This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/status-bar@5.0.2
### Patch Changes
- 8ac1654: Change internal type from `any` to `unknown`.
## @uppy/webcam@5.0.2
### Patch Changes
- 8ac1654: - Remove TagFile type - Use UppyFile instead.
- Split UppyFile into two interfaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
## @uppy/xhr-upload@5.0.2
### Patch Changes
- 8ac1654: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Split UppyFile into two interfaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
## uppy@5.1.8
### Patch Changes
- Updated dependencies [8ac1654]
- Updated dependencies [8ac1654]
- Updated dependencies [8ac1654]
- @uppy/status-bar@5.0.2
- @uppy/webcam@5.0.2
- @uppy/xhr-upload@5.0.2
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/aws-s3@5.0.2
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- @uppy/companion-client@5.1.1
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/companion@6.1.1
### Patch Changes
- 6a60ee5: Reject request early instead of crashing on missing
`filename` for /s3/multipart and /s3/params endpoints
## @uppy/companion-client@5.1.1
### Patch Changes
- 0c16fe4: - Split UppyFile into two intefaces distinguished by the
`isRemote` boolean:
- LocalUppyFile
- RemoteUppyFile
- Updated dependencies [0c16fe4]
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/components@1.0.4
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Move `restore-confirmed` from `onUploadStart` event listener to
`startUpload`, else it would cause `restore-confirmed` to be triggered
even if there is no `recoveredState` to recover
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- @uppy/core@5.1.1
- @uppy/image-editor@4.0.2
## @uppy/compressor@3.0.2
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Updated dependencies [0c16fe4]
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/core@5.1.1
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`)
- Introduce new field `progress`.`complete`: if there is a
post-processing step, set it to `true` once post processing is complete.
If not, set it to `true` once upload has finished.
- Throw a proper `Nonexistent upload` error message if trying to upload
a non-existent upload, instead of TypeError
- Rewrite `Uppy.upload()` - this fixes two bugs:
1. No more duplicate emit call when
this.#restricter.validateMinNumberOfFiles throws (`#informAndEmit` and
`this.emit('error')`)
2. 'restriction-failed' now also gets correctly called when
`checkRequiredMetaFields` check errors.
- Don't re-upload completed files #5930
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Remove TagFile type - Use UppyFile instead.
- Make `name` required on UppyFile (it is in reality always set)
- Fix bug: `RestrictionError` sometimes thrown with a `file` property
that was _not_ a `UppyFile`, but a `File`. This would happen if someone
passed a `File` instead of a `MinimalRequiredUppyFile` into
`core.addFile` (which is valid to do according to our API)
- Improve some log messages
- Simplify Uppy `postprocess-complete` handler
- Updated dependencies [0c16fe4]
- @uppy/utils@7.1.1
## @uppy/dashboard@5.0.3
### Patch Changes
- 0c16fe4: - Remove `restore-canceled` event as it was not being used.
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
- @uppy/provider-views@5.1.1
- @uppy/thumbnail-generator@5.0.2
## @uppy/golden-retriever@5.1.1
### Patch Changes
- 0c16fe4: - **Internal inter-package breaking change:** Remove hacky
internal event `restore:get-data` that would send a function as its
event data (to golden retriever for it to call the function to receive
data from it). Add instead `restore:plugin-data-changed` that publishes
data when it changes. This means that **old versions of
`@uppy/transloadit` are not compatible with newest version of
`@uppy/golden-retriever` (and vice versa)**.
- Large internal refactor of Golden Retriever
- Use `state-update` handler to trigger save to local storage and blobs,
instead of doing it in various other event handlers (`complete`,
`upload-success`, `file-removed`, `file-editor:complete`, `file-added`).
this way we don't miss any state updates. also simplifies the code a
lot. this fixes:
- Always store blob when it changes - this fixes the bug when using the
compressor plugin, it would store the uncompressed original blob (like
when using image editor plugin)
- Add back throttle: but throttling must happen on the actual local
storage save calls inside MetaDataStore, _not_ the handleStateUpdate
function, so we don't miss any state updates (and end up with
inconsistent data). Note that there is still a race condition where if
the user removes a file (causing the blob to be deleted), then quickly
reloads the page before the throttled save has happened, the file will
be restored but the blob will be missing, so it will become a ghost.
this is probably not a big problem though. need to disable throttling
when running tests (add it as an option to the plugin)
- Fix implicit `any` types in #restore filesWithBlobs
- Don't error when saving indexedDB file that already exists (make it
idempotent)
- Fix bug: Golden Retriever was not deleting from IndexedDbStore if
ServiceWorkerStore exists, causing a storage leak
- Remove unused Golden Retriever cleanup.ts
- Clean up stored files on `complete` event _only_ if _all_ files
succeeded (no failed files). this allows the user to retry failed files
if they get interrupted - fixes#5927, closes#5955
- Only set `isGhost` for non-successful files - it doesn't make sense
for successfully uploaded files to be ghosted because they're already
done. #5930
- Add `upload-success` event handler `handleFileUploaded`: this handler
will remove blobs of files that have successfully uploaded. this
prevents leaking blobs when an upload with multiple files gets
interrupted (but some files have uploaded successfully), because
`#handleUploadComplete` (which normally does the cleanup) doesn't get
called untill _all_ files are complete.
- Fix `file-editor:complete` potential race condition: it would delete
and add at the same time (without first awaiting delete operation)
- Fix: Don't double `setState` when restoring
- Improve types in golden retriever and MetaDataStore
- MetaDataStore: move old state expiry to from `constructor` to `load()`
- Updated dependencies [0c16fe4]
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/image-editor@4.0.2
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Updated dependencies [0c16fe4]
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/provider-views@5.1.1
### Patch Changes
- 0c16fe4: - Rename `getTagFile` to `companionFileToUppyFile`
- Updated dependencies [0c16fe4]
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/thumbnail-generator@5.0.2
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Updated dependencies [0c16fe4]
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/transloadit@5.1.3
### Patch Changes
- 0c16fe4: - **Internal inter-package breaking change:** Remove hacky
internal event `restore:get-data` that would send a function as its
event data (to golden retriever for it to call the function to receive
data from it). Add instead `restore:plugin-data-changed` that publishes
data when it changes. This means that **old versions of
`@uppy/transloadit` are not compatible with newest version of
`@uppy/golden-retriever` (and vice versa)**.
- Minor internal refactoring in order to make sure that we will always
emit `restore:plugin-data-changed` whenever assembly state changes
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- @uppy/companion-client@5.1.1
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
- @uppy/provider-views@5.1.1
- @uppy/tus@5.0.2
## @uppy/tus@5.0.2
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- @uppy/companion-client@5.1.1
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/url@5.0.2
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- @uppy/companion-client@5.1.1
- @uppy/core@5.1.1
- @uppy/utils@7.1.1
## @uppy/utils@7.1.1
### Patch Changes
- 0c16fe4: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`)
- Introduce new field `progress`.`complete`: if there is a
post-processing step, set it to `true` once post processing is complete.
If not, set it to `true` once upload has finished.
- Throw a proper `Nonexistent upload` error message if trying to upload
a non-existent upload, instead of TypeError
- Rewrite `Uppy.upload()` - this fixes two bugs:
1. No more duplicate emit call when
this.#restricter.validateMinNumberOfFiles throws (`#informAndEmit` and
`this.emit('error')`)
2. 'restriction-failed' now also gets correctly called when
`checkRequiredMetaFields` check errors.
- Don't re-upload completed files #5930
- Split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
- Remove TagFile type - Use UppyFile instead.
- Make `name` required on UppyFile (it is in reality always set)
- Fix bug: `RestrictionError` sometimes thrown with a `file` property
that was _not_ a `UppyFile`, but a `File`. This would happen if someone
passed a `File` instead of a `MinimalRequiredUppyFile` into
`core.addFile` (which is valid to do according to our API)
- Improve some log messages
- Simplify Uppy `postprocess-complete` handler
## uppy@5.1.7
### Patch Changes
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- Updated dependencies [0c16fe4]
- @uppy/aws-s3@5.0.2
- @uppy/companion-client@5.1.1
- @uppy/compressor@3.0.2
- @uppy/core@5.1.1
- @uppy/dashboard@5.0.3
- @uppy/golden-retriever@5.1.1
- @uppy/image-editor@4.0.2
- @uppy/provider-views@5.1.1
- @uppy/thumbnail-generator@5.0.2
- @uppy/transloadit@5.1.3
- @uppy/tus@5.0.2
- @uppy/url@5.0.2
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Probably best reviewed commit by commit.
I also split UppyFile into two intefaces distinguished by the `isRemote`
boolean:
- LocalUppyFile
- RemoteUppyFile
Also:
- Removed the TagFile type
- Don't re-upload completed files - fixes#5930
- Clean up stored files on `complete` event *only* if *all* files
succeeded (no failed files). this allows the user to retry failed files
if the browser & upload get interrupted - fixes#5927, closes#5955
- Only set `isGhost` for non-successful files. it doesn't make sense for
successfully uploaded files to be ghosted because they're already done.
#5930fixes#6013
---------
Co-authored-by: Prakash <qxprakash@gmail.com>
1. don't run browser tests in `headless` mode by default when running
tests individually. because when writing/running tests, i usually want
to see/debug using the browser. if one still wants headless, it's as
easy as: `yarn workspace @uppy/xyz test --browser.headless`. instead
append the `headless` mode when running all tests together - it doesn't
make sense to run all projects' tests without headless mode.
2. don't always run browser tests with `watch`: watch doesn't make sense
when running multiple projects in turbo (one project just blocks the
rest watching for changes). if one still wants to run a single test with
watch mode, it's as easy as: `yarn workspace @uppy/xyz test --watch`
3. don't cache test runs: if I run the `test` command. most of the time
I want to actually run tests (not skip them if they already ran last
time)
4. output logs when running tests. it's nice to see that the tests have
actually run (also on CI)
5. when running all tests, use concurrency=1, because the tests also
includes e2e tests, running multiple browsers in parallel really just
makes the test fail on my computer (and uses a lot of memory)
current output is not very informative:
<img width="840" height="410" alt="Screenshot 2025-10-17 at 17 09 55"
src="https://github.com/user-attachments/assets/9ca8278c-f160-478c-87e2-2ef861ba4bb1"
/>
with this PR:
<img width="672" height="495" alt="Screenshot 2025-10-17 at 17 20 49"
src="https://github.com/user-attachments/assets/1339c96b-d0c1-42e1-8fa1-d5a4a36ea42a"
/>
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/companion@6.1.0
### Minor Changes
- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.
## @uppy/companion-client@5.1.0
### Minor Changes
- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.
### Patch Changes
- Updated dependencies [5ba2c1c]
- @uppy/utils@7.1.0
- @uppy/core@5.1.0
## @uppy/core@5.1.0
### Minor Changes
- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.
### Patch Changes
- Updated dependencies [5ba2c1c]
- @uppy/utils@7.1.0
## @uppy/provider-views@5.1.0
### Minor Changes
- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.
### Patch Changes
- Updated dependencies [5ba2c1c]
- @uppy/utils@7.1.0
- @uppy/core@5.1.0
## @uppy/utils@7.1.0
### Minor Changes
- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.
## uppy@5.1.6
### Patch Changes
- Updated dependencies [5ba2c1c]
- @uppy/companion-client@5.1.0
- @uppy/provider-views@5.1.0
- @uppy/core@5.1.0
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## High Level View
<img width="3367" height="1576" alt="Global Search (1)"
src="https://github.com/user-attachments/assets/134e8658-5cbd-4816-87a1-3bd42603089d"
/>
- Search View replicated , through minimal components `<GlobalSearchView
/>` and `<SearchResultItem />`
- Both components take only the minimal state needed to render the
search view no dependency on PartialTree. search response from companion
server is directly passed to GlobalSearchView for file state.
- `#buildPath` creates missing parent nodes in partialTree (if any) and
opens the folder in the normal way using a minimal wrapper over
openFolder function.
- Both interactions : "checking a file/folder" and "opening a folder"
use the same function `#buildPath` to build the path, then use the
already existing `openFolder` and `toggleCheckBox`.
- Max search results: 1000. Pagination removed for simplicity (can be
added later).
- From a UI/UX standpoint, all functionality works as expected.
- The only limitation is occasional inconsistent partial checked states
when the tree isn’t fully built — unavoidable since percolateUp and
percolateDown require the complete partialTree to sync state correctly.
This issue isn’t critical; even in other cases, we already mark folders
"checked" whereas they may be empty if not yet fetched.
- I figured out it's better to just derive the checkedState from
PartialTree , and then pass it to `GlobalSearchView` rather than keep it
separate and then worrying about checked state syncs across two views
for UI to look right.
- IMO this is the most simplest approach I could come up with. without
sacrificing any user functionality and it carefully reuses all the util
code.
---------
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/transloadit@5.1.2
### Patch Changes
- 201c422: Move `transloadit` into `dependencies` so types are resolved
without users having to install it manually.
## uppy@5.1.5
### Patch Changes
- Updated dependencies [201c422]
- @uppy/transloadit@5.1.2
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/transloadit@5.1.1
### Patch Changes
- bc2d0ed: Ensure final assembly status fetch uses `assembly_ssl_url` so
Transloadit requests stay on HTTPS.
## uppy@5.1.4
### Patch Changes
- Updated dependencies [bc2d0ed]
- @uppy/transloadit@5.1.1
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
## Summary
- ensure the final Transloadit status fetch prefers `assembly_ssl_url`
- add a changeset preparing the patch release
## Testing
- yarn workspace @uppy/transloadit test
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/transloadit@5.1.0
### Minor Changes
- 6f76412: Use the `transloadit` Node.js SDK's exported Assembly types
instead of our inaccurate, hand-rolled ones.
**Warning**
The names of our type exports here are unchanged, but they do pack
slightly different types. Overall you'll find they are both more
complete, but also more loose. Runtime wise there should be no breaking
changes, but it could mean you may need a couple of extra guards to make
TypeScript happy.
A cool benefit from the new types tho, is that Robot parameters will now
autocomplete for you.
More information on these types, and our approach rolling them out, can
be found here
<https://transloadit.com/blog/2025/09/nodejs-sdk-v4/#our-approach-to-type-retrofitting>
## @uppy/components@1.0.3
### Patch Changes
- 34639ba: add imageThumbnail prop to FilesList/FilesGrid
## @uppy/svelte@5.0.2
### Patch Changes
- da754b7: Fix props reactivity. Now when the value of a prop you pass
to a component changes, it is actually picked up.
- Updated dependencies [34639ba]
- @uppy/components@1.0.3
## uppy@5.1.3
### Patch Changes
- Updated dependencies [6f76412]
- @uppy/transloadit@5.1.0
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
The fix in #5872 was not enough
<!-- CURSOR_SUMMARY -->
---
> [!NOTE]
> Fix props reactivity in Svelte components by updating plugin options
reactively and add example + tests validating Dashboard/StatusBar prop
changes.
>
> - **Svelte components (@uppy/svelte)**:
> - **Reactivity fix**: In `components/Dashboard.svelte`,
`DashboardModal.svelte`, and `StatusBar.svelte`, switch reactive updates
from `uppy.setOptions(...)` to `plugin?.setOptions(...)` to ensure
`props` changes are applied.
> - **Examples/Tests**:
> - Add `examples/sveltekit/src/components/test/props-reactivity.svelte`
demonstrating toggling `props` for `Dashboard` and `StatusBar`.
> - Extend `examples/sveltekit/test/index.test.ts` with tests verifying
Dashboard `ariaDisabled` toggles and StatusBar `hideUploadButton`
reactivity.
> - **Changeset**:
> - Patch release for `"@uppy/svelte"` noting props reactivity fix.
>
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5a9c4ef00f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
The schemas and types that we have in the Transloadit Node.js SDK v4 are
used in our API's system tests. We've also ran hundreds of thousands of
Assemblies through them, ever loosening them, until they all fit. This
means the schemas are fairly wide, but model the reality of our 15 year
old API. In the future we will make schema failures in the API fatal (as
already is the case with system tests), and we don't want to break
production traffic when we do. So we accept wider schemas than are
beautiful, and once the schemas control what is allowed in all places,
we gradually evolve the API and schemas towards being more pretty in
lockstep.
More on this in
https://transloadit.com/blog/2025/09/nodejs-sdk-v4/#our-approach-to-type-retrofitting
For uppy this means, we'll need a few more guards than we had with our
handrolled types, that actually assumed things that turned out to be not
true in all cases. Not all Assembly status responses have an id or a url
for one example. There are for instance particular errors (by Node,
Nginx, Haproxy) that would not return those. The added guards will
ensure we don't break deeply inside customer code.
This PR was completely written by gpt-5-codex, which means it was faster
and of higher quality than if I had handrolled it as a founder
unfamiliar with this codebase, but despite of that, please still review
my contribution with as much care as you would normally :)
---------
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
Reverts transloadit/uppy#5954
because it fails the release
```
/usr/local/bin/yarn cache dir
error Error: Failed to replace env in config: ${NPM_TOKEN}
at /usr/local/lib/node_modules/yarn/lib/cli.js:95453:13
at String.replace (<anonymous>)
at envReplace (/usr/local/lib/node_modules/yarn/lib/cli.js:95448:16)
at Function.normalizeConfig (/usr/local/lib/node_modules/yarn/lib/cli.js:31940:69)
at NpmRegistry.<anonymous> (/usr/local/lib/node_modules/yarn/lib/cli.js:31970:34)
at Generator.next (<anonymous>)
at step (/usr/local/lib/node_modules/yarn/lib/cli.js:310:30)
at /usr/local/lib/node_modules/yarn/lib/cli.js:321:13
info Visit https://yarnpkg.com/en/docs/cli/cache for documentation about this command.
Error: error Error: Failed to replace env in config: ${NPM_TOKEN}
at /usr/local/lib/node_modules/yarn/lib/cli.js:95453:13
at String.replace (<anonymous>)
at envReplace (/usr/local/lib/node_modules/yarn/lib/cli.js:95448:16)
at Function.normalizeConfig (/usr/local/lib/node_modules/yarn/lib/cli.js:31940:69)
at NpmRegistry.<anonymous> (/usr/local/lib/node_modules/yarn/lib/cli.js:31970:34)
at Generator.next (<anonymous>)
at step (/usr/local/lib/node_modules/yarn/lib/cli.js:310:30)
at /usr/local/lib/node_modules/yarn/lib/cli.js:321:13
```
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.
# Releases
## @uppy/angular@1.1.0
### Minor Changes
- 92a0a0d: Add back framework wrappers for @uppy/status-bar plugin
## @uppy/react@5.1.0
### Minor Changes
- 92a0a0d: Add back framework wrappers for @uppy/status-bar plugin
### Patch Changes
- Updated dependencies [d6b3aa5]
- @uppy/components@1.0.3
## @uppy/svelte@5.1.0
### Minor Changes
- 92a0a0d: Add back framework wrappers for @uppy/status-bar plugin
### Patch Changes
- Updated dependencies [d6b3aa5]
- @uppy/components@1.0.3
## @uppy/vue@3.1.0
### Minor Changes
- 92a0a0d: Add back framework wrappers for @uppy/status-bar plugin
### Patch Changes
- Updated dependencies [d6b3aa5]
- @uppy/components@1.0.3
## @uppy/components@1.0.3
### Patch Changes
- d6b3aa5: fix dom ID conflicts in dropzone and file-input
## @uppy/locales@5.0.1
### Patch Changes
- 48cfa09: Update translations for pl_PL.ts
## uppy@5.1.3
### Patch Changes
- ce0c9d6: Put "main" back in package.json
- Updated dependencies [48cfa09]
- @uppy/locales@5.0.1
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.1.1 to
5.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/devalue/releases">devalue's
releases</a>.</em></p>
<blockquote>
<h2>v5.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>0623a47: fix: disallow array method access when parsing</li>
<li>0623a47: fix: disallow <code>__proto__</code> properties on
objects</li>
</ul>
<h2>v5.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>ae904c5: fix: correctly differentiate between +0 and -0</li>
</ul>
<h2>v5.3.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>2896e7b: feat: support Temporal</li>
<li>fec694d: feat: support <code>URL</code> and
<code>URLSearchParams</code> objects</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md">devalue's
changelog</a>.</em></p>
<blockquote>
<h2>5.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>0623a47: fix: disallow array method access when parsing</li>
<li>0623a47: fix: disallow <code>__proto__</code> properties on
objects</li>
</ul>
<h2>5.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>ae904c5: fix: correctly differentiate between +0 and -0</li>
</ul>
<h2>5.3.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>2896e7b: feat: support Temporal</li>
<li>fec694d: feat: support <code>URL</code> and
<code>URLSearchParams</code> objects</li>
</ul>
<h2>5.2.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>e46f4c8: fix: handle repeated array buffers and subarrays</li>
<li>2dfa504: fix: handle custom classes with null proto as pojo</li>
</ul>
<h2>5.2.0</h2>
<ul>
<li>Handle custom classes with null proto as pojo (<a
href="https://redirect.github.com/sveltejs/devalue/pull/95">#95</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="86a6a66d2c"><code>86a6a66</code></a>
Version Packages (<a
href="https://redirect.github.com/sveltejs/devalue/issues/109">#109</a>)</li>
<li><a
href="0623a47c95"><code>0623a47</code></a>
Merge commit from fork</li>
<li><a
href="02d20e8a79"><code>02d20e8</code></a>
Version Packages (<a
href="https://redirect.github.com/sveltejs/devalue/issues/108">#108</a>)</li>
<li><a
href="ae904c5b18"><code>ae904c5</code></a>
fix stringify not picking up negative zero if a normal zero has appeared
befo...</li>
<li><a
href="e95b87a6cc"><code>e95b87a</code></a>
fix pkg.repository</li>
<li><a
href="8300172d1d"><code>8300172</code></a>
fix changeset config</li>
<li><a
href="434d8aefb9"><code>434d8ae</code></a>
Version Packages (<a
href="https://redirect.github.com/sveltejs/devalue/issues/106">#106</a>)</li>
<li><a
href="67c8334b82"><code>67c8334</code></a>
mention support for URL/URLSearchParams/Temporal in README</li>
<li><a
href="fec694d87e"><code>fec694d</code></a>
feat: support URL and URLSearchParams (<a
href="https://redirect.github.com/sveltejs/devalue/issues/92">#92</a>)</li>
<li><a
href="2896e7bef2"><code>2896e7b</code></a>
Add support for Temporal objects (<a
href="https://redirect.github.com/sveltejs/devalue/issues/98">#98</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sveltejs/devalue/compare/v5.1.1...v5.3.2">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~svelte-admin">svelte-admin</a>, a new
releaser for devalue since your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion)
from 1.1.11 to 1.1.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/juliangruber/brace-expansion/releases">brace-expansion's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.12</h2>
<ul>
<li>pkg: publish on tag 1.x c460dbd</li>
<li>fmt ccb8ac6</li>
<li>Fix potential ReDoS Vulnerability or Inefficient Regular Expression
(<a
href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>)
c3c73c8</li>
</ul>
<hr />
<p><a
href="https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12">https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="44f33b47c5"><code>44f33b4</code></a>
1.1.12</li>
<li><a
href="c460dbd68e"><code>c460dbd</code></a>
pkg: publish on tag 1.x</li>
<li><a
href="ccb8ac6d42"><code>ccb8ac6</code></a>
fmt</li>
<li><a
href="c3c73c8b08"><code>c3c73c8</code></a>
Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a
href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>)</li>
<li>See full diff in <a
href="https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
You can trigger a rebase of this PR by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).
</details>
> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
fixes#5946
Root Cause :
`createDropzone` used a single global `id` for the file input
(`'uppy-dropzone-file-input'`) Clicking any `<Dropzone />` did
`document.getElementById(<global-id>).click()`, which always targeted
the first input in the DOM, so files were added to the first Uppy
instance.
9bac4c8398/packages/%40uppy/components/src/hooks/dropzone.ts (L73-L77)
**Solutions :**
Simplest solution would have been to just make the input id unique per
Uppy instance using `ctx.uppy.getID()`, and click that specific input.
```typescript
const fileInputId = 'uppy-dropzone-file-input-' + ctx.uppy.getID()
```
**Caveats**:
If users don’t pass a custom id to `new Uppy()`, all instances default
to uppy, so ids still collide across instances.
Multiple Dropzones under one instance still share the same id.
Switched to a ref-based approach so clicks trigger the input directly,
without relying on `document.getElementById` lookups. It still falls
back to a DOM click for backward compatibility.
**StackBlitz Link :**
https://stackblitz.com/github/qxprakash/uppy/tree/debug_dropzone/examples/react?file=package.json&embed=1&view=editor&showSidebar=1&hideTerminal=1
**Update: Went for the ID based solution upon discussion with the team
as it's simpler.**
StackBlitz examples took **146+ seconds** to start due to heavy dev
dependencies
### Optimizations
- Eliminate heavy dev deps like `playwright (~200MB)` `@vitest/browser`
`vitest`
- Aggressive install flags: `--prefer-offline --reporter=silent
--ignore-scripts --no-optional`
- use pnpm
- Results **React example: 146s → ~25s (83% faster)**
- add example-nextjs and example-reactrouter to changeset ignore too
(examples aren't part of releases)
- also remove the salty-experts-yawn.md changeset because it's no longer
relevant
this should fix broken github actions build currently on `main`
see
https://github.com/transloadit/uppy/pull/5942#issuecomment-3282585747
---------
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Adds a stability warning comment to the top of all `src/style.scss`
files in the following Uppy packages to inform consumers that the source
code and variables are not part of the stable API:
- @uppy/audio
- @uppy/core
- @uppy/dashboard
- @uppy/drag-drop
- @uppy/drop-target
- @uppy/image-editor
- @uppy/provider-views
- @uppy/screen-capture
- @uppy/status-bar
- @uppy/url
- @uppy/webcam
The comment added is:
```scss
// NOTE TO CONSUMERS: The code and variables in these source files are not considered stable and can change at any time, even in minor and patch releases!
```
This warning helps clarify that while the compiled CSS output and public
APIs remain stable, the internal SCSS source files, variables, and
implementation details should not be relied upon by consumers as they
may change without notice in any release.
The changes are minimal and surgical - exactly one line added to the top
of each file with no other modifications to existing code.
<!-- START COPILOT CODING AGENT SUFFIX -->
*This pull request was created as a result of the following prompt from
Copilot chat.*
> Add the following comment at the very top of each src/style.scss file
in the following Uppy packages: @uppy/audio, @uppy/core,
@uppy/dashboard, @uppy/drag-drop, @uppy/drop-target, @uppy/image-editor,
@uppy/provider-views, @uppy/screen-capture, @uppy/status-bar, @uppy/url,
@uppy/webcam.
>
> Comment to add:
> // NOTE TO CONSUMERS: The code and variables in these source files are
not considered stable and can change at any time, even in minor and
patch releases!
>
> Ensure the comment is the first line in each file, above any existing
code or imports.
<!-- START COPILOT CODING AGENT TIPS -->
---
✨ Let Copilot coding agent [set things up for
you](https://github.com/transloadit/uppy/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Co-authored-by: Prakash <qxprakash@gmail.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>