Mirrors/uppy

mirror of https://github.com/transloadit/uppy.git synced 2026-01-23 02:25:07 +00:00

Author	SHA1	Message	Date
Merlijn Vos	32eb01e1b4	Remove output compare GitHub Action (#6081 ) This was nice when we were gradually migrating the codebase to TypeScript so we could see if we changed a file from `.js` to `.ts` the actual output remained the same, even when GitHub shows the entire diff changed. But now everything is TS and we aren't doing any JS to TS file changes so we might as well remove this from CI. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Removes the `.github/workflows/e2e.yml` GitHub Actions job that compared built `packages/@uppy/*/lib` outputs and posted diffs to PRs. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit `f5d6a74970`. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY -->	2025-12-03 10:31:49 +01:00
github-actions[bot]	556e36de4c	[ci] release (#6060 ) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/audio@3.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/aws-s3@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - `ac12f35`: Fix: Move completed uploads exclusion logic into uploaders. This fixes the problem where postprocessors would not run for already uploaded files. - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/box@4.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/compressor@3.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/core@5.2.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - `ac12f35`: Fix: Move completed uploads exclusion logic into uploaders. This fixes the problem where postprocessors would not run for already uploaded files. - `4817585`: added icon to webdav provider, add css to truncate large file names - Updated dependencies [`ac12f35`] - @uppy/utils@7.1.4 ## @uppy/dashboard@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - `cc3ff31`: Move golden retriever clear files logic to the restore function. This prevents race condition bugs when storing state. - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/thumbnail-generator@5.1.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/drag-drop@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/drop-target@4.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/dropbox@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/facebook@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/form@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/golden-retriever@5.2.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - `cc3ff31`: Move golden retriever clear files logic to the restore function. This prevents race condition bugs when storing state. - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/google-drive@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/google-drive-picker@1.1.0 ### Minor Changes - `e661348`: Allow selecting folders with Google Drive Picker. They will be recursively resolved. - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/google-photos-picker@1.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/image-editor@4.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/instagram@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/onedrive@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/provider-views@5.2.0 ### Minor Changes - `e661348`: Allow selecting folders with Google Drive Picker. They will be recursively resolved. - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - `4817585`: added icon to webdav provider, add css to truncate large file names - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/remote-sources@3.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`cc3ff31`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/dashboard@5.1.0 - @uppy/google-drive@5.1.0 - @uppy/instagram@5.1.0 - @uppy/facebook@5.1.0 - @uppy/onedrive@5.1.0 - @uppy/unsplash@5.1.0 - @uppy/dropbox@5.1.0 - @uppy/core@5.2.0 - @uppy/zoom@4.1.0 - @uppy/box@4.1.0 - @uppy/url@5.1.0 ## @uppy/screen-capture@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/status-bar@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/thumbnail-generator@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/transloadit@5.3.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/tus@5.1.0 - @uppy/utils@7.1.4 ## @uppy/tus@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - `ac12f35`: Fix: Move completed uploads exclusion logic into uploaders. This fixes the problem where postprocessors would not run for already uploaded files. - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/unsplash@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/url@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/webcam@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/webdav@1.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/xhr-upload@5.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - `ac12f35`: Fix: Move completed uploads exclusion logic into uploaders. This fixes the problem where postprocessors would not run for already uploaded files. - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/zoom@4.1.0 ### Minor Changes - `79e6460`: - Add PluginTypeRegistry and typed getPlugin overload in @uppy/core - Register plugin ids across packages so uppy.getPlugin('Dashboard' \| 'Webcam') returns the concrete plugin type and removes the need to pass generics in getPlugin() ### Patch Changes - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/provider-views@5.2.0 - @uppy/core@5.2.0 - @uppy/utils@7.1.4 ## @uppy/companion@6.2.1 ### Patch Changes - `4817585`: added icon to webdav provider, add css to truncate large file names ## @uppy/locales@5.0.1 ### Patch Changes - `c3c16ae`: Improve zh-CN and zh-TW locale - `8744c4d`: Improve Dutch locale - Updated dependencies [`ac12f35`] - @uppy/utils@7.1.4 ## @uppy/utils@7.1.4 ### Patch Changes - `ac12f35`: Fix: Move completed uploads exclusion logic into uploaders. This fixes the problem where postprocessors would not run for already uploaded files. ## uppy@5.1.12 ### Patch Changes - Updated dependencies [`cc3ff31`] - Updated dependencies [`c3c16ae`] - Updated dependencies [`8744c4d`] - Updated dependencies [`e661348`] - Updated dependencies [`79e6460`] - Updated dependencies [`ac12f35`] - Updated dependencies [`4817585`] - @uppy/dashboard@5.1.0 - @uppy/golden-retriever@5.2.0 - @uppy/locales@5.0.1 - @uppy/provider-views@5.2.0 - @uppy/google-drive-picker@1.1.0 - @uppy/google-photos-picker@1.1.0 - @uppy/thumbnail-generator@5.1.0 - @uppy/remote-sources@3.1.0 - @uppy/screen-capture@5.1.0 - @uppy/google-drive@5.1.0 - @uppy/image-editor@4.1.0 - @uppy/drop-target@4.1.0 - @uppy/transloadit@5.3.0 - @uppy/compressor@3.1.0 - @uppy/status-bar@5.1.0 - @uppy/xhr-upload@5.1.0 - @uppy/drag-drop@5.1.0 - @uppy/instagram@5.1.0 - @uppy/facebook@5.1.0 - @uppy/onedrive@5.1.0 - @uppy/unsplash@5.1.0 - @uppy/dropbox@5.1.0 - @uppy/aws-s3@5.1.0 - @uppy/webcam@5.1.0 - @uppy/webdav@1.1.0 - @uppy/audio@3.1.0 - @uppy/core@5.2.0 - @uppy/form@5.1.0 - @uppy/zoom@4.1.0 - @uppy/box@4.1.0 - @uppy/tus@5.1.0 - @uppy/url@5.1.0 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-12-02 10:09:28 +01:00
dependabot[bot]	5b680f2f05	build(deps): bump body-parser from 1.20.3 to 1.20.4 (#6070 ) Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.3 to 1.20.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/releases">body-parser's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2025-13466">CVE-2025-13466</a> (<a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>ci: add dependabot by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/593">expressjs/body-parser#593</a></li> <li>ci: use full SHAs for github action versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/594">expressjs/body-parser#594</a></li> <li>deps: type-is@^2.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/599">expressjs/body-parser#599</a></li> <li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/609">expressjs/body-parser#609</a></li> <li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/610">expressjs/body-parser#610</a></li> <li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/611">expressjs/body-parser#611</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/613">expressjs/body-parser#613</a></li> <li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/612">expressjs/body-parser#612</a></li> <li>ci: add codeql github workflows scanning by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/614">expressjs/body-parser#614</a></li> <li>ci: update CodeQL config to ignore the test directory by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/615">expressjs/body-parser#615</a></li> <li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/620">expressjs/body-parser#620</a></li> <li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/619">expressjs/body-parser#619</a></li> <li>chore(deps): unpin devDependencies by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/616">expressjs/body-parser#616</a></li> <li>ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/621">expressjs/body-parser#621</a></li> <li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/623">expressjs/body-parser#623</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/624">expressjs/body-parser#624</a></li> <li>chore: add funding to package.json by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/617">expressjs/body-parser#617</a></li> <li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/625">expressjs/body-parser#625</a></li> <li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/630">expressjs/body-parser#630</a></li> <li>refactor: move common request validation to read function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/600">expressjs/body-parser#600</a></li> <li>deps: bump iconv-lite by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/631">expressjs/body-parser#631</a></li> <li>doc: pull beta changelog forward into 2.0.0 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/629">expressjs/body-parser#629</a></li> <li>refactor: optimize raw and text parsers with shared passthrough function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/634">expressjs/body-parser#634</a></li> <li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/640">expressjs/body-parser#640</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/639">expressjs/body-parser#639</a></li> <li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/636">expressjs/body-parser#636</a></li> <li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/637">expressjs/body-parser#637</a></li> <li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/638">expressjs/body-parser#638</a></li> <li>deps: raw-body@^3.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/641">expressjs/body-parser#641</a></li> <li>deps: debug@^4.4.3 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/642">expressjs/body-parser#642</a></li> <li>docs: add iconv-lite 0.7.0 changes to history entry by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/645">expressjs/body-parser#645</a></li> <li>ci: add node.js 25 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/650">expressjs/body-parser#650</a></li> <li>perf: move read options outside parser middlewares by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/648">expressjs/body-parser#648</a></li> <li>test(json): add RFC 7159 whitespace edge cases by <a href="https://github.com/Ayoub-Mabrouk"><code>@Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/653">expressjs/body-parser#653</a></li> <li>test: add test for urlencoded invalid defaultCharset by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/643">expressjs/body-parser#643</a></li> <li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/657">expressjs/body-parser#657</a></li> <li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/656">expressjs/body-parser#656</a></li> <li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/655">expressjs/body-parser#655</a></li> <li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/654">expressjs/body-parser#654</a></li> <li>ci: also test on first supported node.js version by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/646">expressjs/body-parser#646</a></li> <li>chore: switch badges from badgen.net to shields.io by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/661">expressjs/body-parser#661</a></li> <li>Remove history.md from being packaged on publish by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/660">expressjs/body-parser#660</a></li> <li>Release: 2.2.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/659">expressjs/body-parser#659</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's changelog</a>.</em></p> <blockquote> <h1>2.2.1 / 2025-11-24</h1> <ul> <li>Security fix for <a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a></li> <li>deps: <ul> <li>type-is@^2.0.1</li> <li>iconv-lite@^0.7.0 <ul> <li>Handle split surrogate pairs when encoding UTF-8</li> <li>Avoid false positives in <code>encodingExists</code> by using prototype-less objects</li> </ul> </li> <li>raw-body@^3.0.1</li> <li>debug@^4.4.3</li> </ul> </li> </ul> <h1>2.2.0 / 2025-03-27</h1> <ul> <li>refactor: normalize common options for all parsers</li> <li>deps: <ul> <li>iconv-lite@^0.6.3</li> </ul> </li> </ul> <h1>2.1.0 / 2025-02-10</h1> <ul> <li>deps: <ul> <li>type-is@^2.0.0</li> <li>debug@^4.4.0</li> <li>Removed destroy</li> </ul> </li> <li>refactor: prefix built-in node module imports</li> <li>use the node require cache instead of custom caching</li> </ul> <h1>2.0.2 / 2024-10-31</h1> <ul> <li>remove <code>unpipe</code> package and use native <code>unpipe()</code> method</li> </ul> <h1>2.0.1 / 2024-09-10</h1> <ul> <li>Restore expected behavior <code>extended</code> to <code>false</code></li> </ul> <h1>2.0.0 / 2024-09-10</h1> <h2>Breaking Changes</h2> <ul> <li>Node.js 18 is the minimum supported version</li> <li><code>req.body</code> is no longer always initialized to <code>{}</code> <ul> <li>it is left <code>undefined</code> unless a body is parsed</li> </ul> </li> <li>Remove deprecated <code>bodyParser()</code> combination middleware</li> <li><del><code>urlencoded</code> parser now defaults <code>extended</code> to <code>false</code></del> as released, this is not the case, fixed in 2.0.1</li> <li><code>urlencoded</code> simple parser now uses <code>qs</code> module instead of <code>querystring</code> module</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`d96b63da8d`"><code>d96b63d</code></a> 2.2.1 (<a href="https://redirect.github.com/expressjs/body-parser/issues/659">#659</a>)</li> <li><a href="`b204886a67`"><code>b204886</code></a> sec: security patch for CVE-2025-13466</li> <li><a href="`e20e3512e0`"><code>e20e351</code></a> feat: remove <code>history.md</code> from being packaged on publish (<a href="https://redirect.github.com/expressjs/body-parser/issues/660">#660</a>)</li> <li><a href="`0d7ce71c84`"><code>0d7ce71</code></a> docs: switch badges from badgen.net to shields.io (<a href="https://redirect.github.com/expressjs/body-parser/issues/661">#661</a>)</li> <li><a href="`168afff347`"><code>168afff</code></a> ci: also test on first supported node.js version (<a href="https://redirect.github.com/expressjs/body-parser/issues/646">#646</a>)</li> <li><a href="`e539a7121d`"><code>e539a71</code></a> build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/expressjs/body-parser/issues/654">#654</a>)</li> <li><a href="`939161277a`"><code>9391612</code></a> build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (<a href="https://redirect.github.com/expressjs/body-parser/issues/655">#655</a>)</li> <li><a href="`57baafb3bb`"><code>57baafb</code></a> build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (<a href="https://redirect.github.com/expressjs/body-parser/issues/656">#656</a>)</li> <li><a href="`a6a088e088`"><code>a6a088e</code></a> build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/expressjs/body-parser/issues/657">#657</a>)</li> <li><a href="`10a114d55d`"><code>10a114d</code></a> test: add test for urlencoded invalid defaultCharset (<a href="https://redirect.github.com/expressjs/body-parser/issues/643">#643</a>)</li> <li>Additional commits viewable in <a href="https://github.com/expressjs/body-parser/compare/1.20.3...v2.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=body-parser&package-manager=npm_and_yarn&previous-version=1.20.3&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/transloadit/uppy/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 09:55:11 +01:00
dependabot[bot]	39b82fd231	build(deps): bump express from 4.19.2 to 4.22.0 (#6079 ) Bumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.22.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.22.0</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Refactor: improve readability by <a href="https://github.com/sazk07"><code>@sazk07</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6190">expressjs/express#6190</a></li> <li>ci: add support for Node.js@23.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6080">expressjs/express#6080</a></li> <li>Method functions with no path should error by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5957">expressjs/express#5957</a></li> <li>ci: updated github actions ci workflow by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6323">expressjs/express#6323</a></li> <li>ci: reorder <code>npm i</code> steps to fix ci for older node versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6336">expressjs/express#6336</a></li> <li>Backport: ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6506">expressjs/express#6506</a></li> <li>chore(4.x): wider range for query test skip by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6513">expressjs/express#6513</a></li> <li>use tilde notation for certain dependencies by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6905">expressjs/express#6905</a></li> <li>deps: qs@6.14.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6909">expressjs/express#6909</a></li> <li>deps: use tilde notation for <code>qs</code> by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6919">expressjs/express#6919</a></li> <li>Release: 4.22.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6921">expressjs/express#6921</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.2...4.22.0">https://github.com/expressjs/express/compare/4.21.2...4.22.0</a></p> <h2>4.21.2</h2> <h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li> <li>deps: path-to-regexp@0.1.11 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li> <li>deps: bump path-to-regexp@0.1.12 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li> <li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p> <h2>4.21.1</h2> <h2>What's Changed</h2> <ul> <li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a href="https://github.com/joshbuker"><code>@joshbuker</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li> <li>Release: 4.21.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p> <h2>4.21.0</h2> <h2>What's Changed</h2> <ul> <li>Deprecate <code>"back"</code> magic string in redirects by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li> <li>finalhandler@1.3.1 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li> <li>fix(deps): serve-static@1.16.2 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li> <li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.22.0/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.22.0 / 2025-12-01</h1> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> <li>deps: use tilde notation for dependencies</li> <li>deps: qs@6.14.0</li> </ul> <h1>4.21.2 / 2024-11-06</h1> <ul> <li>deps: path-to-regexp@0.1.12 <ul> <li>Fix backtracking protection</li> </ul> </li> <li>deps: path-to-regexp@0.1.11 <ul> <li>Throws an error on invalid path values</li> </ul> </li> </ul> <h1>4.21.1 / 2024-10-08</h1> <ul> <li>Backported a fix for <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li> </ul> <h1>4.21.0 / 2024-09-11</h1> <ul> <li>Deprecate <code>res.location("back")</code> and <code>res.redirect("back")</code> magic string</li> <li>deps: serve-static@1.16.2 <ul> <li>includes send@0.19.0</li> </ul> </li> <li>deps: finalhandler@1.3.1</li> <li>deps: qs@6.13.0</li> </ul> <h1>4.20.0 / 2024-09-10</h1> <ul> <li>deps: serve-static@0.16.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: send@0.19.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: body-parser@0.6.0 <ul> <li>add <code>depth</code> option to customize the depth level in the parser</li> <li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li> </ul> </li> <li>Remove link renderization in html while using <code>res.redirect</code></li> <li>deps: path-to-regexp@0.1.10 <ul> <li>Adds support for named matching groups in the routes using a regex</li> <li>Adds backtracking protection to parameters without regexes defined</li> </ul> </li> <li>deps: encodeurl@~2.0.0 <ul> <li>Removes encoding of <code>\</code>, <code>\|</code>, and <code>^</code> to align better with URL spec</li> </ul> </li> <li>Deprecate passing <code>options.maxAge</code> and <code>options.expires</code> to <code>res.clearCookie</code> <ul> <li>Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`49744abd11`"><code>49744ab</code></a> 4.22.0 (<a href="https://redirect.github.com/expressjs/express/issues/6921">#6921</a>)</li> <li><a href="`6e97452f60`"><code>6e97452</code></a> sec: security patch for CVE-2024-51999</li> <li><a href="`6a23d34d65`"><code>6a23d34</code></a> deps: use tilde notation for <code>qs</code> (<a href="https://redirect.github.com/expressjs/express/issues/6919">#6919</a>)</li> <li><a href="`8c12cdf93b`"><code>8c12cdf</code></a> deps: qs@6.14.0 (<a href="https://redirect.github.com/expressjs/express/issues/6909">#6909</a>)</li> <li><a href="`7fea74fcf0`"><code>7fea74f</code></a> deps: use tilde notation for certain dependencies (<a href="https://redirect.github.com/expressjs/express/issues/6905">#6905</a>)</li> <li><a href="`dac7a0475a`"><code>dac7a04</code></a> chore: wider range for query test skip (<a href="https://redirect.github.com/expressjs/express/issues/6513">#6513</a>)</li> <li><a href="`997919b488`"><code>997919b</code></a> ci: add node.js 24 to test matrix (<a href="https://redirect.github.com/expressjs/express/issues/6506">#6506</a>)</li> <li><a href="`36fb59c6c7`"><code>36fb59c</code></a> fix(ci): reorder <code>npm i</code> steps to fix ci for older node versions (<a href="https://redirect.github.com/expressjs/express/issues/6336">#6336</a>)</li> <li><a href="`3a5edfaff0`"><code>3a5edfa</code></a> fix(ci): updated github actions ci workflow (<a href="https://redirect.github.com/expressjs/express/issues/6323">#6323</a>)</li> <li><a href="`52d978119a`"><code>52d9781</code></a> fix(test): add test for method routes without paths <a href="https://redirect.github.com/expressjs/express/issues/5955">#5955</a></li> <li>Additional commits viewable in <a href="https://github.com/expressjs/express/compare/4.19.2...4.22.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.19.2&new-version=4.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/transloadit/uppy/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 09:46:06 +01:00
dependabot[bot]	21a8f1a467	build(deps): bump @angular/common from 19.2.14 to 19.2.16 (#6072 ) Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 19.2.14 to 19.2.16. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/common</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.16</h2> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`05fe6686a9`"><img src="https://img.shields.io/badge/05fe6686a9-fix-green" alt="fix - 05fe6686a9" /></a></td> <td>prevent XSRF token leakage to protocol-relative URLs</td> </tr> </tbody> </table> <h2>19.2.15</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`70d0639bc1`"><img src="https://img.shields.io/badge/70d0639bc1-fix-green" alt="fix - 70d0639bc1" /></a></td> <td>introduce <code>BootstrapContext</code> for improved server bootstrapping (<a href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/63639">#63639</a>)</td> </tr> </tbody> </table> <h2>Breaking Changes</h2> <h3>core</h3> <ul> <li> <p>The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.</p> <p>Before:</p> <pre lang="ts"><code>const bootstrap = () => bootstrapApplication(AppComponent, config); </code></pre> <p>After:</p> <pre lang="ts"><code>const bootstrap = (context: BootstrapContext) => bootstrapApplication(AppComponent, config, context); </code></pre> <p>A schematic is provided to automatically update <code>main.server.ts</code> files to pass the <code>BootstrapContext</code> to the <code>bootstrapApplication</code> call.</p> <p>In addition, <code>getPlatform()</code> and <code>destroyPlatform()</code> will now return <code>null</code> and be a no-op respectively when running in a server environment.</p> </li> </ul> <p>For more information please see: <a href="https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7">https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@angular/common</code>'s changelog</a>.</em></p> <blockquote> <h1>19.2.16 (2025-11-26)</h1> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`05fe6686a9`">05fe6686a9</a></td> <td>fix</td> <td>prevent XSRF token leakage to protocol-relative URLs</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>21.1.0-next.0 (2025-11-25)</h1> <h3>platform-browser</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`ec9dc94cee`">ec9dc94cee</a></td> <td>feat</td> <td>add <code>context</code> to <code>createApplication</code></td> </tr> <tr> <td><a href="`ab67988d2e`">ab67988d2e</a></td> <td>feat</td> <td>resolve JIT resources in <code>createApplication</code></td> </tr> </tbody> </table> <h3>router</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`a03c82564d`">a03c82564d</a></td> <td>feat</td> <td>Add scroll behavior controls on router navigation</td> </tr> <tr> <td><a href="`c25d749d85`">c25d749d85</a></td> <td>feat</td> <td>Execute RunGuardsAndResolvers function in injection context</td> </tr> <tr> <td><a href="`c84d372778`">c84d372778</a></td> <td>feat</td> <td>Support wildcard params with segments trailing (<a href="https://redirect.github.com/angular/angular/pull/64737">#64737</a>)</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>20.3.14 (2025-11-25)</h1> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`0276479e7d`">0276479e7d</a></td> <td>fix</td> <td>prevent XSRF token leakage to protocol-relative URLs</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>21.0.1 (2025-11-25)</h1> <h3>compiler-cli</h3> <p>\| Commit \| Type \| Description \|</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`05fe6686a9`"><code>05fe668</code></a> fix(http): prevent XSRF token leakage to protocol-relative URLs</li> <li>See full diff in <a href="https://github.com/angular/angular/commits/19.2.16/packages/common">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/common&package-manager=npm_and_yarn&previous-version=19.2.14&new-version=19.2.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/transloadit/uppy/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 09:45:53 +01:00
dependabot[bot]	d2637e4d3b	build(deps): bump validator from 13.12.0 to 13.15.20 (#6041 ) Bumps [validator](https://github.com/validatorjs/validator.js) from 13.12.0 to 13.15.20. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/validatorjs/validator.js/releases">validator's releases</a>.</em></p> <blockquote> <h2>13.15.20</h2> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a> <code>isMobilePhone</code>: add <code>ar-QA</code> locale <a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a> <code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales (<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>, <code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>, <code>or-IN</code>) <a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a> <code>isBase64</code>: improve padding regex <a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a> <code>isVAT</code>: improve <code>FR</code> locale <a href="https://github.com/iamAmer"><code>@iamAmer</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a> <code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200 <a href="https://github.com/theofidry"><code>@theofidry</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a> <a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a> <a href="https://github.com/camillobruni"><code>@camillobruni</code></a></li> </ul> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">validatorjs/validator.js#2563</a></li> <li><a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">validatorjs/validator.js#2556</a></li> <li><a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">validatorjs/validator.js#2576</a></li> <li><a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">validatorjs/validator.js#2574</a></li> <li><a href="https://github.com/iamAmer"><code>@iamAmer</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">validatorjs/validator.js#2584</a></li> <li><a href="https://github.com/camillobruni"><code>@camillobruni</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">validatorjs/validator.js#2581</a></li> <li><a href="https://github.com/theofidry"><code>@theofidry</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">validatorjs/validator.js#2608</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20">https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20</a></p> <h2>13.15.15</h2> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><code>isMobilePhone</code> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a> improve <code>el-CY</code> locale <a href="https://github.com/rezk2ll"><code>@rezk2ll</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a> improve <code>pt-AO</code> locale <a href="https://github.com/renaldodev"><code>@renaldodev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a> improve <code>ar-OM</code> locale <a href="https://github.com/tomcastro"><code>@tomcastro</code></a></li> </ul> </li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a> <code>isIP</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a> <code>isPassportNumber</code>: improve <code>CA</code> locale <a href="https://github.com/evanbechtol"><code>@evanbechtol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a> <code>isBase64</code>: improve validation based on RFC4648 <a href="https://github.com/aseyfpour"><code>@aseyfpour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a> <code>isPostalCode</code>: improve <code>FR</code> locale <a href="https://github.com/Rajput-Balram"><code>@Rajput-Balram</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a> <code>isBefore</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a> <code>isRgbColor</code>: allow second digit in rgba alpha value <a href="https://github.com/controlol"><code>@controlol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a> <code>isIP</code>: improve IPv6 regex <a href="https://github.com/ShreySinha02"><code>@ShreySinha02</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a> <code>isPostalCode</code>: add <code>PK</code> locale <a href="https://github.com/mateeni-dev"><code>@mateeni-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a> <code>isPostalCode</code>: improve <code>TW</code> locale <a href="https://github.com/Crocsx"><code>@Crocsx</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a> <code>isPassportNumber</code>: improve <code>US</code> locale <a href="https://github.com/yitzchak-schechter"><code>@yitzchak-schechter</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a> <code>isUUID</code>: add <code>loose</code> option <a href="https://github.com/bc-m"><code>@bc-m</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a> <code>isPostalCode</code>: add <code>BD</code> locale <a href="https://github.com/tanvirrb"><code>@tanvirrb</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a> <code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a href="https://github.com/castrosu"><code>@castrosu</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a> <a href="https://github.com/EmersonRabelo"><code>@EmersonRabelo</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a> <a href="https://github.com/sgress454"><code>@sgress454</code></a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md">validator's changelog</a>.</em></p> <blockquote> <h1>13.15.20</h1> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a> <code>isMobilePhone</code>: add <code>ar-QA</code> locale <a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a> <code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales (<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>, <code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>, <code>or-IN</code>) <a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a> <code>isBase64</code>: improve padding regex <a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a> <code>isVAT</code>: improve <code>FR</code> locale <a href="https://github.com/iamAmer"><code>@iamAmer</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a> <code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200 <a href="https://github.com/theofidry"><code>@theofidry</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a> <a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a> <a href="https://github.com/camillobruni"><code>@camillobruni</code></a></li> </ul> </li> </ul> <h1>13.15.15</h1> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><code>isMobilePhone</code> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a> improve <code>el-CY</code> locale <a href="https://github.com/rezk2ll"><code>@rezk2ll</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a> improve <code>pt-AO</code> locale <a href="https://github.com/renaldodev"><code>@renaldodev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a> improve <code>ar-OM</code> locale <a href="https://github.com/tomcastro"><code>@tomcastro</code></a></li> </ul> </li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a> <code>isIP</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a> <code>isPassportNumber</code>: improve <code>CA</code> locale <a href="https://github.com/evanbechtol"><code>@evanbechtol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a> <code>isBase64</code>: improve validation based on RFC4648 <a href="https://github.com/aseyfpour"><code>@aseyfpour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a> <code>isPostalCode</code>: improve <code>FR</code> locale <a href="https://github.com/Rajput-Balram"><code>@Rajput-Balram</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a> <code>isBefore</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a> <code>isRgbColor</code>: allow second digit in rgba alpha value <a href="https://github.com/controlol"><code>@controlol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a> <code>isIP</code>: improve IPv6 regex <a href="https://github.com/ShreySinha02"><code>@ShreySinha02</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a> <code>isPostalCode</code>: add <code>PK</code> locale <a href="https://github.com/mateeni-dev"><code>@mateeni-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a> <code>isPostalCode</code>: improve <code>TW</code> locale <a href="https://github.com/Crocsx"><code>@Crocsx</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a> <code>isPassportNumber</code>: improve <code>US</code> locale <a href="https://github.com/yitzchak-schechter"><code>@yitzchak-schechter</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a> <code>isUUID</code>: add <code>loose</code> option <a href="https://github.com/bc-m"><code>@bc-m</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a> <code>isPostalCode</code>: add <code>BD</code> locale <a href="https://github.com/tanvirrb"><code>@tanvirrb</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a> <code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a href="https://github.com/castrosu"><code>@castrosu</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a> <a href="https://github.com/EmersonRabelo"><code>@EmersonRabelo</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a> <a href="https://github.com/sgress454"><code>@sgress454</code></a></li> </ul> </li> </ul> <h1>13.15.0</h1> <h3>New Features / Validators</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2399">#2399</a> <code>isISO31661Numeric</code> <a href="https://github.com/RobinvanderVliet"><code>@RobinvanderVliet</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2294">#2294</a> <code>isULID</code> <a href="https://github.com/arafatkn"><code>@arafatkn</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2215">#2215</a> <code>isISO15924</code> <a href="https://github.com/xDivisionByZerox"><code>@xDivisionByZerox</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`30d4fe02c1`"><code>30d4fe0</code></a> 13.15.20</li> <li><a href="`cbef5088f0`"><code>cbef508</code></a> fix(isURL): improve protocol detection. Resolves CVE-2025-56200 (<a href="https://redirect.github.com/validatorjs/validator.js/issues/2608">#2608</a>)</li> <li><a href="`6f436be369`"><code>6f436be</code></a> Fix typo in validators.test.js (<a href="https://redirect.github.com/validatorjs/validator.js/issues/2581">#2581</a>)</li> <li><a href="`3c857088d5`"><code>3c85708</code></a> Fix: correct French VAT (FR) validation regex and add tests (<a href="https://redirect.github.com/validatorjs/validator.js/issues/2584">#2584</a>)</li> <li><a href="`eee525cd11`"><code>eee525c</code></a> <a href="https://redirect.github.com/validatorjs/validator.js/issues/2491">#2491</a> <a href="https://redirect.github.com/validatorjs/validator.js/issues/2573">#2573</a> Simplify isBase64 to prevent stack overflow (<a href="https://redirect.github.com/validatorjs/validator.js/issues/2574">#2574</a>)</li> <li><a href="`abcc8ecb85`"><code>abcc8ec</code></a> feat(isAlpha, isAlphanumeric): add support for Indic locales (ta-IN, te-IN, k...</li> <li><a href="`72573b3d1d`"><code>72573b3</code></a> Add Qatar phone number validation (<a href="https://redirect.github.com/validatorjs/validator.js/issues/2556">#2556</a>)</li> <li><a href="`243f6c5fe4`"><code>243f6c5</code></a> docs(isMACAddress): improve ambiguous option description (<a href="https://redirect.github.com/validatorjs/validator.js/issues/2563">#2563</a>)</li> <li><a href="`3847c6f901`"><code>3847c6f</code></a> maintenance: 2505 release (<a href="https://redirect.github.com/validatorjs/validator.js/issues/2560">#2560</a>)</li> <li><a href="`9e503840d7`"><code>9e50384</code></a> feat(isLicensePlate): Updated isLicensePlate to accept real pt-PT license pla...</li> <li>Additional commits viewable in <a href="https://github.com/validatorjs/validator.js/compare/13.12.0...13.15.20">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validator&package-manager=npm_and_yarn&previous-version=13.12.0&new-version=13.15.20)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/transloadit/uppy/network/alerts). </details> > Note > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 09:33:32 +01:00
dependabot[bot]	80addccf39	build(deps): bump js-yaml from 3.14.1 to 3.14.2 (#6067 ) Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> <h2>[4.1.0] - 2021-04-15</h2> <h3>Added</h3> <ul> <li>Types are now exported as <code>yaml.types.XXX</code>.</li> <li>Every type now has <code>options</code> property with original arguments kept as they were (see <code>yaml.types.int.options</code> as an example).</li> </ul> <h3>Changed</h3> <ul> <li><code>Schema.extend()</code> now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as <code>abcd</code> instead of <code>cbad</code>).</li> </ul> <h2>[4.0.0] - 2021-01-03</h2> <h3>Changed</h3> <ul> <li>Check <a href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration guide</a> to see details for all breaking changes.</li> <li>Breaking: "unsafe" tags <code>!!js/function</code>, <code>!!js/regexp</code>, <code>!!js/undefined</code> are moved to <a href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a> package.</li> <li>Breaking: removed <code>safe*</code> functions. Use <code>load</code>, <code>loadAll</code>, <code>dump</code> instead which are all now safe by default.</li> <li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and <code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use <code>yaml.DEFAULT_SCHEMA</code> instead.</li> <li><code>yaml.Schema.create(schema, tags)</code> is removed, use <code>schema.extend(tags)</code> instead.</li> <li><code>!!binary</code> now always mapped to <code>Uint8Array</code> on load.</li> <li>Reduced nesting of <code>/lib</code> folder.</li> <li>Parse numbers according to YAML 1.2 instead of YAML 1.1 (<code>01234</code> is now decimal, <code>0o1234</code> is octal, <code>1:23</code> is parsed as string instead of base60).</li> <li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>, <code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li> <li>Line and column in exceptions are now formatted as <code>(X:Y)</code> instead of <code>at line X, column Y</code> (also present in compact format), <a href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li> <li>Code snippet created in exceptions now contains multiple lines with line numbers.</li> <li><code>dump()</code> now serializes <code>undefined</code> as <code>null</code> in collections and removes keys with <code>undefined</code> in mappings, <a href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li> <li><code>dump()</code> with <code>skipInvalid=true</code> now serializes invalid items in collections as null.</li> <li>Custom tags starting with <code>!</code> are now dumped as <code>!tag</code> instead of <code>!<!tag></code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li> <li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now shorthanded using <code>!!</code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li> </ul> <h3>Added</h3> <ul> <li>Added <code>.mjs</code> (es modules) support.</li> <li>Added <code>quotingType</code> and <code>forceQuotes</code> options for dumper to configure string literal style, <a href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li> <li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper (serializes <code>{ foo: null }</code> as "<code>foo: </code>"), <a href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`9963d366df`"><code>9963d36</code></a> 3.14.2 released</li> <li><a href="`10d3c8e70a`"><code>10d3c8e</code></a> dist rebuild</li> <li><a href="`5278870a17`"><code>5278870</code></a> fix prototype pollution in merge (<<) (<a href="https://redirect.github.com/nodeca/js-yaml/issues/731">#731</a>)</li> <li>See full diff in <a href="https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=js-yaml&package-manager=npm_and_yarn&previous-version=3.14.1&new-version=3.14.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/transloadit/uppy/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 09:33:16 +01:00
dependabot[bot]	52704c6125	build(deps): bump node-forge from 1.3.1 to 1.3.2 (#6071 ) Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's changelog</a>.</em></p> <blockquote> <h2>1.3.2 - 2025-11-25</h2> <h3>Security</h3> <ul> <li><strong>HIGH</strong>: ASN.1 Validator Desynchronization <ul> <li>An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-12816">CVE-2025-12816</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq">GHSA-5gfm-wpxj-wjgq</a></li> </ul> </li> <li><strong>HIGH</strong>: ASN.1 Unbounded Recursion <ul> <li>An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-66031">CVE-2025-66031</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27">GHSA-554w-wpv2-vw27</a></li> </ul> </li> <li><strong>MODERATE</strong>: ASN.1 OID Integer Truncation <ul> <li>An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-66030">CVE-2025-66030</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g">GHSA-65ch-62r8-g69g</a></li> </ul> </li> </ul> <h3>Fixed</h3> <ul> <li>[asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC verification bypass due to missing macData enforcement and improper asn1.validate routine.</li> <li>[asn1] Add <code>fromDer()</code> max recursion depth check. <ul> <li>Add a <code>asn1.maxDepth</code> global configurable maximum depth of 256.</li> <li>Add a <code>asn1.fromDer()</code> per-call <code>maxDepth</code> option.</li> <li><strong>NOTE</strong>: The default maximum is assumed to be higher than needed for valid data. If this assumption is false then this could be a breaking change. Please file an issue if there are use cases that need a higher maximum.</li> <li><strong>NOTE</strong>: The per-call <code>maxDepth</code> parameter has not been exposed up through all of the API stack due to the complexities involved. Please file an issue if there are use cases that require this instead of changing the default maximum.</li> </ul> </li> <li>[asn1] Improve OID handling. <ul> <li>Error on parsed OID values larger than <code>232 - 1</code>.</li> <li>Error on DER OID values larger than <code>253 - 1 </code>.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`235ad3e70e`"><code>235ad3e</code></a> Release 1.3.2.</li> <li><a href="`2598244117`"><code>2598244</code></a> Update changelog.</li> <li><a href="`0032dd0be8`"><code>0032dd0</code></a> Fix typos.</li> <li><a href="`d75e08d255`"><code>d75e08d</code></a> Run new security test.</li> <li><a href="`a5ce91d03d`"><code>a5ce91d</code></a> Update changelog formatting.</li> <li><a href="`4652de6ddd`"><code>4652de6</code></a> Cleanups.</li> <li><a href="`eb932d94fb`"><code>eb932d9</code></a> Fix typo.</li> <li><a href="`db6954ba4b`"><code>db6954b</code></a> Fix style.</li> <li><a href="`afbf7d8e08`"><code>afbf7d8</code></a> Align error message style.</li> <li><a href="`6607445859`"><code>6607445</code></a> Revert minor changes.</li> <li>Additional commits viewable in <a href="https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=node-forge&package-manager=npm_and_yarn&previous-version=1.3.1&new-version=1.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/transloadit/uppy/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 09:31:54 +01:00
dependabot[bot]	319726493a	build(deps): bump docker/metadata-action from 5.9.0 to 5.10.0 (#6077 ) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.9.0 to 5.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.10.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.66.0 to 0.68.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/559">docker/metadata-action#559</a> <a href="https://redirect.github.com/docker/metadata-action/pull/569">docker/metadata-action#569</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/564">docker/metadata-action#564</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0">https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c299e40c65`"><code>c299e40</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/569">#569</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`f015d7914a`"><code>f015d79</code></a> chore: update generated content</li> <li><a href="`121bcc2ca8`"><code>121bcc2</code></a> chore(deps): Bump <code>@docker/actions-toolkit</code> from 0.67.0 to 0.68.0</li> <li><a href="`f7b6bf41b9`"><code>f7b6bf4</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/564">#564</a> from docker/dependabot/npm_and_yarn/js-yaml-3.14.2</li> <li><a href="`0b95c6b860`"><code>0b95c6b</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/565">#565</a> from docker/dependabot/github_actions/actions/checkout-6</li> <li><a href="`17f70d7525`"><code>17f70d7</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/568">#568</a> from motoki317/docs/fix-to-24h-schedule-pattern</li> <li><a href="`afd7e6d7bb`"><code>afd7e6d</code></a> docs(README): Fix date format from 12h to 24h in schedule pattern</li> <li><a href="`602aff8e11`"><code>602aff8</code></a> chore(deps): Bump actions/checkout from 5 to 6</li> <li><a href="`aecb1a49a5`"><code>aecb1a4</code></a> chore(deps): Bump js-yaml from 3.14.1 to 3.14.2</li> <li><a href="`8d8c7c12f7`"><code>8d8c7c1</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/559">#559</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li>Additional commits viewable in <a href="`318604b99e...c299e40c65`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/metadata-action&package-manager=github_actions&previous-version=5.9.0&new-version=5.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 09:31:12 +01:00
dependabot[bot]	d3baf1b3a3	build(deps): bump @angular/compiler from 19.2.14 to 19.2.17 (#6078 ) Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 19.2.14 to 19.2.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/compiler</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.17</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`7c42e2ebeb`"><img src="https://img.shields.io/badge/7c42e2ebeb-fix-green" alt="fix - 7c42e2ebeb" /></a></td> <td>prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</td> </tr> </tbody> </table> <h2>19.2.16</h2> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`05fe6686a9`"><img src="https://img.shields.io/badge/05fe6686a9-fix-green" alt="fix - 05fe6686a9" /></a></td> <td>prevent XSRF token leakage to protocol-relative URLs</td> </tr> </tbody> </table> <h2>19.2.15</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`70d0639bc1`"><img src="https://img.shields.io/badge/70d0639bc1-fix-green" alt="fix - 70d0639bc1" /></a></td> <td>introduce <code>BootstrapContext</code> for improved server bootstrapping (<a href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/63639">#63639</a>)</td> </tr> </tbody> </table> <h2>Breaking Changes</h2> <h3>core</h3> <ul> <li> <p>The server-side bootstrapping process has been changed to eliminate the reliance on a global platform injector.</p> <p>Before:</p> <pre lang="ts"><code>const bootstrap = () => bootstrapApplication(AppComponent, config); </code></pre> <p>After:</p> <pre lang="ts"><code>const bootstrap = (context: BootstrapContext) => bootstrapApplication(AppComponent, config, context); </code></pre> <p>A schematic is provided to automatically update <code>main.server.ts</code> files to pass the <code>BootstrapContext</code> to the <code>bootstrapApplication</code> call.</p> <p>In addition, <code>getPlatform()</code> and <code>destroyPlatform()</code> will now return <code>null</code> and be a no-op respectively when running in a server environment.</p> </li> </ul> <p>For more information please see: <a href="https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7">https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@angular/compiler</code>'s changelog</a>.</em></p> <blockquote> <h1>19.2.17 (2025-12-01)</h1> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`7c42e2ebeb`">7c42e2ebeb</a></td> <td>fix</td> <td>prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>19.2.16 (2025-11-26)</h1> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`05fe6686a9`">05fe6686a9</a></td> <td>fix</td> <td>prevent XSRF token leakage to protocol-relative URLs</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>21.1.0-next.0 (2025-11-25)</h1> <h3>platform-browser</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`ec9dc94cee`">ec9dc94cee</a></td> <td>feat</td> <td>add <code>context</code> to <code>createApplication</code></td> </tr> <tr> <td><a href="`ab67988d2e`">ab67988d2e</a></td> <td>feat</td> <td>resolve JIT resources in <code>createApplication</code></td> </tr> </tbody> </table> <h3>router</h3> <table> <thead> <tr> <th>Commit</th> <th>Type</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href="`a03c82564d`">a03c82564d</a></td> <td>feat</td> <td>Add scroll behavior controls on router navigation</td> </tr> <tr> <td><a href="`c25d749d85`">c25d749d85</a></td> <td>feat</td> <td>Execute RunGuardsAndResolvers function in injection context</td> </tr> <tr> <td><a href="`c84d372778`">c84d372778</a></td> <td>feat</td> <td>Support wildcard params with segments trailing (<a href="https://redirect.github.com/angular/angular/pull/64737">#64737</a>)</td> </tr> </tbody> </table> <!-- raw HTML omitted --> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> <h1>20.3.14 (2025-11-25)</h1> <h3>http</h3> <p>\| Commit \| Type \| Description \|</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`7c42e2ebeb`"><code>7c42e2e</code></a> fix(compiler): prevent XSS via SVG animation <code>attributeName</code> and MathML/SVG URLs</li> <li>See full diff in <a href="https://github.com/angular/angular/commits/19.2.17/packages/compiler">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/compiler&package-manager=npm_and_yarn&previous-version=19.2.14&new-version=19.2.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/transloadit/uppy/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-12-02 09:30:57 +01:00
Murderlon	54a3316eb8	Fix changeset	2025-12-02 09:26:12 +01:00
Mikael Finstad	cc3ff31d59	move golden retriever clear files logic (#6076 ) into #restore instead. we currently clear files when state transitions to all files complete, however there's an issue with that where if progress events come in after all files are marked as completed, it will overwrite the metadataStore, meaning the files that have been cleared will be re-added after they were cleared. this causes files to be restored (when e.g. refreshing the browser) when they should not (because they have already completed). i managed to reproduce this with the google drive picker plugin (but not with google drive non-picker) Tip for review: hide whitespace changes	2025-12-02 11:29:48 +07:00
Mikael Finstad	e6613488fc	allow selecting folders (#6074 ) for google drive #5532 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-12-02 10:34:03 +07:00
Prakash	4817585b66	@uppy/companion: fix broken icons for webdav provider (#6069 ) This fixes #6063. It should be merged after #6059. Icon issue was fixed but This still doesn’t fix the thumbnail preview issue, because OwnCloud and Nextcloud don’t provide enough information about their thumbnail preview endpoints. The docs aren’t very helpful: they mention how to make a `PROPFIND` request to get extra metadata (such as has_preview) [doc_ref](https://docs.nextcloud.com/server/stable/developer_manual/client_apis/WebDAV/basic.html#requesting-properties), but I couldn’t get it to work with our webdav client. Even if we did manage to obtain the thumbnail preview URL, it would be a complicated capability to add, since we’d have to handle each WebDAV server separately. That would lead to the same problems discussed here: https://github.com/transloadit/uppy/pull/6059#issuecomment-3564642795 , so I don't think we need to spend anymore time on this. Before <img width="1238" height="1014" alt="image" src="https://github.com/user-attachments/assets/378c8b4b-640f-4e5d-9fef-48d255f729f9" /> After <img width="982" height="708" alt="image" src="https://github.com/user-attachments/assets/7e20b119-c5a9-45dd-a0bd-7ddf95672137" />	2025-11-29 01:25:12 +05:30
Mikael Finstad	ac12f35f5b	Move completed uploads exclusion logic (#6058 ) into uploader plugins fixes #6051 also [fix deprecated usage of done callback](`2511142276`)	2025-11-24 19:47:45 +07:00
Ryan Wang	c3c16ae069	Update zh_CN and zh_TW locales with new and revised strings (#6064 )	2025-11-24 10:16:30 +01:00
dependabot[bot]	c8eed0cf3a	build(deps): bump actions/checkout from 5 to 6 (#6066 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>V5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`1af3b93b68`"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="`71cf2267d8`"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="`069c695914`"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="`ff7abcd0c3`"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-24 10:06:14 +01:00
Kevin De Bruyn	8744c4dfbb	@uppy/locales: improve Dutch translations (#5979 ) Fixed bug in Dutch where fileManagerSelectionType would not work anymore because {browse} was used instead of {browseFiles} and {browseFolders} + Reviewed translations <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Refines Dutch locale with corrected translations, adds/updates strings (including proper `browseFiles`/`browseFolders` placeholders), and prepares a patch release. > > - Locales (`packages/@uppy/locales/src/nl_NL.ts`): > - Add and update numerous Dutch strings for uploads, errors, recording, and UI actions (e.g., `addedNumFiles`, `dataUploadedOfUnknown`, `uploadStalled`). > - Replace generic `browse` placeholder with `browseFiles`/`browseFolders` variants across drop/paste prompts to align with selection behavior. > - Improve phrasing/grammar and clarify labels (e.g., encoding, rotate 90°, plugin names, WebDAV input label). > - Release: > - Add changeset (`.changeset/every-wings-behave.md`) to publish `@uppy/locales` patch. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit `18995ec183`. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: kevind <KevinD@infosupport.com> Co-authored-by: Mikael Finstad <finstaden@gmail.com> Co-authored-by: Merlijn Vos <merlijn@soverin.net>	2025-11-17 17:06:29 +01:00
Prakash	79e6460a6c	Make Generics Optional in uppy.getPlugin (#6057 ) fixes #6024. ### Problem - `getPlugin()` defaults to `UnknownPlugin`, so methods like `openModal` are not visible , since core is not aware of that plugin type ### Proposed change - Introduce a types-only registry in core: - `export interface PluginTypeRegistry<M extends Meta, B extends Body> {}` - Overload `getPlugin` to return a precise type when the id is a known key of the registry. - add `Dashboard` to PluginTypeRegistry through module augmentation: - `'Dashboard': Dashboard<M, B>`. - When a project imports from `@uppy/dashboard`, its module augmentation extends PluginTypeRegistry, adding the correct type into it - I've added Tests , kept them in a separate file so it's easier to review , once this approach gets approved I'll add them to `Uppy.test.ts` Once this PR gets a positive review I'll add this for other plugins , currently only added for `@uppy/dashboard` Build with Local tarball can be checked here https://stackblitz.com/~/github.com/qxprakash/uppy-type-test?file=type_test.ts	2025-11-17 18:18:54 +05:30
dependabot[bot]	c788818410	build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#6052 ) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.67.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/217">docker/setup-qemu-action#217</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/230">docker/setup-qemu-action#230</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/220">docker/setup-qemu-action#220</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/218">docker/setup-qemu-action#218</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/221">docker/setup-qemu-action#221</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/219">docker/setup-qemu-action#219</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0">https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`c7c5346462`"><code>c7c5346</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/230">#230</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`3a517a1a6f`"><code>3a517a1</code></a> chore: update generated content</li> <li><a href="`a5b45edf7e`"><code>a5b45ed</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.67.0</li> <li><a href="`3a64278e93`"><code>3a64278</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/220">#220</a> from docker/dependabot/npm_and_yarn/brace-expansion-1...</li> <li><a href="`94906ba253`"><code>94906ba</code></a> chore: update generated content</li> <li><a href="`4027abfd67`"><code>4027abf</code></a> build(deps): bump brace-expansion from 1.1.11 to 1.1.12</li> <li><a href="`bee0aaad0f`"><code>bee0aaa</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/221">#221</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li><a href="`0d7e25756e`"><code>0d7e257</code></a> chore: update generated content</li> <li><a href="`b86960130e`"><code>b869601</code></a> build(deps): bump tmp from 0.2.3 to 0.2.4</li> <li><a href="`3a043edff3`"><code>3a043ed</code></a> Merge pull request <a href="https://redirect.github.com/docker/setup-qemu-action/issues/219">#219</a> from docker/dependabot/npm_and_yarn/undici-5.29.0</li> <li>Additional commits viewable in <a href="`29109295f8...c7c5346462`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=3.6.0&new-version=3.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-10 09:31:30 +01:00
dependabot[bot]	b13efb1621	build(deps): bump docker/metadata-action from 5.8.0 to 5.9.0 (#6053 ) Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.8.0 to 5.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.9.0</h2> <ul> <li>Add <code>tag-names</code> output to return tag names without image base name by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/553">docker/metadata-action#553</a></li> <li>Bump <code>@babel/runtime-corejs3</code> from 7.14.7 to 7.28.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/539">docker/metadata-action#539</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.66.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/555">docker/metadata-action#555</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/metadata-action/pull/540">docker/metadata-action#540</a></li> <li>Bump csv-parse from 5.6.0 to 6.1.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/532">docker/metadata-action#532</a></li> <li>Bump semver from 7.7.2 to 7.7.3 in in <a href="https://redirect.github.com/docker/metadata-action/pull/554">docker/metadata-action#554</a></li> <li>Bump tmp from 0.2.3 to 0.2.5 in <a href="https://redirect.github.com/docker/metadata-action/pull/541">docker/metadata-action#541</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0">https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`318604b99e`"><code>318604b</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/539">#539</a> from docker/dependabot/npm_and_yarn/babel/runtime-cor...</li> <li><a href="`49c0a55d55`"><code>49c0a55</code></a> chore: update generated content</li> <li><a href="`486229e3f4`"><code>486229e</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/558">#558</a> from crazy-max/fix-dist</li> <li><a href="`f02aeab1ee`"><code>f02aeab</code></a> chore: fix dist</li> <li><a href="`beafb97305`"><code>beafb97</code></a> chore(deps): Bump <code>@babel/runtime-corejs3</code> from 7.14.7 to 7.28.2</li> <li><a href="`3ff819c6c5`"><code>3ff819c</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/557">#557</a> from crazy-max/yarn-4.9.2</li> <li><a href="`05838e9769`"><code>05838e9</code></a> update yarn to 4.9.2</li> <li><a href="`43fa4ac0d3`"><code>43fa4ac</code></a> Merge pull request <a href="https://redirect.github.com/docker/metadata-action/issues/556">#556</a> from crazy-max/dev-deps</li> <li><a href="`b3120f2f18`"><code>b3120f2</code></a> chore: update generated content</li> <li><a href="`1f469d21ee`"><code>1f469d2</code></a> update dev dependencies</li> <li>Additional commits viewable in <a href="`c1e51972af...318604b99e`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/metadata-action&package-manager=github_actions&previous-version=5.8.0&new-version=5.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-11-10 09:31:16 +01:00
Prakash	ec75d863ec	@uppy/provider-views: add e2e tests for Server side search (#6015 ) Tests added as discussed in [slack_discussion](https://transloadit.slack.com/archives/C0FMW9PSB/p1759931999124149?thread_ts=1759700542.941939&cid=C0FMW9PSB) directory structure mocked : ``` root/ ├── first/ │ ├── second/ │ │ ├── third/ │ │ │ ├── nested-target.pdf │ │ │ └── new-file.pdf │ │ ├── deep-file.txt │ │ ├── target.pdf │ │ └── workspace.pdf │ └── intermediate.doc ├── workspace/ │ └── project/ │ └── code.js └── readme.md ``` Some of the mocked responses in CompanionHandler.ts aren’t used in the tests, but I’ve kept them to preserve the legitimacy of the above directory structure.	2025-11-07 16:50:57 +05:30
Copilot	46f81e2bae	Fix isNetworkError to match MDN spec: readyState === 4 && status === 0 (#6050 ) closes #4253 The `isNetworkError` function incorrectly classified XHR states as network errors. Per MDN, a network error occurs when a request completes (`readyState === 4`) but has no HTTP status (`status === 0`), indicating network/CORS/file access failures. ## Changes - Logic fix: Changed from `(xhr.readyState !== 0 && xhr.readyState !== 4) \|\| xhr.status === 0` to `xhr.readyState === 4 && xhr.status === 0` - Test update: Removed invalid test expecting `readyState: 2` to be a network error; added test verifying incomplete requests return `false` ## Example ```typescript // Before: incorrectly treated in-progress requests as network errors isNetworkError({ readyState: 2, status: 0 }) // true ❌ // After: only completed requests with no status are network errors isNetworkError({ readyState: 4, status: 0 }) // true ✓ isNetworkError({ readyState: 2, status: 0 }) // false ✓ ``` <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > Update the isNetworkError function in packages/@uppy/utils/src/isNetworkError.ts to correctly detect network errors according to MDN documentation. The new logic should return true only if xhr.readyState === 4 and xhr.status === 0. The updated implementation should be: > > function isNetworkError(xhr?: XMLHttpRequest): boolean { > if (!xhr) return false > // finished but status is 0 — usually indicates a network/CORS/file error > return xhr.readyState === 4 && xhr.status === 0 > } > > export default isNetworkError > > No other logic changes are needed. If you find related commentary (e.g., outdated comments), clarify as needed. </details> This pull request was created as a result of the following prompt from Copilot chat. > Update the isNetworkError function in packages/@uppy/utils/src/isNetworkError.ts to correctly detect network errors according to MDN documentation. The new logic should return true only if xhr.readyState === 4 and xhr.status === 0. The updated implementation should be: > > function isNetworkError(xhr?: XMLHttpRequest): boolean { > if (!xhr) return false > // finished but status is 0 — usually indicates a network/CORS/file error > return xhr.readyState === 4 && xhr.status === 0 > } > > export default isNetworkError > > No other logic changes are needed. If you find related commentary (e.g., outdated comments), clarify as needed. <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/transloadit/uppy/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mifi <402547+mifi@users.noreply.github.com>	2025-11-05 13:06:21 +08:00
github-actions[bot]	7551b4cc91	[ci] release (#6049 ) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/companion@6.2.0 ### Minor Changes - `0c8dd19`: New Companion option `uploadHeaders` which can be used to include a static set of headers with every request sent to all upload destinations. ## @uppy/dashboard@5.0.4 ### Patch Changes - `5e166a1`: Fix form appending for shadow dom - Updated dependencies [`ad50314`] - @uppy/utils@7.1.3 ## @uppy/utils@7.1.3 ### Patch Changes - `ad50314`: Allow `getSafeFileId` to accept `UppyFile` ## uppy@5.1.11 ### Patch Changes - Updated dependencies [`5e166a1`] - @uppy/dashboard@5.0.4 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-11-03 14:26:07 +01:00
Mikael Finstad	ad50314c50	allow `getSafeFileId` to accept `UppyFile` (#6048 ) fixes #6033 also convert InternalMetadata to interface (interface is preferred when possible) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Broaden `getSafeFileId` to accept `UppyFile` and extend types by converting `InternalMetadata` to an interface with optional `relativePath`. > > - utils: > - `getSafeFileId`: Broadens parameter via new `SafeFileIdBasis` so it can accept `UppyFile`; call site logic unchanged. > - Types: Convert `InternalMetadata` to an interface and add optional `relativePath`; propagate through `UppyFile`/`generateFileID` typings. > - Changeset: Adds patch entry for `@uppy/utils`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit `133240fc0f`. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Merlijn Vos <merlijn@soverin.net>	2025-11-03 20:04:57 +08:00
Murderlon	2e14f15e11	Update changeset	2025-11-03 11:48:28 +01:00
Mikael Finstad	0c8dd19dc2	Companion option `uploadHeaders` (#5981 ) closes #5921 also improve tests that currently depend on eachother todo - [x] docs https://github.com/transloadit/uppy.io/pull/394	2025-11-03 18:34:07 +08:00
Austin Jackson	5e166a101d	@uppy/dashboard: fix form appending for shadow dom (#6031 ) Fixes #6028 I've also added `private/dev/dashboard_shadow.html` to more easily test ShadowDOM-specific bugs. I looked into writing a test case under `packages/@uppy/dashboard/src/index.browser.test.ts` but couldn't get it to work locally on Windows. <!-- CURSOR_SUMMARY --> --- > [!NOTE] > Ensure FileCard’s hidden form is appended/cleaned up in the correct root (Document body or ShadowRoot) using a ref-derived root node, and add a patch changeset. > > - @uppy/dashboard – FileCard: > - Append hidden `form` to the correct root using `getRootNode()` (handles Light DOM/iframes via `Document.body`, and Shadow DOM via `ShadowRoot`). > - Add `domRef` to root element to detect rendering context; attach `ref` and update effect accordingly. > - Clean up by removing the `form` from its actual `parentNode`. > - Release: > - Add changeset for patch: `Fix form appending for shadow dom`. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit `edf81e871c`. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Murderlon <merlijn@soverin.net>	2025-11-03 11:16:33 +01:00
github-actions[bot]	b1e33bcef7	[ci] release (#6046 ) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/provider-views@5.1.2 ### Patch Changes - `46e339a`: Add missing lodash dependency ## @uppy/react@5.1.1 ### Patch Changes - `16aa6fe`: Add missing useUppyContext export ## uppy@5.1.10 ### Patch Changes - Updated dependencies [`46e339a`] - @uppy/provider-views@5.1.2 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-10-30 10:10:59 +01:00
Merlijn Vos	46e339a150	@uppy/provider-views: add missing lodash dependency (#6045 ) Fixes #6039	2025-10-30 09:59:36 +01:00
Merlijn Vos	16aa6fe941	@uppy/react: export useUppyContext (#6044 ) Fixes #6043	2025-10-30 09:59:13 +01:00
github-actions[bot]	76abdfb325	[ci] release (#6029 ) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/angular@1.1.0 ### Minor Changes - `72d2d68`: Remove @uppy/utils and add @uppy/status-bar to peerDependencies ## @uppy/components@1.1.0 ### Minor Changes - `72d2d68`: Add @uppy/{screen-capture,status-bar,webcam} as optional peer dependencies ### Patch Changes - `26bf726`: Dropzone and FileInput inherit restrictions from @uppy/core ## @uppy/react@5.1.0 ### Minor Changes - `72d2d68`: Add @uppy/{screen-capture,status-bar,webcam} as optional peer dependencies ### Patch Changes - `86f353d`: Remove dashboard export from index.ts - Updated dependencies [`72d2d68`] - Updated dependencies [`26bf726`] - @uppy/components@1.1.0 ## @uppy/svelte@5.1.0 ### Minor Changes - `72d2d68`: Add @uppy/{screen-capture,status-bar,webcam} as optional peer dependencies ### Patch Changes - Updated dependencies [`72d2d68`] - Updated dependencies [`26bf726`] - @uppy/components@1.1.0 ## @uppy/transloadit@5.2.0 ### Minor Changes - `72d2d68`: Remove unused @uppy/{companion-client,provider-views} dependencies ### Patch Changes - Updated dependencies [`08b64f9`] - @uppy/utils@7.1.2 ## @uppy/vue@3.1.0 ### Minor Changes - `72d2d68`: Add @uppy/{screen-capture,status-bar,webcam} as optional peer dependencies ### Patch Changes - Updated dependencies [`72d2d68`] - Updated dependencies [`26bf726`] - @uppy/components@1.1.0 ## @uppy/onedrive@5.0.2 ### Patch Changes - `5edcb2e`: Fix: Enable `supportsRefreshToken` for OneDrive - Updated dependencies [`08b64f9`] - @uppy/utils@7.1.2 ## @uppy/utils@7.1.2 ### Patch Changes - `08b64f9`: fix ts issue with generateFileID and `exactOptionalPropertyTypes` ## uppy@5.1.9 ### Patch Changes - Updated dependencies [`72d2d68`] - Updated dependencies [`5edcb2e`] - @uppy/transloadit@5.2.0 - @uppy/onedrive@5.0.2 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-10-28 10:15:14 +01:00
Merlijn Vos	72d2d68ea3	Fix various deps and peer deps in packages (#6030 ) Fixes - `@uppy/components` incorrectly had a lot of packages in `dependencies` while they should be `peerDependencies`. Also removed `remote-sources` completely as this drags in a lot of plugins and we don't even need it there. - `@uppy/{react,vue,svelte}` now has to have the same `peerDependencies` as `components` as the requirement has been moved up. We also mark them as optional, they are only needed if you use a hook such as `useWebcam` needing `@uppy/webcam`. - Remove `companion-client` and `provider-views` from `transloadit`. Those are never used by the package. - Remove `@uppy/utils` from `@uppy/angular` and `@uppy/react`, we can just use imports from `core` - Place `@uppy/status-bar` back in peer deps. This is critical but forgotten when status bar was put back inside frameworks. Implications - Moving peer deps to deps in `@uppy/components` now requires people to install these dependencies. However, they kind of had to anyway before as we require people to install the plugin on uppy (`.use(Webcam')`) if you want to use `useWebcam` and if you try to import a dep you did not install they would have gotten an error already. - Note: this is not the same situation as with importing dashboard component from @uppy/react which causes a runtime crash because @uppy/dashboard is missing. In this case we only depend on _types_, so we don't have this problem.	2025-10-28 09:55:21 +01:00
dependabot[bot]	9f60e630a2	build(deps): bump actions/upload-artifact from 4 to 5 (#6038 ) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p><strong>BREAKING CHANGE:</strong> this update supports Node <code>v24.x</code>. This is not a breaking change per-se but we're treating it as such.</p> <ul> <li>Update README.md by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li>Readme: spell out the first use of GHES by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> <li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li> <li>Prepare <code>v5.0.0</code> by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/734">actions/upload-artifact#734</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li><a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li><a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0">https://github.com/actions/upload-artifact/compare/v4...v5.0.0</a></p> <h2>v4.6.2</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.3.2 package & prepare for new upload-artifact release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p> <h2>v4.6.1</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.2.2 package by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/673">actions/upload-artifact#673</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1">https://github.com/actions/upload-artifact/compare/v4...v4.6.1</a></p> <h2>v4.6.0</h2> <h2>What's Changed</h2> <ul> <li>Expose env vars to control concurrency and timeout by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/662">actions/upload-artifact#662</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.0">https://github.com/actions/upload-artifact/compare/v4...v4.6.0</a></p> <h2>v4.5.0</h2> <h2>What's Changed</h2> <ul> <li>fix: deprecated <code>Node.js</code> version in action by <a href="https://github.com/hamirmahal"><code>@hamirmahal</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li> <li>Add new <code>artifact-digest</code> output by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/656">actions/upload-artifact#656</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hamirmahal"><code>@hamirmahal</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`330a01c490`"><code>330a01c</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/734">#734</a> from actions/danwkennedy/prepare-5.0.0</li> <li><a href="`03f2824452`"><code>03f2824</code></a> Update <code>github.dep.yml</code></li> <li><a href="`905a1ecb59`"><code>905a1ec</code></a> Prepare <code>v5.0.0</code></li> <li><a href="`2d9f9cdfa9`"><code>2d9f9cd</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/725">#725</a> from patrikpolyak/patch-1</li> <li><a href="`9687587dec`"><code>9687587</code></a> Merge branch 'main' into patch-1</li> <li><a href="`2848b2cda0`"><code>2848b2c</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/727">#727</a> from danwkennedy/patch-1</li> <li><a href="`9b511775fd`"><code>9b51177</code></a> Spell out the first use of GHES</li> <li><a href="`cd231ca1ed`"><code>cd231ca</code></a> Update GHES guidance to include reference to Node 20 version</li> <li><a href="`de65e23aa2`"><code>de65e23</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/712">#712</a> from actions/nebuk89-patch-1</li> <li><a href="`8747d8cd76`"><code>8747d8c</code></a> Update README.md</li> <li>Additional commits viewable in <a href="https://github.com/actions/upload-artifact/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-27 09:37:24 +01:00
Mikael Finstad	08b64f93c3	@uppy/utils: fix type mismatch on getSafeFileId (#6034 ) with `exactOptionalPropertyTypes` fixes #6033	2025-10-27 09:36:17 +01:00
Mikael Finstad	5edcb2e885	enable supportsRefreshToken for onedrive (#6035 ) fixes #5995	2025-10-27 09:33:57 +01:00
Prakash	86f353d2fe	@uppy/react: remove dashboard export (#6036 ) No need to export it from index.ts, since it’s already exported through the export maps. Also, it’s an optional peer dependency, we probably missed this in #5830 , though this might count as a breaking change now ☹️	2025-10-27 09:33:29 +01:00
Merlijn Vos	26bf726412	@uppy/components: inherit restrictions from @uppy/core (#6014 ) Closes #5970 AI disclosure: codex made the initial implementation --------- Co-authored-by: Mikael Finstad <finstaden@gmail.com>	2025-10-23 10:10:45 +02:00
github-actions[bot]	55e926c347	[ci] release (#6027 ) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/status-bar@5.0.2 ### Patch Changes - `8ac1654`: Change internal type from `any` to `unknown`. ## @uppy/webcam@5.0.2 ### Patch Changes - `8ac1654`: - Remove TagFile type - Use UppyFile instead. - Split UppyFile into two interfaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile ## @uppy/xhr-upload@5.0.2 ### Patch Changes - `8ac1654`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`). This means we have to add null checks in some packages - Split UppyFile into two interfaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile ## uppy@5.1.8 ### Patch Changes - Updated dependencies [`8ac1654`] - Updated dependencies [`8ac1654`] - Updated dependencies [`8ac1654`] - @uppy/status-bar@5.0.2 - @uppy/webcam@5.0.2 - @uppy/xhr-upload@5.0.2 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-10-22 21:21:09 +02:00
Mikael Finstad	8ac1654484	release missing packages (#6025 ) @uppy/xhr-upload, @uppy/webcam, @uppy/status-bar fixes #6019 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-10-22 21:01:00 +08:00
Murderlon	f34f685c84	example-react: fix tsconfig	2025-10-21 11:18:03 +02:00
dependabot[bot]	dbb5175572	build(deps-dev): bump vite from 7.1.5 to 7.1.11 (#6021 ) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.5 to 7.1.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v7.1.11</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.11/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.10</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.10/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.9</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.8</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.1.10...v7.1.11">7.1.11</a> (2025-10-20)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>dev:</strong> trim trailing slash before <code>server.fs.deny</code> check (<a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a>) (<a href="`f479cc57c4`">f479cc5</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/20966">#20966</a>) (<a href="`6fb41a260b`">6fb41a2</a>)</li> </ul> <h3>Code Refactoring</h3> <ul> <li>use subpath imports for types module reference (<a href="https://redirect.github.com/vitejs/vite/issues/20921">#20921</a>) (<a href="`d0094af639`">d0094af</a>)</li> </ul> <h3>Build System</h3> <ul> <li>remove cjs reference in files field (<a href="https://redirect.github.com/vitejs/vite/issues/20945">#20945</a>) (<a href="`ef411cee26`">ef411ce</a>)</li> <li>remove hash from built filenames (<a href="https://redirect.github.com/vitejs/vite/issues/20946">#20946</a>) (<a href="`a81730754d`">a817307</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.1.9...v7.1.10">7.1.10</a> (2025-10-14)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>css:</strong> avoid duplicate style for server rendered stylesheet link and client inline style during dev (<a href="https://redirect.github.com/vitejs/vite/issues/20767">#20767</a>) (<a href="`3a92bc79b3`">3a92bc7</a>)</li> <li><strong>css:</strong> respect emitAssets when cssCodeSplit=false (<a href="https://redirect.github.com/vitejs/vite/issues/20883">#20883</a>) (<a href="`d3e7eeefa9`">d3e7eee</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="`879de86935`">879de86</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/20894">#20894</a>) (<a href="`3213f90ff0`">3213f90</a>)</li> <li><strong>dev:</strong> allow aliases starting with <code>//</code> (<a href="https://redirect.github.com/vitejs/vite/issues/20760">#20760</a>) (<a href="`b95fa2aa75`">b95fa2a</a>)</li> <li><strong>dev:</strong> remove timestamp query consistently (<a href="https://redirect.github.com/vitejs/vite/issues/20887">#20887</a>) (<a href="`6537d15591`">6537d15</a>)</li> <li><strong>esbuild:</strong> inject esbuild helpers correctly for esbuild 0.25.9+ (<a href="https://redirect.github.com/vitejs/vite/issues/20906">#20906</a>) (<a href="`446eb38632`">446eb38</a>)</li> <li>normalize path before calling <code>fileToBuiltUrl</code> (<a href="https://redirect.github.com/vitejs/vite/issues/20898">#20898</a>) (<a href="`73b6d243e0`">73b6d24</a>)</li> <li>preserve original sourcemap file field when combining sourcemaps (<a href="https://redirect.github.com/vitejs/vite/issues/20926">#20926</a>) (<a href="`c714776aa1`">c714776</a>)</li> </ul> <h3>Documentation</h3> <ul> <li>correct <code>WebSocket</code> spelling (<a href="https://redirect.github.com/vitejs/vite/issues/20890">#20890</a>) (<a href="`29e98dc3ef`">29e98dc</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/20923">#20923</a>) (<a href="`a5e3b064fa`">a5e3b06</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.1.8...v7.1.9">7.1.9</a> (2025-10-03)<!-- raw HTML omitted --></h2> <h3>Reverts</h3> <ul> <li><strong>server:</strong> drain stdin when not interactive (<a href="https://redirect.github.com/vitejs/vite/issues/20885">#20885</a>) (<a href="`12d72b0538`">12d72b0</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.1.7...v7.1.8">7.1.8</a> (2025-10-02)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>css:</strong> improve url escape characters handling (<a href="https://redirect.github.com/vitejs/vite/issues/20847">#20847</a>) (<a href="`24a61a3f54`">24a61a3</a>)</li> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/20855">#20855</a>) (<a href="`788a183afc`">788a183</a>)</li> <li><strong>deps:</strong> update artichokie to 0.4.2 (<a href="https://redirect.github.com/vitejs/vite/issues/20864">#20864</a>) (<a href="`e670799e12`">e670799</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`8b69c9e32c`"><code>8b69c9e</code></a> release: v7.1.11</li> <li><a href="`f479cc57c4`"><code>f479cc5</code></a> fix(dev): trim trailing slash before <code>server.fs.deny</code> check (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>)</li> <li><a href="`6fb41a260b`"><code>6fb41a2</code></a> chore(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20966">#20966</a>)</li> <li><a href="`a81730754d`"><code>a817307</code></a> build: remove hash from built filenames (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20946">#20946</a>)</li> <li><a href="`ef411cee26`"><code>ef411ce</code></a> build: remove cjs reference in files field (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20945">#20945</a>)</li> <li><a href="`d0094af639`"><code>d0094af</code></a> refactor: use subpath imports for types module reference (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20921">#20921</a>)</li> <li><a href="`ed4a0dc913`"><code>ed4a0dc</code></a> release: v7.1.10</li> <li><a href="`c714776aa1`"><code>c714776</code></a> fix: preserve original sourcemap file field when combining sourcemaps (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20926">#20926</a>)</li> <li><a href="`446eb38632`"><code>446eb38</code></a> fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20906">#20906</a>)</li> <li><a href="`879de86935`"><code>879de86</code></a> fix(deps): update all non-major dependencies</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v7.1.11/packages/vite">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=7.1.5&new-version=7.1.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/transloadit/uppy/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-21 10:07:47 +02:00
dependabot[bot]	a9e9775a24	build(deps): bump actions/setup-node from 4 to 6 (#6018 ) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <p><strong>Breaking Changes</strong></p> <ul> <li>Limit automatic caching to npm, update workflows and documentation by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li> </ul> <p><strong>Dependency Upgrades</strong></p> <ul> <li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li> <li>Upgrade prettier from 2.8.8 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Enhance caching in setup-node with automatic package manager detection by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li> </ul> <p>This update, introduces automatic caching when a valid <code>packageManager</code> field is present in your <code>package.json</code>. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set <code>package-manager-cache: false</code></p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false </code></pre> <ul> <li>Upgrade action to use node24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li> </ul> <p>Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">See Release Notes</a></p> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade <code>@octokit/request-error</code> and <code>@actions/github</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1227">actions/setup-node#1227</a></li> <li>Upgrade uuid from 9.0.1 to 11.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1273">actions/setup-node#1273</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1295">actions/setup-node#1295</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1332">actions/setup-node#1332</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1345">actions/setup-node#1345</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v4...v5.0.0">https://github.com/actions/setup-node/compare/v4...v5.0.0</a></p> <h2>v4.4.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`2028fbc5c2`"><code>2028fbc</code></a> Limit automatic caching to npm, update workflows and documentation (<a href="https://redirect.github.com/actions/setup-node/issues/1374">#1374</a>)</li> <li><a href="`13427813f7`"><code>1342781</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1362">#1362</a>)</li> <li><a href="`89d709d423`"><code>89d709d</code></a> Bump prettier from 2.8.8 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-node/issues/1334">#1334</a>)</li> <li><a href="`cd2651c462`"><code>cd2651c</code></a> Bump ts-jest from 29.1.2 to 29.4.1 (<a href="https://redirect.github.com/actions/setup-node/issues/1336">#1336</a>)</li> <li><a href="`a0853c2454`"><code>a0853c2</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/actions/setup-node/issues/1345">#1345</a>)</li> <li><a href="`b7234cc9fe`"><code>b7234cc</code></a> Upgrade action to use node24 (<a href="https://redirect.github.com/actions/setup-node/issues/1325">#1325</a>)</li> <li><a href="`d7a11313b5`"><code>d7a1131</code></a> Enhance caching in setup-node with automatic package manager detection (<a href="https://redirect.github.com/actions/setup-node/issues/1348">#1348</a>)</li> <li><a href="`5e2628c959`"><code>5e2628c</code></a> Bumps form-data (<a href="https://redirect.github.com/actions/setup-node/issues/1332">#1332</a>)</li> <li><a href="`65beceff8e`"><code>65becef</code></a> Bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1295">#1295</a>)</li> <li><a href="`7e24a656e1`"><code>7e24a65</code></a> Bump uuid from 9.0.1 to 11.1.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1273">#1273</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-node/compare/v4...v6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=4&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-20 10:48:57 +02:00
dependabot[bot]	69056fc773	build(deps): bump docker/login-action from 3.5.0 to 3.6.0 (#6004 ) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.5.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="`5e57cd1181`"><code>5e57cd1</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/890">#890</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="`97e31439e8`"><code>97e3143</code></a> chore: update generated content</li> <li><a href="`3a0796b57f`"><code>3a0796b</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="`5b7b28b1cc`"><code>5b7b28b</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/882">#882</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="`abc9fb3154`"><code>abc9fb3</code></a> chore: update generated content</li> <li><a href="`d468688814`"><code>d468688</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="`a99b2f88fc`"><code>a99b2f8</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/883">#883</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="`0d7fae8057`"><code>0d7fae8</code></a> chore: update generated content</li> <li><a href="`9832253cb7`"><code>9832253</code></a> build(deps): bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0</li> <li><a href="`09e05bbdf6`"><code>09e05bb</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/881">#881</a> from docker/dependabot/npm_and_yarn/tmp-0.2.4</li> <li>Additional commits viewable in <a href="`184bdaa072...5e57cd1181`">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=3.5.0&new-version=3.6.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-20 10:48:38 +02:00
github-actions[bot]	2c4727e5f4	[ci] release (#6011 ) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/aws-s3@5.0.2 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`). This means we have to add null checks in some packages - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - @uppy/companion-client@5.1.1 - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/companion@6.1.1 ### Patch Changes - `6a60ee5`: Reject request early instead of crashing on missing `filename` for /s3/multipart and /s3/params endpoints ## @uppy/companion-client@5.1.1 ### Patch Changes - `0c16fe4`: - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Updated dependencies [`0c16fe4`] - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/components@1.0.4 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`). This means we have to add null checks in some packages - Move `restore-confirmed` from `onUploadStart` event listener to `startUpload`, else it would cause `restore-confirmed` to be triggered even if there is no `recoveredState` to recover - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - @uppy/core@5.1.1 - @uppy/image-editor@4.0.2 ## @uppy/compressor@3.0.2 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`). This means we have to add null checks in some packages - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Updated dependencies [`0c16fe4`] - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/core@5.1.1 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`) - Introduce new field `progress`.`complete`: if there is a post-processing step, set it to `true` once post processing is complete. If not, set it to `true` once upload has finished. - Throw a proper `Nonexistent upload` error message if trying to upload a non-existent upload, instead of TypeError - Rewrite `Uppy.upload()` - this fixes two bugs: 1. No more duplicate emit call when this.#restricter.validateMinNumberOfFiles throws (`#informAndEmit` and `this.emit('error')`) 2. 'restriction-failed' now also gets correctly called when `checkRequiredMetaFields` check errors. - Don't re-upload completed files #5930 - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Remove TagFile type - Use UppyFile instead. - Make `name` required on UppyFile (it is in reality always set) - Fix bug: `RestrictionError` sometimes thrown with a `file` property that was _not_ a `UppyFile`, but a `File`. This would happen if someone passed a `File` instead of a `MinimalRequiredUppyFile` into `core.addFile` (which is valid to do according to our API) - Improve some log messages - Simplify Uppy `postprocess-complete` handler - Updated dependencies [`0c16fe4`] - @uppy/utils@7.1.1 ## @uppy/dashboard@5.0.3 ### Patch Changes - `0c16fe4`: - Remove `restore-canceled` event as it was not being used. - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - @uppy/core@5.1.1 - @uppy/utils@7.1.1 - @uppy/provider-views@5.1.1 - @uppy/thumbnail-generator@5.0.2 ## @uppy/golden-retriever@5.1.1 ### Patch Changes - `0c16fe4`: - Internal inter-package breaking change: Remove hacky internal event `restore:get-data` that would send a function as its event data (to golden retriever for it to call the function to receive data from it). Add instead `restore:plugin-data-changed` that publishes data when it changes. This means that old versions of `@uppy/transloadit` are not compatible with newest version of `@uppy/golden-retriever` (and vice versa). - Large internal refactor of Golden Retriever - Use `state-update` handler to trigger save to local storage and blobs, instead of doing it in various other event handlers (`complete`, `upload-success`, `file-removed`, `file-editor:complete`, `file-added`). this way we don't miss any state updates. also simplifies the code a lot. this fixes: - Always store blob when it changes - this fixes the bug when using the compressor plugin, it would store the uncompressed original blob (like when using image editor plugin) - Add back throttle: but throttling must happen on the actual local storage save calls inside MetaDataStore, _not_ the handleStateUpdate function, so we don't miss any state updates (and end up with inconsistent data). Note that there is still a race condition where if the user removes a file (causing the blob to be deleted), then quickly reloads the page before the throttled save has happened, the file will be restored but the blob will be missing, so it will become a ghost. this is probably not a big problem though. need to disable throttling when running tests (add it as an option to the plugin) - Fix implicit `any` types in #restore filesWithBlobs - Don't error when saving indexedDB file that already exists (make it idempotent) - Fix bug: Golden Retriever was not deleting from IndexedDbStore if ServiceWorkerStore exists, causing a storage leak - Remove unused Golden Retriever cleanup.ts - Clean up stored files on `complete` event _only_ if _all_ files succeeded (no failed files). this allows the user to retry failed files if they get interrupted - fixes #5927, closes #5955 - Only set `isGhost` for non-successful files - it doesn't make sense for successfully uploaded files to be ghosted because they're already done. #5930 - Add `upload-success` event handler `handleFileUploaded`: this handler will remove blobs of files that have successfully uploaded. this prevents leaking blobs when an upload with multiple files gets interrupted (but some files have uploaded successfully), because `#handleUploadComplete` (which normally does the cleanup) doesn't get called untill _all_ files are complete. - Fix `file-editor:complete` potential race condition: it would delete and add at the same time (without first awaiting delete operation) - Fix: Don't double `setState` when restoring - Improve types in golden retriever and MetaDataStore - MetaDataStore: move old state expiry to from `constructor` to `load()` - Updated dependencies [`0c16fe4`] - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/image-editor@4.0.2 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`). This means we have to add null checks in some packages - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Updated dependencies [`0c16fe4`] - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/provider-views@5.1.1 ### Patch Changes - `0c16fe4`: - Rename `getTagFile` to `companionFileToUppyFile` - Updated dependencies [`0c16fe4`] - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/thumbnail-generator@5.0.2 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`). This means we have to add null checks in some packages - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Updated dependencies [`0c16fe4`] - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/transloadit@5.1.3 ### Patch Changes - `0c16fe4`: - Internal inter-package breaking change: Remove hacky internal event `restore:get-data` that would send a function as its event data (to golden retriever for it to call the function to receive data from it). Add instead `restore:plugin-data-changed` that publishes data when it changes. This means that old versions of `@uppy/transloadit` are not compatible with newest version of `@uppy/golden-retriever` (and vice versa). - Minor internal refactoring in order to make sure that we will always emit `restore:plugin-data-changed` whenever assembly state changes - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - @uppy/companion-client@5.1.1 - @uppy/core@5.1.1 - @uppy/utils@7.1.1 - @uppy/provider-views@5.1.1 - @uppy/tus@5.0.2 ## @uppy/tus@5.0.2 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`). This means we have to add null checks in some packages - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - @uppy/companion-client@5.1.1 - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/url@5.0.2 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`). This means we have to add null checks in some packages - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - @uppy/companion-client@5.1.1 - @uppy/core@5.1.1 - @uppy/utils@7.1.1 ## @uppy/utils@7.1.1 ### Patch Changes - `0c16fe4`: - Make `file.data` nullable - Because for ghosts it will be `undefined` and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for `undefined` everywhere (when trying to store a blob that was `undefined`) - Introduce new field `progress`.`complete`: if there is a post-processing step, set it to `true` once post processing is complete. If not, set it to `true` once upload has finished. - Throw a proper `Nonexistent upload` error message if trying to upload a non-existent upload, instead of TypeError - Rewrite `Uppy.upload()` - this fixes two bugs: 1. No more duplicate emit call when this.#restricter.validateMinNumberOfFiles throws (`#informAndEmit` and `this.emit('error')`) 2. 'restriction-failed' now also gets correctly called when `checkRequiredMetaFields` check errors. - Don't re-upload completed files #5930 - Split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile - Remove TagFile type - Use UppyFile instead. - Make `name` required on UppyFile (it is in reality always set) - Fix bug: `RestrictionError` sometimes thrown with a `file` property that was _not_ a `UppyFile`, but a `File`. This would happen if someone passed a `File` instead of a `MinimalRequiredUppyFile` into `core.addFile` (which is valid to do according to our API) - Improve some log messages - Simplify Uppy `postprocess-complete` handler ## uppy@5.1.7 ### Patch Changes - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - Updated dependencies [`0c16fe4`] - @uppy/aws-s3@5.0.2 - @uppy/companion-client@5.1.1 - @uppy/compressor@3.0.2 - @uppy/core@5.1.1 - @uppy/dashboard@5.0.3 - @uppy/golden-retriever@5.1.1 - @uppy/image-editor@4.0.2 - @uppy/provider-views@5.1.1 - @uppy/thumbnail-generator@5.0.2 - @uppy/transloadit@5.1.3 - @uppy/tus@5.0.2 - @uppy/url@5.0.2 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-10-17 20:24:52 +02:00
Mikael Finstad	0c16fe44b9	Golden retriever refactor and UppyFile type improvements (#5978 ) Probably best reviewed commit by commit. I also split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile Also: - Removed the TagFile type - Don't re-upload completed files - fixes #5930 - Clean up stored files on `complete` event only if all files succeeded (no failed files). this allows the user to retry failed files if the browser & upload get interrupted - fixes #5927, closes #5955 - Only set `isGhost` for non-successful files. it doesn't make sense for successfully uploaded files to be ghosted because they're already done. #5930 fixes #6013 --------- Co-authored-by: Prakash <qxprakash@gmail.com>	2025-10-17 23:17:40 +08:00
Mikael Finstad	1fbb95da2b	improve test scripts (#6016 ) 1. don't run browser tests in `headless` mode by default when running tests individually. because when writing/running tests, i usually want to see/debug using the browser. if one still wants headless, it's as easy as: `yarn workspace @uppy/xyz test --browser.headless`. instead append the `headless` mode when running all tests together - it doesn't make sense to run all projects' tests without headless mode. 2. don't always run browser tests with `watch`: watch doesn't make sense when running multiple projects in turbo (one project just blocks the rest watching for changes). if one still wants to run a single test with watch mode, it's as easy as: `yarn workspace @uppy/xyz test --watch` 3. don't cache test runs: if I run the `test` command. most of the time I want to actually run tests (not skip them if they already ran last time) 4. output logs when running tests. it's nice to see that the tests have actually run (also on CI) 5. when running all tests, use concurrency=1, because the tests also includes e2e tests, running multiple browsers in parallel really just makes the test fail on my computer (and uses a lot of memory) current output is not very informative: <img width="840" height="410" alt="Screenshot 2025-10-17 at 17 09 55" src="https://github.com/user-attachments/assets/9ca8278c-f160-478c-87e2-2ef861ba4bb1" /> with this PR: <img width="672" height="495" alt="Screenshot 2025-10-17 at 17 20 49" src="https://github.com/user-attachments/assets/1339c96b-d0c1-42e1-8fa1-d5a4a36ea42a" />	2025-10-17 22:07:01 +08:00
Merlijn Vos	6a60ee517d	@uppy/companion: fix crash on missing filename (#6010 ) Better to reject early than generating a filename when missing which could break assumptions we don't foresee.	2025-10-14 18:47:03 +02:00
Nik Graf	9d2c7a997f	upgrade cookie-parser (#6005 ) cookie-parser 1.4.7 uses a version cookie that fixed this security issue https://github.com/advisories/GHSA-pxg6-pf52-xh8x	2025-10-09 19:27:29 +08:00
github-actions[bot]	91c6bfd7d7	[ci] release (#6008 ) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/companion@6.1.0 ### Minor Changes - `5ba2c1c`: Introduce the concept of server-side search and add support for it for the Dropbox provider. Previously, only client-side filtering in the currently viewed folder was possible, which was limiting. Now users using Companion with Dropbox can perform a search across their entire account. ## @uppy/companion-client@5.1.0 ### Minor Changes - `5ba2c1c`: Introduce the concept of server-side search and add support for it for the Dropbox provider. Previously, only client-side filtering in the currently viewed folder was possible, which was limiting. Now users using Companion with Dropbox can perform a search across their entire account. ### Patch Changes - Updated dependencies [`5ba2c1c`] - @uppy/utils@7.1.0 - @uppy/core@5.1.0 ## @uppy/core@5.1.0 ### Minor Changes - `5ba2c1c`: Introduce the concept of server-side search and add support for it for the Dropbox provider. Previously, only client-side filtering in the currently viewed folder was possible, which was limiting. Now users using Companion with Dropbox can perform a search across their entire account. ### Patch Changes - Updated dependencies [`5ba2c1c`] - @uppy/utils@7.1.0 ## @uppy/provider-views@5.1.0 ### Minor Changes - `5ba2c1c`: Introduce the concept of server-side search and add support for it for the Dropbox provider. Previously, only client-side filtering in the currently viewed folder was possible, which was limiting. Now users using Companion with Dropbox can perform a search across their entire account. ### Patch Changes - Updated dependencies [`5ba2c1c`] - @uppy/utils@7.1.0 - @uppy/core@5.1.0 ## @uppy/utils@7.1.0 ### Minor Changes - `5ba2c1c`: Introduce the concept of server-side search and add support for it for the Dropbox provider. Previously, only client-side filtering in the currently viewed folder was possible, which was limiting. Now users using Companion with Dropbox can perform a search across their entire account. ## uppy@5.1.6 ### Patch Changes - Updated dependencies [`5ba2c1c`] - @uppy/companion-client@5.1.0 - @uppy/provider-views@5.1.0 - @uppy/core@5.1.0 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>	2025-10-08 22:01:27 +02:00

1 2 3 4 5 ...

10444 commits