mirror of
https://github.com/transloadit/uppy.git
synced 2026-01-23 02:25:07 +00:00
10443 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
github-actions[bot]
|
556e36de4c
|
[ci] release (#6060)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/audio@3.1.0 ### Minor Changes - |
||
dependabot[bot]
|
5b680f2f05
|
build(deps): bump body-parser from 1.20.3 to 1.20.4 (#6070)
Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.3 to 1.20.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/releases">body-parser's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2025-13466">CVE-2025-13466</a> (<a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>ci: add dependabot by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/593">expressjs/body-parser#593</a></li> <li>ci: use full SHAs for github action versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/594">expressjs/body-parser#594</a></li> <li>deps: type-is@^2.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/599">expressjs/body-parser#599</a></li> <li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/609">expressjs/body-parser#609</a></li> <li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/610">expressjs/body-parser#610</a></li> <li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/611">expressjs/body-parser#611</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/613">expressjs/body-parser#613</a></li> <li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/612">expressjs/body-parser#612</a></li> <li>ci: add codeql github workflows scanning by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/614">expressjs/body-parser#614</a></li> <li>ci: update CodeQL config to ignore the test directory by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/615">expressjs/body-parser#615</a></li> <li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/620">expressjs/body-parser#620</a></li> <li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/619">expressjs/body-parser#619</a></li> <li>chore(deps): unpin devDependencies by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/616">expressjs/body-parser#616</a></li> <li>ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/621">expressjs/body-parser#621</a></li> <li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/623">expressjs/body-parser#623</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/624">expressjs/body-parser#624</a></li> <li>chore: add funding to package.json by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/617">expressjs/body-parser#617</a></li> <li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/625">expressjs/body-parser#625</a></li> <li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/630">expressjs/body-parser#630</a></li> <li>refactor: move common request validation to read function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/600">expressjs/body-parser#600</a></li> <li>deps: bump iconv-lite by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/631">expressjs/body-parser#631</a></li> <li>doc: pull beta changelog forward into 2.0.0 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/629">expressjs/body-parser#629</a></li> <li>refactor: optimize raw and text parsers with shared passthrough function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/634">expressjs/body-parser#634</a></li> <li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/640">expressjs/body-parser#640</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/639">expressjs/body-parser#639</a></li> <li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/636">expressjs/body-parser#636</a></li> <li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/637">expressjs/body-parser#637</a></li> <li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/638">expressjs/body-parser#638</a></li> <li>deps: raw-body@^3.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/641">expressjs/body-parser#641</a></li> <li>deps: debug@^4.4.3 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/642">expressjs/body-parser#642</a></li> <li>docs: add iconv-lite 0.7.0 changes to history entry by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/645">expressjs/body-parser#645</a></li> <li>ci: add node.js 25 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/650">expressjs/body-parser#650</a></li> <li>perf: move read options outside parser middlewares by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/648">expressjs/body-parser#648</a></li> <li>test(json): add RFC 7159 whitespace edge cases by <a href="https://github.com/Ayoub-Mabrouk"><code>@Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/653">expressjs/body-parser#653</a></li> <li>test: add test for urlencoded invalid defaultCharset by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/643">expressjs/body-parser#643</a></li> <li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/657">expressjs/body-parser#657</a></li> <li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/656">expressjs/body-parser#656</a></li> <li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/655">expressjs/body-parser#655</a></li> <li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/654">expressjs/body-parser#654</a></li> <li>ci: also test on first supported node.js version by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/646">expressjs/body-parser#646</a></li> <li>chore: switch badges from badgen.net to shields.io by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/661">expressjs/body-parser#661</a></li> <li>Remove history.md from being packaged on publish by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/660">expressjs/body-parser#660</a></li> <li>Release: 2.2.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/659">expressjs/body-parser#659</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's changelog</a>.</em></p> <blockquote> <h1>2.2.1 / 2025-11-24</h1> <ul> <li>Security fix for <a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a></li> <li>deps: <ul> <li>type-is@^2.0.1</li> <li>iconv-lite@^0.7.0 <ul> <li>Handle split surrogate pairs when encoding UTF-8</li> <li>Avoid false positives in <code>encodingExists</code> by using prototype-less objects</li> </ul> </li> <li>raw-body@^3.0.1</li> <li>debug@^4.4.3</li> </ul> </li> </ul> <h1>2.2.0 / 2025-03-27</h1> <ul> <li>refactor: normalize common options for all parsers</li> <li>deps: <ul> <li>iconv-lite@^0.6.3</li> </ul> </li> </ul> <h1>2.1.0 / 2025-02-10</h1> <ul> <li>deps: <ul> <li>type-is@^2.0.0</li> <li>debug@^4.4.0</li> <li>Removed destroy</li> </ul> </li> <li>refactor: prefix built-in node module imports</li> <li>use the node require cache instead of custom caching</li> </ul> <h1>2.0.2 / 2024-10-31</h1> <ul> <li>remove <code>unpipe</code> package and use native <code>unpipe()</code> method</li> </ul> <h1>2.0.1 / 2024-09-10</h1> <ul> <li>Restore expected behavior <code>extended</code> to <code>false</code></li> </ul> <h1>2.0.0 / 2024-09-10</h1> <h2>Breaking Changes</h2> <ul> <li>Node.js 18 is the minimum supported version</li> <li><code>req.body</code> is no longer always initialized to <code>{}</code> <ul> <li>it is left <code>undefined</code> unless a body is parsed</li> </ul> </li> <li>Remove deprecated <code>bodyParser()</code> combination middleware</li> <li><del><code>urlencoded</code> parser now defaults <code>extended</code> to <code>false</code></del> as released, this is not the case, fixed in 2.0.1</li> <li><code>urlencoded</code> simple parser now uses <code>qs</code> module instead of <code>querystring</code> module</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
39b82fd231
|
build(deps): bump express from 4.19.2 to 4.22.0 (#6079)
Bumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.22.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.22.0</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Refactor: improve readability by <a href="https://github.com/sazk07"><code>@sazk07</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6190">expressjs/express#6190</a></li> <li>ci: add support for Node.js@23.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6080">expressjs/express#6080</a></li> <li>Method functions with no path should error by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5957">expressjs/express#5957</a></li> <li>ci: updated github actions ci workflow by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6323">expressjs/express#6323</a></li> <li>ci: reorder <code>npm i</code> steps to fix ci for older node versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6336">expressjs/express#6336</a></li> <li>Backport: ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6506">expressjs/express#6506</a></li> <li>chore(4.x): wider range for query test skip by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6513">expressjs/express#6513</a></li> <li>use tilde notation for certain dependencies by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6905">expressjs/express#6905</a></li> <li>deps: qs@6.14.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6909">expressjs/express#6909</a></li> <li>deps: use tilde notation for <code>qs</code> by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6919">expressjs/express#6919</a></li> <li>Release: 4.22.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6921">expressjs/express#6921</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.2...4.22.0">https://github.com/expressjs/express/compare/4.21.2...4.22.0</a></p> <h2>4.21.2</h2> <h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li> <li>deps: path-to-regexp@0.1.11 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li> <li>deps: bump path-to-regexp@0.1.12 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li> <li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p> <h2>4.21.1</h2> <h2>What's Changed</h2> <ul> <li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a href="https://github.com/joshbuker"><code>@joshbuker</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li> <li>Release: 4.21.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p> <h2>4.21.0</h2> <h2>What's Changed</h2> <ul> <li>Deprecate <code>"back"</code> magic string in redirects by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li> <li>finalhandler@1.3.1 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li> <li>fix(deps): serve-static@1.16.2 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li> <li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.22.0/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.22.0 / 2025-12-01</h1> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> <li>deps: use tilde notation for dependencies</li> <li>deps: qs@6.14.0</li> </ul> <h1>4.21.2 / 2024-11-06</h1> <ul> <li>deps: path-to-regexp@0.1.12 <ul> <li>Fix backtracking protection</li> </ul> </li> <li>deps: path-to-regexp@0.1.11 <ul> <li>Throws an error on invalid path values</li> </ul> </li> </ul> <h1>4.21.1 / 2024-10-08</h1> <ul> <li>Backported a fix for <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li> </ul> <h1>4.21.0 / 2024-09-11</h1> <ul> <li>Deprecate <code>res.location("back")</code> and <code>res.redirect("back")</code> magic string</li> <li>deps: serve-static@1.16.2 <ul> <li>includes send@0.19.0</li> </ul> </li> <li>deps: finalhandler@1.3.1</li> <li>deps: qs@6.13.0</li> </ul> <h1>4.20.0 / 2024-09-10</h1> <ul> <li>deps: serve-static@0.16.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: send@0.19.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: body-parser@0.6.0 <ul> <li>add <code>depth</code> option to customize the depth level in the parser</li> <li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li> </ul> </li> <li>Remove link renderization in html while using <code>res.redirect</code></li> <li>deps: path-to-regexp@0.1.10 <ul> <li>Adds support for named matching groups in the routes using a regex</li> <li>Adds backtracking protection to parameters without regexes defined</li> </ul> </li> <li>deps: encodeurl@~2.0.0 <ul> <li>Removes encoding of <code>\</code>, <code>|</code>, and <code>^</code> to align better with URL spec</li> </ul> </li> <li>Deprecate passing <code>options.maxAge</code> and <code>options.expires</code> to <code>res.clearCookie</code> <ul> <li>Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
21a8f1a467
|
build(deps): bump @angular/common from 19.2.14 to 19.2.16 (#6072)
Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 19.2.14 to 19.2.16. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/common</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.16</h2> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
|
dependabot[bot]
|
d2637e4d3b
|
build(deps): bump validator from 13.12.0 to 13.15.20 (#6041)
Bumps [validator](https://github.com/validatorjs/validator.js) from 13.12.0 to 13.15.20. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/validatorjs/validator.js/releases">validator's releases</a>.</em></p> <blockquote> <h2>13.15.20</h2> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a> <code>isMobilePhone</code>: add <code>ar-QA</code> locale <a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a> <code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales (<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>, <code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>, <code>or-IN</code>) <a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a> <code>isBase64</code>: improve padding regex <a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a> <code>isVAT</code>: improve <code>FR</code> locale <a href="https://github.com/iamAmer"><code>@iamAmer</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a> <code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200 <a href="https://github.com/theofidry"><code>@theofidry</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a> <a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a> <a href="https://github.com/camillobruni"><code>@camillobruni</code></a></li> </ul> </li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">validatorjs/validator.js#2563</a></li> <li><a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">validatorjs/validator.js#2556</a></li> <li><a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">validatorjs/validator.js#2576</a></li> <li><a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">validatorjs/validator.js#2574</a></li> <li><a href="https://github.com/iamAmer"><code>@iamAmer</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">validatorjs/validator.js#2584</a></li> <li><a href="https://github.com/camillobruni"><code>@camillobruni</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">validatorjs/validator.js#2581</a></li> <li><a href="https://github.com/theofidry"><code>@theofidry</code></a> made their first contribution in <a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">validatorjs/validator.js#2608</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20">https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20</a></p> <h2>13.15.15</h2> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><code>isMobilePhone</code> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a> improve <code>el-CY</code> locale <a href="https://github.com/rezk2ll"><code>@rezk2ll</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a> improve <code>pt-AO</code> locale <a href="https://github.com/renaldodev"><code>@renaldodev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a> improve <code>ar-OM</code> locale <a href="https://github.com/tomcastro"><code>@tomcastro</code></a></li> </ul> </li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a> <code>isIP</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a> <code>isPassportNumber</code>: improve <code>CA</code> locale <a href="https://github.com/evanbechtol"><code>@evanbechtol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a> <code>isBase64</code>: improve validation based on RFC4648 <a href="https://github.com/aseyfpour"><code>@aseyfpour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a> <code>isPostalCode</code>: improve <code>FR</code> locale <a href="https://github.com/Rajput-Balram"><code>@Rajput-Balram</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a> <code>isBefore</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a> <code>isRgbColor</code>: allow second digit in rgba alpha value <a href="https://github.com/controlol"><code>@controlol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a> <code>isIP</code>: improve IPv6 regex <a href="https://github.com/ShreySinha02"><code>@ShreySinha02</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a> <code>isPostalCode</code>: add <code>PK</code> locale <a href="https://github.com/mateeni-dev"><code>@mateeni-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a> <code>isPostalCode</code>: improve <code>TW</code> locale <a href="https://github.com/Crocsx"><code>@Crocsx</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a> <code>isPassportNumber</code>: improve <code>US</code> locale <a href="https://github.com/yitzchak-schechter"><code>@yitzchak-schechter</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a> <code>isUUID</code>: add <code>loose</code> option <a href="https://github.com/bc-m"><code>@bc-m</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a> <code>isPostalCode</code>: add <code>BD</code> locale <a href="https://github.com/tanvirrb"><code>@tanvirrb</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a> <code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a href="https://github.com/castrosu"><code>@castrosu</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a> <a href="https://github.com/EmersonRabelo"><code>@EmersonRabelo</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a> <a href="https://github.com/sgress454"><code>@sgress454</code></a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md">validator's changelog</a>.</em></p> <blockquote> <h1>13.15.20</h1> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a> <code>isMobilePhone</code>: add <code>ar-QA</code> locale <a href="https://github.com/WardKhaddour"><code>@WardKhaddour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a> <code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales (<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>, <code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>, <code>or-IN</code>) <a href="https://github.com/avadootharajesh"><code>@avadootharajesh</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a> <code>isBase64</code>: improve padding regex <a href="https://github.com/KrayzeeKev"><code>@KrayzeeKev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a> <code>isVAT</code>: improve <code>FR</code> locale <a href="https://github.com/iamAmer"><code>@iamAmer</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a> <code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200 <a href="https://github.com/theofidry"><code>@theofidry</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a> <a href="https://github.com/stoneLeaf"><code>@stoneLeaf</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a> <a href="https://github.com/camillobruni"><code>@camillobruni</code></a></li> </ul> </li> </ul> <h1>13.15.15</h1> <h3>Fixes, New Locales and Enhancements</h3> <ul> <li><code>isMobilePhone</code> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a> improve <code>el-CY</code> locale <a href="https://github.com/rezk2ll"><code>@rezk2ll</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a> improve <code>pt-AO</code> locale <a href="https://github.com/renaldodev"><code>@renaldodev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a> improve <code>ar-OM</code> locale <a href="https://github.com/tomcastro"><code>@tomcastro</code></a></li> </ul> </li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a> <code>isIP</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a> <code>isPassportNumber</code>: improve <code>CA</code> locale <a href="https://github.com/evanbechtol"><code>@evanbechtol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a> <code>isBase64</code>: improve validation based on RFC4648 <a href="https://github.com/aseyfpour"><code>@aseyfpour</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a> <code>isPostalCode</code>: improve <code>FR</code> locale <a href="https://github.com/Rajput-Balram"><code>@Rajput-Balram</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a> <code>isBefore</code>: allow usage of option object <a href="https://github.com/pixelbucket-dev"><code>@pixelbucket-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a> <code>isRgbColor</code>: allow second digit in rgba alpha value <a href="https://github.com/controlol"><code>@controlol</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a> <code>isIP</code>: improve IPv6 regex <a href="https://github.com/ShreySinha02"><code>@ShreySinha02</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a> <code>isPostalCode</code>: add <code>PK</code> locale <a href="https://github.com/mateeni-dev"><code>@mateeni-dev</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a> <code>isPostalCode</code>: improve <code>TW</code> locale <a href="https://github.com/Crocsx"><code>@Crocsx</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a> <code>isPassportNumber</code>: improve <code>US</code> locale <a href="https://github.com/yitzchak-schechter"><code>@yitzchak-schechter</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a> <code>isUUID</code>: add <code>loose</code> option <a href="https://github.com/bc-m"><code>@bc-m</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a> <code>isPostalCode</code>: add <code>BD</code> locale <a href="https://github.com/tanvirrb"><code>@tanvirrb</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a> <code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a href="https://github.com/castrosu"><code>@castrosu</code></a></li> <li><strong>Doc fixes and others:</strong> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a> <a href="https://github.com/EmersonRabelo"><code>@EmersonRabelo</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a> <a href="https://github.com/WikiRik"><code>@WikiRik</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a> <a href="https://github.com/sgress454"><code>@sgress454</code></a></li> </ul> </li> </ul> <h1>13.15.0</h1> <h3>New Features / Validators</h3> <ul> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2399">#2399</a> <code>isISO31661Numeric</code> <a href="https://github.com/RobinvanderVliet"><code>@RobinvanderVliet</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2294">#2294</a> <code>isULID</code> <a href="https://github.com/arafatkn"><code>@arafatkn</code></a></li> <li><a href="https://redirect.github.com/validatorjs/validator.js/pull/2215">#2215</a> <code>isISO15924</code> <a href="https://github.com/xDivisionByZerox"><code>@xDivisionByZerox</code></a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
80addccf39
|
build(deps): bump js-yaml from 3.14.1 to 3.14.2 (#6067)
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to 3.14.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's changelog</a>.</em></p> <blockquote> <h2>[3.14.2] - 2025-11-15</h2> <h3>Security</h3> <ul> <li>Backported v4.1.1 fix to v3</li> </ul> <h2>[4.1.1] - 2025-11-12</h2> <h3>Security</h3> <ul> <li>Fix prototype pollution issue in yaml merge (<<) operator.</li> </ul> <h2>[4.1.0] - 2021-04-15</h2> <h3>Added</h3> <ul> <li>Types are now exported as <code>yaml.types.XXX</code>.</li> <li>Every type now has <code>options</code> property with original arguments kept as they were (see <code>yaml.types.int.options</code> as an example).</li> </ul> <h3>Changed</h3> <ul> <li><code>Schema.extend()</code> now keeps old type order in case of conflicts (e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as <code>abcd</code> instead of <code>cbad</code>).</li> </ul> <h2>[4.0.0] - 2021-01-03</h2> <h3>Changed</h3> <ul> <li>Check <a href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration guide</a> to see details for all breaking changes.</li> <li>Breaking: "unsafe" tags <code>!!js/function</code>, <code>!!js/regexp</code>, <code>!!js/undefined</code> are moved to <a href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a> package.</li> <li>Breaking: removed <code>safe*</code> functions. Use <code>load</code>, <code>loadAll</code>, <code>dump</code> instead which are all now safe by default.</li> <li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and <code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use <code>yaml.DEFAULT_SCHEMA</code> instead.</li> <li><code>yaml.Schema.create(schema, tags)</code> is removed, use <code>schema.extend(tags)</code> instead.</li> <li><code>!!binary</code> now always mapped to <code>Uint8Array</code> on load.</li> <li>Reduced nesting of <code>/lib</code> folder.</li> <li>Parse numbers according to YAML 1.2 instead of YAML 1.1 (<code>01234</code> is now decimal, <code>0o1234</code> is octal, <code>1:23</code> is parsed as string instead of base60).</li> <li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>, <code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li> <li>Line and column in exceptions are now formatted as <code>(X:Y)</code> instead of <code>at line X, column Y</code> (also present in compact format), <a href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li> <li>Code snippet created in exceptions now contains multiple lines with line numbers.</li> <li><code>dump()</code> now serializes <code>undefined</code> as <code>null</code> in collections and removes keys with <code>undefined</code> in mappings, <a href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li> <li><code>dump()</code> with <code>skipInvalid=true</code> now serializes invalid items in collections as null.</li> <li>Custom tags starting with <code>!</code> are now dumped as <code>!tag</code> instead of <code>!<!tag></code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li> <li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now shorthanded using <code>!!</code>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li> </ul> <h3>Added</h3> <ul> <li>Added <code>.mjs</code> (es modules) support.</li> <li>Added <code>quotingType</code> and <code>forceQuotes</code> options for dumper to configure string literal style, <a href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>, <a href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li> <li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper (serializes <code>{ foo: null }</code> as "<code>foo: </code>"), <a href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
52704c6125
|
build(deps): bump node-forge from 1.3.1 to 1.3.2 (#6071)
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's changelog</a>.</em></p> <blockquote> <h2>1.3.2 - 2025-11-25</h2> <h3>Security</h3> <ul> <li><strong>HIGH</strong>: ASN.1 Validator Desynchronization <ul> <li>An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-12816">CVE-2025-12816</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq">GHSA-5gfm-wpxj-wjgq</a></li> </ul> </li> <li><strong>HIGH</strong>: ASN.1 Unbounded Recursion <ul> <li>An Uncontrolled Recursion (CWE-674) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-66031">CVE-2025-66031</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27">GHSA-554w-wpv2-vw27</a></li> </ul> </li> <li><strong>MODERATE</strong>: ASN.1 OID Integer Truncation <ul> <li>An Integer Overflow (CWE-190) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions.</li> <li>Reported by Hunter Wodzenski.</li> <li>CVE ID: <a href="https://www.cve.org/CVERecord?id=CVE-2025-66030">CVE-2025-66030</a></li> <li>GHSA ID: <a href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g">GHSA-65ch-62r8-g69g</a></li> </ul> </li> </ul> <h3>Fixed</h3> <ul> <li>[asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12 MAC verification bypass due to missing macData enforcement and improper asn1.validate routine.</li> <li>[asn1] Add <code>fromDer()</code> max recursion depth check. <ul> <li>Add a <code>asn1.maxDepth</code> global configurable maximum depth of 256.</li> <li>Add a <code>asn1.fromDer()</code> per-call <code>maxDepth</code> option.</li> <li><strong>NOTE</strong>: The default maximum is assumed to be higher than needed for valid data. If this assumption is false then this could be a breaking change. Please file an issue if there are use cases that need a higher maximum.</li> <li><strong>NOTE</strong>: The per-call <code>maxDepth</code> parameter has not been exposed up through all of the API stack due to the complexities involved. Please file an issue if there are use cases that require this instead of changing the default maximum.</li> </ul> </li> <li>[asn1] Improve OID handling. <ul> <li>Error on parsed OID values larger than <code>2**32 - 1</code>.</li> <li>Error on DER OID values larger than <code>2**53 - 1 </code>.</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
319726493a
|
build(deps): bump docker/metadata-action from 5.9.0 to 5.10.0 (#6077)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.9.0 to 5.10.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.10.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.66.0 to 0.68.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/559">docker/metadata-action#559</a> <a href="https://redirect.github.com/docker/metadata-action/pull/569">docker/metadata-action#569</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/564">docker/metadata-action#564</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0">https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d3baf1b3a3
|
build(deps): bump @angular/compiler from 19.2.14 to 19.2.17 (#6078)
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 19.2.14 to 19.2.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/compiler</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.17</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
Murderlon
|
54a3316eb8
|
Fix changeset | ||
Mikael Finstad
|
cc3ff31d59
|
move golden retriever clear files logic (#6076)
into #restore instead. we currently clear files when state transitions to all files complete, however there's an issue with that where if progress events come in after all files are marked as completed, it will overwrite the metadataStore, meaning the files that have been cleared will be re-added after they were cleared. this causes files to be restored (when e.g. refreshing the browser) when they should not (because they have already completed). i managed to reproduce this with the google drive picker plugin (but not with google drive non-picker) **Tip for review:** hide whitespace changes |
||
|
Mikael Finstad
|
e6613488fc
|
allow selecting folders (#6074)
for google drive #5532 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
Prakash
|
4817585b66
|
@uppy/companion: fix broken icons for webdav provider (#6069)
This fixes #6063. It should be merged after #6059. Icon issue was fixed but This still doesn’t fix the thumbnail preview issue, because OwnCloud and Nextcloud don’t provide enough information about their thumbnail preview endpoints. The docs aren’t very helpful: they mention how to make a `PROPFIND` request to get extra metadata (such as has_preview) [doc_ref](https://docs.nextcloud.com/server/stable/developer_manual/client_apis/WebDAV/basic.html#requesting-properties), but I couldn’t get it to work with our webdav client. Even if we did manage to obtain the thumbnail preview URL, it would be a complicated capability to add, since we’d have to handle each WebDAV server separately. That would lead to the same problems discussed here: https://github.com/transloadit/uppy/pull/6059#issuecomment-3564642795 , so I don't think we need to spend anymore time on this. **Before** <img width="1238" height="1014" alt="image" src="https://github.com/user-attachments/assets/378c8b4b-640f-4e5d-9fef-48d255f729f9" /> **After** <img width="982" height="708" alt="image" src="https://github.com/user-attachments/assets/7e20b119-c5a9-45dd-a0bd-7ddf95672137" /> |
||
|
Mikael Finstad
|
ac12f35f5b
|
Move completed uploads exclusion logic (#6058)
into uploader plugins
fixes #6051
also [fix deprecated usage of done
callback](
|
||
Ryan Wang
|
c3c16ae069
|
Update zh_CN and zh_TW locales with new and revised strings (#6064) | ||
|
dependabot[bot]
|
c8eed0cf3a
|
build(deps): bump actions/checkout from 5 to 6 (#6066)
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>V5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Kevin De Bruyn
|
8744c4dfbb
|
@uppy/locales: improve Dutch translations (#5979)
Fixed bug in Dutch where fileManagerSelectionType would not work anymore
because {browse} was used instead of {browseFiles} and {browseFolders} +
Reviewed translations
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Refines Dutch locale with corrected translations, adds/updates strings
(including proper `browseFiles`/`browseFolders` placeholders), and
prepares a patch release.
>
> - **Locales (`packages/@uppy/locales/src/nl_NL.ts`)**:
> - Add and update numerous Dutch strings for uploads, errors,
recording, and UI actions (e.g., `addedNumFiles`,
`dataUploadedOfUnknown`, `uploadStalled`).
> - Replace generic `browse` placeholder with
`browseFiles`/`browseFolders` variants across drop/paste prompts to
align with selection behavior.
> - Improve phrasing/grammar and clarify labels (e.g., encoding, rotate
90°, plugin names, WebDAV input label).
> - **Release**:
> - Add changeset (`.changeset/every-wings-behave.md`) to publish
`@uppy/locales` patch.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
Prakash
|
79e6460a6c
|
Make Generics Optional in uppy.getPlugin (#6057)
fixes #6024. ### Problem - `getPlugin()` defaults to `UnknownPlugin`, so methods like `openModal` are not visible , since core is not aware of that plugin type ### Proposed change - Introduce a types-only registry in core: - `export interface PluginTypeRegistry<M extends Meta, B extends Body> {}` - Overload `getPlugin` to return a precise type when the id is a known key of the registry. - add `Dashboard` to PluginTypeRegistry through module augmentation: - `'Dashboard': Dashboard<M, B>`. - When a project imports from `@uppy/dashboard`, its module augmentation extends PluginTypeRegistry, adding the correct type into it - I've added Tests , kept them in a separate file so it's easier to review , once this approach gets approved I'll add them to `Uppy.test.ts` Once this PR gets a positive review I'll add this for other plugins , currently only added for `@uppy/dashboard` **Build with Local tarball can be checked here** https://stackblitz.com/~/github.com/qxprakash/uppy-type-test?file=type_test.ts |
||
|
dependabot[bot]
|
c788818410
|
build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#6052)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.6.0 to 3.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's releases</a>.</em></p> <blockquote> <h2>v3.7.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.67.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/217">docker/setup-qemu-action#217</a> <a href="https://redirect.github.com/docker/setup-qemu-action/pull/230">docker/setup-qemu-action#230</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/220">docker/setup-qemu-action#220</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/218">docker/setup-qemu-action#218</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/221">docker/setup-qemu-action#221</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/setup-qemu-action/pull/219">docker/setup-qemu-action#219</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0">https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b13efb1621
|
build(deps): bump docker/metadata-action from 5.8.0 to 5.9.0 (#6053)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.8.0 to 5.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v5.9.0</h2> <ul> <li>Add <code>tag-names</code> output to return tag names without image base name by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/553">docker/metadata-action#553</a></li> <li>Bump <code>@babel/runtime-corejs3</code> from 7.14.7 to 7.28.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/539">docker/metadata-action#539</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.66.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/555">docker/metadata-action#555</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/metadata-action/pull/540">docker/metadata-action#540</a></li> <li>Bump csv-parse from 5.6.0 to 6.1.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/532">docker/metadata-action#532</a></li> <li>Bump semver from 7.7.2 to 7.7.3 in in <a href="https://redirect.github.com/docker/metadata-action/pull/554">docker/metadata-action#554</a></li> <li>Bump tmp from 0.2.3 to 0.2.5 in <a href="https://redirect.github.com/docker/metadata-action/pull/541">docker/metadata-action#541</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0">https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Prakash
|
ec75d863ec
|
@uppy/provider-views: add e2e tests for Server side search (#6015)
Tests added as discussed in [slack_discussion](https://transloadit.slack.com/archives/C0FMW9PSB/p1759931999124149?thread_ts=1759700542.941939&cid=C0FMW9PSB) directory structure mocked : ``` root/ ├── first/ │ ├── second/ │ │ ├── third/ │ │ │ ├── nested-target.pdf │ │ │ └── new-file.pdf │ │ ├── deep-file.txt │ │ ├── target.pdf │ │ └── workspace.pdf │ └── intermediate.doc ├── workspace/ │ └── project/ │ └── code.js └── readme.md ``` Some of the mocked responses in CompanionHandler.ts aren’t used in the tests, but I’ve kept them to preserve the legitimacy of the above directory structure. |
||
Copilot
|
46f81e2bae
|
Fix isNetworkError to match MDN spec: readyState === 4 && status === 0 (#6050)
closes #4253 The `isNetworkError` function incorrectly classified XHR states as network errors. Per MDN, a network error occurs when a request completes (`readyState === 4`) but has no HTTP status (`status === 0`), indicating network/CORS/file access failures. ## Changes - **Logic fix**: Changed from `(xhr.readyState !== 0 && xhr.readyState !== 4) || xhr.status === 0` to `xhr.readyState === 4 && xhr.status === 0` - **Test update**: Removed invalid test expecting `readyState: 2` to be a network error; added test verifying incomplete requests return `false` ## Example ```typescript // Before: incorrectly treated in-progress requests as network errors isNetworkError({ readyState: 2, status: 0 }) // true ❌ // After: only completed requests with no status are network errors isNetworkError({ readyState: 4, status: 0 }) // true ✓ isNetworkError({ readyState: 2, status: 0 }) // false ✓ ``` <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > Update the isNetworkError function in packages/@uppy/utils/src/isNetworkError.ts to correctly detect network errors according to MDN documentation. The new logic should return true only if xhr.readyState === 4 and xhr.status === 0. The updated implementation should be: > > function isNetworkError(xhr?: XMLHttpRequest): boolean { > if (!xhr) return false > // finished but status is 0 — usually indicates a network/CORS/file error > return xhr.readyState === 4 && xhr.status === 0 > } > > export default isNetworkError > > No other logic changes are needed. If you find related commentary (e.g., outdated comments), clarify as needed. </details> *This pull request was created as a result of the following prompt from Copilot chat.* > Update the isNetworkError function in packages/@uppy/utils/src/isNetworkError.ts to correctly detect network errors according to MDN documentation. The new logic should return true only if xhr.readyState === 4 and xhr.status === 0. The updated implementation should be: > > function isNetworkError(xhr?: XMLHttpRequest): boolean { > if (!xhr) return false > // finished but status is 0 — usually indicates a network/CORS/file error > return xhr.readyState === 4 && xhr.status === 0 > } > > export default isNetworkError > > No other logic changes are needed. If you find related commentary (e.g., outdated comments), clarify as needed. <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/transloadit/uppy/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: mifi <402547+mifi@users.noreply.github.com> |
||
|
github-actions[bot]
|
7551b4cc91
|
[ci] release (#6049)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/companion@6.2.0 ### Minor Changes - |
||
|
Mikael Finstad
|
ad50314c50
|
allow getSafeFileId to accept UppyFile (#6048)
fixes #6033
also convert InternalMetadata to interface (interface is preferred when
possible)
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Broaden `getSafeFileId` to accept `UppyFile` and extend types by
converting `InternalMetadata` to an interface with optional
`relativePath`.
>
> - **utils**:
> - **`getSafeFileId`**: Broadens parameter via new `SafeFileIdBasis` so
it can accept `UppyFile`; call site logic unchanged.
> - **Types**: Convert `InternalMetadata` to an interface and add
optional `relativePath`; propagate through `UppyFile`/`generateFileID`
typings.
> - **Changeset**: Adds patch entry for `@uppy/utils`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
Murderlon
|
2e14f15e11
|
Update changeset | ||
|
Mikael Finstad
|
0c8dd19dc2
|
Companion option uploadHeaders (#5981)
closes #5921 also improve tests that currently depend on eachother todo - [x] docs https://github.com/transloadit/uppy.io/pull/394 |
||
Austin Jackson
|
5e166a101d
|
@uppy/dashboard: fix form appending for shadow dom (#6031)
Fixes #6028
I've also added `private/dev/dashboard_shadow.html` to more easily test
ShadowDOM-specific bugs.
I looked into writing a test case under
`packages/@uppy/dashboard/src/index.browser.test.ts` but couldn't get it
to work locally on Windows.
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Ensure FileCard’s hidden form is appended/cleaned up in the correct
root (Document body or ShadowRoot) using a ref-derived root node, and
add a patch changeset.
>
> - **@uppy/dashboard – FileCard**:
> - Append hidden `form` to the correct root using `getRootNode()`
(handles Light DOM/iframes via `Document.body`, and Shadow DOM via
`ShadowRoot`).
> - Add `domRef` to root element to detect rendering context; attach
`ref` and update effect accordingly.
> - Clean up by removing the `form` from its actual `parentNode`.
> - **Release**:
> - Add changeset for patch: `Fix form appending for shadow dom`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
github-actions[bot]
|
b1e33bcef7
|
[ci] release (#6046)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/provider-views@5.1.2 ### Patch Changes - |
||
|
Merlijn Vos
|
46e339a150
|
@uppy/provider-views: add missing lodash dependency (#6045)
Fixes #6039 |
||
|
Merlijn Vos
|
16aa6fe941
|
@uppy/react: export useUppyContext (#6044)
Fixes #6043 |
||
|
github-actions[bot]
|
76abdfb325
|
[ci] release (#6029)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/angular@1.1.0 ### Minor Changes - |
||
|
Merlijn Vos
|
72d2d68ea3
|
Fix various deps and peer deps in packages (#6030)
**Fixes**
- `@uppy/components` incorrectly had a lot of packages in `dependencies`
while they should be `peerDependencies`. Also removed `remote-sources`
completely as this drags in a lot of plugins and we don't even need it
there.
- `@uppy/{react,vue,svelte}` now has to have the same `peerDependencies`
as `components` as the requirement has been moved up. We also mark them
as optional, they are only needed if you use a hook such as `useWebcam`
needing `@uppy/webcam`.
- Remove `companion-client` and `provider-views` from `transloadit`.
Those are never used by the package.
- Remove `@uppy/utils` from `@uppy/angular` and `@uppy/react`, we can
just use imports from `core`
- Place `@uppy/status-bar` back in peer deps. This is critical but
forgotten when status bar was put back inside frameworks.
**Implications**
- Moving peer deps to deps in `@uppy/components` now requires people to
install these dependencies. However, they kind of had to anyway before
as we require people to install the plugin on uppy (`.use(Webcam')`) if
you want to use `useWebcam` and if you try to import a dep you did not
install they would have gotten an error already.
- Note: this is not the same situation as with importing dashboard
component from @uppy/react which causes a runtime crash because
@uppy/dashboard is missing. In this case we only depend on _types_, so
we don't have this problem.
|
||
|
dependabot[bot]
|
9f60e630a2
|
build(deps): bump actions/upload-artifact from 4 to 5 (#6038)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p><strong>BREAKING CHANGE:</strong> this update supports Node <code>v24.x</code>. This is not a breaking change per-se but we're treating it as such.</p> <ul> <li>Update README.md by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li>Readme: spell out the first use of GHES by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> <li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li> <li>Prepare <code>v5.0.0</code> by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/734">actions/upload-artifact#734</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li><a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li><a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0">https://github.com/actions/upload-artifact/compare/v4...v5.0.0</a></p> <h2>v4.6.2</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.3.2 package & prepare for new upload-artifact release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p> <h2>v4.6.1</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.2.2 package by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/673">actions/upload-artifact#673</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1">https://github.com/actions/upload-artifact/compare/v4...v4.6.1</a></p> <h2>v4.6.0</h2> <h2>What's Changed</h2> <ul> <li>Expose env vars to control concurrency and timeout by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/662">actions/upload-artifact#662</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.0">https://github.com/actions/upload-artifact/compare/v4...v4.6.0</a></p> <h2>v4.5.0</h2> <h2>What's Changed</h2> <ul> <li>fix: deprecated <code>Node.js</code> version in action by <a href="https://github.com/hamirmahal"><code>@hamirmahal</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li> <li>Add new <code>artifact-digest</code> output by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/656">actions/upload-artifact#656</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hamirmahal"><code>@hamirmahal</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Mikael Finstad
|
08b64f93c3
|
@uppy/utils: fix type mismatch on getSafeFileId (#6034)
with `exactOptionalPropertyTypes` fixes #6033 |
||
|
Mikael Finstad
|
5edcb2e885
|
enable supportsRefreshToken for onedrive (#6035)
fixes #5995 |
||
|
Prakash
|
86f353d2fe
|
@uppy/react: remove dashboard export (#6036)
No need to export it from index.ts, since it’s already exported through the export maps. Also, it’s an optional peer dependency, we probably missed this in #5830 , though this might count as a breaking change now ☹️ |
||
|
Merlijn Vos
|
26bf726412
|
@uppy/components: inherit restrictions from @uppy/core (#6014)
Closes #5970 AI disclosure: codex made the initial implementation --------- Co-authored-by: Mikael Finstad <finstaden@gmail.com> |
||
|
github-actions[bot]
|
55e926c347
|
[ci] release (#6027)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/status-bar@5.0.2 ### Patch Changes - |
||
|
Mikael Finstad
|
8ac1654484
|
release missing packages (#6025)
@uppy/xhr-upload, @uppy/webcam, @uppy/status-bar fixes #6019 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|
Murderlon
|
f34f685c84
|
example-react: fix tsconfig | ||
|
dependabot[bot]
|
dbb5175572
|
build(deps-dev): bump vite from 7.1.5 to 7.1.11 (#6021)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.5 to 7.1.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v7.1.11</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.11/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.10</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.10/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.9</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.8</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.1.10...v7.1.11">7.1.11</a> (2025-10-20)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>dev:</strong> trim trailing slash before <code>server.fs.deny</code> check (<a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a>) (<a href=" |
||
|
dependabot[bot]
|
a9e9775a24
|
build(deps): bump actions/setup-node from 4 to 6 (#6018)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <p><strong>Breaking Changes</strong></p> <ul> <li>Limit automatic caching to npm, update workflows and documentation by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li> </ul> <p><strong>Dependency Upgrades</strong></p> <ul> <li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li> <li>Upgrade prettier from 2.8.8 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Enhance caching in setup-node with automatic package manager detection by <a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li> </ul> <p>This update, introduces automatic caching when a valid <code>packageManager</code> field is present in your <code>package.json</code>. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set <code>package-manager-cache: false</code></p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false </code></pre> <ul> <li>Upgrade action to use node24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li> </ul> <p>Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">See Release Notes</a></p> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade <code>@octokit/request-error</code> and <code>@actions/github</code> by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1227">actions/setup-node#1227</a></li> <li>Upgrade uuid from 9.0.1 to 11.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1273">actions/setup-node#1273</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1295">actions/setup-node#1295</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1332">actions/setup-node#1332</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1345">actions/setup-node#1345</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/priya-kinthali"><code>@priya-kinthali</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v4...v5.0.0">https://github.com/actions/setup-node/compare/v4...v5.0.0</a></p> <h2>v4.4.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
69056fc773
|
build(deps): bump docker/login-action from 3.5.0 to 3.6.0 (#6004)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.5.0 to 3.6.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
github-actions[bot]
|
2c4727e5f4
|
[ci] release (#6011)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/aws-s3@5.0.2 ### Patch Changes - |
||
|
Mikael Finstad
|
0c16fe44b9
|
Golden retriever refactor and UppyFile type improvements (#5978)
Probably best reviewed commit by commit. I also split UppyFile into two intefaces distinguished by the `isRemote` boolean: - LocalUppyFile - RemoteUppyFile Also: - Removed the TagFile type - Don't re-upload completed files - fixes #5930 - Clean up stored files on `complete` event *only* if *all* files succeeded (no failed files). this allows the user to retry failed files if the browser & upload get interrupted - fixes #5927, closes #5955 - Only set `isGhost` for non-successful files. it doesn't make sense for successfully uploaded files to be ghosted because they're already done. #5930 fixes #6013 --------- Co-authored-by: Prakash <qxprakash@gmail.com> |
||
|
Mikael Finstad
|
1fbb95da2b
|
improve test scripts (#6016)
1. don't run browser tests in `headless` mode by default when running tests individually. because when writing/running tests, i usually want to see/debug using the browser. if one still wants headless, it's as easy as: `yarn workspace @uppy/xyz test --browser.headless`. instead append the `headless` mode when running all tests together - it doesn't make sense to run all projects' tests without headless mode. 2. don't always run browser tests with `watch`: watch doesn't make sense when running multiple projects in turbo (one project just blocks the rest watching for changes). if one still wants to run a single test with watch mode, it's as easy as: `yarn workspace @uppy/xyz test --watch` 3. don't cache test runs: if I run the `test` command. most of the time I want to actually run tests (not skip them if they already ran last time) 4. output logs when running tests. it's nice to see that the tests have actually run (also on CI) 5. when running all tests, use concurrency=1, because the tests also includes e2e tests, running multiple browsers in parallel really just makes the test fail on my computer (and uses a lot of memory) current output is not very informative: <img width="840" height="410" alt="Screenshot 2025-10-17 at 17 09 55" src="https://github.com/user-attachments/assets/9ca8278c-f160-478c-87e2-2ef861ba4bb1" /> with this PR: <img width="672" height="495" alt="Screenshot 2025-10-17 at 17 20 49" src="https://github.com/user-attachments/assets/1339c96b-d0c1-42e1-8fa1-d5a4a36ea42a" /> |
||
|
Merlijn Vos
|
6a60ee517d
|
@uppy/companion: fix crash on missing filename (#6010)
Better to reject early than generating a filename when missing which could break assumptions we don't foresee. |
||
Nik Graf
|
9d2c7a997f
|
upgrade cookie-parser (#6005)
cookie-parser 1.4.7 uses a version cookie that fixed this security issue https://github.com/advisories/GHSA-pxg6-pf52-xh8x |
||
|
github-actions[bot]
|
91c6bfd7d7
|
[ci] release (#6008)
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @uppy/companion@6.1.0 ### Minor Changes - |
||
|
Prakash
|
5ba2c1c8d3
|
Server side search @uppy/Companion (#6003)
## High Level View <img width="3367" height="1576" alt="Global Search (1)" src="https://github.com/user-attachments/assets/134e8658-5cbd-4816-87a1-3bd42603089d" /> - Search View replicated , through minimal components `<GlobalSearchView />` and `<SearchResultItem />` - Both components take only the minimal state needed to render the search view no dependency on PartialTree. search response from companion server is directly passed to GlobalSearchView for file state. - `#buildPath` creates missing parent nodes in partialTree (if any) and opens the folder in the normal way using a minimal wrapper over openFolder function. - Both interactions : "checking a file/folder" and "opening a folder" use the same function `#buildPath` to build the path, then use the already existing `openFolder` and `toggleCheckBox`. - Max search results: 1000. Pagination removed for simplicity (can be added later). - From a UI/UX standpoint, all functionality works as expected. - The only limitation is occasional inconsistent partial checked states when the tree isn’t fully built — unavoidable since percolateUp and percolateDown require the complete partialTree to sync state correctly. This issue isn’t critical; even in other cases, we already mark folders "checked" whereas they may be empty if not yet fetched. - I figured out it's better to just derive the checkedState from PartialTree , and then pass it to `GlobalSearchView` rather than keep it separate and then worrying about checked state syncs across two views for UI to look right. - IMO this is the most simplest approach I could come up with. without sacrificing any user functionality and it carefully reuses all the util code. --------- Co-authored-by: Merlijn Vos <merlijn@soverin.net> Co-authored-by: Mikael Finstad <finstaden@gmail.com> |