mirror of
https://github.com/transloadit/uppy.git
synced 2026-07-17 16:50:22 +00:00
399 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
cd34c9cf4f
|
upgrade @types/cors and @types/morgan (#6360)
see #6297 --------- Co-authored-by: Prakash <qxprakash@gmail.com> |
||
|
|
981fcedd71
|
@uppy/upgrade devdeps v3 (#6319)
AI disclaimer: AI used ## Changes - **vite 7 → 8** - **@vitejs/plugin-react 4 → 6** (peer-requires vite ^8; drops Babel for oxc) - **@tailwindcss/vite 4.1 → 4.3** (first 4.x with a vite ^8 peer range) - `examples/react/vitest.config.ts`: add `resolve.dedupe: ['react', 'react-dom']` : reason explained in comments |
||
|
|
675b48fa14
|
@uppy/upgrade devdeps v2 (#6318)
AI disclaimer : AI used ## Changes - **jsdom 26 → 29** across all packages' devDependencies — **except`@uppy/aws-s3`** (left at 26; that plugin is being rewritten and its deps are handled on the rewrite branch). - **`@uppy/xhr-upload` unit tests migrated from nock to MSW**, and `nock` dropped from its devDependencies. ## Why the test migration was needed jsdom **28** overhauled resource loading so `XMLHttpRequest` now goes through jsdom's internal (undici-based) fetch instead of Node's `http` module ([jsdom 28 release notes](https://github.com/jsdom/jsdom/releases/tag/28.0.0)). nock intercepts at the Node `http` / `http.ClientRequest` layer ([nock README](https://github.com/nock/nock)), so it can no longer see uppy's upload requests — the mocked responses never arrive and the tests time out. (This is the long-standing nock + jsdom XHR incompatibility: [nock#518](https://github.com/nock/nock/issues/518).) --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
|
|
1427add64a
|
@uppy/upgrade-devdeps-v1 (#6317)
Part of the dev-dependency major-version upgrades. These required code changes so they're split out from the no-code-change batch (#6315). **AI Disclaimer** : AI Used - **glob 8 → 13** — `@uppy/locales` scripts: the callback API was removed, so `getPaths()` uses the promise form and `test.mjs` uses the named `globSync`. - **npm-packlist 5 → 11** — `upload-to-cdn.js`: v7+ takes an `@npmcli/arborist` tree instead of `{ path }`; loads the tree and passes it to `packlist()`. Adds `@npmcli/arborist` as a devDependency. - **nock 13 → 14** (`@uppy/companion`) — the v14 @mswjs/interceptors rewrite crashed the SSRF tests in `http-agent.test.ts`; nock interception is now kept off by default and only activated for the one test that mocks a host. - **@types/use-sync-external-store 0 → 1** — `@uppy/react`: v1's exports map only exposes extensionless subpaths, so imports use `use-sync-external-store/shim` and `/with-selector` (runtime supports both). |
||
|
|
d7aaab7ad1
|
@uppy: upgrade dev deps (#6315)
addresses #6297 I'll raise another PR which would include deps which require code changes |
||
|
|
7ea7530997
|
upgrade playwright (#6316)
fixes the timeout which we're facing in "CI / Test" in the past few days which gets stuck at "Install Playwright Browsers" https://github.com/transloadit/uppy/actions/runs/26646754991/job/78534314307?pr=6315 tested on my local fork |
||
|
|
c3c7cef4ed
|
@uppy: upgrade deps (#6307)
will do a separte PR for changes which would require code changes so it's easier to review , didn't upgrade any deps for `@uppy/aws-s3` since we'll merge the rewrite so I think we should do that upgrade in the rewrite branch before merging. update : Dependency upgrades which required code changes were raised separately - #6309 - #6310 --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
|
|
ef370da2b3
|
Revert "@uppy/tus: don't abort errored request" (#6313)
Reverts transloadit/uppy#6312 |
||
|
|
51acfe9e6c
|
@uppy/tus: don't abort errored request (#6312)
this fixes #6287 , another similar attempted fix which didn't got merged : #5683 in #5683 we discussed a more longer term solution but IMO that would be a breaking change as it would change the event contract AI Disclaimer : AI Used This fix is Manually Tested across **Chrome and Firefox** |
||
|
|
5519b84409
|
@uppy: upgrade biome and more improvements (#6244)
- This PR upgrades `biome` from `2.0.5` -> `2.1.2` and adds two new rules - [noUnusedImports](https://biomejs.dev/linter/rules/no-unused-private-class-members) ( we already had suppressions for this rule in code, but the rule itself was never enabled in the config ) - [noUnusedPrivateClassMembers](https://biomejs.dev/linter/rules/no-unused-private-class-members/) - remove stale suppressions. - remove stale code. --------- Co-authored-by: Mikael Finstad <finstaden@gmail.com> |
||
|
|
9143d41bc2
|
@uppy/companion: upgrade dev deps (#6300)
all the dev deps upgraded excepts for these : - `@types/cors: 2.8.6` - `@types/jsonwebtoken: 8.3.7` - `@types/morgan: 1.7.37` - `@types/node: ^20.19.0` - `nock: ^13.1.3` upgrading these to their latest major either breaks the test suite or requires us to do code changes on our end. #6297 --------- Co-authored-by: Mikael Finstad <finstaden@gmail.com> |
||
|
|
3c537e2780
|
Companion upgrade deps (#6305)
recreates #6296 --------- Co-authored-by: Prakash <qxprakash@gmail.com> |
||
|
|
d9d44ce5e5
|
upgrade to express v5 (#6304)
exact copy of #6175 - I will point the uppy deps upgrade pr to this PR's branch - no other changes needed in this branch as #6175 was reviewed and all the comments were resolved this should be the order of merge : 1. #6300 2. uppy deps upgrade ( yet to be raised ) 3. merge this to main 4. merge biome changes #6244 @mifi let me know if you think otherwise. --------- Co-authored-by: Mikael Finstad <finstaden@gmail.com> |
||
|
|
d9742ba4e4
|
Revert "Upgrade to express 5" (#6303)
Reverts transloadit/uppy#6175 |
||
|
|
489d76717c
|
Upgrade to express 5 (#6175)
closes #6157 https://expressjs.com/en/guide/migrating-5.html --------- Co-authored-by: Prakash <qxprakash@gmail.com> |
||
|
|
5efc32a2e7
|
remove angular eslint (#6164)
closes #6161 --------- Co-authored-by: Prakash <qxprakash@gmail.com> |
||
|
|
12de077e6d
|
remove @uppy/instagram (#6257)
closes #5455 , this PR removes all Instagram support from both the client and Companion server. Removed: - Instagram from @uppy/remote-sources (src, package.json, keywords) - Instagram export from uppy bundle (bundle.ts, index.ts, package.json) - Companion Instagram OAuth provider (provider/index.js, grant.js) - Companion standalone helper Instagram env vars (helper.js, env_example) - All Companion Instagram tests (providers.test.js, provider-manager.test.js, fixtures/index.js, mockserver.js) |
||
|
|
e99a17f1fe
|
companion: port to TypeScript (#6179)
Supersedes #6178. This branch keeps the exact same final content as #6178, but splits history for reviewability: 1. `chore(companion): rename source and test files from .js to .ts` (pure `git mv`, no content changes) 2. `feat(companion): port Companion to TypeScript` (actual content/type/schema/build updates) Validation note: - Final tree is byte-for-byte identical to `ts-companion` (`7b5b16a298690b0492de4cc4fab744f998b45570`). --------- Co-authored-by: Mikael Finstad <finstaden@gmail.com> |
||
|
|
a86c6240f4
|
@uppy: upgrade esbuild from "^0.25.0" -> "^0.27.0" (#6235)
this should fix CI error in bundlers workflow , more context : https://transloadit.slack.com/archives/C0FMW9PSB/p1773989607853769?thread_ts=1773336079.954969&cid=C0FMW9PSB |
||
|
|
ddae349193
|
@uppy/examples: mock tus endpoint for react, vue and svelte tests (#6215)
this fixes #6176 --------- Co-authored-by: Mikael Finstad <finstaden@gmail.com> |
||
|
|
23cbd4a05a
|
@uppy/xhr-upload: add browser tests (#6169)
Good to have actual browser tests for this uploader. |
||
|
|
63c56c9d1d
|
build(deps-dev): bump tar from 7.5.7 to 7.5.8 (#6185)
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.7 to 7.5.8. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
4652dc6a4a
|
upgrade aws-sdk in @uppy/companion (#6180)
this fixes #6167
AI summary :
**The Bug: S3 Multipart Upload Fails with InvalidPart**
**What happened**
When uploading large files (200MB+) from Google Drive → Companion → S3
using multipart upload, the upload would reach ~96-100% and then fail
with S3's `InvalidPart` error on `CompleteMultipartUpload`.
*Root cause*
_A version mismatch between two AWS SDK packages caused by yarn dedupe._
Commit `
|
||
|
|
41d7268af8
|
build(deps): bump next from 15.5.9 to 16.1.5 (#6160)
Bumps [next](https://github.com/vercel/next.js) from 15.5.9 to 16.1.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.1.5</h2> <p>Please refer the following changelogs for more information about this security release:</p> <p><a href="https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472">https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472</a> <a href="https://vercel.com/changelog/summary-of-cve-2026-23864">https://vercel.com/changelog/summary-of-cve-2026-23864</a></p> <h2>v16.1.4</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Only filter next config if experimental flag is enabled (<a href="https://redirect.github.com/vercel/next.js/issues/88733">#88733</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v16.1.3</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Fix linked list bug in LRU deleteFromLru (<a href="https://redirect.github.com/vercel/next.js/issues/88652">#88652</a>)</li> <li>Fix relative same host redirects in node middleware (<a href="https://redirect.github.com/vercel/next.js/issues/88253">#88253</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/acdlite"><code>@acdlite</code></a> and <a href="https://github.com/ijjk"><code>@ijjk</code></a> for helping!</p> <h2>v16.1.2</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Turbopack: Update to swc_core v50.2.3 (<a href="https://redirect.github.com/vercel/next.js/issues/87841">#87841</a>) (<a href="https://redirect.github.com/vercel/next.js/issues/88296">#88296</a>) <ul> <li>Fixes a crash when processing mdx files with multibyte characters. (<a href="https://redirect.github.com/vercel/next.js/issues/87713">#87713</a>)</li> </ul> </li> <li>Turbopack: <a href="https://microsoft.github.io/mimalloc/">mimalloc</a> upgrade and enabling it on musl (<a href="https://redirect.github.com/vercel/next.js/issues/88503">#88503</a>) (<a href="https://redirect.github.com/vercel/next.js/issues/87815">#87815</a>) (<a href="https://redirect.github.com/vercel/next.js/issues/88426">#88426</a>) <ul> <li>Fixes <a href="https://redirect.github.com/vercel/next.js/pull/88426">a significant performance issue</a> on musl-based Linux distributions (e.g. Alpine in Docker) related to musl's allocator.</li> <li>Other platforms have always used mimalloc, but we previously did not use mimalloc on musl because of compilation issues that have since been resolved.</li> </ul> </li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v16.1.1</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
24632aea47
|
build(deps-dev): bump tar from 7.5.5 to 7.5.7 (#6158)
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.5 to 7.5.7. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
850c1cb1c5
|
Add useImageEditor (#6122)
- Create image editor abstraction in `@uppy/components`
- Refactor `Editor` (Preact) and `ImageEditor` (Uppy plugin) to put all
methods in the Uppy plugin class so they can be reused by the headless
abstraction
- Create framework hooks for React, Vue, Svelte
- Update all examples to showcase the new hook
- Symlink the `cropper.scss` (just regular CSS) from
`@uppy/image-editor` into `@uppy/components`, update `build:css` in all
framework packages to copy that file too into their own `dist/` output.
- cropper-js needs basic CSS to do the rotations and stuff which would
be very tedious to write yourself so we ship that CSS file to consumers
too so they can just import it.
- Fix memory leak where we created the image on each render inside the
original Preact plugin UI
```ts
import type { UppyFile } from '@uppy/core'
import { useImageEditor } from '@uppy/react'
interface ImageEditorProps {
file: UppyFile<any, any>
close: () => void
}
export function ImageEditor({ file, close }: ImageEditorProps) {
const {
state,
getImageProps,
getSaveButtonProps,
getCancelButtonProps,
getRotateButtonProps,
getFlipHorizontalButtonProps,
getZoomButtonProps,
getCropSquareButtonProps,
getCropLandscapeButtonProps,
getCropPortraitButtonProps,
getResetButtonProps,
getRotationSliderProps,
} = useImageEditor({ file })
return (
<div className="p-4 max-w-2xl w-full">
<div className="flex justify-between items-center mb-4">
<h2 className="text-xl font-bold">Edit Image</h2>
<button
type="button"
onClick={close}
className="text-gray-500 hover:text-gray-700"
>
✕
</button>
</div>
<div className="mb-4">
{/* biome-ignore lint/a11y/useAltText: alt is provided by getImageProps() */}
<img
className="w-full max-h-[400px] rounded-lg border-2"
{...getImageProps()}
/>
</div>
<div className="mb-4">
<label className="block text-sm font-medium mb-2">
Fine Rotation: {state.angle}°
<input className="w-full mt-1" {...getRotationSliderProps()} />
</label>
</div>
<div className="flex gap-2 flex-wrap mb-4">
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getRotateButtonProps(-90)}
>
↶ -90°
</button>
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getRotateButtonProps(90)}
>
↷ +90°
</button>
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getFlipHorizontalButtonProps()}
>
⇆ Flip
</button>
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getZoomButtonProps(0.1)}
>
+ Zoom
</button>
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getZoomButtonProps(-0.1)}
>
- Zoom
</button>
</div>
<div className="flex gap-2 flex-wrap mb-4">
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getCropSquareButtonProps()}
>
1:1
</button>
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getCropLandscapeButtonProps()}
>
16:9
</button>
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getCropPortraitButtonProps()}
>
9:16
</button>
<button
className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
{...getResetButtonProps()}
>
Reset
</button>
</div>
<div className="flex gap-4 justify-end">
<button
className="bg-gray-500 text-white px-4 py-2 rounded-md"
{...getCancelButtonProps({ onClick: close })}
>
Cancel
</button>
<button
className="bg-green-500 text-white px-4 py-2 rounded-md disabled:opacity-50 disabled:bg-green-300"
{...getSaveButtonProps({ onClick: close })}
>
Save
</button>
</div>
</div>
)
}
export default ImageEditor
```
https://github.com/user-attachments/assets/4b0a99cc-8489-41a2-aa3b-ce88110025bf
---------
Co-authored-by: Prakash <qxprakash@gmail.com>
|
||
|
|
09bf6857a1
|
build(deps): bump lodash from 4.17.21 to 4.17.23 (#6152)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
877b2f8607
|
build(deps-dev): bump tar from 7.5.3 to 7.5.4 (#6149)
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.3 to 7.5.4. <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
efda84cc23
|
@uppy/transloadit: use lighter types package (#6147)
We don't need to drag in the entire SDK just for types. |
||
|
|
ce39081512
|
build(deps-dev): bump tar from 6.2.1 to 7.5.3 (#6146)
Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.1 to 7.5.3. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>7.5</h2> <ul> <li>Added <code>zstd</code> compression support.</li> </ul> <h2>7.4</h2> <ul> <li>Deprecate <code>onentry</code> in favor of <code>onReadEntry</code> for clarity.</li> </ul> <h2>7.3</h2> <ul> <li>Add <code>onWriteEntry</code> option</li> </ul> <h2>7.2</h2> <ul> <li>DRY the command definitions into a single <code>makeCommand</code> method, and update the type signatures to more appropriately infer the return type from the options and arguments provided.</li> </ul> <h2>7.1</h2> <ul> <li>Update minipass to v7.1.0</li> <li>Update the type definitions of <code>write()</code> and <code>end()</code> methods on <code>Unpack</code> and <code>Parser</code> classes to be compatible with the NodeJS.WritableStream type in the latest versions of <code>@types/node</code>.</li> </ul> <h2>7.0</h2> <ul> <li>Drop support for node <18</li> <li>Rewrite in TypeScript, provide ESM and CommonJS hybrid interface</li> <li>Add tree-shake friendly exports, like <code>import('tar/create')</code> and <code>import('tar/read-entry')</code> to get individual functions or classes.</li> <li>Add <code>chmod</code> option that defaults to false, and deprecate <code>noChmod</code>. That is, reverse the default option regarding explicitly setting file system modes to match tar entry settings.</li> <li>Add <code>processUmask</code> option to avoid having to call <code>process.umask()</code> when <code>chmod: true</code> (or <code>noChmod: false</code>) is set.</li> </ul> <h2>6.2</h2> <ul> <li>Add support for brotli compression</li> <li>Add <code>maxDepth</code> option to prevent extraction into excessively deep folders.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
b3d9ef5cce
|
build(deps-dev): bump @sveltejs/kit from 2.20.7 to 2.49.5 (#6143)
Bumps [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) from 2.20.7 to 2.49.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/kit/releases"><code>@sveltejs/kit</code>'s releases</a>.</em></p> <blockquote> <h2><code>@sveltejs/kit</code><a href="https://github.com/2"><code>@2</code></a>.49.5</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: avoid overriding Vite default <code>base</code> when running Vitest 4 (<a href="https://redirect.github.com/sveltejs/kit/pull/14866">#14866</a>)</p> </li> <li> <p>fix: ensure url decoded pathnames are not mistaken as rerouted requests (<a href=" |
||
|
|
ca9214d67b
|
Upgrade yarn (#6133) | ||
|
|
e6e1466ac8
|
Fix useless security warnings (#6132)
We are not vulnerable but we keep getting warning about it so let's updrade deps regardless |
||
|
|
3c159b1740
|
build(deps): bump @angular/compiler from 19.2.17 to 19.2.18 (#6128)
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 19.2.17 to 19.2.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/compiler</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.18</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
|
|
71e8a56127
|
build(deps): bump @angular/core from 19.2.17 to 19.2.18 (#6129)
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) from 19.2.17 to 19.2.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/core</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.18</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
|
|
20fce4cc34
|
build(deps): bump react-router from 7.8.2 to 7.12.0 (#6127)
Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 7.8.2 to 7.12.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/releases">react-router's releases</a>.</em></p> <blockquote> <h2>v7.12.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120</a></p> <h2>v7.11.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110</a></p> <h2>v7.10.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101</a></p> <h2>v7.10.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100</a></p> <h2>v7.9.6</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796</a></p> <h2>v7.9.5</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795</a></p> <h2>v7.9.4</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794</a></p> <h2>v7.9.3</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793</a></p> <h2>v7.9.2</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792</a></p> <h2>v7.9.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791</a></p> <h2>v7.9.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's changelog</a>.</em></p> <blockquote> <h2>7.12.0</h2> <h3>Minor Changes</h3> <ul> <li>Add additional layer of CSRF protection by rejecting submissions to UI routes from external origins. If you need to permit access to specific external origins, you can specify them in the <code>react-router.config.ts</code> config <code>allowedActionOrigins</code> field. (<a href="https://redirect.github.com/remix-run/react-router/pull/14708">#14708</a>)</li> </ul> <h3>Patch Changes</h3> <ul> <li> <p>Fix <code>generatePath</code> when used with suffixed params (i.e., "/books/:id.json") (<a href="https://redirect.github.com/remix-run/react-router/pull/14269">#14269</a>)</p> </li> <li> <p>Export <code>UNSAFE_createMemoryHistory</code> and <code>UNSAFE_createHashHistory</code> alongside <code>UNSAFE_createBrowserHistory</code> for consistency. These are not intended to be used for new apps but intended to help apps usiong <code>unstable_HistoryRouter</code> migrate from v6->v7 so they can adopt the newer APIs. (<a href="https://redirect.github.com/remix-run/react-router/pull/14663">#14663</a>)</p> </li> <li> <p>Escape HTML in scroll restoration keys (<a href="https://redirect.github.com/remix-run/react-router/pull/14705">#14705</a>)</p> </li> <li> <p>Validate redirect locations (<a href="https://redirect.github.com/remix-run/react-router/pull/14706">#14706</a>)</p> </li> <li> <p>[UNSTABLE] Pass <code><Scripts nonce></code> value through to the underlying <code>importmap</code> <code>script</code> tag when using <code>future.unstable_subResourceIntegrity</code> (<a href="https://redirect.github.com/remix-run/react-router/pull/14675">#14675</a>)</p> </li> <li> <p>[UNSTABLE] Add a new <code>future.unstable_trailingSlashAwareDataRequests</code> flag to provide consistent behavior of <code>request.pathname</code> inside <code>middleware</code>, <code>loader</code>, and <code>action</code> functions on document and data requests when a trailing slash is present in the browser URL. (<a href="https://redirect.github.com/remix-run/react-router/pull/14644">#14644</a>)</p> <p>Currently, your HTTP and <code>request</code> pathnames would be as follows for <code>/a/b/c</code> and <code>/a/b/c/</code></p> <table> <thead> <tr> <th>URL <code>/a/b/c</code></th> <th><strong>HTTP pathname</strong></th> <th><strong><code>request</code> pathname`</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Document</strong></td> <td><code>/a/b/c</code></td> <td><code>/a/b/c</code> ✅</td> </tr> <tr> <td><strong>Data</strong></td> <td><code>/a/b/c.data</code></td> <td><code>/a/b/c</code> ✅</td> </tr> </tbody> </table> <table> <thead> <tr> <th>URL <code>/a/b/c/</code></th> <th><strong>HTTP pathname</strong></th> <th><strong><code>request</code> pathname`</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Document</strong></td> <td><code>/a/b/c/</code></td> <td><code>/a/b/c/</code> ✅</td> </tr> <tr> <td><strong>Data</strong></td> <td><code>/a/b/c.data</code></td> <td><code>/a/b/c</code> ⚠️</td> </tr> </tbody> </table> <p>With this flag enabled, these pathnames will be made consistent though a new <code>_.data</code> format for client-side <code>.data</code> requests:</p> <table> <thead> <tr> <th>URL <code>/a/b/c</code></th> <th><strong>HTTP pathname</strong></th> <th><strong><code>request</code> pathname`</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Document</strong></td> <td><code>/a/b/c</code></td> <td><code>/a/b/c</code> ✅</td> </tr> <tr> <td><strong>Data</strong></td> <td><code>/a/b/c.data</code></td> <td><code>/a/b/c</code> ✅</td> </tr> </tbody> </table> <table> <thead> <tr> <th>URL <code>/a/b/c/</code></th> <th><strong>HTTP pathname</strong></th> <th><strong><code>request</code> pathname`</strong></th> </tr> </thead> <tbody> <tr> <td><strong>Document</strong></td> <td><code>/a/b/c/</code></td> <td><code>/a/b/c/</code> ✅</td> </tr> <tr> <td><strong>Data</strong></td> <td><code>/a/b/c/_.data</code> ⬅️</td> <td><code>/a/b/c/</code> ✅</td> </tr> </tbody> </table> <p>This a bug fix but we are putting it behind an opt-in flag because it has the potential to be a "breaking bug fix" if you are relying on the URL format for any other application or caching logic.</p> <p>Enabling this flag also changes the format of client side <code>.data</code> requests from <code>/_root.data</code> to <code>/_.data</code> when navigating to <code>/</code> to align with the new format. This does not impact the <code>request</code> pathname which is still <code>/</code> in all cases.</p> </li> <li> <p>Preserve <code>clientLoader.hydrate=true</code> when using <code><HydratedRouter unstable_instrumentations></code> (<a href="https://redirect.github.com/remix-run/react-router/pull/14674">#14674</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
fd8f54f542
|
build(deps): bump preact from 10.26.9 to 10.26.10 (#6123)
Bumps [preact](https://github.com/preactjs/preact) from 10.26.9 to 10.26.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/preactjs/preact/releases">preact's releases</a>.</em></p> <blockquote> <h2>10.26.10</h2> <h2>Fixes</h2> <ul> <li>Enforce strict equality for VNode object constructors</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
101fd8ca84
|
build(deps): bump next from 15.5.7 to 15.5.9 (#6104)
Bumps [next](https://github.com/vercel/next.js) from 15.5.7 to 15.5.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.9</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
943ed7ad56
|
Upgrade playwright in all packages (#6086)
To resolve security advisories. Should be merged after #6085
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Upgrades Playwright to 1.57.0 across examples and packages, updating
corresponding yarn.lock entries.
>
> - **Dependencies**:
> - Bump `playwright` to `1.57.0` in `examples/react/package.json`,
`examples/sveltekit/package.json`, `examples/vue/package.json`,
`packages/@uppy/dashboard/package.json`, and
`packages/@uppy/url/package.json`.
> - Update `yarn.lock` to `playwright@1.57.0` and
`playwright-core@1.57.0`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
|
78d0c28079
|
build(deps): bump jws from 3.2.2 to 3.2.3 (#6091)
Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to 3.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/brianloveswords/node-jws/releases">jws's releases</a>.</em></p> <blockquote> <h2>v3.2.3</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 1.4.2, addressing a compatibility issue for Node >= 25.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/auth0/node-jws/blob/master/CHANGELOG.md">jws's changelog</a>.</em></p> <blockquote> <h2>[3.2.3]</h2> <h3>Changed</h3> <ul> <li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now require that a non empty secret is provided (via opts.secret, opts.privateKey or opts.key) when using HMAC algorithms.</li> <li>Upgrading JWA version to 1.4.2, adressing a compatibility issue for Node >= 25.</li> </ul> <h2>[3.0.0]</h2> <h3>Changed</h3> <ul> <li><strong>BREAKING</strong>: <code>jwt.verify</code> now requires an <code>algorithm</code> parameter, and <code>jws.createVerify</code> requires an <code>algorithm</code> option. The <code>"alg"</code> field signature headers is ignored. This mitigates a critical security flaw in the library which would allow an attacker to generate signatures with arbitrary contents that would be accepted by <code>jwt.verify</code>. See <a href="https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/">https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/</a> for details.</li> </ul> <h2><a href="https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0">2.0.0</a> - 2015-01-30</h2> <h3>Changed</h3> <ul> <li> <p><strong>BREAKING</strong>: Default payload encoding changed from <code>binary</code> to <code>utf8</code>. <code>utf8</code> is a is a more sensible default than <code>binary</code> because many payloads, as far as I can tell, will contain user-facing strings that could be in any language. (<!-- raw HTML omitted --><a href=" |
||
|
|
3c3034b408
|
Dedupe dependencies (#6085)
With `yarn dedupe`. New type error surfaced due to new types getting
loaded.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Dedupes dependencies and updates code: aligns S3 presign tests with
checksum behavior, narrows HMAC key type, tweaks AudioOscilloscope
buffer typing, and simplifies Tus success logging.
>
> - **AWS S3**:
> - Tests: add `requestChecksumCalculation` (from
`@aws-sdk/middleware-flexible-checksums`) to `S3Client` options to match
presign behavior.
> - Impl: change `generateHmacKey` signature to accept `string |
ArrayBuffer` (remove `Uint8Array`).
> - **Audio**:
> - `AudioOscilloscope`: change `dataArray` type to
`Uint8Array<ArrayBuffer>`.
> - **Tus**:
> - Simplify success log to `Download <url>` (remove file name
extraction).
> - **Dependencies**:
> - Deduplicate/upgrade various packages in lockfile.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
|
e4558362b8
|
build(deps): bump next from 15.5.2 to 15.5.7 (#6088)
Bumps [next](https://github.com/vercel/next.js) from 15.5.2 to 15.5.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.7</h2> <p>Please see <a href="https://nextjs.org/blog/CVE-2025-66478">CVE-2025-66478</a> for additional details about this release.</p> <h2>v15.5.6</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Turbopack: don't define process.cwd() in node_modules <a href="https://redirect.github.com/vercel/next.js/issues/83452">#83452</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.5.5</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Split code-frame into separate compiled package (<a href="https://redirect.github.com/vercel/next.js/issues/84238">#84238</a>)</li> <li>Add deprecation warning to Runtime config (<a href="https://redirect.github.com/vercel/next.js/issues/84650">#84650</a>)</li> <li>fix: unstable_cache should perform blocking revalidation during ISR revalidation (<a href="https://redirect.github.com/vercel/next.js/issues/84716">#84716</a>)</li> <li>feat: <code>experimental.middlewareClientMaxBodySize</code> body cloning limit (<a href="https://redirect.github.com/vercel/next.js/issues/84722">#84722</a>)</li> <li>fix: missing next/link types with typedRoutes (<a href="https://redirect.github.com/vercel/next.js/issues/84779">#84779</a>)</li> </ul> <h3>Misc Changes</h3> <ul> <li>docs: early October improvements and fixes (<a href="https://redirect.github.com/vercel/next.js/issues/84334">#84334</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/ztanner"><code>@ztanner</code></a>, and <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
5684efa64e
|
Introduce @uppy/image-generator (#6056)
Closes #5378
- Introduce `@uppy/image-generator`, a new plugin to generate images
based on a prompt via Transloadit
- until we have "golden templates" the idea is to just send
[steps](https://transloadit.com/docs/topics/templates/#overruling-templates-at-runtime)
- because we must send steps and since we must use signature
authentication for security, which is signed based on the params we
send, we can't reuse the `assemblyOptions` the consumers is already
passing to `@uppy/transloadit` (if they use that uploaders, not needed).
- Remove `SearchInput` (this component was trying to be too many things,
all with conditional boolean props, which is bad practise) in favor of
`useSearchForm` and reuse this hook in two new components `SearchView`
and `FilterInput`
- Reuse all the styles from `SearchProviderView`. This deviates from the
design in #5378. It felt too inconsistent to me to do another UI here
again. For the initial version, I think it's best to stay consistent and
then redesign with search providers taken into account too.
- Because the service is so slow, I went a bit further with the loading
state to show funny messages that rotate while loading mostly because
users will start thinking it is broken after 5 seconds while it fact we
are still loading. But open to ideas here.
This unfortunately means the integration for the consumer is not as lean
and pretty as you would hope. On the upside, it does give them complete
freedom.
```ts
.use(ImageGenerator, {
assemblyOptions: async (prompt) => {
const res = await fetch(`/assembly-options?prompt=${encodeURIComponent(prompt)}`)
return res.json()
}
})
```
on the consumer's server:
```ts
import crypto from 'node:crypto'
const utcDateString = (ms) => {
return new Date(ms)
.toISOString()
.replace(/-/g, '/')
.replace(/T/, ' ')
.replace(/\.\d+Z$/, '+00:00')
}
// expire 1 hour from now (this must be milliseconds)
const expires = utcDateString(Date.now() + 1 * 60 * 60 * 1000)
const authKey = 'YOUR_TRANSLOADIT_KEY'
const authSecret = 'YOUR_TRANSLOADIT_SECRET'
const params = JSON.stringify({
auth: {
key: authKey,
expires,
},
// can not contain any more steps, the only step must be /image/generate
steps: {
generated_image: { // can be named different
robot: '/image/generate',
result: true, // mandatory
aspect_ratio: '2:3', // up to them
model: 'flux-1.1-pro-ultra', // up to them
prompt, // mandatory
num_outputs: 2, // up to them
},
},
})
const signatureBytes = crypto.createHmac('sha384', authSecret).update(Buffer.from(params, 'utf-8'))
// The final signature needs the hash name in front, so
// the hashing algorithm can be updated in a backwards-compatible
// way when old algorithms become insecure.
const signature = `sha384:${signatureBytes.digest('hex')}`
// respond with { params, signature } JSON to the client
```
https://github.com/user-attachments/assets/9217e457-b38b-48ac-81f0-37a417309e98
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Adds AI image generation plugin using Transloadit, exports low-level
Transloadit APIs, and replaces SearchInput with new
FilterInput/SearchView + useSearchForm across provider views.
>
> - **New plugin: `@uppy/image-generator`**
> - UI plugin to generate images from a prompt via Transloadit
(`src/index.tsx`, styles, locale, build configs).
> - Integrated into dev Dashboard and included in `uppy` bundle and
global styles.
> - **Provider Views refactor**
> - Remove `SearchInput`; introduce `useSearchForm`, `SearchView`, and
`FilterInput` components.
> - Update `ProviderView`, `SearchProviderView`, and `Webdav` to use new
components; export them from `@uppy/provider-views`.
> - **Transloadit updates**
> - Export `Assembly`, `AssemblyError`, and `Client` from
`@uppy/transloadit`.
> - Minor internal change: normalize `assemblyOptions.fields`.
> - **Locales**
> - Add strings for image generation and minor additions (e.g.,
`chooseFiles`).
> - Ensure locales build depends on `@uppy/image-generator`.
> - **Build config**
> - Turborepo: add `uppy#build:css` and hook `image-generator` into
locales build.
> - **Changesets**
> - `@uppy/image-generator` major; `@uppy/transloadit` minor;
`@uppy/locales` and `uppy` minor; `@uppy/provider-views` and
`@uppy/webdav` patch.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
|
93ef1ba0e7
|
Resolve all angular yarn warnings (#6080)
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Aligns Angular dependencies (including compiler-cli and animations) to
^19.2.17 in examples/angular and packages/@uppy/angular.
>
> - **Dependencies**:
> - `examples/angular/package.json`:
> - Bump `@angular/common`, `core`, `forms`, `platform-browser`,
`platform-browser-dynamic`, `router`, and `@angular/compiler-cli` to
`^19.2.17`.
> - `packages/@uppy/angular/package.json`:
> - Bump `@angular/animations`, `common`, `compiler`, `core`, `forms`,
`platform-browser`, `platform-browser-dynamic`, `router` to `^19.2.17`.
> - Update dev dependency `@angular/compiler-cli` to `^19.2.17`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
|
28c27e875c
|
build(deps): bump validator from 13.15.20 to 13.15.22 (#6082)
Bumps [validator](https://github.com/validatorjs/validator.js) from 13.15.20 to 13.15.22. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/validatorjs/validator.js/releases">validator's releases</a>.</em></p> <blockquote> <h2>13.15.22</h2> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2622">#2622</a> <code>isURL</code>: fix regression with hostnames with ports <a href="https://github.com/mbtools"><code>@mbtools</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2616">#2616</a> <code>isLength</code>: improve handling Unicode variation selectors <a href="https://github.com/koral"><code>@koral</code></a>--</li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2621">#2621</a> <a href="https://github.com/mbtools"><code>@mbtools</code></a></li> </ul> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mbtools"><code>@mbtools</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2622">validatorjs/validator.js#2622</a></li> <li><a href="https://github.com/koral"><code>@koral</code></a>-- made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2616">validatorjs/validator.js#2616</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22">https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md">validator's changelog</a>.</em></p> <blockquote> <h1>13.15.22</h1> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2622">#2622</a> <code>isURL</code>: fix regression with hostnames with ports <a href="https://github.com/mbtools"><code>@mbtools</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2616">#2616</a> <code>isLength</code>: improve handling Unicode variation selectors <a href="https://github.com/koral"><code>@koral</code></a>--</li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2621">#2621</a> <a href="https://github.com/mbtools"><code>@mbtools</code></a></li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
5b680f2f05
|
build(deps): bump body-parser from 1.20.3 to 1.20.4 (#6070)
Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.3 to 1.20.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/releases">body-parser's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2025-13466">CVE-2025-13466</a> (<a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>ci: add dependabot by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/593">expressjs/body-parser#593</a></li> <li>ci: use full SHAs for github action versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/594">expressjs/body-parser#594</a></li> <li>deps: type-is@^2.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/599">expressjs/body-parser#599</a></li> <li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/609">expressjs/body-parser#609</a></li> <li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/610">expressjs/body-parser#610</a></li> <li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/611">expressjs/body-parser#611</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/613">expressjs/body-parser#613</a></li> <li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/612">expressjs/body-parser#612</a></li> <li>ci: add codeql github workflows scanning by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/614">expressjs/body-parser#614</a></li> <li>ci: update CodeQL config to ignore the test directory by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/615">expressjs/body-parser#615</a></li> <li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/620">expressjs/body-parser#620</a></li> <li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/619">expressjs/body-parser#619</a></li> <li>chore(deps): unpin devDependencies by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/616">expressjs/body-parser#616</a></li> <li>ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/621">expressjs/body-parser#621</a></li> <li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/623">expressjs/body-parser#623</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/624">expressjs/body-parser#624</a></li> <li>chore: add funding to package.json by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/617">expressjs/body-parser#617</a></li> <li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/625">expressjs/body-parser#625</a></li> <li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/630">expressjs/body-parser#630</a></li> <li>refactor: move common request validation to read function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/600">expressjs/body-parser#600</a></li> <li>deps: bump iconv-lite by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/631">expressjs/body-parser#631</a></li> <li>doc: pull beta changelog forward into 2.0.0 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/629">expressjs/body-parser#629</a></li> <li>refactor: optimize raw and text parsers with shared passthrough function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/634">expressjs/body-parser#634</a></li> <li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/640">expressjs/body-parser#640</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/639">expressjs/body-parser#639</a></li> <li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/636">expressjs/body-parser#636</a></li> <li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/637">expressjs/body-parser#637</a></li> <li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/638">expressjs/body-parser#638</a></li> <li>deps: raw-body@^3.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/641">expressjs/body-parser#641</a></li> <li>deps: debug@^4.4.3 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/642">expressjs/body-parser#642</a></li> <li>docs: add iconv-lite 0.7.0 changes to history entry by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/645">expressjs/body-parser#645</a></li> <li>ci: add node.js 25 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/650">expressjs/body-parser#650</a></li> <li>perf: move read options outside parser middlewares by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/648">expressjs/body-parser#648</a></li> <li>test(json): add RFC 7159 whitespace edge cases by <a href="https://github.com/Ayoub-Mabrouk"><code>@Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/653">expressjs/body-parser#653</a></li> <li>test: add test for urlencoded invalid defaultCharset by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/643">expressjs/body-parser#643</a></li> <li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/657">expressjs/body-parser#657</a></li> <li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/656">expressjs/body-parser#656</a></li> <li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/655">expressjs/body-parser#655</a></li> <li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/654">expressjs/body-parser#654</a></li> <li>ci: also test on first supported node.js version by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/646">expressjs/body-parser#646</a></li> <li>chore: switch badges from badgen.net to shields.io by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/661">expressjs/body-parser#661</a></li> <li>Remove history.md from being packaged on publish by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/660">expressjs/body-parser#660</a></li> <li>Release: 2.2.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/659">expressjs/body-parser#659</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's changelog</a>.</em></p> <blockquote> <h1>2.2.1 / 2025-11-24</h1> <ul> <li>Security fix for <a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a></li> <li>deps: <ul> <li>type-is@^2.0.1</li> <li>iconv-lite@^0.7.0 <ul> <li>Handle split surrogate pairs when encoding UTF-8</li> <li>Avoid false positives in <code>encodingExists</code> by using prototype-less objects</li> </ul> </li> <li>raw-body@^3.0.1</li> <li>debug@^4.4.3</li> </ul> </li> </ul> <h1>2.2.0 / 2025-03-27</h1> <ul> <li>refactor: normalize common options for all parsers</li> <li>deps: <ul> <li>iconv-lite@^0.6.3</li> </ul> </li> </ul> <h1>2.1.0 / 2025-02-10</h1> <ul> <li>deps: <ul> <li>type-is@^2.0.0</li> <li>debug@^4.4.0</li> <li>Removed destroy</li> </ul> </li> <li>refactor: prefix built-in node module imports</li> <li>use the node require cache instead of custom caching</li> </ul> <h1>2.0.2 / 2024-10-31</h1> <ul> <li>remove <code>unpipe</code> package and use native <code>unpipe()</code> method</li> </ul> <h1>2.0.1 / 2024-09-10</h1> <ul> <li>Restore expected behavior <code>extended</code> to <code>false</code></li> </ul> <h1>2.0.0 / 2024-09-10</h1> <h2>Breaking Changes</h2> <ul> <li>Node.js 18 is the minimum supported version</li> <li><code>req.body</code> is no longer always initialized to <code>{}</code> <ul> <li>it is left <code>undefined</code> unless a body is parsed</li> </ul> </li> <li>Remove deprecated <code>bodyParser()</code> combination middleware</li> <li><del><code>urlencoded</code> parser now defaults <code>extended</code> to <code>false</code></del> as released, this is not the case, fixed in 2.0.1</li> <li><code>urlencoded</code> simple parser now uses <code>qs</code> module instead of <code>querystring</code> module</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
39b82fd231
|
build(deps): bump express from 4.19.2 to 4.22.0 (#6079)
Bumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.22.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.22.0</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Refactor: improve readability by <a href="https://github.com/sazk07"><code>@sazk07</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6190">expressjs/express#6190</a></li> <li>ci: add support for Node.js@23.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6080">expressjs/express#6080</a></li> <li>Method functions with no path should error by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5957">expressjs/express#5957</a></li> <li>ci: updated github actions ci workflow by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6323">expressjs/express#6323</a></li> <li>ci: reorder <code>npm i</code> steps to fix ci for older node versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6336">expressjs/express#6336</a></li> <li>Backport: ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6506">expressjs/express#6506</a></li> <li>chore(4.x): wider range for query test skip by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6513">expressjs/express#6513</a></li> <li>use tilde notation for certain dependencies by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6905">expressjs/express#6905</a></li> <li>deps: qs@6.14.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6909">expressjs/express#6909</a></li> <li>deps: use tilde notation for <code>qs</code> by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6919">expressjs/express#6919</a></li> <li>Release: 4.22.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6921">expressjs/express#6921</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.2...4.22.0">https://github.com/expressjs/express/compare/4.21.2...4.22.0</a></p> <h2>4.21.2</h2> <h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li> <li>deps: path-to-regexp@0.1.11 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li> <li>deps: bump path-to-regexp@0.1.12 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li> <li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p> <h2>4.21.1</h2> <h2>What's Changed</h2> <ul> <li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a href="https://github.com/joshbuker"><code>@joshbuker</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li> <li>Release: 4.21.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p> <h2>4.21.0</h2> <h2>What's Changed</h2> <ul> <li>Deprecate <code>"back"</code> magic string in redirects by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li> <li>finalhandler@1.3.1 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li> <li>fix(deps): serve-static@1.16.2 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li> <li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.22.0/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.22.0 / 2025-12-01</h1> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> <li>deps: use tilde notation for dependencies</li> <li>deps: qs@6.14.0</li> </ul> <h1>4.21.2 / 2024-11-06</h1> <ul> <li>deps: path-to-regexp@0.1.12 <ul> <li>Fix backtracking protection</li> </ul> </li> <li>deps: path-to-regexp@0.1.11 <ul> <li>Throws an error on invalid path values</li> </ul> </li> </ul> <h1>4.21.1 / 2024-10-08</h1> <ul> <li>Backported a fix for <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li> </ul> <h1>4.21.0 / 2024-09-11</h1> <ul> <li>Deprecate <code>res.location("back")</code> and <code>res.redirect("back")</code> magic string</li> <li>deps: serve-static@1.16.2 <ul> <li>includes send@0.19.0</li> </ul> </li> <li>deps: finalhandler@1.3.1</li> <li>deps: qs@6.13.0</li> </ul> <h1>4.20.0 / 2024-09-10</h1> <ul> <li>deps: serve-static@0.16.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: send@0.19.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: body-parser@0.6.0 <ul> <li>add <code>depth</code> option to customize the depth level in the parser</li> <li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li> </ul> </li> <li>Remove link renderization in html while using <code>res.redirect</code></li> <li>deps: path-to-regexp@0.1.10 <ul> <li>Adds support for named matching groups in the routes using a regex</li> <li>Adds backtracking protection to parameters without regexes defined</li> </ul> </li> <li>deps: encodeurl@~2.0.0 <ul> <li>Removes encoding of <code>\</code>, <code>|</code>, and <code>^</code> to align better with URL spec</li> </ul> </li> <li>Deprecate passing <code>options.maxAge</code> and <code>options.expires</code> to <code>res.clearCookie</code> <ul> <li>Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
21a8f1a467
|
build(deps): bump @angular/common from 19.2.14 to 19.2.16 (#6072)
Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 19.2.14 to 19.2.16. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/common</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.16</h2> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
|
|
d2637e4d3b
|
build(deps): bump validator from 13.12.0 to 13.15.20 (#6041)
Bumps [validator](https://github.com/validatorjs/validator.js) from 13.12.0 to 13.15.20. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/validatorjs/validator.js/releases">validator's releases</a>.</em></p> <blockquote> <h2>13.15.20</h2> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a> <code>isMobilePhone</code>: add <code>ar-QA</code> locale <a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a> <code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales (<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>, <code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>, <code>or-IN</code>) <a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a> <code>isBase64</code>: improve padding regex <a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a> <code>isVAT</code>: improve <code>FR</code> locale <a href="https://github.com/iamAmer"><code>@iamAmer</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a> <code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200 <a href="https://github.com/theofidry"><code>@theofidry</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a> <a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a> <a href="https://github.com/camillobruni"><code>@camillobruni</code></a></li> </ul> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">validatorjs/validator.js#2563</a></li> <li><a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">validatorjs/validator.js#2556</a></li> <li><a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">validatorjs/validator.js#2576</a></li> <li><a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">validatorjs/validator.js#2574</a></li> <li><a href="https://github.com/iamAmer"><code>@iamAmer</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">validatorjs/validator.js#2584</a></li> <li><a href="https://github.com/camillobruni"><code>@camillobruni</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">validatorjs/validator.js#2581</a></li> <li><a href="https://github.com/theofidry"><code>@theofidry</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">validatorjs/validator.js#2608</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20">https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20</a></p> <h2>13.15.15</h2> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><code>isMobilePhone</code> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a> improve <code>el-CY</code> locale <a href="https://github.com/rezk2ll"><code>@rezk2ll</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a> improve <code>pt-AO</code> locale <a href="https://github.com/renaldodev"><code>@renaldodev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a> improve <code>ar-OM</code> locale <a href="https://github.com/tomcastro"><code>@tomcastro</code></a></li> </ul> </li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a> <code>isIP</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a> <code>isPassportNumber</code>: improve <code>CA</code> locale <a href="https://github.com/evanbechtol"><code>@evanbechtol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a> <code>isBase64</code>: improve validation based on RFC4648 <a href="https://github.com/aseyfpour"><code>@aseyfpour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a> <code>isPostalCode</code>: improve <code>FR</code> locale <a href="https://github.com/Rajput-Balram"><code>@Rajput-Balram</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a> <code>isBefore</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a> <code>isRgbColor</code>: allow second digit in rgba alpha value <a href="https://github.com/controlol"><code>@controlol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a> <code>isIP</code>: improve IPv6 regex <a href="https://github.com/ShreySinha02"><code>@ShreySinha02</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a> <code>isPostalCode</code>: add <code>PK</code> locale <a href="https://github.com/mateeni-dev"><code>@mateeni-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a> <code>isPostalCode</code>: improve <code>TW</code> locale <a href="https://github.com/Crocsx"><code>@Crocsx</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a> <code>isPassportNumber</code>: improve <code>US</code> locale <a href="https://github.com/yitzchak-schechter"><code>@yitzchak-schechter</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a> <code>isUUID</code>: add <code>loose</code> option <a href="https://github.com/bc-m"><code>@bc-m</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a> <code>isPostalCode</code>: add <code>BD</code> locale <a href="https://github.com/tanvirrb"><code>@tanvirrb</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a> <code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a href="https://github.com/castrosu"><code>@castrosu</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a> <a href="https://github.com/EmersonRabelo"><code>@EmersonRabelo</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a> <a href="https://github.com/sgress454"><code>@sgress454</code></a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md">validator's changelog</a>.</em></p> <blockquote> <h1>13.15.20</h1> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a> <code>isMobilePhone</code>: add <code>ar-QA</code> locale <a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a> <code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales (<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>, <code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>, <code>or-IN</code>) <a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a> <code>isBase64</code>: improve padding regex <a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a> <code>isVAT</code>: improve <code>FR</code> locale <a href="https://github.com/iamAmer"><code>@iamAmer</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a> <code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200 <a href="https://github.com/theofidry"><code>@theofidry</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a> <a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a> <a href="https://github.com/camillobruni"><code>@camillobruni</code></a></li> </ul> </li> </ul> <h1>13.15.15</h1> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><code>isMobilePhone</code> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a> improve <code>el-CY</code> locale <a href="https://github.com/rezk2ll"><code>@rezk2ll</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a> improve <code>pt-AO</code> locale <a href="https://github.com/renaldodev"><code>@renaldodev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a> improve <code>ar-OM</code> locale <a href="https://github.com/tomcastro"><code>@tomcastro</code></a></li> </ul> </li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a> <code>isIP</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a> <code>isPassportNumber</code>: improve <code>CA</code> locale <a href="https://github.com/evanbechtol"><code>@evanbechtol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a> <code>isBase64</code>: improve validation based on RFC4648 <a href="https://github.com/aseyfpour"><code>@aseyfpour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a> <code>isPostalCode</code>: improve <code>FR</code> locale <a href="https://github.com/Rajput-Balram"><code>@Rajput-Balram</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a> <code>isBefore</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a> <code>isRgbColor</code>: allow second digit in rgba alpha value <a href="https://github.com/controlol"><code>@controlol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a> <code>isIP</code>: improve IPv6 regex <a href="https://github.com/ShreySinha02"><code>@ShreySinha02</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a> <code>isPostalCode</code>: add <code>PK</code> locale <a href="https://github.com/mateeni-dev"><code>@mateeni-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a> <code>isPostalCode</code>: improve <code>TW</code> locale <a href="https://github.com/Crocsx"><code>@Crocsx</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a> <code>isPassportNumber</code>: improve <code>US</code> locale <a href="https://github.com/yitzchak-schechter"><code>@yitzchak-schechter</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a> <code>isUUID</code>: add <code>loose</code> option <a href="https://github.com/bc-m"><code>@bc-m</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a> <code>isPostalCode</code>: add <code>BD</code> locale <a href="https://github.com/tanvirrb"><code>@tanvirrb</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a> <code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a href="https://github.com/castrosu"><code>@castrosu</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a> <a href="https://github.com/EmersonRabelo"><code>@EmersonRabelo</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a> <a href="https://github.com/sgress454"><code>@sgress454</code></a></li> </ul> </li> </ul> <h1>13.15.0</h1> <h3>New Features / Validators</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2399">#2399</a> <code>isISO31661Numeric</code> <a href="https://github.com/RobinvanderVliet"><code>@RobinvanderVliet</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2294">#2294</a> <code>isULID</code> <a href="https://github.com/arafatkn"><code>@arafatkn</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2215">#2215</a> <code>isISO15924</code> <a href="https://github.com/xDivisionByZerox"><code>@xDivisionByZerox</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
|
80addccf39
|
build(deps): bump js-yaml from 3.14.1 to 3.14.2 (#6067)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> <h2>[4.1.0] - 2021-04-15</h2> <h3>Added</h3> <ul> <li>Types are now exported as <code>yaml.types.XXX</code>.</li> <li>Every type now has <code>options</code> property with original arguments kept as they were (see <code>yaml.types.int.options</code> as an example).</li> </ul> <h3>Changed</h3> <ul> <li><code>Schema.extend()</code> now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as <code>abcd</code> instead of <code>cbad</code>).</li> </ul> <h2>[4.0.0] - 2021-01-03</h2> <h3>Changed</h3> <ul> <li>Check <a href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration guide</a> to see details for all breaking changes.</li> <li>Breaking: "unsafe" tags <code>!!js/function</code>, <code>!!js/regexp</code>, <code>!!js/undefined</code> are moved to <a href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a> package.</li> <li>Breaking: removed <code>safe*</code> functions. Use <code>load</code>, <code>loadAll</code>, <code>dump</code> instead which are all now safe by default.</li> <li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and <code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use <code>yaml.DEFAULT_SCHEMA</code> instead.</li> <li><code>yaml.Schema.create(schema, tags)</code> is removed, use <code>schema.extend(tags)</code> instead.</li> <li><code>!!binary</code> now always mapped to <code>Uint8Array</code> on load.</li> <li>Reduced nesting of <code>/lib</code> folder.</li> <li>Parse numbers according to YAML 1.2 instead of YAML 1.1 (<code>01234</code> is now decimal, <code>0o1234</code> is octal, <code>1:23</code> is parsed as string instead of base60).</li> <li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>, <code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li> <li>Line and column in exceptions are now formatted as <code>(X:Y)</code> instead of <code>at line X, column Y</code> (also present in compact format), <a href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li> <li>Code snippet created in exceptions now contains multiple lines with line numbers.</li> <li><code>dump()</code> now serializes <code>undefined</code> as <code>null</code> in collections and removes keys with <code>undefined</code> in mappings, <a href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li> <li><code>dump()</code> with <code>skipInvalid=true</code> now serializes invalid items in collections as null.</li> <li>Custom tags starting with <code>!</code> are now dumped as <code>!tag</code> instead of <code>!<!tag></code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li> <li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now shorthanded using <code>!!</code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li> </ul> <h3>Added</h3> <ul> <li>Added <code>.mjs</code> (es modules) support.</li> <li>Added <code>quotingType</code> and <code>forceQuotes</code> options for dumper to configure string literal style, <a href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li> <li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper (serializes <code>{ foo: null }</code> as "<code>foo: </code>"), <a href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |