Prakash
d7aaab7ad1
@uppy: upgrade dev deps ( #6315 )
...
addresses #6297
I'll raise another PR which would include deps which require code
changes
2026-06-02 10:48:58 +08:00
Prakash
5519b84409
@uppy: upgrade biome and more improvements ( #6244 )
...
- This PR upgrades `biome` from `2.0.5` -> `2.1.2` and adds two new
rules
-
[noUnusedImports](https://biomejs.dev/linter/rules/no-unused-private-class-members )
( we already had suppressions for this rule in code, but the rule itself
was never enabled in the config )
-
[noUnusedPrivateClassMembers](https://biomejs.dev/linter/rules/no-unused-private-class-members/ )
- remove stale suppressions.
- remove stale code.
---------
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2026-05-21 12:28:03 +08:00
Prakash
d9d44ce5e5
upgrade to express v5 ( #6304 )
...
exact copy of #6175
- I will point the uppy deps upgrade pr to this PR's branch
- no other changes needed in this branch as #6175 was reviewed and all
the comments were resolved
this should be the order of merge :
1. #6300
2. uppy deps upgrade ( yet to be raised )
3. merge this to main
4. merge biome changes #6244
@mifi let me know if you think otherwise.
---------
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2026-05-21 11:14:23 +08:00
Prakash
d9742ba4e4
Revert "Upgrade to express 5" ( #6303 )
...
Reverts transloadit/uppy#6175
2026-05-21 02:36:00 +05:30
Mikael Finstad
489d76717c
Upgrade to express 5 ( #6175 )
...
closes #6157
https://expressjs.com/en/guide/migrating-5.html
---------
Co-authored-by: Prakash <qxprakash@gmail.com>
2026-05-20 21:06:46 +05:30
Prakash
622daa498c
@uppy/examples: update examples after recent breaking changes ( #6299 )
2026-05-18 21:03:42 +05:30
Prakash
cb6d42a42f
@uppy/examples/aws-companion fix typo ( #6174 )
2026-02-09 13:59:31 +05:30
Prakash
fe229e4f50
update @examples/aws-companion ( #6168 )
...
minor config changes
2026-02-04 18:43:37 +05:30
Prakash
a25226aab2
Fix @uppy/examples ( #6099 )
...
we forgot to update the examples after #5830
2025-12-08 09:48:23 +01:00
dependabot[bot]
5b680f2f05
build(deps): bump body-parser from 1.20.3 to 1.20.4 ( #6070 )
...
Bumps [body-parser](https://github.com/expressjs/body-parser ) from
1.20.3 to 1.20.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/releases ">body-parser's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>Important: Security</h2>
<ul>
<li>Security fix for <a
href="https://www.cve.org/CVERecord?id=CVE-2025-13466 ">CVE-2025-13466</a>
(<a
href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4 ">GHSA-wqch-xfxh-vrr4</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>ci: add dependabot by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/593 ">expressjs/body-parser#593</a></li>
<li>ci: use full SHAs for github action versions by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/594 ">expressjs/body-parser#594</a></li>
<li>deps: type-is@^2.0.1 by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/599 ">expressjs/body-parser#599</a></li>
<li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/609 ">expressjs/body-parser#609</a></li>
<li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/610 ">expressjs/body-parser#610</a></li>
<li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/611 ">expressjs/body-parser#611</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/613 ">expressjs/body-parser#613</a></li>
<li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/612 ">expressjs/body-parser#612</a></li>
<li>ci: add codeql github workflows scanning by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/614 ">expressjs/body-parser#614</a></li>
<li>ci: update CodeQL config to ignore the test directory by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/615 ">expressjs/body-parser#615</a></li>
<li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/620 ">expressjs/body-parser#620</a></li>
<li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/619 ">expressjs/body-parser#619</a></li>
<li>chore(deps): unpin devDependencies by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/616 ">expressjs/body-parser#616</a></li>
<li>ci: add node.js 24 to test matrix by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/621 ">expressjs/body-parser#621</a></li>
<li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/623 ">expressjs/body-parser#623</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/624 ">expressjs/body-parser#624</a></li>
<li>chore: add funding to package.json by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/617 ">expressjs/body-parser#617</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/625 ">expressjs/body-parser#625</a></li>
<li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/630 ">expressjs/body-parser#630</a></li>
<li>refactor: move common request validation to read function by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/600 ">expressjs/body-parser#600</a></li>
<li>deps: bump iconv-lite by <a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/631 ">expressjs/body-parser#631</a></li>
<li>doc: pull beta changelog forward into 2.0.0 by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/body-parser/pull/629 ">expressjs/body-parser#629</a></li>
<li>refactor: optimize raw and text parsers with shared passthrough
function by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/634 ">expressjs/body-parser#634</a></li>
<li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/640 ">expressjs/body-parser#640</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/639 ">expressjs/body-parser#639</a></li>
<li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/636 ">expressjs/body-parser#636</a></li>
<li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/637 ">expressjs/body-parser#637</a></li>
<li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/638 ">expressjs/body-parser#638</a></li>
<li>deps: raw-body@^3.0.1 by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/641 ">expressjs/body-parser#641</a></li>
<li>deps: debug@^4.4.3 by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/642 ">expressjs/body-parser#642</a></li>
<li>docs: add iconv-lite 0.7.0 changes to history entry by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/645 ">expressjs/body-parser#645</a></li>
<li>ci: add node.js 25 to test matrix by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/650 ">expressjs/body-parser#650</a></li>
<li>perf: move read options outside parser middlewares by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/648 ">expressjs/body-parser#648</a></li>
<li>test(json): add RFC 7159 whitespace edge cases by <a
href="https://github.com/Ayoub-Mabrouk "><code>@Ayoub-Mabrouk</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/653 ">expressjs/body-parser#653</a></li>
<li>test: add test for urlencoded invalid defaultCharset by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/643 ">expressjs/body-parser#643</a></li>
<li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by
<a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/657 ">expressjs/body-parser#657</a></li>
<li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/656 ">expressjs/body-parser#656</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/655 ">expressjs/body-parser#655</a></li>
<li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/654 ">expressjs/body-parser#654</a></li>
<li>ci: also test on first supported node.js version by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/646 ">expressjs/body-parser#646</a></li>
<li>chore: switch badges from badgen.net to shields.io by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/661 ">expressjs/body-parser#661</a></li>
<li>Remove history.md from being packaged on publish by <a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/660 ">expressjs/body-parser#660</a></li>
<li>Release: 2.2.1 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/659 ">expressjs/body-parser#659</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md ">body-parser's
changelog</a>.</em></p>
<blockquote>
<h1>2.2.1 / 2025-11-24</h1>
<ul>
<li>Security fix for <a
href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4 ">GHSA-wqch-xfxh-vrr4</a></li>
<li>deps:
<ul>
<li>type-is@^2.0.1</li>
<li>iconv-lite@^0.7.0
<ul>
<li>Handle split surrogate pairs when encoding UTF-8</li>
<li>Avoid false positives in <code>encodingExists</code> by using
prototype-less objects</li>
</ul>
</li>
<li>raw-body@^3.0.1</li>
<li>debug@^4.4.3</li>
</ul>
</li>
</ul>
<h1>2.2.0 / 2025-03-27</h1>
<ul>
<li>refactor: normalize common options for all parsers</li>
<li>deps:
<ul>
<li>iconv-lite@^0.6.3</li>
</ul>
</li>
</ul>
<h1>2.1.0 / 2025-02-10</h1>
<ul>
<li>deps:
<ul>
<li>type-is@^2.0.0</li>
<li>debug@^4.4.0</li>
<li>Removed destroy</li>
</ul>
</li>
<li>refactor: prefix built-in node module imports</li>
<li>use the node require cache instead of custom caching</li>
</ul>
<h1>2.0.2 / 2024-10-31</h1>
<ul>
<li>remove <code>unpipe</code> package and use native
<code>unpipe()</code> method</li>
</ul>
<h1>2.0.1 / 2024-09-10</h1>
<ul>
<li>Restore expected behavior <code>extended</code> to
<code>false</code></li>
</ul>
<h1>2.0.0 / 2024-09-10</h1>
<h2>Breaking Changes</h2>
<ul>
<li>Node.js 18 is the minimum supported version</li>
<li><code>req.body</code> is no longer always initialized to
<code>{}</code>
<ul>
<li>it is left <code>undefined</code> unless a body is parsed</li>
</ul>
</li>
<li>Remove deprecated <code>bodyParser()</code> combination
middleware</li>
<li><del><code>urlencoded</code> parser now defaults
<code>extended</code> to <code>false</code></del> as released, this is
not the case, fixed in 2.0.1</li>
<li><code>urlencoded</code> simple parser now uses <code>qs</code>
module instead of <code>querystring</code> module</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d96b63da8d "><code>d96b63d</code></a>
2.2.1 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/659 ">#659</a>)</li>
<li><a
href="b204886a67 "><code>b204886</code></a>
sec: security patch for CVE-2025-13466</li>
<li><a
href="e20e3512e0 "><code>e20e351</code></a>
feat: remove <code>history.md</code> from being packaged on publish (<a
href="https://redirect.github.com/expressjs/body-parser/issues/660 ">#660</a>)</li>
<li><a
href="0d7ce71c84 "><code>0d7ce71</code></a>
docs: switch badges from badgen.net to shields.io (<a
href="https://redirect.github.com/expressjs/body-parser/issues/661 ">#661</a>)</li>
<li><a
href="168afff347 "><code>168afff</code></a>
ci: also test on first supported node.js version (<a
href="https://redirect.github.com/expressjs/body-parser/issues/646 ">#646</a>)</li>
<li><a
href="e539a7121d "><code>e539a71</code></a>
build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/654 ">#654</a>)</li>
<li><a
href="939161277a "><code>9391612</code></a>
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/655 ">#655</a>)</li>
<li><a
href="57baafb3bb "><code>57baafb</code></a>
build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/656 ">#656</a>)</li>
<li><a
href="a6a088e088 "><code>a6a088e</code></a>
build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/657 ">#657</a>)</li>
<li><a
href="10a114d55d "><code>10a114d</code></a>
test: add test for urlencoded invalid defaultCharset (<a
href="https://redirect.github.com/expressjs/body-parser/issues/643 ">#643</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/body-parser/compare/1.20.3...v2.2.1 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-02 09:55:11 +01:00
dependabot[bot]
39b82fd231
build(deps): bump express from 4.19.2 to 4.22.0 ( #6079 )
...
Bumps [express](https://github.com/expressjs/express ) from 4.19.2 to
4.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases ">express's
releases</a>.</em></p>
<blockquote>
<h2>4.22.0</h2>
<h2>Important: Security</h2>
<ul>
<li>Security fix for <a
href="https://www.cve.org/CVERecord?id=CVE-2024-51999 ">CVE-2024-51999</a>
(<a
href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6 ">GHSA-pj86-cfqh-vqx6</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Refactor: improve readability by <a
href="https://github.com/sazk07 "><code>@sazk07</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6190 ">expressjs/express#6190</a></li>
<li>ci: add support for Node.js@23.0 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6080 ">expressjs/express#6080</a></li>
<li>Method functions with no path should error by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5957 ">expressjs/express#5957</a></li>
<li>ci: updated github actions ci workflow by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6323 ">expressjs/express#6323</a></li>
<li>ci: reorder <code>npm i</code> steps to fix ci for older node
versions by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6336 ">expressjs/express#6336</a></li>
<li>Backport: ci: add node.js 24 to test matrix by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6506 ">expressjs/express#6506</a></li>
<li>chore(4.x): wider range for query test skip by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6513 ">expressjs/express#6513</a></li>
<li>use tilde notation for certain dependencies by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6905 ">expressjs/express#6905</a></li>
<li>deps: qs@6.14.0 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6909 ">expressjs/express#6909</a></li>
<li>deps: use tilde notation for <code>qs</code> by <a
href="https://github.com/Phillip9587 "><code>@Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6919 ">expressjs/express#6919</a></li>
<li>Release: 4.22.0 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6921 ">expressjs/express#6921</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.2...4.22.0 ">https://github.com/expressjs/express/compare/4.21.2...4.22.0 </a></p>
<h2>4.21.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add funding field (v4) by <a
href="https://github.com/bjohansebas "><code>@bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6065 ">expressjs/express#6065</a></li>
<li>deps: path-to-regexp@0.1.11 by <a
href="https://github.com/blakeembrey "><code>@blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5956 ">expressjs/express#5956</a></li>
<li>deps: bump path-to-regexp@0.1.12 by <a
href="https://github.com/jonchurch "><code>@jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6209 ">expressjs/express#6209</a></li>
<li>Release: 4.21.2 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6094 ">expressjs/express#6094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.1...4.21.2 ">https://github.com/expressjs/express/compare/4.21.1...4.21.2 </a></p>
<h2>4.21.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a
href="https://github.com/joshbuker "><code>@joshbuker</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6029 ">expressjs/express#6029</a></li>
<li>Release: 4.21.1 by <a
href="https://github.com/UlisesGascon "><code>@UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6031 ">expressjs/express#6031</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.0...4.21.1 ">https://github.com/expressjs/express/compare/4.21.0...4.21.1 </a></p>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>"back"</code> magic string in redirects by
<a href="https://github.com/blakeembrey "><code>@blakeembrey</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5935 ">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5954 ">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a
href="https://github.com/wesleytodd "><code>@wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5951 ">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a
href="https://github.com/agadzinski93 "><code>@agadzinski93</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5946 ">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/agadzinski93 "><code>@agadzinski93</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5946 ">expressjs/express#5946</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.22.0/History.md ">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.22.0 / 2025-12-01</h1>
<ul>
<li>Security fix for <a
href="https://www.cve.org/CVERecord?id=CVE-2024-51999 ">CVE-2024-51999</a>
(<a
href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6 ">GHSA-pj86-cfqh-vqx6</a>)</li>
<li>deps: use tilde notation for dependencies</li>
<li>deps: qs@6.14.0</li>
</ul>
<h1>4.21.2 / 2024-11-06</h1>
<ul>
<li>deps: path-to-regexp@0.1.12
<ul>
<li>Fix backtracking protection</li>
</ul>
</li>
<li>deps: path-to-regexp@0.1.11
<ul>
<li>Throws an error on invalid path values</li>
</ul>
</li>
</ul>
<h1>4.21.1 / 2024-10-08</h1>
<ul>
<li>Backported a fix for <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764 ">CVE-2024-47764</a></li>
</ul>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location("back")</code> and
<code>res.redirect("back")</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a
regex</li>
<li>Adds backtracking protection to parameters without regexes
defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and
<code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and
<code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="49744abd11 "><code>49744ab</code></a>
4.22.0 (<a
href="https://redirect.github.com/expressjs/express/issues/6921 ">#6921</a>)</li>
<li><a
href="6e97452f60 "><code>6e97452</code></a>
sec: security patch for CVE-2024-51999</li>
<li><a
href="6a23d34d65 "><code>6a23d34</code></a>
deps: use tilde notation for <code>qs</code> (<a
href="https://redirect.github.com/expressjs/express/issues/6919 ">#6919</a>)</li>
<li><a
href="8c12cdf93b "><code>8c12cdf</code></a>
deps: qs@6.14.0 (<a
href="https://redirect.github.com/expressjs/express/issues/6909 ">#6909</a>)</li>
<li><a
href="7fea74fcf0 "><code>7fea74f</code></a>
deps: use tilde notation for certain dependencies (<a
href="https://redirect.github.com/expressjs/express/issues/6905 ">#6905</a>)</li>
<li><a
href="dac7a0475a "><code>dac7a04</code></a>
chore: wider range for query test skip (<a
href="https://redirect.github.com/expressjs/express/issues/6513 ">#6513</a>)</li>
<li><a
href="997919b488 "><code>997919b</code></a>
ci: add node.js 24 to test matrix (<a
href="https://redirect.github.com/expressjs/express/issues/6506 ">#6506</a>)</li>
<li><a
href="36fb59c6c7 "><code>36fb59c</code></a>
fix(ci): reorder <code>npm i</code> steps to fix ci for older node
versions (<a
href="https://redirect.github.com/expressjs/express/issues/6336 ">#6336</a>)</li>
<li><a
href="3a5edfaff0 "><code>3a5edfa</code></a>
fix(ci): updated github actions ci workflow (<a
href="https://redirect.github.com/expressjs/express/issues/6323 ">#6323</a>)</li>
<li><a
href="52d978119a "><code>52d9781</code></a>
fix(test): add test for method routes without paths <a
href="https://redirect.github.com/expressjs/express/issues/5955 ">#5955</a></li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.19.2...4.22.0 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-02 09:46:06 +01:00
dependabot[bot]
dbb5175572
build(deps-dev): bump vite from 7.1.5 to 7.1.11 ( #6021 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite )
from 7.1.5 to 7.1.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases ">vite's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.11</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.11/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
<h2>v7.1.10</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.10/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
<h2>v7.1.9</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.9/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
<h2>v7.1.8</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.8/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
<h2>v7.1.7</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.7/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
<h2>v7.1.6</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.1.6/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md ">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v7.1.10...v7.1.11 ">7.1.11</a>
(2025-10-20)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>dev:</strong> trim trailing slash before
<code>server.fs.deny</code> check (<a
href="https://redirect.github.com/vitejs/vite/issues/20968 ">#20968</a>)
(<a
href="f479cc57c4 ">f479cc5</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/20966 ">#20966</a>)
(<a
href="6fb41a260b ">6fb41a2</a>)</li>
</ul>
<h3>Code Refactoring</h3>
<ul>
<li>use subpath imports for types module reference (<a
href="https://redirect.github.com/vitejs/vite/issues/20921 ">#20921</a>)
(<a
href="d0094af639 ">d0094af</a>)</li>
</ul>
<h3>Build System</h3>
<ul>
<li>remove cjs reference in files field (<a
href="https://redirect.github.com/vitejs/vite/issues/20945 ">#20945</a>)
(<a
href="ef411cee26 ">ef411ce</a>)</li>
<li>remove hash from built filenames (<a
href="https://redirect.github.com/vitejs/vite/issues/20946 ">#20946</a>)
(<a
href="a81730754d ">a817307</a>)</li>
</ul>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v7.1.9...v7.1.10 ">7.1.10</a>
(2025-10-14)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>css:</strong> avoid duplicate style for server rendered
stylesheet link and client inline style during dev (<a
href="https://redirect.github.com/vitejs/vite/issues/20767 ">#20767</a>)
(<a
href="3a92bc79b3 ">3a92bc7</a>)</li>
<li><strong>css:</strong> respect emitAssets when cssCodeSplit=false (<a
href="https://redirect.github.com/vitejs/vite/issues/20883 ">#20883</a>)
(<a
href="d3e7eeefa9 ">d3e7eee</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="879de86935 ">879de86</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/20894 ">#20894</a>)
(<a
href="3213f90ff0 ">3213f90</a>)</li>
<li><strong>dev:</strong> allow aliases starting with <code>//</code>
(<a
href="https://redirect.github.com/vitejs/vite/issues/20760 ">#20760</a>)
(<a
href="b95fa2aa75 ">b95fa2a</a>)</li>
<li><strong>dev:</strong> remove timestamp query consistently (<a
href="https://redirect.github.com/vitejs/vite/issues/20887 ">#20887</a>)
(<a
href="6537d15591 ">6537d15</a>)</li>
<li><strong>esbuild:</strong> inject esbuild helpers correctly for
esbuild 0.25.9+ (<a
href="https://redirect.github.com/vitejs/vite/issues/20906 ">#20906</a>)
(<a
href="446eb38632 ">446eb38</a>)</li>
<li>normalize path before calling <code>fileToBuiltUrl</code> (<a
href="https://redirect.github.com/vitejs/vite/issues/20898 ">#20898</a>)
(<a
href="73b6d243e0 ">73b6d24</a>)</li>
<li>preserve original sourcemap file field when combining sourcemaps (<a
href="https://redirect.github.com/vitejs/vite/issues/20926 ">#20926</a>)
(<a
href="c714776aa1 ">c714776</a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li>correct <code>WebSocket</code> spelling (<a
href="https://redirect.github.com/vitejs/vite/issues/20890 ">#20890</a>)
(<a
href="29e98dc3ef ">29e98dc</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li><strong>deps:</strong> update rolldown-related dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/20923 ">#20923</a>)
(<a
href="a5e3b064fa ">a5e3b06</a>)</li>
</ul>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v7.1.8...v7.1.9 ">7.1.9</a>
(2025-10-03)<!-- raw HTML omitted --></h2>
<h3>Reverts</h3>
<ul>
<li><strong>server:</strong> drain stdin when not interactive (<a
href="https://redirect.github.com/vitejs/vite/issues/20885 ">#20885</a>)
(<a
href="12d72b0538 ">12d72b0</a>)</li>
</ul>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v7.1.7...v7.1.8 ">7.1.8</a>
(2025-10-02)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li><strong>css:</strong> improve url escape characters handling (<a
href="https://redirect.github.com/vitejs/vite/issues/20847 ">#20847</a>)
(<a
href="24a61a3f54 ">24a61a3</a>)</li>
<li><strong>deps:</strong> update all non-major dependencies (<a
href="https://redirect.github.com/vitejs/vite/issues/20855 ">#20855</a>)
(<a
href="788a183afc ">788a183</a>)</li>
<li><strong>deps:</strong> update artichokie to 0.4.2 (<a
href="https://redirect.github.com/vitejs/vite/issues/20864 ">#20864</a>)
(<a
href="e670799e12 ">e670799</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8b69c9e32c "><code>8b69c9e</code></a>
release: v7.1.11</li>
<li><a
href="f479cc57c4 "><code>f479cc5</code></a>
fix(dev): trim trailing slash before <code>server.fs.deny</code> check
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968 ">#20968</a>)</li>
<li><a
href="6fb41a260b "><code>6fb41a2</code></a>
chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20966 ">#20966</a>)</li>
<li><a
href="a81730754d "><code>a817307</code></a>
build: remove hash from built filenames (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20946 ">#20946</a>)</li>
<li><a
href="ef411cee26 "><code>ef411ce</code></a>
build: remove cjs reference in files field (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20945 ">#20945</a>)</li>
<li><a
href="d0094af639 "><code>d0094af</code></a>
refactor: use subpath imports for types module reference (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20921 ">#20921</a>)</li>
<li><a
href="ed4a0dc913 "><code>ed4a0dc</code></a>
release: v7.1.10</li>
<li><a
href="c714776aa1 "><code>c714776</code></a>
fix: preserve original sourcemap file field when combining sourcemaps
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20926 ">#20926</a>)</li>
<li><a
href="446eb38632 "><code>446eb38</code></a>
fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20906 ">#20906</a>)</li>
<li><a
href="879de86935 "><code>879de86</code></a>
fix(deps): update all non-major dependencies</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v7.1.11/packages/vite ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-21 10:07:47 +02:00
Nik Graf
9d2c7a997f
upgrade cookie-parser ( #6005 )
...
cookie-parser 1.4.7 uses a version cookie that fixed this security issue
https://github.com/advisories/GHSA-pxg6-pf52-xh8x
2025-10-09 19:27:29 +08:00
dependabot[bot]
fc3e483fcb
build(deps-dev): bump vite from 7.0.6 to 7.0.7 ( #5962 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite )
from 7.0.6 to 7.0.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases ">vite's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.7</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md ">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md ">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v7.0.6...v7.0.7 ">7.0.7</a>
(2025-09-08)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li>apply <code>fs.strict</code> check to HTML files (<a
href="https://redirect.github.com/vitejs/vite/issues/20736 ">#20736</a>)
(<a
href="6f01ff4fe0 ">6f01ff4</a>)</li>
<li>upgrade sirv to 3.0.2 (<a
href="https://redirect.github.com/vitejs/vite/issues/20735 ">#20735</a>)
(<a
href="63e2a5d232 ">63e2a5d</a>)</li>
</ul>
<h3>Tests</h3>
<ul>
<li>detect ts support via <code>process.features</code> (<a
href="https://redirect.github.com/vitejs/vite/issues/20544 ">#20544</a>)
(<a
href="45fdb16581 ">45fdb16</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f88a1c0999 "><code>f88a1c0</code></a>
release: v7.0.7</li>
<li><a
href="45fdb16581 "><code>45fdb16</code></a>
test: detect ts support via <code>process.features</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544 ">#20544</a>)</li>
<li><a
href="63e2a5d232 "><code>63e2a5d</code></a>
fix: upgrade sirv to 3.0.2 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735 ">#20735</a>)</li>
<li><a
href="6f01ff4fe0 "><code>6f01ff4</code></a>
fix: apply <code>fs.strict</code> check to HTML files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736 ">#20736</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v7.0.7/packages/vite ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts ).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-10 15:30:59 +02:00
Merlijn Vos
0e178aea68
Deduplicate dependencies & resolve all yarn warnings ( #5848 )
...
- Deduplicate Vite versions, always use 7.x (except for sveltekit, which
does not allow 7 yet)
- Add missing dev deps
- Fix react-native requested deps versions
- Fix companion @types/node
- Fix "engines" in root package.json
No more yarn warnings 🎉
2025-07-29 16:27:32 +02:00
Merlijn Vos
7a50ab89ef
Cleanup examples ( #5817 )
...
- Remove outdated examples
- Rename folders for consistency
- Remove lots of unused deps in angular example.
- Rename `name` inside `package.json`'s from `@uppy-example/*` to
`example-*`.
**Before**
```
├── angular-example
├── aws-companion
├── aws-nodejs
├── aws-php
├── bundled
├── cdn-example
├── custom-provider
├── digitalocean-spaces
├── multiple-instances
├── node-xhr
├── php-xhr
├── python-xhr
├── react
├── react-native-expo
├── redux
├── sveltekit
├── transloadit
├── transloadit-markdown-bin
├── uppy-with-companion
├── vue3
└── xhr-bundle
```
**After**
```
examples
├── angular
├── aws-companion
├── aws-nodejs
├── aws-php
├── cdn
├── companion
├── companion-custom-provider
├── companion-digitalocean-spaces
├── react
├── react-native-expo
├── redux
├── sveltekit
├── transloadit
├── vue
├── xhr-bundle
├── xhr-node
├── xhr-php
└── xhr-python
```
2025-07-10 17:23:58 +02:00
Merlijn Vos
78299475ae
Migrate from Eslint/Prettier/Stylelint to Biome ( #5794 )
2025-07-01 14:55:41 +02:00
dependabot[bot]
4663365e40
build(deps-dev): bump vite from 5.4.16 to 5.4.17 ( #5707 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite ) from 5.4.16 to 5.4.17.
- [Release notes](https://github.com/vitejs/vite/releases )
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.17/packages/vite/CHANGELOG.md )
- [Commits](https://github.com/vitejs/vite/commits/v5.4.17/packages/vite )
---
updated-dependencies:
- dependency-name: vite
dependency-version: 5.4.17
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2025-04-09 15:29:48 +02:00
dependabot[bot]
8072802e4c
build(deps-dev): bump vite from 5.4.14 to 5.4.15 ( #5703 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite ) from 5.4.14 to 5.4.15.
- [Release notes](https://github.com/vitejs/vite/releases )
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.15/packages/vite/CHANGELOG.md )
- [Commits](https://github.com/vitejs/vite/commits/v5.4.15/packages/vite )
---
updated-dependencies:
- dependency-name: vite
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-03-31 12:03:11 +02:00
dependabot[bot]
daf22447d4
build(deps-dev): bump vite from 5.4.8 to 5.4.12 ( #5614 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite ) from 5.4.8 to 5.4.12.
- [Release notes](https://github.com/vitejs/vite/releases )
- [Changelog](https://github.com/vitejs/vite/blob/v5.4.12/packages/vite/CHANGELOG.md )
- [Commits](https://github.com/vitejs/vite/commits/v5.4.12/packages/vite )
---
updated-dependencies:
- dependency-name: vite
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-01-23 14:29:17 +01:00
dependabot[bot]
14b10b02e3
build(deps): bump body-parser from 1.20.2 to 1.20.3 ( #5462 )
...
Bumps [body-parser](https://github.com/expressjs/body-parser ) from 1.20.2 to 1.20.3.
- [Release notes](https://github.com/expressjs/body-parser/releases )
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md )
- [Commits](https://github.com/expressjs/body-parser/compare/1.20.2...1.20.3 )
---
updated-dependencies:
- dependency-name: body-parser
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-19 10:52:26 +02:00
dependabot[bot]
a39193ee14
build(deps-dev): bump vite from 5.3.1 to 5.3.6 ( #5459 )
...
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite ) from 5.3.1 to 5.3.6.
- [Release notes](https://github.com/vitejs/vite/releases )
- [Changelog](https://github.com/vitejs/vite/blob/v5.3.6/packages/vite/CHANGELOG.md )
- [Commits](https://github.com/vitejs/vite/commits/v5.3.6/packages/vite )
---
updated-dependencies:
- dependency-name: vite
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-19 10:52:05 +02:00
Antoine du Hamel
37ad27d5d1
Merge branch main
2024-07-02 16:15:36 +02:00
Nadeem Reinhardt
7c174e85b7
@uppy/companion: add s3.forcePathStyle option ( #5066 )
...
Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
2024-07-02 16:13:35 +02:00
Mikael Finstad
151da8bdfe
coalesce options bucket and getKey ( #5169 )
...
* coalesce options `bucket` and `getKey`
this is a breaking change!
also:
- remove `req` because it's an internal, unstable api that might change any time and should not be used directly
- use an params object for getKey/bucket functions instead of positional arguments, to make it more clean, and easier to add more data in the future
- add metadata to `bucket` whenever we are aware of it
* fix lint
* Apply suggestions from code review
Co-authored-by: Antoine du Hamel <antoine@transloadit.com>
* add back `Request` object
also add filename to `bucket` for consistency
* add migration steps
* fix lint
* Update docs/guides/migration-guides.md
Co-authored-by: Antoine du Hamel <antoine@transloadit.com>
---------
Co-authored-by: Antoine du Hamel <antoine@transloadit.com>
2024-06-13 23:32:38 +02:00
Merlijn Vos
7d6937300a
meta: enable prettier for markdown ( #5133 )
...
* meta: enable prettier for markdown
* Ignore changelogs
* revert CHANGELOG changes
* More formatting
---------
Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>
2024-05-02 11:35:55 +02:00
dependabot[bot]
61997f087c
Bump express from 4.18.1 to 4.19.2 ( #5037 )
...
Bumps [express](https://github.com/expressjs/express ) from 4.18.1 to 4.19.2.
- [Release notes](https://github.com/expressjs/express/releases )
- [Changelog](https://github.com/expressjs/express/blob/master/History.md )
- [Commits](https://github.com/expressjs/express/compare/4.18.1...4.19.2 )
---
updated-dependencies:
- dependency-name: express
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-28 10:10:47 +01:00
Antoine du Hamel
975038cf4c
meta: upgrade Vite and Vitest ( #4881 )
2024-01-22 15:56:40 +01:00
Antoine du Hamel
34c78e9093
meta: run Prettier on existing files ( #4713 )
2023-09-29 11:11:28 +02:00
Antoine du Hamel
141eb248be
meta: upgrade to Vite 4 and ESBuild 0.16 ( #4243 )
2022-12-13 15:07:19 +01:00
Antoine du Hamel
5044230bf1
meta: upgrade all dev dependencies ( #3903 )
2022-08-16 22:39:28 +02:00
Antoine du Hamel
dfed0ff200
example: fix aws-companion example ( #3850 )
...
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
2022-08-03 16:07:51 +02:00
Antoine du Hamel
7b0db7d3a0
meta: use node: protocol when using Node.js built-in core modules ( #3871 )
...
`node:` protocol is available as of Node.js 14.18.0 LTS. Since we are
dropping support for all Node.js versions below that, we can take
advantage of this prefix to help differentiate built-in modules from npm
modules.
2022-07-18 14:09:03 +02:00
Mikael Finstad
45e66509bc
rewrite companion.app() to return an object ( #3827 )
...
with { app, emitter }
gives more flexibility in the future
2022-06-27 12:06:44 +07:00
Antoine du Hamel
3f56f194a7
meta: update npm deps ( #3352 )
2021-12-09 18:12:34 +01:00
Mikael Finstad
3fdc55b4a7
Remove references of incorrect options argument for companion.socket ( #3307 )
...
remove socket options
from docs and examples. It was never an option. See #3306
2021-11-09 22:01:38 +07:00
Antoine du Hamel
01d7ea13e9
meta: use Yarn v3 instead of npm ( #3237 )
...
* meta: use Yarn v3 instead of npm
* Update CONTRIBUTING.md to fix linter errors
* remove remaining npm commands
* Update deps
2021-10-20 15:16:59 +02:00
Antoine du Hamel
55e0ffd04a
Add retext to markdown linter ( #3024 )
...
* remark-lint-uppy: use `retext` to improve doc syntax and grammar
* WIP: start fixing fixing linter errors
* Remove `retext-passive` as I don't see what's wrong with passive voice
* Remove URL plugin, add emphasis/strong marker plugin
* Fix remark settings to avoid conflicts
* WIP: more auto-fixes
* remark-simplify: allow `option`
* zoom.md
* url.md
* vue.md
* tus.md
* webcam.md
* xhrupload.md
* writing-plugins
* thumbnail-generator
* svelte
* react-dragdrop
* stores
* do not over simplify
* statusbar
* robodog
* robodog-upload
* robodog-picker
* robodog-form
* robodog-dashboard
* redux
* privacy
* uppy.md
* transloadit.md
* react-native
* react-initializing
* react-fileinput
* providers
* progressbar
* plugins
* plugin-common-options
* onedrive
* locales
* instagram
* informer
* index
* google-drive
* golden-retriever
* form
* fileinput
* facebook
* dropbox
* drop-target
* dragdrop
* remark-lint-no-unneeded-full-reference-link
* Try to setup unified-message-control
* Upgrade deps
* Fix collapsed link references with inline code
* Revert "remark-lint-no-unneeded-full-reference-link"
This reverts commit ca375f463b771bc81d0868f4d84f5979823cfc0a.
* remark-lint-uppy: add missing `"main"` field
* Update package-lock.json
* add disable comments
* fixup! xhrupload.md
* writing-plugins
* unsplash
* tus
* stores
* migration-guide
* dashboard
* community-projects
* box
* integration_help
* blog posts
* companion
* aws-s3
* aws-s3-multipart
* remark-lint-uppy README
* website/inject
* BUNDLE-README
* READMEs
* architecture
* move Remark settings to the plugin
* add `listItemIndent` setting
* list indent fix
* fix ignored files
* revert changelog changes
* fixup! architecture
* Revert changes in ignored files
* Remove unnecessary HTML tags from READMEs
2021-10-14 16:10:45 +02:00
Merlijn Vos
f01538ba41
Resolve all type TODO's ( #2963 )
2021-07-20 14:40:31 +02:00
Antoine du Hamel
e4c53bdad7
deps: remove rimraf in favor of built-in fs.rm
2021-07-07 15:48:23 +02:00
Renée Kooi
c1d15abf10
error on import lint failure + some misc lint fixes ( #2813 )
...
Co-authored-by: Artur Paikin <artur@arturpaikin.com>
2021-03-20 11:02:49 +01:00
Kevin van Zonneveld
764c2ccada
Update Linter ( #2796 )
...
* relocate .vscode
* Switch to transloadit linter
* Update .eslintrc.json
* autofix code
* unlink and install eslint-config-transloadit@1.1.1
* Change 0 to "off"
* Don't change 'use strict'
* Do not vertically align
* disable key-spacing
* add import/no-extraneous-dependencies per package
* add more react/a11y warnings
* Revert "autofix code"
This reverts commit 14c8a8cde8 .
* add import/no-extraneous-dependencies per example and main package
* autofix code (2)
* Allow devDependencies in ./bin
* Change import/no-extraneous-dependencies to warn again
* upgrade linter
* Set import/no-extraneous-dependencies to warn
2021-03-15 16:25:17 +00:00
Renée Kooi
f6b9106dbe
examples: update configs for Companion 2.0+
2021-01-21 14:50:07 +01:00
Renée Kooi
8c826313b6
A few docs things ( #2371 )
2020-07-29 12:17:27 +02:00
Renée Kooi
697ad04a34
examples: document npm run build, closes #2024
2020-03-30 16:07:24 +02:00
Renée Kooi
7b2283d8ef
examples: add npm run example script
...
a bad result from adding the examples as dependencies of the root
repository is that they now don't have access to the npm binaries they
need to run in their own folder, because they are installed into the
root repository instead.
this works around that issue.
we may need to consider undoing that change and making the examples work
as standalone projects again, that's easier to understand.
fixes #2024 for now.
2020-01-15 11:16:56 +01:00
Renée Kooi
e74690e20c
examples: remove UPPYSERVER_ references
2019-11-20 16:55:30 +01:00
Renée Kooi
1ab63aa395
examples: support COMPANION_AWS_ENDPOINT env var in aws+companion example
2019-11-01 10:29:55 +01:00
Renée Kooi
10bc79574e
lerna link convert ( #1730 )
...
* lerna link convert
* ci: use npm ci
* update lockfile
* companion: set `bin` to source file
Since typescript doesn't actually transform anything, we can just use
this.
In a next major version we could set `noEmit: true` in the tsconfig and
stop publishing `lib`.
* companion: do chmod +x on start-server.js
* build: remove obsolete lerna config
* build: explicitly install latest versions when building e2e tests for ci
* Remove versions from private packages
* fix regex
* try fix
* ci: force npm to install to endtoend folder
* ci: fold up e2e build output
* Update netlify deploy preview command
* Remove mentions of npm run bootstrap
* Edit .github/CONTRIBUTING.md instead
* companion: add proxy executable
* companion: fix publish
* Downgrade jest to appease create-react-app
2019-07-19 12:16:36 +02:00
magumbo
f71ec6a5de
Missing build step from readme, npm start will fail without this ( #1735 )
2019-07-17 11:43:26 +02:00