "browse folders" link.
---------
Co-authored-by: Prakash <qxprakash@gmail.com>
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/utils@7.2.0
### Minor Changes
- 6b1abaa: Introduce modern, minimal TaskQueue to replace
RateLimitedQueue
## @uppy/xhr-upload@5.2.0
### Minor Changes
- 6b1abaa: Introduce modern, minimal TaskQueue to replace
RateLimitedQueue
### Patch Changes
- Updated dependencies [6b1abaa]
- @uppy/utils@7.2.0
## @uppy/companion@6.2.2
### Patch Changes
- 49db42d: Fix bug with 429 not returning JSON response with message
- 4652dc6: upgrade @aws-sdk/ deps in @uppy/companion
## @uppy/transloadit@5.5.1
### Patch Changes
- 4787960: Add type re-export for `AssemblyInstructionsInput`
- 2f6849d: Fix allowMultipleUploadBatches to prevent adding/removing
files while an upload is in progress (#6156)
- 29d2772: remove monkey patch from uppy bundle package
- Updated dependencies [6b1abaa]
- @uppy/utils@7.2.0
## uppy@5.2.4
### Patch Changes
- 29d2772: remove monkey patch from uppy bundle package
- a86c624: upgrade esbuild in uppy to "^0.27.0"
- Updated dependencies [6b1abaa]
- Updated dependencies [4787960]
- Updated dependencies [2f6849d]
- Updated dependencies [29d2772]
- @uppy/xhr-upload@5.2.0
- @uppy/transloadit@5.5.1
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
The `AssemblyInstructionsInput` type from `@transloadit/types` is now
publicly exported from `@uppy/transloadit`, allowing consumers to type
their assembly parameters without importing from the external package.
## Changes
- Re-exported `AssemblyInstructionsInput` type in
`packages/@uppy/transloadit/src/index.ts`
## Usage
```typescript
import type { AssemblyInstructionsInput } from '@uppy/transloadit'
const params: AssemblyInstructionsInput = {
steps: {
encode: {
robot: '/video/encode',
use: ':original',
preset: 'mp4',
},
},
}
```
The type was already imported internally and aliased as
`AssemblyParameters`. This change makes it available to plugin
consumers.
<!-- START COPILOT ORIGINAL PROMPT -->
<details>
<summary>Original prompt</summary>
> Make the AssemblyInstructionsInput type available from the
@uppy/transloadit package by re-exporting it from
packages/@uppy/transloadit/src/index.ts.
>
> Background
> - The Transloadit plugin imports the type AssemblyInstructionsInput
from the external package @transloadit/types and aliases it as
AssemblyParameters in packages/@uppy/transloadit/src/index.ts.
> - Consumers of the @uppy/transloadit package need direct access to the
AssemblyInstructionsInput type but it is not currently exported from the
plugin package.
>
> Change requested
> - Add a type re-export so that consumers can import
AssemblyInstructionsInput from the transloadit plugin package, e.g.
> import type { AssemblyInstructionsInput } from '@uppy/transloadit'
>
> Files to change
> - packages/@uppy/transloadit/src/index.ts
> - Add the following export alongside the other package exports (near
the end of the module where other exports live):
>
> ```typescript name=packages/@uppy/transloadit/src/index.ts
url=https://github.com/transloadit/uppy/blob/main/packages/@uppy/transloadit/src/index.ts
> -export { COMPANION_URL, COMPANION_ALLOWED_HOSTS }
> +export { COMPANION_URL, COMPANION_ALLOWED_HOSTS }
> +
> +// Re-export type from @transloadit/types so callers can import it
from the plugin package.
> +export type { AssemblyInstructionsInput } from '@transloadit/types'
> ```
>
> Notes
> - This is a purely type-only export and should be erased at compile
time; it does not add runtime code.
> - No other behavior or API surface should change.
>
> Please create a branch, apply the change, and open a pull request with
a descriptive title and a short description of the change. Run
TypeScript build checks if available.
>
</details>
<!-- START COPILOT CODING AGENT SUFFIX -->
*This pull request was created from Copilot chat.*
>
<!-- START COPILOT CODING AGENT TIPS -->
---
💬 We'd love your input! Share your thoughts on Copilot coding agent in
our [2 minute survey](https://gh.io/copilot-coding-agent-survey).
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.7 to 7.5.8.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6b8eba0ef3"><code>6b8eba0</code></a>
7.5.8</li>
<li><a
href="2cb1120bce"><code>2cb1120</code></a>
fix(unpack): improve UnpackSync symlink error "into" path
accuracy</li>
<li><a
href="d18e4e1f84"><code>d18e4e1</code></a>
fix: do not write linkpaths through symlinks</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.5.7...v7.5.8">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for tar
since your current version.</p>
</details>
<details>
<summary>Install script changes</summary>
<p>This version adds <code>prepare</code> script that runs during
installation. Review the package contents before updating.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
this fixes #6167
AI summary :
**The Bug: S3 Multipart Upload Fails with InvalidPart**
**What happened**
When uploading large files (200MB+) from Google Drive → Companion → S3
using multipart upload, the upload would reach ~96-100% and then fail
with S3's `InvalidPart` error on `CompleteMultipartUpload`.
*Root cause*
_A version mismatch between two AWS SDK packages caused by yarn dedupe._
Commit `3c3034b40` ("Dedupe dependencies #6085") ran `yarn dedupe`.
Companion had `@aws-sdk/client-s3` and `@aws-sdk/lib-storage` both at
`"^3.338.0"`, which previously both resolved to `3.600.0`. But the
`@uppy/transloadit` package elsewhere in the monorepo had
`"@aws-sdk/client-s3": "^3.891.0"`. Dedupe merged the resolutions —
`client-s3` jumped to `3.896.0` while `lib-storage` stayed at `3.600.0`.
*Why the mismatch matters*
AWS SDK `client-s3@3.896.0` introduced a _breaking behavioral change_ in
its checksum middleware:
• *Old (3.600.0):* Default checksum = MD5, no auto-injection.
`UploadPart` requests sent _no checksum header_.
• *New (3.896.0):* Default checksum = CRC32,
`requestChecksumCalculation` defaults to `"WHEN_SUPPORTED"`. The
middleware _auto-injects `x-amz-checksum-crc32`_ on every `UploadPart`
request.
The old `lib-storage@3.600.0` didn't know about this new behavior. It
called `CreateMultipartUpload` _without_ setting `ChecksumAlgorithm`.
Then `client-s3@3.896.0` added CRC32 checksums to each `UploadPart`. S3
saw parts with checksums that weren't declared at creation time →
rejected with `InvalidPart` at `CompleteMultipartUpload`.
*How the fixes work*
_Option A — `requestChecksumCalculation: 'WHEN_REQUIRED'`_ (workaround):
Tells the new `client-s3` to only add checksums when S3 requires them
(which it doesn't for `UploadPart`). This restores the old behavior — no
checksum headers, no mismatch.
_Option B — Upgrade all AWS SDK packages to `^3.986.0`_ (proper fix):
The new `lib-storage@3.986.0` is _aware_ of the CRC32 checksum behavior.
When it detects `requestChecksumCalculation = "WHEN_SUPPORTED"`, it
explicitly sets `ChecksumAlgorithm: "CRC32"` on the
`CreateMultipartUpload` call. Now S3 expects CRC32 checksums on the
parts, the parts have CRC32 checksums → everything is consistent →
upload succeeds.
*TL;DR*
`yarn dedupe` upgraded `client-s3` but not `lib-storage`. The new
`client-s3` started adding CRC32 checksums to parts, but the old
`lib-storage` didn't declare CRC32 at multipart creation time. S3
rejected the mismatch. Fix: upgrade both packages together so they agree
on checksum behavior.
## Implementation Plan for Transloadit allowMultipleUploadBatches Fix
- [x] Explore the codebase to understand existing structure
- [x] Review transloadit/src/index.ts
- [x] Review existing event handlers (#onError, #onCancelAll)
- [x] Review install() and uninstall() methods
- [x] Understand test structure
- [x] Implement the proper fix in
packages/@uppy/transloadit/src/index.ts
- [x] Set allowNewUpload: false at start of #prepareUpload
(preprocessor)
- [x] Reset allowNewUpload: true at end of #afterUpload (postprocessor)
- [x] Reset allowNewUpload: true in #prepareUpload error handler
- [x] Keep existing resets in #onError and #onCancelAll handlers
- [x] Removed event listener approach (was causing race conditions)
- [x] Update tests to match implementation
- [x] Test allowNewUpload lifecycle through actual upload flow
(preprocessor/postprocessor)
- [x] Test allowNewUpload reset on preprocessor error
- [x] Test allowNewUpload reset on error event
- [x] Test allowNewUpload reset on cancel-all
- [x] Remove obsolete event listener tests
<!-- START COPILOT CODING AGENT TIPS -->
---
💡 You can make Copilot smarter by setting up custom instructions,
customizing its development environment and configuring Model Context
Protocol (MCP) servers. Learn more [Copilot coding agent
tips](https://gh.io/copilot-coding-agent-tips) in the docs.
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
Closes#4173, kind off
## Problem
Current situation with `RateLimitedQueue`
- Track concurrency: keep a running count, only dispatch up to limit,
accept Infinity.
- Priority enqueue: queued handlers sorted by priority; dequeued in that
order.
- Lifecycle bookkeeping: each job gets abort()/done() hooks; abort for
running vs queued differs; decrement active count and advance queue via
microtasks.
- Requeue placeholders: supports a shouldBeRequeued marker so callers
can hold/retry slots without running immediately.
- Function wrappers: wrap sync or async fns to enforce the queue and
return abortable handles.
- Cancellation plumbing: provides abortOn(signal) to bind queued/running
work to an AbortSignal; abortable promises carry abort().
- Pausing: pause(duration?) freezes dispatch (optional auto-resume);
resume() restarts up to the current limit.
- Rate limiting/backoff: rateLimit(duration) pauses, drops concurrency,
then ramps it back toward the previous upper bound over time.
Case in point: it's some sort of made up, monstrosity data structure
trying to be too many things. It also has rate limiting and exponential
backoff but that's already in
[`fetcher`](https://github.com/transloadit/uppy/blob/main/packages/%40uppy/utils/src/fetcher.ts)
too.
Would be better if we had separation of concerns and proven data
structures.
## Solution
A "dumb" promise-based priority queue that doesn't care at all about
what a promise does or if it needs to be retried. The promise inside
determines if it has retrying and exponential backoff, such as a
`fetcher` promise.
To not make this a breaking change and a huge diff, we still implement
this per uploader, starting with xhr-upload, and keep backwards
compatibility in the interface so we can still pass it to
`companion-client`, which needs to share the same queue.
## Ideal future
When you think about it, it's odd that we implement a queue per uploader
if a queue is so central to uppy working correctly. It's even more odd
that we also have to inject that queue into `companion-client` per
uploader for queue sharing.
Ideally, `core` is responsible for having the queue. All uploaders would
do is push a promise to `core` and `core` doesn't care if that promise
is a tus, xhr, or S3 upload.
---------
Co-authored-by: Prakash <qxprakash@gmail.com>
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/components@1.2.0
### Minor Changes
- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- 37f69d0: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
- Updated dependencies [37f69d0]
- @uppy/image-editor@4.2.0
## @uppy/image-editor@4.2.0
### Minor Changes
- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
## @uppy/react@5.2.0
### Minor Changes
- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- Updated dependencies [37f69d0]
- Updated dependencies [37f69d0]
- @uppy/components@1.2.0
## @uppy/svelte@5.2.0
### Minor Changes
- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- Updated dependencies [37f69d0]
- Updated dependencies [37f69d0]
- @uppy/components@1.2.0
## @uppy/transloadit@5.5.0
### Minor Changes
- 37f69d0: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.
### Patch Changes
- Updated dependencies [37f69d0]
- @uppy/tus@5.1.1
## @uppy/vue@3.2.0
### Minor Changes
- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- 37f69d0: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
- Updated dependencies [37f69d0]
- Updated dependencies [37f69d0]
- @uppy/components@1.2.0
## @uppy/locales@5.1.1
### Patch Changes
- 37f69d0: Update cs_CZ dropPaste keys to use the correct variables.
## @uppy/tus@5.1.1
### Patch Changes
- 37f69d0: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.
## uppy@5.2.3
### Patch Changes
- Updated dependencies [37f69d0]
- Updated dependencies [37f69d0]
- Updated dependencies [37f69d0]
- Updated dependencies [37f69d0]
- @uppy/locales@5.1.1
- @uppy/tus@5.1.1
- @uppy/transloadit@5.5.0
- @uppy/image-editor@4.2.0
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/components@1.2.0
### Minor Changes
- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- c0a8776: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
- Updated dependencies [c0a8776]
- @uppy/image-editor@4.2.0
## @uppy/image-editor@4.2.0
### Minor Changes
- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
## @uppy/react@5.2.0
### Minor Changes
- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- Updated dependencies [c0a8776]
- Updated dependencies [c0a8776]
- @uppy/components@1.2.0
## @uppy/svelte@5.2.0
### Minor Changes
- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- Updated dependencies [c0a8776]
- Updated dependencies [c0a8776]
- @uppy/components@1.2.0
## @uppy/transloadit@5.5.0
### Minor Changes
- c0a8776: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.
### Patch Changes
- Updated dependencies [c0a8776]
- @uppy/tus@5.1.1
## @uppy/vue@3.2.0
### Minor Changes
- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- c0a8776: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
- Updated dependencies [c0a8776]
- Updated dependencies [c0a8776]
- @uppy/components@1.2.0
## @uppy/locales@5.1.1
### Patch Changes
- c0a8776: Update cs_CZ dropPaste keys to use the correct variables.
## @uppy/tus@5.1.1
### Patch Changes
- c0a8776: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.
## uppy@5.2.3
### Patch Changes
- Updated dependencies [c0a8776]
- Updated dependencies [c0a8776]
- Updated dependencies [c0a8776]
- Updated dependencies [c0a8776]
- @uppy/locales@5.1.1
- @uppy/tus@5.1.1
- @uppy/transloadit@5.5.0
- @uppy/image-editor@4.2.0
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.5 to 7.5.7.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4a37eb9a1c"><code>4a37eb9</code></a>
7.5.7</li>
<li><a
href="f4a7aa9bc3"><code>f4a7aa9</code></a>
fix: properly sanitize hard links containing ..</li>
<li><a
href="394ece6ad8"><code>394ece6</code></a>
7.5.6</li>
<li><a
href="7d4cc17c76"><code>7d4cc17</code></a>
fix race puting a Link ahead of its target File</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.5.5...v7.5.7">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for tar
since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [docker/login-action](https://github.com/docker/login-action) from
3.6.0 to 3.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.7.0</h2>
<ul>
<li>Add <code>scope</code> input to set scopes for the authentication
token by <a
href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/912">docker/login-action#912</a></li>
<li>Add support for AWS European Sovereign Cloud ECR by <a
href="https://github.com/dphi"><code>@dphi</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/914">docker/login-action#914</a></li>
<li>Ensure passwords are redacted with <code>registry-auth</code> input
by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a>
in <a
href="https://redirect.github.com/docker/login-action/pull/911">docker/login-action#911</a></li>
<li>build(deps): bump lodash from 4.17.21 to 4.17.23 in <a
href="https://redirect.github.com/docker/login-action/pull/915">docker/login-action#915</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v3.6.0...v3.7.0">https://github.com/docker/login-action/compare/v3.6.0...v3.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c94ce9fb46"><code>c94ce9f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/915">#915</a>
from docker/dependabot/npm_and_yarn/lodash-4.17.23</li>
<li><a
href="8339c958ce"><code>8339c95</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/912">#912</a>
from docker/scope</li>
<li><a
href="c83e9320c8"><code>c83e932</code></a>
build(deps): bump lodash from 4.17.21 to 4.17.23</li>
<li><a
href="b268aa57e3"><code>b268aa5</code></a>
chore: update generated content</li>
<li><a
href="a603229278"><code>a603229</code></a>
documentation for scope input</li>
<li><a
href="7567f92a74"><code>7567f92</code></a>
Add scope input to set scopes for the authentication token</li>
<li><a
href="0567fa5ae8"><code>0567fa5</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/914">#914</a>
from dphi/add-support-for-amazonaws.eu</li>
<li><a
href="f6ef577545"><code>f6ef577</code></a>
feat: add support for AWS European Sovereign Cloud ECR registries</li>
<li><a
href="916386b000"><code>916386b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/911">#911</a>
from crazy-max/ensure-redact</li>
<li><a
href="5b3f94a294"><code>5b3f94a</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="5e57cd1181...c94ce9fb46">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/components@1.2.0
### Minor Changes
- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- 680052b: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
- Updated dependencies [850c1cb]
- @uppy/image-editor@4.2.0
## @uppy/image-editor@4.2.0
### Minor Changes
- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
## @uppy/react@5.2.0
### Minor Changes
- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- Updated dependencies [680052b]
- Updated dependencies [850c1cb]
- @uppy/components@1.2.0
## @uppy/svelte@5.2.0
### Minor Changes
- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- Updated dependencies [680052b]
- Updated dependencies [850c1cb]
- @uppy/components@1.2.0
## @uppy/transloadit@5.5.0
### Minor Changes
- 680052b: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.
### Patch Changes
- Updated dependencies [680052b]
- @uppy/tus@5.1.1
## @uppy/vue@3.2.0
### Minor Changes
- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.
### Patch Changes
- 680052b: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
- Updated dependencies [680052b]
- Updated dependencies [850c1cb]
- @uppy/components@1.2.0
## @uppy/locales@5.1.1
### Patch Changes
- 680052b: Update cs_CZ dropPaste keys to use the correct variables.
## @uppy/tus@5.1.1
### Patch Changes
- 680052b: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.
## uppy@5.2.3
### Patch Changes
- Updated dependencies [680052b]
- Updated dependencies [680052b]
- Updated dependencies [680052b]
- Updated dependencies [850c1cb]
- @uppy/locales@5.1.1
- @uppy/tus@5.1.1
- @uppy/transloadit@5.5.0
- @uppy/image-editor@4.2.0
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>