mirror of
https://github.com/transloadit/uppy.git
synced 2026-01-23 02:25:07 +00:00
811 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
b3d9ef5cce
|
build(deps-dev): bump @sveltejs/kit from 2.20.7 to 2.49.5 (#6143)
Bumps [@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit) from 2.20.7 to 2.49.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/kit/releases"><code>@sveltejs/kit</code>'s releases</a>.</em></p> <blockquote> <h2><code>@sveltejs/kit</code><a href="https://github.com/2"><code>@2</code></a>.49.5</h2> <h3>Patch Changes</h3> <ul> <li> <p>fix: avoid overriding Vite default <code>base</code> when running Vitest 4 (<a href="https://redirect.github.com/sveltejs/kit/pull/14866">#14866</a>)</p> </li> <li> <p>fix: ensure url decoded pathnames are not mistaken as rerouted requests (<a href=" |
||
Merlijn Vos
|
e6e1466ac8
|
Fix useless security warnings (#6132)
We are not vulnerable but we keep getting warning about it so let's updrade deps regardless |
||
|
dependabot[bot]
|
3c159b1740
|
build(deps): bump @angular/compiler from 19.2.17 to 19.2.18 (#6128)
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 19.2.17 to 19.2.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/compiler</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.18</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
|
dependabot[bot]
|
71e8a56127
|
build(deps): bump @angular/core from 19.2.17 to 19.2.18 (#6129)
Bumps [@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core) from 19.2.17 to 19.2.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/core</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.18</h2> <h3>core</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
|
dependabot[bot]
|
fd8f54f542
|
build(deps): bump preact from 10.26.9 to 10.26.10 (#6123)
Bumps [preact](https://github.com/preactjs/preact) from 10.26.9 to 10.26.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/preactjs/preact/releases">preact's releases</a>.</em></p> <blockquote> <h2>10.26.10</h2> <h2>Fixes</h2> <ul> <li>Enforce strict equality for VNode object constructors</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
23186da45d
|
build(deps): bump aws/aws-sdk-php from 3.288.1 to 3.368.0 in /examples/aws-php (#6112)
Bumps [aws/aws-sdk-php](https://github.com/aws/aws-sdk-php) from 3.288.1 to 3.368.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aws/aws-sdk-php/releases">aws/aws-sdk-php's releases</a>.</em></p> <blockquote> <h2>Version 3.368.0</h2> <ul> <li><code>Aws\S3</code> - A new <code>S3EncryptionClient</code> implementation and a new <code>KmsMaterialProvider</code> implementation. <code>S3EncryptionClientV3</code> now supports writing and reading objects with Key Commitment. <code>KmsMaterialProviderV3</code> now supports verifying supplied encryption context on <code>decryptCek</code> calls.</li> <li><code>Aws\TimestreamInfluxDB</code> - This release adds support for rebooting InfluxDB DbInstances and DbClusters</li> <li><code>Aws\IoT</code> - Add support for dynamic payloads in IoT Device Management Commands</li> </ul> <h2>Version 3.367.3</h2> <ul> <li><code>Aws\MediaTailor</code> - Added support for Ad Decision Server Configuration enabling HTTP POST requests with custom bodies, headers, GZIP compression, and dynamic variables. No changes required for existing GET request configurations.</li> <li><code>Aws\Connect</code> - Amazon Connect now supports outbound WhatsApp contacts via the Send message block or StartOutboundChatContact API. Send proactive messages for surveys, reminders, and updates. Offer customers the option to switch to WhatsApp while in queue, eliminating hold time.</li> <li><code>Aws\BedrockAgentCoreControl</code> - This release updates broken links for AgentCore Policy APIs in the AWS CLI and SDK resources.</li> <li><code>Aws\Glacier</code> - Documentation updates for Amazon Glacier's maintenance mode</li> <li><code>Aws\Route53Resolver</code> - Adds support for enabling detailed metrics on Route 53 Resolver endpoints using RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing enhanced visibility into Resolver endpoint and target name server performance.</li> <li><code>Aws\CloudWatchLogs</code> - This release allows you to import your historical CloudTrail Lake data into CloudWatch with a few steps, enabling you to easily consolidate operational, security, and compliance data in one place.</li> <li><code>Aws\EC2</code> - EC2 Capacity Manager now supports SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics for both vCPU and instance units.</li> <li><code>Aws\S3</code> - This release adds support for the new optional field 'LifecycleExpirationDate' in S3 Inventory configurations.</li> <li><code>Aws\Health</code> - Updating Health API endpoint generation for dualstack only regions</li> <li><code>Aws\EntityResolution</code> - Support Customer Profiles Integration for AWS Entity Resolution</li> <li><code>Aws\ServiceQuotas</code> - Add support for SQ Dashboard Api</li> </ul> <h2>Version 3.367.2</h2> <ul> <li><code>Aws\WorkSpacesWeb</code> - Adds support for portal branding customization, enabling administrators to personalize end-user portals with custom assets.</li> <li><code>Aws\Connect</code> - Amazon Connect now offers automated post-chat surveys triggered when customers end conversations. This captures timely feedback while experience is fresh, using either a no-code form builder or Amazon Lex-powered interactive surveys.</li> <li><code>Aws\BCMRecommendedActions</code> - Added new freetier action types to RecommendedAction.type.</li> <li><code>Aws\DataSync</code> - Adds Enhanced mode support for NFS and SMB locations. SMB credentials are now managed via Secrets Manager, and may be encrypted with service or customer managed keys. Increases AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters to DescribeTaskExecution for Enhanced mode tasks.</li> </ul> <h2>Version 3.367.1</h2> <ul> <li><code>Aws\SESv2</code> - Update GetEmailIdentity and CreateEmailIdentity response to include SigningHostedZone in DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response to include SigningHostedZone.</li> <li><code>Aws\Lambda</code> - Add Dotnet 10 (dotnet10) support to AWS Lambda.</li> <li><code>Aws\QuickSight</code> - This release adds new GetIdentityContext API, Dashboard customization options for tables and pivot tables, Visual styling options- borders and decals, map GeocodingPreferences, KeyPairCredentials for DataSourceCredentials. Snapshot APIs now support registered users. Parameters limit increased to 400</li> <li><code>Aws\Organizations</code> - Add support for policy operations on the NETWORK SECURITY DIRECTOR POLICY policy type.</li> <li><code>Aws\SecretsManager</code> - Add SortBy parameter to ListSecrets</li> </ul> <h2>Version 3.367.0</h2> <ul> <li><code>Aws\S3</code> - A new S3 Transfer Manager implementation with multipart download capabilities. It allows better ways to configure each operation. Includes Progress Tracking, Transfer Event Listeners, and Automatic Multipart Uploads/Downloads.</li> <li><code>Aws\signer</code> - Adds support for Signer GetRevocationStatus with updated endpoints</li> <li><code>Aws\Odb</code> - The following APIs now return CloudExadataInfrastructureArn and OdbNetworkArn fields for improved resource identification and AWS service integration - GetCloudVmCluster, ListCloudVmClusters, GetCloudAutonomousVmCluster, and ListCloudAutonomousVmClusters.</li> <li><code>Aws\BillingConductor</code> - Launch itemized custom line item and service line item filter</li> <li><code>Aws\CloudWatch</code> - This release introduces two additional protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is the most performant for each language.</li> <li><code>Aws\PartnerCentralSelling</code> - Adds support for the new Project.AwsPartition field on Opportunity and AWS Opportunity Summary. Use this field to specify the AWS partition where the opportunity will be deployed.</li> <li><code>Aws\OpenSearchService</code> - The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption.</li> <li><code>Aws\Bedrock</code> - Automated Reasoning checks in Amazon Bedrock Guardrails is capable of generating policy scenarios to validate policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API now adds POLICY SCENARIO asset type, allowing customers to retrieve scenarios generated by the build workflow.</li> </ul> <h2>Version 3.366.4</h2> <ul> <li><code>Aws\IVSRealTime</code> - Token Exchange introduces seamless token exchange capabilities for IVS RTX, enabling customers to upgrade or downgrade token capabilities and update token attributes within the IVS client SDK without forcing clients to disconnect and reconnect.</li> <li><code>Aws\Account</code> - This release adds a new API (GetGovCloudAccountInformation) used to retrieve information about a linked GovCloud account from the standard AWS partition.</li> <li><code>Aws\Route53</code> - Amazon Route 53 now supports the EU (Germany) Region (eusc-de-east-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that region</li> <li><code>Aws\AppSync</code> - Update Event API to require EventConfig parameter in creation and update requests.</li> <li><code>Aws\GuardDuty</code> - Adding support for Ec2LaunchTemplate Version field</li> <li><code>Aws\mgn</code> - Added parameters encryption, IPv4/IPv6 protocol configuration, and enhanced tagging support for replication operations.</li> </ul> <h2>Version 3.366.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
101fd8ca84
|
build(deps): bump next from 15.5.7 to 15.5.9 (#6104)
Bumps [next](https://github.com/vercel/next.js) from 15.5.7 to 15.5.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.9</h2> <p>Please see the <a href="https://nextjs.org/blog/security-update-2025-12-11">Next.js Security Update</a> for information about this security patch.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
Prakash
|
a25226aab2
|
Fix @uppy/examples (#6099)
we forgot to update the examples after #5830 |
||
|
Merlijn Vos
|
943ed7ad56
|
Upgrade playwright in all packages (#6086)
To resolve security advisories. Should be merged after #6085
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Upgrades Playwright to 1.57.0 across examples and packages, updating
corresponding yarn.lock entries.
>
> - **Dependencies**:
> - Bump `playwright` to `1.57.0` in `examples/react/package.json`,
`examples/sveltekit/package.json`, `examples/vue/package.json`,
`packages/@uppy/dashboard/package.json`, and
`packages/@uppy/url/package.json`.
> - Update `yarn.lock` to `playwright@1.57.0` and
`playwright-core@1.57.0`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
dependabot[bot]
|
e4558362b8
|
build(deps): bump next from 15.5.2 to 15.5.7 (#6088)
Bumps [next](https://github.com/vercel/next.js) from 15.5.2 to 15.5.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v15.5.7</h2> <p>Please see <a href="https://nextjs.org/blog/CVE-2025-66478">CVE-2025-66478</a> for additional details about this release.</p> <h2>v15.5.6</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Turbopack: don't define process.cwd() in node_modules <a href="https://redirect.github.com/vercel/next.js/issues/83452">#83452</a></li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/mischnic"><code>@mischnic</code></a> for helping!</p> <h2>v15.5.5</h2> <blockquote> <p>[!NOTE]<br /> This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Split code-frame into separate compiled package (<a href="https://redirect.github.com/vercel/next.js/issues/84238">#84238</a>)</li> <li>Add deprecation warning to Runtime config (<a href="https://redirect.github.com/vercel/next.js/issues/84650">#84650</a>)</li> <li>fix: unstable_cache should perform blocking revalidation during ISR revalidation (<a href="https://redirect.github.com/vercel/next.js/issues/84716">#84716</a>)</li> <li>feat: <code>experimental.middlewareClientMaxBodySize</code> body cloning limit (<a href="https://redirect.github.com/vercel/next.js/issues/84722">#84722</a>)</li> <li>fix: missing next/link types with typedRoutes (<a href="https://redirect.github.com/vercel/next.js/issues/84779">#84779</a>)</li> </ul> <h3>Misc Changes</h3> <ul> <li>docs: early October improvements and fixes (<a href="https://redirect.github.com/vercel/next.js/issues/84334">#84334</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/devjiwonchoi"><code>@devjiwonchoi</code></a>, <a href="https://github.com/ztanner"><code>@ztanner</code></a>, and <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Merlijn Vos
|
93ef1ba0e7
|
Resolve all angular yarn warnings (#6080)
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Aligns Angular dependencies (including compiler-cli and animations) to
^19.2.17 in examples/angular and packages/@uppy/angular.
>
> - **Dependencies**:
> - `examples/angular/package.json`:
> - Bump `@angular/common`, `core`, `forms`, `platform-browser`,
`platform-browser-dynamic`, `router`, and `@angular/compiler-cli` to
`^19.2.17`.
> - `packages/@uppy/angular/package.json`:
> - Bump `@angular/animations`, `common`, `compiler`, `core`, `forms`,
`platform-browser`, `platform-browser-dynamic`, `router` to `^19.2.17`.
> - Update dev dependency `@angular/compiler-cli` to `^19.2.17`.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
dependabot[bot]
|
5b680f2f05
|
build(deps): bump body-parser from 1.20.3 to 1.20.4 (#6070)
Bumps [body-parser](https://github.com/expressjs/body-parser) from 1.20.3 to 1.20.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/releases">body-parser's releases</a>.</em></p> <blockquote> <h2>v2.2.1</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2025-13466">CVE-2025-13466</a> (<a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>ci: add dependabot by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/593">expressjs/body-parser#593</a></li> <li>ci: use full SHAs for github action versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/594">expressjs/body-parser#594</a></li> <li>deps: type-is@^2.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/599">expressjs/body-parser#599</a></li> <li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/609">expressjs/body-parser#609</a></li> <li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/610">expressjs/body-parser#610</a></li> <li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/611">expressjs/body-parser#611</a></li> <li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/613">expressjs/body-parser#613</a></li> <li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/612">expressjs/body-parser#612</a></li> <li>ci: add codeql github workflows scanning by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/614">expressjs/body-parser#614</a></li> <li>ci: update CodeQL config to ignore the test directory by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/615">expressjs/body-parser#615</a></li> <li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/620">expressjs/body-parser#620</a></li> <li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/619">expressjs/body-parser#619</a></li> <li>chore(deps): unpin devDependencies by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/616">expressjs/body-parser#616</a></li> <li>ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/621">expressjs/body-parser#621</a></li> <li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/623">expressjs/body-parser#623</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/624">expressjs/body-parser#624</a></li> <li>chore: add funding to package.json by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/617">expressjs/body-parser#617</a></li> <li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/625">expressjs/body-parser#625</a></li> <li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/630">expressjs/body-parser#630</a></li> <li>refactor: move common request validation to read function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/600">expressjs/body-parser#600</a></li> <li>deps: bump iconv-lite by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/631">expressjs/body-parser#631</a></li> <li>doc: pull beta changelog forward into 2.0.0 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/629">expressjs/body-parser#629</a></li> <li>refactor: optimize raw and text parsers with shared passthrough function by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/634">expressjs/body-parser#634</a></li> <li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/640">expressjs/body-parser#640</a></li> <li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/639">expressjs/body-parser#639</a></li> <li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/636">expressjs/body-parser#636</a></li> <li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/637">expressjs/body-parser#637</a></li> <li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/638">expressjs/body-parser#638</a></li> <li>deps: raw-body@^3.0.1 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/641">expressjs/body-parser#641</a></li> <li>deps: debug@^4.4.3 by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/642">expressjs/body-parser#642</a></li> <li>docs: add iconv-lite 0.7.0 changes to history entry by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/645">expressjs/body-parser#645</a></li> <li>ci: add node.js 25 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/650">expressjs/body-parser#650</a></li> <li>perf: move read options outside parser middlewares by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/648">expressjs/body-parser#648</a></li> <li>test(json): add RFC 7159 whitespace edge cases by <a href="https://github.com/Ayoub-Mabrouk"><code>@Ayoub-Mabrouk</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/653">expressjs/body-parser#653</a></li> <li>test: add test for urlencoded invalid defaultCharset by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/643">expressjs/body-parser#643</a></li> <li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/657">expressjs/body-parser#657</a></li> <li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/656">expressjs/body-parser#656</a></li> <li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/655">expressjs/body-parser#655</a></li> <li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/expressjs/body-parser/pull/654">expressjs/body-parser#654</a></li> <li>ci: also test on first supported node.js version by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/646">expressjs/body-parser#646</a></li> <li>chore: switch badges from badgen.net to shields.io by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/661">expressjs/body-parser#661</a></li> <li>Remove history.md from being packaged on publish by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/660">expressjs/body-parser#660</a></li> <li>Release: 2.2.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/body-parser/pull/659">expressjs/body-parser#659</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's changelog</a>.</em></p> <blockquote> <h1>2.2.1 / 2025-11-24</h1> <ul> <li>Security fix for <a href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a></li> <li>deps: <ul> <li>type-is@^2.0.1</li> <li>iconv-lite@^0.7.0 <ul> <li>Handle split surrogate pairs when encoding UTF-8</li> <li>Avoid false positives in <code>encodingExists</code> by using prototype-less objects</li> </ul> </li> <li>raw-body@^3.0.1</li> <li>debug@^4.4.3</li> </ul> </li> </ul> <h1>2.2.0 / 2025-03-27</h1> <ul> <li>refactor: normalize common options for all parsers</li> <li>deps: <ul> <li>iconv-lite@^0.6.3</li> </ul> </li> </ul> <h1>2.1.0 / 2025-02-10</h1> <ul> <li>deps: <ul> <li>type-is@^2.0.0</li> <li>debug@^4.4.0</li> <li>Removed destroy</li> </ul> </li> <li>refactor: prefix built-in node module imports</li> <li>use the node require cache instead of custom caching</li> </ul> <h1>2.0.2 / 2024-10-31</h1> <ul> <li>remove <code>unpipe</code> package and use native <code>unpipe()</code> method</li> </ul> <h1>2.0.1 / 2024-09-10</h1> <ul> <li>Restore expected behavior <code>extended</code> to <code>false</code></li> </ul> <h1>2.0.0 / 2024-09-10</h1> <h2>Breaking Changes</h2> <ul> <li>Node.js 18 is the minimum supported version</li> <li><code>req.body</code> is no longer always initialized to <code>{}</code> <ul> <li>it is left <code>undefined</code> unless a body is parsed</li> </ul> </li> <li>Remove deprecated <code>bodyParser()</code> combination middleware</li> <li><del><code>urlencoded</code> parser now defaults <code>extended</code> to <code>false</code></del> as released, this is not the case, fixed in 2.0.1</li> <li><code>urlencoded</code> simple parser now uses <code>qs</code> module instead of <code>querystring</code> module</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
39b82fd231
|
build(deps): bump express from 4.19.2 to 4.22.0 (#6079)
Bumps [express](https://github.com/expressjs/express) from 4.19.2 to 4.22.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/releases">express's releases</a>.</em></p> <blockquote> <h2>4.22.0</h2> <h2>Important: Security</h2> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>Refactor: improve readability by <a href="https://github.com/sazk07"><code>@sazk07</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6190">expressjs/express#6190</a></li> <li>ci: add support for Node.js@23.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6080">expressjs/express#6080</a></li> <li>Method functions with no path should error by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5957">expressjs/express#5957</a></li> <li>ci: updated github actions ci workflow by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6323">expressjs/express#6323</a></li> <li>ci: reorder <code>npm i</code> steps to fix ci for older node versions by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6336">expressjs/express#6336</a></li> <li>Backport: ci: add node.js 24 to test matrix by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6506">expressjs/express#6506</a></li> <li>chore(4.x): wider range for query test skip by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6513">expressjs/express#6513</a></li> <li>use tilde notation for certain dependencies by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6905">expressjs/express#6905</a></li> <li>deps: qs@6.14.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6909">expressjs/express#6909</a></li> <li>deps: use tilde notation for <code>qs</code> by <a href="https://github.com/Phillip9587"><code>@Phillip9587</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6919">expressjs/express#6919</a></li> <li>Release: 4.22.0 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6921">expressjs/express#6921</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.2...4.22.0">https://github.com/expressjs/express/compare/4.21.2...4.22.0</a></p> <h2>4.21.2</h2> <h2>What's Changed</h2> <ul> <li>Add funding field (v4) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li> <li>deps: path-to-regexp@0.1.11 by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li> <li>deps: bump path-to-regexp@0.1.12 by <a href="https://github.com/jonchurch"><code>@jonchurch</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li> <li>Release: 4.21.2 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p> <h2>4.21.1</h2> <h2>What's Changed</h2> <ul> <li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a href="https://github.com/joshbuker"><code>@joshbuker</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li> <li>Release: 4.21.1 by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p> <h2>4.21.0</h2> <h2>What's Changed</h2> <ul> <li>Deprecate <code>"back"</code> magic string in redirects by <a href="https://github.com/blakeembrey"><code>@blakeembrey</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li> <li>finalhandler@1.3.1 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li> <li>fix(deps): serve-static@1.16.2 by <a href="https://github.com/wesleytodd"><code>@wesleytodd</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li> <li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/agadzinski93"><code>@agadzinski93</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/express/blob/4.22.0/History.md">express's changelog</a>.</em></p> <blockquote> <h1>4.22.0 / 2025-12-01</h1> <ul> <li>Security fix for <a href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a> (<a href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li> <li>deps: use tilde notation for dependencies</li> <li>deps: qs@6.14.0</li> </ul> <h1>4.21.2 / 2024-11-06</h1> <ul> <li>deps: path-to-regexp@0.1.12 <ul> <li>Fix backtracking protection</li> </ul> </li> <li>deps: path-to-regexp@0.1.11 <ul> <li>Throws an error on invalid path values</li> </ul> </li> </ul> <h1>4.21.1 / 2024-10-08</h1> <ul> <li>Backported a fix for <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li> </ul> <h1>4.21.0 / 2024-09-11</h1> <ul> <li>Deprecate <code>res.location("back")</code> and <code>res.redirect("back")</code> magic string</li> <li>deps: serve-static@1.16.2 <ul> <li>includes send@0.19.0</li> </ul> </li> <li>deps: finalhandler@1.3.1</li> <li>deps: qs@6.13.0</li> </ul> <h1>4.20.0 / 2024-09-10</h1> <ul> <li>deps: serve-static@0.16.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: send@0.19.0 <ul> <li>Remove link renderization in html while redirecting</li> </ul> </li> <li>deps: body-parser@0.6.0 <ul> <li>add <code>depth</code> option to customize the depth level in the parser</li> <li>IMPORTANT: The default <code>depth</code> level for parsing URL-encoded data is now <code>32</code> (previously was <code>Infinity</code>)</li> </ul> </li> <li>Remove link renderization in html while using <code>res.redirect</code></li> <li>deps: path-to-regexp@0.1.10 <ul> <li>Adds support for named matching groups in the routes using a regex</li> <li>Adds backtracking protection to parameters without regexes defined</li> </ul> </li> <li>deps: encodeurl@~2.0.0 <ul> <li>Removes encoding of <code>\</code>, <code>|</code>, and <code>^</code> to align better with URL spec</li> </ul> </li> <li>Deprecate passing <code>options.maxAge</code> and <code>options.expires</code> to <code>res.clearCookie</code> <ul> <li>Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
21a8f1a467
|
build(deps): bump @angular/common from 19.2.14 to 19.2.16 (#6072)
Bumps [@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common) from 19.2.14 to 19.2.16. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/common</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.16</h2> <h3>http</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
|
dependabot[bot]
|
d3baf1b3a3
|
build(deps): bump @angular/compiler from 19.2.14 to 19.2.17 (#6078)
Bumps [@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler) from 19.2.14 to 19.2.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/angular/angular/releases"><code>@angular/compiler</code>'s releases</a>.</em></p> <blockquote> <h2>19.2.17</h2> <h3>compiler</h3> <table> <thead> <tr> <th>Commit</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><a href=" |
||
|
Murderlon
|
f34f685c84
|
example-react: fix tsconfig | ||
|
dependabot[bot]
|
dbb5175572
|
build(deps-dev): bump vite from 7.1.5 to 7.1.11 (#6021)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.1.5 to 7.1.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v7.1.11</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.11/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.10</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.10/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.9</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.9/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.8</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.8/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v7.1.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.1.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.1.10...v7.1.11">7.1.11</a> (2025-10-20)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li><strong>dev:</strong> trim trailing slash before <code>server.fs.deny</code> check (<a href="https://redirect.github.com/vitejs/vite/issues/20968">#20968</a>) (<a href=" |
||
Mikael Finstad
|
1fbb95da2b
|
improve test scripts (#6016)
1. don't run browser tests in `headless` mode by default when running tests individually. because when writing/running tests, i usually want to see/debug using the browser. if one still wants headless, it's as easy as: `yarn workspace @uppy/xyz test --browser.headless`. instead append the `headless` mode when running all tests together - it doesn't make sense to run all projects' tests without headless mode. 2. don't always run browser tests with `watch`: watch doesn't make sense when running multiple projects in turbo (one project just blocks the rest watching for changes). if one still wants to run a single test with watch mode, it's as easy as: `yarn workspace @uppy/xyz test --watch` 3. don't cache test runs: if I run the `test` command. most of the time I want to actually run tests (not skip them if they already ran last time) 4. output logs when running tests. it's nice to see that the tests have actually run (also on CI) 5. when running all tests, use concurrency=1, because the tests also includes e2e tests, running multiple browsers in parallel really just makes the test fail on my computer (and uses a lot of memory) current output is not very informative: <img width="840" height="410" alt="Screenshot 2025-10-17 at 17 09 55" src="https://github.com/user-attachments/assets/9ca8278c-f160-478c-87e2-2ef861ba4bb1" /> with this PR: <img width="672" height="495" alt="Screenshot 2025-10-17 at 17 20 49" src="https://github.com/user-attachments/assets/1339c96b-d0c1-42e1-8fa1-d5a4a36ea42a" /> |
||
Nik Graf
|
9d2c7a997f
|
upgrade cookie-parser (#6005)
cookie-parser 1.4.7 uses a version cookie that fixed this security issue https://github.com/advisories/GHSA-pxg6-pf52-xh8x |
||
|
Merlijn Vos
|
da754b7fa4
|
@uppy/svelte: fix props reactivity (#5991)
The fix in #5872 was not enough
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Fix props reactivity in Svelte components by updating plugin options
reactively and add example + tests validating Dashboard/StatusBar prop
changes.
>
> - **Svelte components (@uppy/svelte)**:
> - **Reactivity fix**: In `components/Dashboard.svelte`,
`DashboardModal.svelte`, and `StatusBar.svelte`, switch reactive updates
from `uppy.setOptions(...)` to `plugin?.setOptions(...)` to ensure
`props` changes are applied.
> - **Examples/Tests**:
> - Add `examples/sveltekit/src/components/test/props-reactivity.svelte`
demonstrating toggling `props` for `Dashboard` and `StatusBar`.
> - Extend `examples/sveltekit/test/index.test.ts` with tests verifying
Dashboard `ariaDisabled` toggles and StatusBar `hideUploadButton`
reactivity.
> - **Changeset**:
> - Patch release for `"@uppy/svelte"` noting props reactivity fix.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
|
||
|
dependabot[bot]
|
08fc143c46
|
build(deps-dev): bump vite from 6.3.5 to 6.3.6 (#5972)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.3.5 to 6.3.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v6.3.6</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->6.3.6 (2025-09-08)<!-- raw HTML omitted --></h2> <ul> <li>fix: apply <code>fs.strict</code> check to HTML files (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>) (<a href=" |
||
|
Prakash
|
944310dc67
|
add typescript as a dev dep in stackblitz env (#5976)
see #5968 |
||
|
Prakash
|
d6b3aa575e
|
@uppy/components: fix dropzone global id (#5967)
fixes #5946
Root Cause :
`createDropzone` used a single global `id` for the file input
(`'uppy-dropzone-file-input'`) Clicking any `<Dropzone />` did
`document.getElementById(<global-id>).click()`, which always targeted
the first input in the DOM, so files were added to the first Uppy
instance.
|
||
|
Prakash
|
8cd3702104
|
Optmize Stackblitz install times (#5968)
StackBlitz examples took **146+ seconds** to start due to heavy dev dependencies ### Optimizations - Eliminate heavy dev deps like `playwright (~200MB)` `@vitest/browser` `vitest` - Aggressive install flags: `--prefer-offline --reporter=silent --ignore-scripts --no-optional` - use pnpm - Results **React example: 146s → ~25s (83% faster)** |
||
|
Prakash
|
567be4efab
|
@uppy/examples: Add new examples (#5942)
Had to create a new PR since after the 5.0 merge, #5818 was throwing errors. ## Examples Added - **React Router v7** - Uppy Dashboard with Tus, XHR, and Transloadit , tus server implemented using react-router/express adapter , rest using regular resource routes - This still doesn't have hot reloading in the dev server though , can be added through nodemon - **Next.js** - Uppy Dashboard with Tus, XHR, and Transloadit - **Angular** - Uppy Dashboard and Dashboard Modal with Tus |
||
|
dependabot[bot]
|
fc3e483fcb
|
build(deps-dev): bump vite from 7.0.6 to 7.0.7 (#5962)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.6 to 7.0.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v7.0.7</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v7.0.6...v7.0.7">7.0.7</a> (2025-09-08)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li>apply <code>fs.strict</code> check to HTML files (<a href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a>) (<a href=" |
||
|
Prakash
|
b56cc01f72
|
@uppy/examples: fix .stackblitzrc install command (#5919) | ||
|
Prakash
|
f80dbb1561
|
@uppy/examples: fix workspace dependencies for StackBlitz environment (#5910)
- Add .stackblitzrc configuration file for StackBlitz environment setup for - Add prepare-stackblitz.js script to replace `workspace:*` dependencies with "latest" - Configure StackBlitz to run preparation script before installing dependencies - Change CSS import paths in examples from `@uppy/react/css/style.css` to `@uppy/react/dist/styles.css` temporarily (will need to revert after we release 5.0) |
||
|
Prakash
|
58e9025d07 | Merge branch 'main' of https://github.com/transloadit/uppy into merge_v2 | ||
|
Murderlon
|
f221125b9a
|
Hopefully fix playwright in CI | ||
|
Prakash
|
c4535b632c | remove @uppy/progress-bar from examples/angular | ||
|
Prakash
|
6a33652458 | Merge branch 'main' of https://github.com/transloadit/uppy into 5.0 | ||
|
Prakash
|
b88c386b28
|
Remove @uppy/react-native (#5904)
- remove `@uppy/react-native` - remove `examples/react-native-expo` |
||
|
Mikael Finstad
|
57f7867c41
|
fix broken companion example (#5909)
it currently crashes on startup because that option is now required |
||
|
Mikael Finstad
|
d31c90e443
|
Run biome check on main (#5896)
this time on main closes #5891 also: fix a11y tabIndex (key event handler) |
||
|
Prakash
|
c5b51f6158
|
Add Export Maps (#5830)
- added export maps to all the @uppy packages . - imports remain unaffected except for peerDep packages in `@uppy/react` `@uppy/svelte` and `@uppy/vue3`. - export maps added for index files , css , and package.json. - Added side effects for all the packages. --------- Co-authored-by: Mikael Finstad <finstaden@gmail.com> Co-authored-by: Merlijn Vos <merlijn@soverin.net> |
||
|
Mikael Finstad
|
acdc683d47
|
Refactor Companion to ESM (#5803)
- convert cjs to esm - refactor from jest to vitest closes #3979 --------- Co-authored-by: Merlijn Vos <merlijn@soverin.net> |
||
|
Merlijn Vos
|
0e178aea68
|
Deduplicate dependencies & resolve all yarn warnings (#5848)
- Deduplicate Vite versions, always use 7.x (except for sveltekit, which
does not allow 7 yet)
- Add missing dev deps
- Fix react-native requested deps versions
- Fix companion @types/node
- Fix "engines" in root package.json
No more yarn warnings 🎉
|
||
|
Murderlon
|
4408f7e3f2
|
Merge branch 'main' into 5.0
* main: @uppy/locales: update Czech translations (#5819) Add CLAUDE.md Trigger release CI Migrate from Cypress to Vitest Browser Mode (#5828) build(deps): bump multer from 1.4.4 to 2.0.2 (#5831) Migrate to changesets from custom release tooling (#5840) Fix turbo race condition (#5839) |
||
|
Merlijn Vos
|
7bf319646a
|
Migrate from Cypress to Vitest Browser Mode (#5828)
- Remove `e2e` folder entirely - Remove all hacky resolutions and yarn patches - Remove `@types/jasmine`, `js2ts` (convert a JS file to TS), and `vue-template-compiler` from `private/` - Remove e2e CI job - Add browsers tests for vue, svelte, and react headless components and hooks. - Add new (browser) tests for transloadit, aws-s3, and dashboard. - Remove final useless scripts from `package.json`, use direct references in CI. - Fix Dropzone component accessibility discovered during testing - Clean up github workflows (move linters.yml into ci.yml, update e2e.yml) **Why Vitest Browser Mode?** We could have used playwright but vitest browser mode uses it under the hood and we get the use the vitest we know a love. No two entirely different setups, no different assertions to relearn, write e2e tests as if you're writing unit tests. Easy, fast, beautiful. https://vitest.dev/guide/browser/ **Has every single e2e test been rewritten?** No there were quite a few tests that have a lot overlap with existing or newly added tests. There were also some tests that were so heavily mocked inside and out you start to wonder what the value still is. Open to discuss which tests still need to be added. |
||
|
Prakash
|
cb9673bc1e
|
uppy 5.0: remove stale plugins (#5834)
This PR removes `@uppy/store-redux` , `@uppy/redux-dev-tools` , `@uppy/progress-bar` , `@uppy/drag-drop` , `@uppy/file-input` , `@uppy/aws-s3-multipart` - **Source Removal** Removed source Dirs of packages, including all source code, styles, documentation, and build configurations. - **Bundle & Exports** Removed related exports from `packages/uppy/src/bundle.ts` and `index.ts`. Cleaned up dependencies from `uppy/package.json`. - **Framework Cleanup** Removed components and exports from: - `@uppy/react` - `@uppy/vue` - `@uppy/svelte` - `@uppy/angular` - **Dependency Cleanup** Removed references across all `package.json`, `peerDependencies`, `tsconfig.*.json`, and `turbo.json` files. - **Example Updates** - Updated Angular example and `private/dev/DragDrop.js` - Removed deprecated plugin usage - Cleaned example dependencies - **Style Cleanup** Removed CSS imports from `packages/uppy/src/style.scss` and `examples/angular/src/styles.css`. Fixed TypeScript project references. - **Migration Guide** Updated `.github/MIGRATION.md` |
||
|
dependabot[bot]
|
8e89788551
|
build(deps): bump multer from 1.4.4 to 2.0.2 (#5831)
Bumps [multer](https://github.com/expressjs/multer) from 1.4.4 to 2.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/expressjs/multer/releases">multer's releases</a>.</em></p> <blockquote> <h2>v2.0.2</h2> <h2>Important</h2> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7338">CVE-2025-7338</a> (<a href="https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p">GHSA-fjgf-rc76-4x9p</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/expressjs/multer/compare/v2.0.1...v2.0.2">https://github.com/expressjs/multer/compare/v2.0.1...v2.0.2</a></p> <h2>v2.0.1</h2> <h2>Important</h2> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-48997">CVE-2025-48997</a> (<a href="https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg">GHSA-g5hg-p3ph-g8qg</a>)</li> </ul> <h2>What's Changed</h2> <ul> <li>add Arabic translation for README .. by <a href="https://github.com/3imed-jaberi"><code>@3imed-jaberi</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/762">expressjs/multer#762</a></li> <li>Update README.md to fix issue <a href="https://redirect.github.com/expressjs/multer/issues/1114">#1114</a> by <a href="https://github.com/Mohamed-Abdelfattah"><code>@Mohamed-Abdelfattah</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1169">expressjs/multer#1169</a></li> <li>Improved documentation translation to Spanish by <a href="https://github.com/juliomontenegro"><code>@juliomontenegro</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1174">expressjs/multer#1174</a></li> <li>Translated to french by <a href="https://github.com/AlanLg"><code>@AlanLg</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1182">expressjs/multer#1182</a></li> <li>Improve the Brazilian Portuguese translation by <a href="https://github.com/vitorRibeiro7"><code>@vitorRibeiro7</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1204">expressjs/multer#1204</a></li> <li>doc: uzbek language by <a href="https://github.com/eugene0928"><code>@eugene0928</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1232">expressjs/multer#1232</a></li> <li>Fix a mistake with README-pt-br.md by <a href="https://github.com/Igor-CA"><code>@Igor-CA</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1251">expressjs/multer#1251</a></li> <li>Update in Readme-pt-br and fix in Readme-ko by <a href="https://github.com/carlosstenzel"><code>@carlosstenzel</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1252">expressjs/multer#1252</a></li> <li>chore: add support for OSSF scorecard reporting by <a href="https://github.com/inigomarquinez"><code>@inigomarquinez</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1260">expressjs/multer#1260</a></li> <li>ci: replace travis with github action by <a href="https://github.com/inigomarquinez"><code>@inigomarquinez</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1259">expressjs/multer#1259</a></li> <li>docs: improve readability by <a href="https://github.com/Sreejit-Sengupto"><code>@Sreejit-Sengupto</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1255">expressjs/multer#1255</a></li> <li>test: add test for out-of-band error event by <a href="https://github.com/LinusU"><code>@LinusU</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1294">expressjs/multer#1294</a></li> <li>chore: upgrade scorecard workflow pinned action versions by <a href="https://github.com/carpasse"><code>@carpasse</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1290">expressjs/multer#1290</a></li> <li>Documentation: remove unfortunate abbreviation from readme by <a href="https://github.com/MaddyGuthridge"><code>@MaddyGuthridge</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1299">expressjs/multer#1299</a></li> <li>ci: use <code>ubuntu-latest</code> as default runner by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1308">expressjs/multer#1308</a></li> <li>ci: add CodeQL (SAST) by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1289">expressjs/multer#1289</a></li> <li>Update readme badges by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1268">expressjs/multer#1268</a></li> <li>📝 fix changelog information by <a href="https://github.com/ctcpip"><code>@ctcpip</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1316">expressjs/multer#1316</a></li> <li>master -> v2 by <a href="https://github.com/ctcpip"><code>@ctcpip</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1317">expressjs/multer#1317</a></li> <li>chore: fix typo by <a href="https://github.com/saucecodee"><code>@saucecodee</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/993">expressjs/multer#993</a></li> <li>Remove --save from README by <a href="https://github.com/username1001"><code>@username1001</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/929">expressjs/multer#929</a></li> <li>feat - update link badge in docs by <a href="https://github.com/carlosstenzel"><code>@carlosstenzel</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1273">expressjs/multer#1273</a></li> <li>ci: change branch reference by <a href="https://github.com/UlisesGascon"><code>@UlisesGascon</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1319">expressjs/multer#1319</a></li> <li>♻️ use version tag for CI, fix CI badge, fix references to master/main by <a href="https://github.com/ctcpip"><code>@ctcpip</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1324">expressjs/multer#1324</a></li> <li>deps: update dependencies to latest versions by <a href="https://github.com/bjohansebas"><code>@bjohansebas</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1328">expressjs/multer#1328</a></li> <li>📝 list languages in table to prevent GH right-aligning list due to RTL language by <a href="https://github.com/ctcpip"><code>@ctcpip</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1325">expressjs/multer#1325</a></li> <li>[StepSecurity] Apply security best practices by <a href="https://github.com/step-security-bot"><code>@step-security-bot</code></a> in <a href="https://redirect.github.com/expressjs/multer/pull/1311">expressjs/multer#1311</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/3imed-jaberi"><code>@3imed-jaberi</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/multer/pull/762">expressjs/multer#762</a></li> <li><a href="https://github.com/Mohamed-Abdelfattah"><code>@Mohamed-Abdelfattah</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/multer/pull/1169">expressjs/multer#1169</a></li> <li><a href="https://github.com/juliomontenegro"><code>@juliomontenegro</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/multer/pull/1174">expressjs/multer#1174</a></li> <li><a href="https://github.com/AlanLg"><code>@AlanLg</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/multer/pull/1182">expressjs/multer#1182</a></li> <li><a href="https://github.com/vitorRibeiro7"><code>@vitorRibeiro7</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/multer/pull/1204">expressjs/multer#1204</a></li> <li><a href="https://github.com/eugene0928"><code>@eugene0928</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/multer/pull/1232">expressjs/multer#1232</a></li> <li><a href="https://github.com/Igor-CA"><code>@Igor-CA</code></a> made their first contribution in <a href="https://redirect.github.com/expressjs/multer/pull/1251">expressjs/multer#1251</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/expressjs/multer/blob/main/CHANGELOG.md">multer's changelog</a>.</em></p> <blockquote> <h2>2.0.2</h2> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-7338">CVE-2025-7338</a> (<a href="https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p">GHSA-fjgf-rc76-4x9p</a>)</li> </ul> <h2>2.0.1</h2> <ul> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-48997">CVE-2025-48997</a> (<a href="https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg">GHSA-g5hg-p3ph-g8qg</a>)</li> </ul> <h2>2.0.0</h2> <ul> <li><strong>Breaking change: The minimum supported Node version is now 10.16.0</strong></li> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-47935">CVE-2025-47935</a> (<a href="https://github.com/expressjs/multer/security/advisories/GHSA-44fp-w29j-9vj5">GHSA-44fp-w29j-9vj5</a>)</li> <li>Fix <a href="https://www.cve.org/CVERecord?id=CVE-2025-47944">CVE-2025-47944</a> (<a href="https://github.com/expressjs/multer/security/advisories/GHSA-4pg4-qvpc-4q3h">GHSA-4pg4-qvpc-4q3h</a>)</li> </ul> <h2>1.4.5-lts.2</h2> <ul> <li>Fix out-of-band error event from busboy (<a href="https://redirect.github.com/expressjs/multer/issues/1177">#1177</a>)</li> </ul> <h2>1.4.5-lts.1</h2> <ul> <li>No changes</li> </ul> <h2>1.4.4-lts.1</h2> <ul> <li>Bugfix: Bump busboy to fix CVE-2022-24434 (<a href="https://redirect.github.com/expressjs/multer/issues/1097">#1097</a>)</li> <li>Breaking: Require Node.js 10.16.0 or later (<a href="https://redirect.github.com/expressjs/multer/issues/1097">#1097</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Merlijn Vos
|
0c24c5aeab
|
Migrate to changesets from custom release tooling (#5840)
- Remove custom release tooling in favor of changesets - Add changesets for all unreleased commits |
||
|
Mikael Finstad
|
06ddd99cd1
|
@uppy/companion: fix (breaking) todo comments (#5802) | ||
|
Merlijn Vos
|
7a50ab89ef
|
Cleanup examples (#5817)
- Remove outdated examples - Rename folders for consistency - Remove lots of unused deps in angular example. - Rename `name` inside `package.json`'s from `@uppy-example/*` to `example-*`. **Before** ``` ├── angular-example ├── aws-companion ├── aws-nodejs ├── aws-php ├── bundled ├── cdn-example ├── custom-provider ├── digitalocean-spaces ├── multiple-instances ├── node-xhr ├── php-xhr ├── python-xhr ├── react ├── react-native-expo ├── redux ├── sveltekit ├── transloadit ├── transloadit-markdown-bin ├── uppy-with-companion ├── vue3 └── xhr-bundle ``` **After** ``` examples ├── angular ├── aws-companion ├── aws-nodejs ├── aws-php ├── cdn ├── companion ├── companion-custom-provider ├── companion-digitalocean-spaces ├── react ├── react-native-expo ├── redux ├── sveltekit ├── transloadit ├── vue ├── xhr-bundle ├── xhr-node ├── xhr-php └── xhr-python ``` |
||
|
Prakash
|
455abb32af
|
Headless Hooks: add error component in examples (#5810)
Add error components in headless hooks examples for `useWebcam` and `useScreenCapture` |
||
|
Merlijn Vos
|
78299475ae
|
Migrate from Eslint/Prettier/Stylelint to Biome (#5794) | ||
|
Merlijn Vos
|
d408570373
|
From Babel to TS (#5792) | ||
github-actions[bot]
|
c16657e075
|
Release: uppy@4.18.0 (#5796)
| Package | Version | Package | Version | | -------------------------- | ------- | -------------------------- | ------- | | @uppy/components | 0.2.0 | @uppy/remote-sources | 2.3.4 | | @uppy/core | 4.4.7 | @uppy/screen-capture | 4.3.1 | | @uppy/google-drive-picker | 0.3.6 | @uppy/svelte | 4.5.0 | | @uppy/google-photos-picker | 0.3.6 | @uppy/vue | 2.3.0 | | @uppy/locales | 4.6.0 | @uppy/webcam | 4.2.1 | | @uppy/provider-views | 4.4.5 | uppy | 4.18.0 | | @uppy/react | 4.4.0 | | | - meta: Remove remark reference from CI (Murderlon) - @uppy/components,@uppy/screen-capture: useScreenCapture fixes (Prakash / #5793) - examples: Add useRemoteSource (Merlijn Vos / #5778) - @uppy/components: Use webcam fixes2 (Mikael Finstad / #5791) - meta: Remove remark (Merlijn Vos / #5790) - meta: Delete old, unused files (Merlijn Vos / #5788) - meta: Sort package.json (Murderlon) - examples: Headless Hooks: Add useScreenCapture (Prakash / #5784) - @uppy/locales: Update pt_BR localization (Gabriel Pereira / #5780) - e2e: Skip for now then (Murderlon) - e2e: fixup! Fix CI for now (Murderlon) - e2e: Fix CI for now (Murderlon) - examples: Add useWebcam (Merlijn Vos / #5741) - @uppy/react,@uppy/svelte,@uppy/vue: Add useDropzone & useFileInput (Merlijn Vos / #5735) - meta: build(deps): bump base-x from 3.0.9 to 3.0.11 (dependabot[bot] / #5772) - @uppy/provider-views: improve metadata handling in Google Photos Picker (ben rosenbaum / #5769) |
||
|
Merlijn Vos
|
cb2999926b
|
Add useRemoteSource (#5778) |