Commit graph

3230 commits

Author SHA1 Message Date
Mikael Finstad
ad4050b51e
Send token using websocket (#6248)
instead of window.opener - it is more robust

inspired by #4110
closes #6246
closes #4107

Biggest caveat: In cases where window.opener is null (Dropbox), the auth
window will not be auto closed (I don't know how to fix that). It will
show the user a message "Authentication successful. You may now close
this page."
https://github.com/transloadit/uppy/pull/6248/changes#diff-ef5b69c4ab5b83168eaba6f57047bb07c53e3a426f375b42fcb32d79c746872cR22

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Prakash <qxprakash@gmail.com>
2026-05-09 15:03:04 +08:00
Kevin van Zonneveld
e99a17f1fe
companion: port to TypeScript (#6179)
Supersedes #6178.

This branch keeps the exact same final content as #6178, but splits
history for reviewability:

1. `chore(companion): rename source and test files from .js to .ts`
(pure `git mv`, no content changes)
2. `feat(companion): port Companion to TypeScript` (actual
content/type/schema/build updates)

Validation note:
- Final tree is byte-for-byte identical to `ts-companion`
(`7b5b16a298690b0492de4cc4fab744f998b45570`).

---------

Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2026-05-04 20:50:43 +08:00
Prakash
7ac262374f
@uppy/companion-client: fix stale websocket connection (#6269)
fixes #6181

`uploadRemoteFile()` now treats one remote upload attempt as a single
queue-owned unit. Instead of queueing “request token” and “open
websocket / wait for upload” as two separate jobs, it now:

  - acquires one queue slot
  - reuses serverToken if resuming, otherwise requests a new
    token
  - immediately proceeds to the websocket/upload phase within
    that same admitted attempt

That removes the stale-token race where Companion starts its 60s
socket-wait timer before the client’s websocket phase has actually been
admitted by the queue. Retries still reacquire the queue per attempt,
and existing abort/cancel behavior is
preserved.

refer
https://github.com/transloadit/uppy/issues/6181#issuecomment-4295036192
for more context about the bug
2026-04-30 01:54:15 +05:30
Prakash
588e1c0f88
@uppy/core: fix stale comments (#6272)
reported in https://github.com/transloadit/uppy/issues/6270
2026-04-24 17:00:50 +05:30
Enver
b9253f797a
@uppy/dashboard: My Device button respects fileManagerSelectionType (#6258)
Fixes #6256

## Problem

When `fileManagerSelectionType` is set to `'folders'`, clicking the **My
Device** tab/button
still opens the file picker instead of the folder picker.

The inline "browse" link in the tagline correctly respects the setting,
but
`renderMyDeviceAcquirer` in `AddFiles.tsx` always called
`triggerFileInputClick`
regardless of the `fileManagerSelectionType` prop.

## Solution

`renderMyDeviceAcquirer` now reads `fileManagerSelectionType` and calls
`triggerFolderInputClick` when set to `'folders'`, or
`triggerFileInputClick`
for `'files'` and `'both'`.

For `'both'` mode, the button defaults to file selection because a
single
HTML `<input>` cannot handle both files and folders simultaneously
(`webkitdirectory` is all-or-nothing). The folder picker remains
accessible
via the tagline's "browse folders" link.

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
2026-04-24 16:00:02 +05:30
github-actions[bot]
dabd878b87
[ci] release (#6170)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/utils@7.2.0

### Minor Changes

- 6b1abaa: Introduce modern, minimal TaskQueue to replace
RateLimitedQueue

## @uppy/xhr-upload@5.2.0

### Minor Changes

- 6b1abaa: Introduce modern, minimal TaskQueue to replace
RateLimitedQueue

### Patch Changes

-   Updated dependencies [6b1abaa]
    -   @uppy/utils@7.2.0

## @uppy/companion@6.2.2

### Patch Changes

-   49db42d: Fix bug with 429 not returning JSON response with message
-   4652dc6: upgrade @aws-sdk/ deps in @uppy/companion

## @uppy/transloadit@5.5.1

### Patch Changes

-   4787960: Add type re-export for `AssemblyInstructionsInput`
- 2f6849d: Fix allowMultipleUploadBatches to prevent adding/removing
files while an upload is in progress (#6156)
-   29d2772: remove monkey patch from uppy bundle package
-   Updated dependencies [6b1abaa]
    -   @uppy/utils@7.2.0

## uppy@5.2.4

### Patch Changes

-   29d2772: remove monkey patch from uppy bundle package
-   a86c624: upgrade esbuild in uppy to "^0.27.0"
-   Updated dependencies [6b1abaa]
-   Updated dependencies [4787960]
-   Updated dependencies [2f6849d]
-   Updated dependencies [29d2772]
    -   @uppy/xhr-upload@5.2.0
    -   @uppy/transloadit@5.5.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-25 20:59:50 +05:30
Prakash
29d27726c8
remove monkey patch in bundle.ts (#6207)
full context here :
https://transloadit.slack.com/archives/C0FMW9PSB/p1771342759948189

I tested the local bundle it works as expected with the same API and 15%
reduced bundle size.
2026-03-09 00:07:53 +05:30
Copilot
47879609c7
Export AssemblyInstructionsInput type from @uppy/transloadit (#6184)
The `AssemblyInstructionsInput` type from `@transloadit/types` is now
publicly exported from `@uppy/transloadit`, allowing consumers to type
their assembly parameters without importing from the external package.

## Changes

- Re-exported `AssemblyInstructionsInput` type in
`packages/@uppy/transloadit/src/index.ts`

## Usage

```typescript
import type { AssemblyInstructionsInput } from '@uppy/transloadit'

const params: AssemblyInstructionsInput = {
  steps: {
    encode: {
      robot: '/video/encode',
      use: ':original',
      preset: 'mp4',
    },
  },
}
```

The type was already imported internally and aliased as
`AssemblyParameters`. This change makes it available to plugin
consumers.

<!-- START COPILOT ORIGINAL PROMPT -->



<details>

<summary>Original prompt</summary>

> Make the AssemblyInstructionsInput type available from the
@uppy/transloadit package by re-exporting it from
packages/@uppy/transloadit/src/index.ts.
> 
> Background
> - The Transloadit plugin imports the type AssemblyInstructionsInput
from the external package @transloadit/types and aliases it as
AssemblyParameters in packages/@uppy/transloadit/src/index.ts.
> - Consumers of the @uppy/transloadit package need direct access to the
AssemblyInstructionsInput type but it is not currently exported from the
plugin package.
> 
> Change requested
> - Add a type re-export so that consumers can import
AssemblyInstructionsInput from the transloadit plugin package, e.g.
>   import type { AssemblyInstructionsInput } from '@uppy/transloadit'
> 
> Files to change
> - packages/@uppy/transloadit/src/index.ts
> - Add the following export alongside the other package exports (near
the end of the module where other exports live):
> 
> ```typescript name=packages/@uppy/transloadit/src/index.ts
url=https://github.com/transloadit/uppy/blob/main/packages/@uppy/transloadit/src/index.ts
> -export { COMPANION_URL, COMPANION_ALLOWED_HOSTS }
> +export { COMPANION_URL, COMPANION_ALLOWED_HOSTS }
> +
> +// Re-export type from @transloadit/types so callers can import it
from the plugin package.
> +export type { AssemblyInstructionsInput } from '@transloadit/types'
> ```
> 
> Notes
> - This is a purely type-only export and should be erased at compile
time; it does not add runtime code.
> - No other behavior or API surface should change.
> 
> Please create a branch, apply the change, and open a pull request with
a descriptive title and a short description of the change. Run
TypeScript build checks if available.
> 


</details>



<!-- START COPILOT CODING AGENT SUFFIX -->

*This pull request was created from Copilot chat.*
>

<!-- START COPILOT CODING AGENT TIPS -->
---

💬 We'd love your input! Share your thoughts on Copilot coding agent in
our [2 minute survey](https://gh.io/copilot-coding-agent-survey).

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2026-03-02 10:38:57 +08:00
Merlijn Vos
23cbd4a05a
@uppy/xhr-upload: add browser tests (#6169)
Good to have actual browser tests for this uploader.
2026-02-19 15:10:17 +01:00
Prakash
4652dc6a4a
upgrade aws-sdk in @uppy/companion (#6180)
this fixes  #6167 

AI summary :

**The Bug: S3 Multipart Upload Fails with InvalidPart**

**What happened**
When uploading large files (200MB+) from Google Drive → Companion → S3
using multipart upload, the upload would reach ~96-100% and then fail
with S3's `InvalidPart` error on `CompleteMultipartUpload`.

*Root cause*
_A version mismatch between two AWS SDK packages caused by yarn dedupe._

Commit `3c3034b40` ("Dedupe dependencies #6085") ran `yarn dedupe`.
Companion had `@aws-sdk/client-s3` and `@aws-sdk/lib-storage` both at
`"^3.338.0"`, which previously both resolved to `3.600.0`. But the
`@uppy/transloadit` package elsewhere in the monorepo had
`"@aws-sdk/client-s3": "^3.891.0"`. Dedupe merged the resolutions —
`client-s3` jumped to `3.896.0` while `lib-storage` stayed at `3.600.0`.

*Why the mismatch matters*
AWS SDK `client-s3@3.896.0` introduced a _breaking behavioral change_ in
its checksum middleware:
• *Old (3.600.0):* Default checksum = MD5, no auto-injection.
`UploadPart` requests sent _no checksum header_.
• *New (3.896.0):* Default checksum = CRC32,
`requestChecksumCalculation` defaults to `"WHEN_SUPPORTED"`. The
middleware _auto-injects `x-amz-checksum-crc32`_ on every `UploadPart`
request.

The old `lib-storage@3.600.0` didn't know about this new behavior. It
called `CreateMultipartUpload` _without_ setting `ChecksumAlgorithm`.
Then `client-s3@3.896.0` added CRC32 checksums to each `UploadPart`. S3
saw parts with checksums that weren't declared at creation time →
rejected with `InvalidPart` at `CompleteMultipartUpload`.

*How the fixes work*

_Option A — `requestChecksumCalculation: 'WHEN_REQUIRED'`_ (workaround):
Tells the new `client-s3` to only add checksums when S3 requires them
(which it doesn't for `UploadPart`). This restores the old behavior — no
checksum headers, no mismatch.

_Option B — Upgrade all AWS SDK packages to `^3.986.0`_ (proper fix):
The new `lib-storage@3.986.0` is _aware_ of the CRC32 checksum behavior.
When it detects `requestChecksumCalculation = "WHEN_SUPPORTED"`, it
explicitly sets `ChecksumAlgorithm: "CRC32"` on the
`CreateMultipartUpload` call. Now S3 expects CRC32 checksums on the
parts, the parts have CRC32 checksums → everything is consistent →
upload succeeds.

*TL;DR*
`yarn dedupe` upgraded `client-s3` but not `lib-storage`. The new
`client-s3` started adding CRC32 checksums to parts, but the old
`lib-storage` didn't declare CRC32 at multipart creation time. S3
rejected the mismatch. Fix: upgrade both packages together so they agree
on checksum behavior.
2026-02-13 18:03:55 +05:30
Copilot
f6efd2ebcc
Fix allowMultipleUploadBatches by preventing file operations during upload (#6156)
## Implementation Plan for Transloadit allowMultipleUploadBatches Fix

- [x] Explore the codebase to understand existing structure
  - [x] Review transloadit/src/index.ts
  - [x] Review existing event handlers (#onError, #onCancelAll)
  - [x] Review install() and uninstall() methods
  - [x] Understand test structure
- [x] Implement the proper fix in
packages/@uppy/transloadit/src/index.ts
- [x] Set allowNewUpload: false at start of #prepareUpload
(preprocessor)
- [x] Reset allowNewUpload: true at end of #afterUpload (postprocessor)
  - [x] Reset allowNewUpload: true in #prepareUpload error handler
  - [x] Keep existing resets in #onError and #onCancelAll handlers
  - [x] Removed event listener approach (was causing race conditions)
- [x] Update tests to match implementation
- [x] Test allowNewUpload lifecycle through actual upload flow
(preprocessor/postprocessor)
  - [x] Test allowNewUpload reset on preprocessor error
  - [x] Test allowNewUpload reset on error event
  - [x] Test allowNewUpload reset on cancel-all
  - [x] Remove obsolete event listener tests

<!-- START COPILOT CODING AGENT TIPS -->
---

💡 You can make Copilot smarter by setting up custom instructions,
customizing its development environment and configuring Model Context
Protocol (MCP) servers. Learn more [Copilot coding agent
tips](https://gh.io/copilot-coding-agent-tips) in the docs.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2026-02-09 21:42:43 +08:00
Mikael Finstad
49db42d72a
@uppy/companion: fix 429 not returning JSON response with message (#6177)
discovered by llm
2026-02-09 20:41:26 +08:00
Merlijn Vos
6b1abaa541
@uppy/utils,@uppy/xhr-upload: create and use new queue (#6105)
Closes #4173, kind off

## Problem

Current situation with `RateLimitedQueue`

- Track concurrency: keep a running count, only dispatch up to limit,
accept Infinity.
- Priority enqueue: queued handlers sorted by priority; dequeued in that
order.
- Lifecycle bookkeeping: each job gets abort()/done() hooks; abort for
running vs queued differs; decrement active count and advance queue via
microtasks.
- Requeue placeholders: supports a shouldBeRequeued marker so callers
can hold/retry slots without running immediately.
- Function wrappers: wrap sync or async fns to enforce the queue and
return abortable handles.
- Cancellation plumbing: provides abortOn(signal) to bind queued/running
work to an AbortSignal; abortable promises carry abort().
- Pausing: pause(duration?) freezes dispatch (optional auto-resume);
resume() restarts up to the current limit.
- Rate limiting/backoff: rateLimit(duration) pauses, drops concurrency,
then ramps it back toward the previous upper bound over time.

Case in point: it's some sort of made up, monstrosity data structure
trying to be too many things. It also has rate limiting and exponential
backoff but that's already in
[`fetcher`](https://github.com/transloadit/uppy/blob/main/packages/%40uppy/utils/src/fetcher.ts)
too.

Would be better if we had separation of concerns and proven data
structures.

## Solution

A "dumb" promise-based priority queue that doesn't care at all about
what a promise does or if it needs to be retried. The promise inside
determines if it has retrying and exponential backoff, such as a
`fetcher` promise.

To not make this a breaking change and a huge diff, we still implement
this per uploader, starting with xhr-upload, and keep backwards
compatibility in the interface so we can still pass it to
`companion-client`, which needs to share the same queue.

## Ideal future

When you think about it, it's odd that we implement a queue per uploader
if a queue is so central to uppy working correctly. It's even more odd
that we also have to inject that queue into `companion-client` per
uploader for queue sharing.

Ideally, `core` is responsible for having the queue. All uploaders would
do is push a promise to `core` and `core` doesn't care if that promise
is a tus, xhr, or S3 upload.

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
2026-02-05 15:46:45 +01:00
github-actions[bot]
9d87b9eab1
[ci] release (#6166)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/components@1.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- 37f69d0: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [37f69d0]
    -   @uppy/image-editor@4.2.0

## @uppy/image-editor@4.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

## @uppy/react@5.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
    -   @uppy/components@1.2.0

## @uppy/svelte@5.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
    -   @uppy/components@1.2.0

## @uppy/transloadit@5.5.0

### Minor Changes

- 37f69d0: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.

### Patch Changes

-   Updated dependencies [37f69d0]
    -   @uppy/tus@5.1.1

## @uppy/vue@3.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- 37f69d0: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
    -   @uppy/components@1.2.0

## @uppy/locales@5.1.1

### Patch Changes

-   37f69d0: Update cs_CZ dropPaste keys to use the correct variables.

## @uppy/tus@5.1.1

### Patch Changes

- 37f69d0: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.

## uppy@5.2.3

### Patch Changes

-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
    -   @uppy/locales@5.1.1
    -   @uppy/tus@5.1.1
    -   @uppy/transloadit@5.5.0
    -   @uppy/image-editor@4.2.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-03 11:08:41 +01:00
Murderlon
c979a9d82b
@uppy/components: do not use symlink
Breaks changeset releases
2026-02-03 10:51:40 +01:00
Murderlon
37f69d088d
Revert "[ci] release (#6162)"
This reverts commit 671e6b26f4.
2026-02-03 10:51:07 +01:00
github-actions[bot]
671e6b26f4
[ci] release (#6162)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/components@1.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- c0a8776: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [c0a8776]
    -   @uppy/image-editor@4.2.0

## @uppy/image-editor@4.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

## @uppy/react@5.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
    -   @uppy/components@1.2.0

## @uppy/svelte@5.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
    -   @uppy/components@1.2.0

## @uppy/transloadit@5.5.0

### Minor Changes

- c0a8776: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.

### Patch Changes

-   Updated dependencies [c0a8776]
    -   @uppy/tus@5.1.1

## @uppy/vue@3.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- c0a8776: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
    -   @uppy/components@1.2.0

## @uppy/locales@5.1.1

### Patch Changes

-   c0a8776: Update cs_CZ dropPaste keys to use the correct variables.

## @uppy/tus@5.1.1

### Patch Changes

- c0a8776: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.

## uppy@5.2.3

### Patch Changes

-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
    -   @uppy/locales@5.1.1
    -   @uppy/tus@5.1.1
    -   @uppy/transloadit@5.5.0
    -   @uppy/image-editor@4.2.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-03 10:15:43 +01:00
Murderlon
c0a8776484
Revert "[ci] release (#6153)"
This reverts commit 0ee8fef148.
2026-01-29 17:32:56 +01:00
github-actions[bot]
0ee8fef148
[ci] release (#6153)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/components@1.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- 680052b: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [850c1cb]
    -   @uppy/image-editor@4.2.0

## @uppy/image-editor@4.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

## @uppy/react@5.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [680052b]
-   Updated dependencies [850c1cb]
    -   @uppy/components@1.2.0

## @uppy/svelte@5.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [680052b]
-   Updated dependencies [850c1cb]
    -   @uppy/components@1.2.0

## @uppy/transloadit@5.5.0

### Minor Changes

- 680052b: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.

### Patch Changes

-   Updated dependencies [680052b]
    -   @uppy/tus@5.1.1

## @uppy/vue@3.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- 680052b: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [680052b]
-   Updated dependencies [850c1cb]
    -   @uppy/components@1.2.0

## @uppy/locales@5.1.1

### Patch Changes

-   680052b: Update cs_CZ dropPaste keys to use the correct variables.

## @uppy/tus@5.1.1

### Patch Changes

- 680052b: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.

## uppy@5.2.3

### Patch Changes

-   Updated dependencies [680052b]
-   Updated dependencies [680052b]
-   Updated dependencies [680052b]
-   Updated dependencies [850c1cb]
    -   @uppy/locales@5.1.1
    -   @uppy/tus@5.1.1
    -   @uppy/transloadit@5.5.0
    -   @uppy/image-editor@4.2.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-29 17:28:33 +01:00
Merlijn Vos
850c1cb1c5
Add useImageEditor (#6122)
- Create image editor abstraction in `@uppy/components`
- Refactor `Editor` (Preact) and `ImageEditor` (Uppy plugin) to put all
methods in the Uppy plugin class so they can be reused by the headless
abstraction
- Create framework hooks for React, Vue, Svelte
- Update all examples to showcase the new hook
- Symlink the `cropper.scss` (just regular CSS) from
`@uppy/image-editor` into `@uppy/components`, update `build:css` in all
framework packages to copy that file too into their own `dist/` output.
- cropper-js needs basic CSS to do the rotations and stuff which would
be very tedious to write yourself so we ship that CSS file to consumers
too so they can just import it.
- Fix memory leak where we created the image on each render inside the
original Preact plugin UI

```ts
import type { UppyFile } from '@uppy/core'
import { useImageEditor } from '@uppy/react'

interface ImageEditorProps {
  file: UppyFile<any, any>
  close: () => void
}

export function ImageEditor({ file, close }: ImageEditorProps) {
  const {
    state,
    getImageProps,
    getSaveButtonProps,
    getCancelButtonProps,
    getRotateButtonProps,
    getFlipHorizontalButtonProps,
    getZoomButtonProps,
    getCropSquareButtonProps,
    getCropLandscapeButtonProps,
    getCropPortraitButtonProps,
    getResetButtonProps,
    getRotationSliderProps,
  } = useImageEditor({ file })

  return (
    <div className="p-4 max-w-2xl w-full">
      <div className="flex justify-between items-center mb-4">
        <h2 className="text-xl font-bold">Edit Image</h2>
        <button
          type="button"
          onClick={close}
          className="text-gray-500 hover:text-gray-700"
        >
          ✕
        </button>
      </div>

      <div className="mb-4">
        {/* biome-ignore lint/a11y/useAltText: alt is provided by getImageProps() */}
        <img
          className="w-full max-h-[400px] rounded-lg border-2"
          {...getImageProps()}
        />
      </div>

      <div className="mb-4">
        <label className="block text-sm font-medium mb-2">
          Fine Rotation: {state.angle}°
          <input className="w-full mt-1" {...getRotationSliderProps()} />
        </label>
      </div>

      <div className="flex gap-2 flex-wrap mb-4">
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getRotateButtonProps(-90)}
        >
          ↶ -90°
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getRotateButtonProps(90)}
        >
          ↷ +90°
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getFlipHorizontalButtonProps()}
        >
          ⇆ Flip
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getZoomButtonProps(0.1)}
        >
          + Zoom
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getZoomButtonProps(-0.1)}
        >
          - Zoom
        </button>
      </div>

      <div className="flex gap-2 flex-wrap mb-4">
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getCropSquareButtonProps()}
        >
          1:1
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getCropLandscapeButtonProps()}
        >
          16:9
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getCropPortraitButtonProps()}
        >
          9:16
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getResetButtonProps()}
        >
          Reset
        </button>
      </div>

      <div className="flex gap-4 justify-end">
        <button
          className="bg-gray-500 text-white px-4 py-2 rounded-md"
          {...getCancelButtonProps({ onClick: close })}
        >
          Cancel
        </button>
        <button
          className="bg-green-500 text-white px-4 py-2 rounded-md disabled:opacity-50 disabled:bg-green-300"
          {...getSaveButtonProps({ onClick: close })}
        >
          Save
        </button>
      </div>
    </div>
  )
}

export default ImageEditor

```


https://github.com/user-attachments/assets/4b0a99cc-8489-41a2-aa3b-ce88110025bf

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
2026-01-29 11:13:12 +01:00
dependabot[bot]
09bf6857a1
build(deps): bump lodash from 4.17.21 to 4.17.23 (#6152)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to
4.17.23.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dec55b7a3b"><code>dec55b7</code></a>
Bump main to v4.17.23 (<a
href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li>
<li><a
href="19c9251b36"><code>19c9251</code></a>
fix: setCacheHas JSDoc return type should be boolean (<a
href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li>
<li><a
href="b5e672995a"><code>b5e6729</code></a>
jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a
href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li>
<li><a
href="edadd45214"><code>edadd45</code></a>
Prevent prototype pollution on baseUnset function</li>
<li><a
href="4879a7a7d0"><code>4879a7a</code></a>
doc: fix autoLink function, conversion of source links (<a
href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li>
<li><a
href="9648f692b0"><code>9648f69</code></a>
chore: remove <code>yarn.lock</code> file (<a
href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li>
<li><a
href="dfa407db0b"><code>dfa407d</code></a>
ci: remove legacy configuration files (<a
href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li>
<li><a
href="156e1965ae"><code>156e196</code></a>
feat: add renovate setup (<a
href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li>
<li><a
href="933e1061b8"><code>933e106</code></a>
ci: add pipeline for Bun (<a
href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li>
<li><a
href="072a807ff7"><code>072a807</code></a>
docs: update links related to Open JS Foundation (<a
href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.21&new-version=4.17.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-26 15:01:18 +01:00
Murderlon
680052b3ce
Revert "[ci] release (#6144)"
This reverts commit e290a176e7.
2026-01-23 12:52:09 +01:00
github-actions[bot]
e290a176e7
[ci] release (#6144)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/transloadit@5.5.0

### Minor Changes

- efda84c: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.

### Patch Changes

-   Updated dependencies [54a46db]
    -   @uppy/tus@5.1.1

## @uppy/components@1.1.1

### Patch Changes

- fa23832: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)

## @uppy/locales@5.1.1

### Patch Changes

-   642c75d: Update cs_CZ dropPaste keys to use the correct variables.

## @uppy/tus@5.1.1

### Patch Changes

- 54a46db: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.

## @uppy/vue@3.1.1

### Patch Changes

- fa23832: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [fa23832]
    -   @uppy/components@1.1.1

## uppy@5.2.3

### Patch Changes

-   Updated dependencies [642c75d]
-   Updated dependencies [54a46db]
-   Updated dependencies [efda84c]
    -   @uppy/locales@5.1.1
    -   @uppy/tus@5.1.1
    -   @uppy/transloadit@5.5.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-21 10:27:20 +01:00
Merlijn Vos
54a46db340
@uppy/tus: fix Node.js support (#6145)
Fixes #6119
2026-01-19 11:29:28 +01:00
Merlijn Vos
efda84cc23
@uppy/transloadit: use lighter types package (#6147)
We don't need to drag in the entire SDK just for types.
2026-01-19 11:18:43 +01:00
Merlijn Vos
fa23832f6a
@uppy/vue: support kebab-case props in generated components (#6125)
## Summary

- Fix Vue components to work with kebab-case props (`:edit-file` instead
of `:editFile`)
- Update `migrate.mjs` to parse prop names from TypeScript source files
and generate explicit `props` arrays

## Problem

The generated Vue components didn't work correctly with Vue's standard
kebab-case prop convention:

```vue
<!-- This didn't work -->
<FilesList :edit-file="handleEdit" />

<!-- Only this worked (non-standard) -->
<FilesList :editFile="handleEdit" />
```

## Root Cause

The original Vue template used `attrs` to pass props to Preact:

```ts
setup(props, { attrs }) {
  preactRender(preactH(PreactComponent, {
    ...(attrs as Props),  // attrs preserves kebab-case!
    ctx,
  }), container)
}
```

When using `:edit-file` in a Vue template, Vue passes
`attrs['edit-file']` (kebab-case preserved), but Preact expects
`editFile` (camelCase).

## Solution

Generate Vue components with explicit `props` declarations:

```ts
defineComponent({
  props: ['editFile', 'columns', 'imageThumbnail'],
  setup(props) {
    preactRender(preactH(PreactComponent, {
      ...props,  // Vue already converted kebab → camelCase
      ctx,
    }), container)
  }
})
```

When Vue components declare their props, Vue automatically converts
kebab-case template usage to camelCase in the `props` object. This is
standard Vue behavior.

## Why Simpler Alternatives Don't Work

### "Just use `props` instead of `attrs`"

Without a `props` declaration, Vue doesn't know which attributes are
props. The `props` object will be empty and everything goes to `attrs`:

```ts
// Without props declaration
defineComponent({
  setup(props, { attrs }) {
    // props = {}  (empty!)
    // attrs = { 'edit-file': fn }  (kebab-case preserved)
  }
})
```

### "Accept all props dynamically"

Vue doesn't have a "accept all props and convert casing" option. You
must explicitly declare which props you expect for Vue to handle the
conversion.

### "Just document to use camelCase"

This works but violates Vue conventions. Every Vue developer expects
`:edit-file` to work.

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Prakash <qxprakash@gmail.com>
2026-01-19 09:59:42 +01:00
Viktor Mec
642c75dd0e
Update the cs dropPaste translation keys to match en locale (#6135)
This fixes an issue where selecting folders was not possible in the
`Dashboard` component in the Czech locale.
2026-01-16 10:53:26 +01:00
dependabot[bot]
b3d9ef5cce
build(deps-dev): bump @sveltejs/kit from 2.20.7 to 2.49.5 (#6143)
Bumps
[@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit)
from 2.20.7 to 2.49.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/kit/releases"><code>@​sveltejs/kit</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.5</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: avoid overriding Vite default <code>base</code> when running
Vitest 4 (<a
href="https://redirect.github.com/sveltejs/kit/pull/14866">#14866</a>)</p>
</li>
<li>
<p>fix: ensure url decoded pathnames are not mistaken as rerouted
requests (<a
href="d9ae9b00b1"><code>d9ae9b0</code></a>)</p>
</li>
<li>
<p>fix: add length checks to remote forms (<a
href="8ed8155215"><code>8ed8155</code></a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: support instrumentation for <code>vite preview</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15105">#15105</a>)</p>
</li>
<li>
<p>fix: support for <code>URLSearchParams.has(name, value)</code>
overload (<a
href="https://redirect.github.com/sveltejs/kit/pull/15076">#15076</a>)</p>
</li>
<li>
<p>fix: put forking behind <code>experimental.forkPreloads</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15135">#15135</a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: avoid false-positive Vite config overridden warning when using
Vitest 4 (<a
href="https://redirect.github.com/sveltejs/kit/pull/15121">#15121</a>)</p>
</li>
<li>
<p>fix: add <code>typescript</code> as an optional peer dependency (<a
href="https://redirect.github.com/sveltejs/kit/pull/15074">#15074</a>)</p>
</li>
<li>
<p>fix: use hasOwn check when deep-setting object properties (<a
href="https://redirect.github.com/sveltejs/kit/pull/15127">#15127</a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: Stop re-loading already-loaded CSS during server-side route
resolution (<a
href="https://redirect.github.com/sveltejs/kit/pull/15014">#15014</a>)</p>
</li>
<li>
<p>fix: posixify the instrumentation file import on Windows (<a
href="https://redirect.github.com/sveltejs/kit/pull/14993">#14993</a>)</p>
</li>
<li>
<p>fix: Correctly handle shared memory when decoding binary form data
(<a
href="https://redirect.github.com/sveltejs/kit/pull/15028">#15028</a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>fix: suppress <code>state_referenced_locally</code> warnings in
<code>.svelte-kit/generated/root.svelte</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15013">#15013</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md"><code>@​sveltejs/kit</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>2.49.5</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: avoid overriding Vite default <code>base</code> when running
Vitest 4 (<a
href="https://redirect.github.com/sveltejs/kit/pull/14866">#14866</a>)</p>
</li>
<li>
<p>fix: ensure url decoded pathnames are not mistaken as rerouted
requests (<a
href="d9ae9b00b1"><code>d9ae9b0</code></a>)</p>
</li>
<li>
<p>fix: add length checks to remote forms (<a
href="8ed8155215"><code>8ed8155</code></a>)</p>
</li>
</ul>
<h2>2.49.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: support instrumentation for <code>vite preview</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15105">#15105</a>)</p>
</li>
<li>
<p>fix: support for <code>URLSearchParams.has(name, value)</code>
overload (<a
href="https://redirect.github.com/sveltejs/kit/pull/15076">#15076</a>)</p>
</li>
<li>
<p>fix: put forking behind <code>experimental.forkPreloads</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15135">#15135</a>)</p>
</li>
</ul>
<h2>2.49.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: avoid false-positive Vite config overridden warning when using
Vitest 4 (<a
href="https://redirect.github.com/sveltejs/kit/pull/15121">#15121</a>)</p>
</li>
<li>
<p>fix: add <code>typescript</code> as an optional peer dependency (<a
href="https://redirect.github.com/sveltejs/kit/pull/15074">#15074</a>)</p>
</li>
<li>
<p>fix: use hasOwn check when deep-setting object properties (<a
href="https://redirect.github.com/sveltejs/kit/pull/15127">#15127</a>)</p>
</li>
</ul>
<h2>2.49.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: Stop re-loading already-loaded CSS during server-side route
resolution (<a
href="https://redirect.github.com/sveltejs/kit/pull/15014">#15014</a>)</p>
</li>
<li>
<p>fix: posixify the instrumentation file import on Windows (<a
href="https://redirect.github.com/sveltejs/kit/pull/14993">#14993</a>)</p>
</li>
<li>
<p>fix: Correctly handle shared memory when decoding binary form data
(<a
href="https://redirect.github.com/sveltejs/kit/pull/15028">#15028</a>)</p>
</li>
</ul>
<h2>2.49.1</h2>
<h3>Patch Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="80ffb53382"><code>80ffb53</code></a>
Version Packages (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15162">#15162</a>)</li>
<li><a
href="8ed8155215"><code>8ed8155</code></a>
Merge commit from fork</li>
<li><a
href="d9ae9b00b1"><code>d9ae9b0</code></a>
Merge commit from fork</li>
<li><a
href="ec4596a066"><code>ec4596a</code></a>
chore: Upgrade devalue (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15172">#15172</a>)</li>
<li><a
href="81cd545dd7"><code>81cd545</code></a>
fix: avoid overriding Vite default <code>base</code> when running Vitest
4 (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/14866">#14866</a>)</li>
<li><a
href="6cf9491ccd"><code>6cf9491</code></a>
chore: remove unused is_http_method helper and method set to (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15152">#15152</a>)</li>
<li><a
href="3305022433"><code>3305022</code></a>
Revert &quot;breaking: remove <code>buttonProps</code> from experimental
remote form function...</li>
<li><a
href="4f9870dd9d"><code>4f9870d</code></a>
breaking: remove <code>buttonProps</code> from experimental remote form
functions (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/14622">#14622</a>)</li>
<li><a
href="c8e4017c3c"><code>c8e4017</code></a>
Version Packages (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15129">#15129</a>)</li>
<li><a
href="50bf727f59"><code>50bf727</code></a>
chore: fix prettier ignoring source code in with build in the name (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15133">#15133</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.49.5/packages/kit">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for <code>@​sveltejs/kit</code> since your
current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@sveltejs/kit&package-manager=npm_and_yarn&previous-version=2.20.7&new-version=2.49.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-16 10:46:30 +01:00
github-actions[bot]
695bb6ec07
[ci] release (#6120)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/dashboard@5.1.1

### Patch Changes

- 6975782: Remove event listener for `focus` and `click`, preventing a
memory leak.

## uppy@5.2.2

### Patch Changes

-   Updated dependencies [6975782]
    -   @uppy/dashboard@5.1.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-12 21:44:39 +01:00
dependabot[bot]
3c159b1740
build(deps): bump @angular/compiler from 19.2.17 to 19.2.18 (#6128)
Bumps
[@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler)
from 19.2.17 to 19.2.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/releases"><code>@​angular/compiler</code>'s
releases</a>.</em></p>
<blockquote>
<h2>19.2.18</h2>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="26cdc53d9c"><img
src="https://img.shields.io/badge/26cdc53d9c-fix-green" alt="fix -
26cdc53d9c" /></a></td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@​angular/compiler</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>19.2.18 (2026-01-07)</h1>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="26cdc53d9c">26cdc53d9c</a></td>
<td>fix</td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.0.7 (2026-01-07)</h1>
<h3>compiler</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="8e808740c9">8e808740c9</a></td>
<td>fix</td>
<td>better types for a few expression AST nodes</td>
</tr>
<tr>
<td><a
href="63b1cdcf70">63b1cdcf70</a></td>
<td>fix</td>
<td>produce accurate span for typeof and void expressions</td>
</tr>
<tr>
<td><a
href="3c3ae0cb64">3c3ae0cb64</a></td>
<td>fix</td>
<td>provide location information for literal map keys</td>
</tr>
<tr>
<td><a
href="523dbaf1c3">523dbaf1c3</a></td>
<td>fix</td>
<td>stop ThisReceiver inheritance from ImplicitReceiver</td>
</tr>
</tbody>
</table>
<h3>compiler-cli</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="4d9c4567ed">4d9c4567ed</a></td>
<td>fix</td>
<td>ensure component import diagnostics are reported within the
<code>imports</code> expression</td>
</tr>
<tr>
<td><a
href="cd405685af">cd405685af</a></td>
<td>fix</td>
<td>fix up spelling of diagnostic</td>
</tr>
<tr>
<td><a
href="778460fcca">778460fcca</a></td>
<td>fix</td>
<td>support qualified names in <code>typeof</code> type references</td>
</tr>
</tbody>
</table>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="7c74674eb0">7c74674eb0</a></td>
<td>fix</td>
<td>avoid leaking view data in animations</td>
</tr>
<tr>
<td><a
href="0edbee4550">0edbee4550</a></td>
<td>fix</td>
<td>explicitly cast signal node value to String</td>
</tr>
<tr>
<td><a
href="f9c29572d2">f9c29572d2</a></td>
<td>fix</td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
<h3>forms</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="e3fba182f9">e3fba182f9</a></td>
<td>feat</td>
<td>add <code>[formField]</code> directive</td>
</tr>
<tr>
<td><a
href="561772b152">561772b152</a></td>
<td>fix</td>
<td>allow custom controls to require <code>dirty</code> input</td>
</tr>
<tr>
<td><a
href="f0fb1d8581">f0fb1d8581</a></td>
<td>fix</td>
<td>allow custom controls to require <code>hidden</code> input</td>
</tr>
<tr>
<td><a
href="ec110f170b">ec110f170b</a></td>
<td>fix</td>
<td>allow custom controls to require <code>pending</code> input</td>
</tr>
<tr>
<td><a
href="ae1dc16bb0">ae1dc16bb0</a></td>
<td>fix</td>
<td>clean up abort listener after timeout</td>
</tr>
<tr>
<td><a
href="9748b0d5da">9748b0d5da</a></td>
<td>fix</td>
<td>support custom controls with non signal-based models</td>
</tr>
<tr>
<td><a
href="6bd22df987">6bd22df987</a></td>
<td>fix</td>
<td>Support readonly arrays in signal forms</td>
</tr>
</tbody>
</table>
<h3>router</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="41cd4a6af8">41cd4a6af8</a></td>
<td>fix</td>
<td>Fix RouterLink href not updating with
<code>queryParamsHandling</code></td>
</tr>
<tr>
<td><a
href="5e9e09aee0">5e9e09aee0</a></td>
<td>fix</td>
<td>handle errors from view transition <code>updateCallbackDone</code>
promise</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.1.0-next.4 (2025-12-17)</h1>
<h2>Breaking Changes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="26cdc53d9c"><code>26cdc53</code></a>
fix(core): sanitize sensitive attributes on SVG script elements</li>
<li>See full diff in <a
href="https://github.com/angular/angular/commits/v19.2.18/packages/compiler">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/compiler&package-manager=npm_and_yarn&previous-version=19.2.17&new-version=19.2.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 11:13:45 +01:00
dependabot[bot]
71e8a56127
build(deps): bump @angular/core from 19.2.17 to 19.2.18 (#6129)
Bumps
[@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core)
from 19.2.17 to 19.2.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/releases"><code>@​angular/core</code>'s
releases</a>.</em></p>
<blockquote>
<h2>19.2.18</h2>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="26cdc53d9c"><img
src="https://img.shields.io/badge/26cdc53d9c-fix-green" alt="fix -
26cdc53d9c" /></a></td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@​angular/core</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>19.2.18 (2026-01-07)</h1>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="26cdc53d9c">26cdc53d9c</a></td>
<td>fix</td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.0.7 (2026-01-07)</h1>
<h3>compiler</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="8e808740c9">8e808740c9</a></td>
<td>fix</td>
<td>better types for a few expression AST nodes</td>
</tr>
<tr>
<td><a
href="63b1cdcf70">63b1cdcf70</a></td>
<td>fix</td>
<td>produce accurate span for typeof and void expressions</td>
</tr>
<tr>
<td><a
href="3c3ae0cb64">3c3ae0cb64</a></td>
<td>fix</td>
<td>provide location information for literal map keys</td>
</tr>
<tr>
<td><a
href="523dbaf1c3">523dbaf1c3</a></td>
<td>fix</td>
<td>stop ThisReceiver inheritance from ImplicitReceiver</td>
</tr>
</tbody>
</table>
<h3>compiler-cli</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="4d9c4567ed">4d9c4567ed</a></td>
<td>fix</td>
<td>ensure component import diagnostics are reported within the
<code>imports</code> expression</td>
</tr>
<tr>
<td><a
href="cd405685af">cd405685af</a></td>
<td>fix</td>
<td>fix up spelling of diagnostic</td>
</tr>
<tr>
<td><a
href="778460fcca">778460fcca</a></td>
<td>fix</td>
<td>support qualified names in <code>typeof</code> type references</td>
</tr>
</tbody>
</table>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="7c74674eb0">7c74674eb0</a></td>
<td>fix</td>
<td>avoid leaking view data in animations</td>
</tr>
<tr>
<td><a
href="0edbee4550">0edbee4550</a></td>
<td>fix</td>
<td>explicitly cast signal node value to String</td>
</tr>
<tr>
<td><a
href="f9c29572d2">f9c29572d2</a></td>
<td>fix</td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
<h3>forms</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="e3fba182f9">e3fba182f9</a></td>
<td>feat</td>
<td>add <code>[formField]</code> directive</td>
</tr>
<tr>
<td><a
href="561772b152">561772b152</a></td>
<td>fix</td>
<td>allow custom controls to require <code>dirty</code> input</td>
</tr>
<tr>
<td><a
href="f0fb1d8581">f0fb1d8581</a></td>
<td>fix</td>
<td>allow custom controls to require <code>hidden</code> input</td>
</tr>
<tr>
<td><a
href="ec110f170b">ec110f170b</a></td>
<td>fix</td>
<td>allow custom controls to require <code>pending</code> input</td>
</tr>
<tr>
<td><a
href="ae1dc16bb0">ae1dc16bb0</a></td>
<td>fix</td>
<td>clean up abort listener after timeout</td>
</tr>
<tr>
<td><a
href="9748b0d5da">9748b0d5da</a></td>
<td>fix</td>
<td>support custom controls with non signal-based models</td>
</tr>
<tr>
<td><a
href="6bd22df987">6bd22df987</a></td>
<td>fix</td>
<td>Support readonly arrays in signal forms</td>
</tr>
</tbody>
</table>
<h3>router</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="41cd4a6af8">41cd4a6af8</a></td>
<td>fix</td>
<td>Fix RouterLink href not updating with
<code>queryParamsHandling</code></td>
</tr>
<tr>
<td><a
href="5e9e09aee0">5e9e09aee0</a></td>
<td>fix</td>
<td>handle errors from view transition <code>updateCallbackDone</code>
promise</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.1.0-next.4 (2025-12-17)</h1>
<h2>Breaking Changes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="26cdc53d9c"><code>26cdc53</code></a>
fix(core): sanitize sensitive attributes on SVG script elements</li>
<li>See full diff in <a
href="https://github.com/angular/angular/commits/v19.2.18/packages/core">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/core&package-manager=npm_and_yarn&previous-version=19.2.17&new-version=19.2.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 10:59:23 +01:00
dependabot[bot]
fd8f54f542
build(deps): bump preact from 10.26.9 to 10.26.10 (#6123)
Bumps [preact](https://github.com/preactjs/preact) from 10.26.9 to
10.26.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/preactjs/preact/releases">preact's
releases</a>.</em></p>
<blockquote>
<h2>10.26.10</h2>
<h2>Fixes</h2>
<ul>
<li>Enforce strict equality for VNode object constructors</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e6f88b0842"><code>e6f88b0</code></a>
10.26.10</li>
<li><a
href="c373f23c48"><code>c373f23</code></a>
10.26 strict equality (<a
href="https://redirect.github.com/preactjs/preact/issues/4988">#4988</a>)</li>
<li><a
href="d008a1a242"><code>d008a1a</code></a>
10.26.x</li>
<li>See full diff in <a
href="https://github.com/preactjs/preact/compare/10.26.9...10.26.10">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=preact&package-manager=npm_and_yarn&previous-version=10.26.9&new-version=10.26.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-08 12:00:59 +01:00
HKB
6975782339
properly remove event listener for "focus" and "click" (#6116)
fix https://github.com/transloadit/uppy/issues/6115

---------

Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2026-01-05 21:49:14 +08:00
github-actions[bot]
9d087791dc
[ci] release (#6096)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/golden-retriever@5.2.1

### Patch Changes

- d766c30: Fix: Don't restore `currentUploads` if no files are being
restored.
-   Updated dependencies [648f245]
    -   @uppy/utils@7.1.5

## @uppy/google-drive-picker@1.1.1

### Patch Changes

- 50e2420: Improve Google Drive Picker folder picking: Resolve also
folders inside shared drives (but not symlinks to folders)
-   Updated dependencies [648f245]
-   Updated dependencies [50e2420]
    -   @uppy/utils@7.1.5
    -   @uppy/provider-views@5.2.2

## @uppy/provider-views@5.2.2

### Patch Changes

- 50e2420: Improve Google Drive Picker folder picking: Resolve also
folders inside shared drives (but not symlinks to folders)
-   Updated dependencies [648f245]
    -   @uppy/utils@7.1.5

## @uppy/utils@7.1.5

### Patch Changes

- 648f245: Fix `complete` event never firing for XHR and make sure the
fetch aborts immediately if Uppy is cancelled before the fetch starts.

## @uppy/xhr-upload@5.1.1

### Patch Changes

- 648f245: Fix `complete` event never firing for XHR and make sure the
fetch aborts immediately if Uppy is cancelled before the fetch starts.
-   Updated dependencies [648f245]
    -   @uppy/utils@7.1.5

## uppy@5.2.1

### Patch Changes

-   Updated dependencies [648f245]
-   Updated dependencies [50e2420]
-   Updated dependencies [d766c30]
    -   @uppy/xhr-upload@5.1.1
    -   @uppy/google-drive-picker@1.1.1
    -   @uppy/provider-views@5.2.2
    -   @uppy/golden-retriever@5.2.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-12-09 10:01:30 +01:00
Mikael Finstad
d766c30f2f
don't restore currentUploads if no files (#6098)
if there are no files, no need to restore currentUploads. if we do
restore currentUploads (as we currently do), and if the upload for some
reason completes without completing all files (for example reproduced by
#5366) and the user next time re-adds some of the *same* files as
before, the upload would use only a subset of the files the user
selected (only those that are from the restored currentUploads subset),
which is wrong.
2025-12-09 13:36:47 +07:00
Mikael Finstad
648f245af0
fix xhr abort (#6097)
abortOn makes the promise (and upload) hang indefinitely, so remove it

closes #5366

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
2025-12-09 13:36:02 +07:00
Mikael Finstad
50e242098b
resolve folder inside shared drive (#6093)
also ignore shortcuts to folders
and simplify

closes #6089

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
2025-12-05 22:45:00 +07:00
Merlijn Vos
943ed7ad56
Upgrade playwright in all packages (#6086)
To resolve security advisories. Should be merged after #6085 

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Upgrades Playwright to 1.57.0 across examples and packages, updating
corresponding yarn.lock entries.
> 
> - **Dependencies**:
> - Bump `playwright` to `1.57.0` in `examples/react/package.json`,
`examples/sveltekit/package.json`, `examples/vue/package.json`,
`packages/@uppy/dashboard/package.json`, and
`packages/@uppy/url/package.json`.
> - Update `yarn.lock` to `playwright@1.57.0` and
`playwright-core@1.57.0`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fa35f7b7ea. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-12-05 10:27:58 +01:00
Merlijn Vos
3c3034b408
Dedupe dependencies (#6085)
With `yarn dedupe`. New type error surfaced due to new types getting
loaded.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Dedupes dependencies and updates code: aligns S3 presign tests with
checksum behavior, narrows HMAC key type, tweaks AudioOscilloscope
buffer typing, and simplifies Tus success logging.
> 
> - **AWS S3**:
> - Tests: add `requestChecksumCalculation` (from
`@aws-sdk/middleware-flexible-checksums`) to `S3Client` options to match
presign behavior.
> - Impl: change `generateHmacKey` signature to accept `string |
ArrayBuffer` (remove `Uint8Array`).
> - **Audio**:
> - `AudioOscilloscope`: change `dataArray` type to
`Uint8Array<ArrayBuffer>`.
> - **Tus**:
> - Simplify success log to `Download <url>` (remove file name
extraction).
> - **Dependencies**:
>   - Deduplicate/upgrade various packages in lockfile.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5b95865a7c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-12-05 10:22:11 +01:00
github-actions[bot]
5c6337682e
[ci] release (#6087)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/image-generator@1.0.0

### Major Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

### Patch Changes

-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1
    -   @uppy/transloadit@5.4.0

## @uppy/locales@5.1.0

### Minor Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

## @uppy/transloadit@5.4.0

### Minor Changes

-   5684efa: Export Assembly, AssemblyError, Client

## uppy@5.2.0

### Minor Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

### Patch Changes

-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1
    -   @uppy/webdav@1.1.1
    -   @uppy/transloadit@5.4.0
    -   @uppy/image-generator@1.0.0
    -   @uppy/locales@5.1.0

## @uppy/provider-views@5.2.1

### Patch Changes

-   5684efa: Refactor internal components

## @uppy/webdav@1.1.1

### Patch Changes

-   5684efa: Refactor internal components
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-12-04 12:19:08 +01:00
Merlijn Vos
5684efa64e
Introduce @uppy/image-generator (#6056)
Closes #5378 

- Introduce `@uppy/image-generator`, a new plugin to generate images
based on a prompt via Transloadit
- until we have "golden templates" the idea is to just send
[steps](https://transloadit.com/docs/topics/templates/#overruling-templates-at-runtime)
- because we must send steps and since we must use signature
authentication for security, which is signed based on the params we
send, we can't reuse the `assemblyOptions` the consumers is already
passing to `@uppy/transloadit` (if they use that uploaders, not needed).
- Remove `SearchInput` (this component was trying to be too many things,
all with conditional boolean props, which is bad practise) in favor of
`useSearchForm` and reuse this hook in two new components `SearchView`
and `FilterInput`
- Reuse all the styles from `SearchProviderView`. This deviates from the
design in #5378. It felt too inconsistent to me to do another UI here
again. For the initial version, I think it's best to stay consistent and
then redesign with search providers taken into account too.
- Because the service is so slow, I went a bit further with the loading
state to show funny messages that rotate while loading mostly because
users will start thinking it is broken after 5 seconds while it fact we
are still loading. But open to ideas here.

This unfortunately means the integration for the consumer is not as lean
and pretty as you would hope. On the upside, it does give them complete
freedom.

```ts
.use(ImageGenerator, {
  assemblyOptions: async (prompt) => {
    const res = await fetch(`/assembly-options?prompt=${encodeURIComponent(prompt)}`)
    return res.json()
  }
})
```

on the consumer's server:

```ts
import crypto from 'node:crypto'

const utcDateString = (ms) => {
  return new Date(ms)
    .toISOString()
    .replace(/-/g, '/')
    .replace(/T/, ' ')
    .replace(/\.\d+Z$/, '+00:00')
}

// expire 1 hour from now (this must be milliseconds)
const expires = utcDateString(Date.now() + 1 * 60 * 60 * 1000)
const authKey = 'YOUR_TRANSLOADIT_KEY'
const authSecret = 'YOUR_TRANSLOADIT_SECRET'

const params = JSON.stringify({
  auth: {
    key: authKey,
    expires,
  },
  // can not contain any more steps, the only step must be /image/generate
  steps: {
    generated_image: { // can be named different
      robot: '/image/generate',
      result: true, // mandatory
      aspect_ratio: '2:3', // up to them
      model: 'flux-1.1-pro-ultra', // up to them
      prompt, // mandatory
      num_outputs: 2, // up to them
    },
  },
})
const signatureBytes = crypto.createHmac('sha384', authSecret).update(Buffer.from(params, 'utf-8'))
// The final signature needs the hash name in front, so
// the hashing algorithm can be updated in a backwards-compatible
// way when old algorithms become insecure.
const signature = `sha384:${signatureBytes.digest('hex')}`

// respond with { params, signature } JSON to the client
```


https://github.com/user-attachments/assets/9217e457-b38b-48ac-81f0-37a417309e98



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds AI image generation plugin using Transloadit, exports low-level
Transloadit APIs, and replaces SearchInput with new
FilterInput/SearchView + useSearchForm across provider views.
> 
> - **New plugin: `@uppy/image-generator`**
> - UI plugin to generate images from a prompt via Transloadit
(`src/index.tsx`, styles, locale, build configs).
> - Integrated into dev Dashboard and included in `uppy` bundle and
global styles.
> - **Provider Views refactor**
> - Remove `SearchInput`; introduce `useSearchForm`, `SearchView`, and
`FilterInput` components.
> - Update `ProviderView`, `SearchProviderView`, and `Webdav` to use new
components; export them from `@uppy/provider-views`.
> - **Transloadit updates**
> - Export `Assembly`, `AssemblyError`, and `Client` from
`@uppy/transloadit`.
>   - Minor internal change: normalize `assemblyOptions.fields`.
> - **Locales**
> - Add strings for image generation and minor additions (e.g.,
`chooseFiles`).
>   - Ensure locales build depends on `@uppy/image-generator`.
> - **Build config**
> - Turborepo: add `uppy#build:css` and hook `image-generator` into
locales build.
> - **Changesets**
> - `@uppy/image-generator` major; `@uppy/transloadit` minor;
`@uppy/locales` and `uppy` minor; `@uppy/provider-views` and
`@uppy/webdav` patch.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4b1b729069. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
2025-12-03 11:59:52 +01:00
Merlijn Vos
93ef1ba0e7
Resolve all angular yarn warnings (#6080)
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Aligns Angular dependencies (including compiler-cli and animations) to
^19.2.17 in examples/angular and packages/@uppy/angular.
> 
> - **Dependencies**:
>   - `examples/angular/package.json`:
> - Bump `@angular/common`, `core`, `forms`, `platform-browser`,
`platform-browser-dynamic`, `router`, and `@angular/compiler-cli` to
`^19.2.17`.
>   - `packages/@uppy/angular/package.json`:
> - Bump `@angular/animations`, `common`, `compiler`, `core`, `forms`,
`platform-browser`, `platform-browser-dynamic`, `router` to `^19.2.17`.
>     - Update dev dependency `@angular/compiler-cli` to `^19.2.17`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
1af50119f0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-12-03 10:54:21 +01:00
dependabot[bot]
28c27e875c
build(deps): bump validator from 13.15.20 to 13.15.22 (#6082)
Bumps [validator](https://github.com/validatorjs/validator.js) from
13.15.20 to 13.15.22.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/validatorjs/validator.js/releases">validator's
releases</a>.</em></p>
<blockquote>
<h2>13.15.22</h2>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2622">#2622</a>
<code>isURL</code>: fix regression with hostnames with ports <a
href="https://github.com/mbtools"><code>@​mbtools</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2616">#2616</a>
<code>isLength</code>: improve handling Unicode variation selectors <a
href="https://github.com/koral"><code>@​koral</code></a>--</li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2621">#2621</a>
<a href="https://github.com/mbtools"><code>@​mbtools</code></a></li>
</ul>
</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mbtools"><code>@​mbtools</code></a> made
their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2622">validatorjs/validator.js#2622</a></li>
<li><a href="https://github.com/koral"><code>@​koral</code></a>-- made
their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2616">validatorjs/validator.js#2616</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22">https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md">validator's
changelog</a>.</em></p>
<blockquote>
<h1>13.15.22</h1>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2622">#2622</a>
<code>isURL</code>: fix regression with hostnames with ports <a
href="https://github.com/mbtools"><code>@​mbtools</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2616">#2616</a>
<code>isLength</code>: improve handling Unicode variation selectors <a
href="https://github.com/koral"><code>@​koral</code></a>--</li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2621">#2621</a>
<a href="https://github.com/mbtools"><code>@​mbtools</code></a></li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f2b5c17dbe"><code>f2b5c17</code></a>
maintenance: 2511 release (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2627">#2627</a>)</li>
<li><a
href="d457ecaf55"><code>d457eca</code></a>
fix(isLength): correctly handle Unicode variation selectors (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2616">#2616</a>)</li>
<li><a
href="f2e3633f22"><code>f2e3633</code></a>
docs: add install instructions to contibution guide (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2621">#2621</a>)</li>
<li><a
href="cf401458b8"><code>cf40145</code></a>
fix: URL validation for hostnames with ports (no protocol) (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2622">#2622</a>)</li>
<li><a
href="4af61243ba"><code>4af6124</code></a>
maintenance: 2510 release (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2585">#2585</a>)</li>
<li>See full diff in <a
href="https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~wikirik">wikirik</a>, a new releaser for
validator since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validator&package-manager=npm_and_yarn&previous-version=13.15.20&new-version=13.15.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-03 10:50:49 +01:00
github-actions[bot]
556e36de4c
[ci] release (#6060)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/audio@3.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/aws-s3@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/box@4.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/compressor@3.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/core@5.2.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.
- 4817585: added icon to webdav provider, add css to truncate large file
names
-   Updated dependencies [ac12f35]
    -   @uppy/utils@7.1.4

## @uppy/dashboard@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- cc3ff31: Move golden retriever clear files logic to the restore
function. This prevents race condition bugs when storing state.
-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/thumbnail-generator@5.1.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/drag-drop@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/drop-target@4.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/dropbox@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/facebook@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/form@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/golden-retriever@5.2.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- cc3ff31: Move golden retriever clear files logic to the restore
function. This prevents race condition bugs when storing state.
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/google-drive@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/google-drive-picker@1.1.0

### Minor Changes

- e661348: Allow selecting folders with Google Drive Picker. They will
be recursively resolved.
- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/google-photos-picker@1.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/image-editor@4.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/instagram@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/onedrive@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/provider-views@5.2.0

### Minor Changes

- e661348: Allow selecting folders with Google Drive Picker. They will
be recursively resolved.
- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- 4817585: added icon to webdav provider, add css to truncate large file
names
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/remote-sources@3.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [cc3ff31]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/dashboard@5.1.0
    -   @uppy/google-drive@5.1.0
    -   @uppy/instagram@5.1.0
    -   @uppy/facebook@5.1.0
    -   @uppy/onedrive@5.1.0
    -   @uppy/unsplash@5.1.0
    -   @uppy/dropbox@5.1.0
    -   @uppy/core@5.2.0
    -   @uppy/zoom@4.1.0
    -   @uppy/box@4.1.0
    -   @uppy/url@5.1.0

## @uppy/screen-capture@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/status-bar@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/thumbnail-generator@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/transloadit@5.3.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/tus@5.1.0
    -   @uppy/utils@7.1.4

## @uppy/tus@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/unsplash@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/url@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/webcam@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/webdav@1.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/xhr-upload@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/zoom@4.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/companion@6.2.1

### Patch Changes

- 4817585: added icon to webdav provider, add css to truncate large file
names

## @uppy/locales@5.0.1

### Patch Changes

-   c3c16ae: Improve zh-CN and zh-TW locale
-   8744c4d: Improve Dutch locale
-   Updated dependencies [ac12f35]
    -   @uppy/utils@7.1.4

## @uppy/utils@7.1.4

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.

## uppy@5.1.12

### Patch Changes

-   Updated dependencies [cc3ff31]
-   Updated dependencies [c3c16ae]
-   Updated dependencies [8744c4d]
-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/dashboard@5.1.0
    -   @uppy/golden-retriever@5.2.0
    -   @uppy/locales@5.0.1
    -   @uppy/provider-views@5.2.0
    -   @uppy/google-drive-picker@1.1.0
    -   @uppy/google-photos-picker@1.1.0
    -   @uppy/thumbnail-generator@5.1.0
    -   @uppy/remote-sources@3.1.0
    -   @uppy/screen-capture@5.1.0
    -   @uppy/google-drive@5.1.0
    -   @uppy/image-editor@4.1.0
    -   @uppy/drop-target@4.1.0
    -   @uppy/transloadit@5.3.0
    -   @uppy/compressor@3.1.0
    -   @uppy/status-bar@5.1.0
    -   @uppy/xhr-upload@5.1.0
    -   @uppy/drag-drop@5.1.0
    -   @uppy/instagram@5.1.0
    -   @uppy/facebook@5.1.0
    -   @uppy/onedrive@5.1.0
    -   @uppy/unsplash@5.1.0
    -   @uppy/dropbox@5.1.0
    -   @uppy/aws-s3@5.1.0
    -   @uppy/webcam@5.1.0
    -   @uppy/webdav@1.1.0
    -   @uppy/audio@3.1.0
    -   @uppy/core@5.2.0
    -   @uppy/form@5.1.0
    -   @uppy/zoom@4.1.0
    -   @uppy/box@4.1.0
    -   @uppy/tus@5.1.0
    -   @uppy/url@5.1.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-12-02 10:09:28 +01:00
dependabot[bot]
5b680f2f05
build(deps): bump body-parser from 1.20.3 to 1.20.4 (#6070)
Bumps [body-parser](https://github.com/expressjs/body-parser) from
1.20.3 to 1.20.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/releases">body-parser's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>Important: Security</h2>
<ul>
<li>Security fix for <a
href="https://www.cve.org/CVERecord?id=CVE-2025-13466">CVE-2025-13466</a>
(<a
href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>ci: add dependabot by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/593">expressjs/body-parser#593</a></li>
<li>ci: use full SHAs for github action versions by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/594">expressjs/body-parser#594</a></li>
<li>deps: type-is@^2.0.1 by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/599">expressjs/body-parser#599</a></li>
<li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/609">expressjs/body-parser#609</a></li>
<li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/610">expressjs/body-parser#610</a></li>
<li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/611">expressjs/body-parser#611</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/613">expressjs/body-parser#613</a></li>
<li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/612">expressjs/body-parser#612</a></li>
<li>ci: add codeql github workflows scanning by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/614">expressjs/body-parser#614</a></li>
<li>ci: update CodeQL config to ignore the test directory by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/615">expressjs/body-parser#615</a></li>
<li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/620">expressjs/body-parser#620</a></li>
<li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/619">expressjs/body-parser#619</a></li>
<li>chore(deps): unpin devDependencies by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/616">expressjs/body-parser#616</a></li>
<li>ci: add node.js 24 to test matrix by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/621">expressjs/body-parser#621</a></li>
<li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/623">expressjs/body-parser#623</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/624">expressjs/body-parser#624</a></li>
<li>chore: add funding to package.json by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/617">expressjs/body-parser#617</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/625">expressjs/body-parser#625</a></li>
<li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/630">expressjs/body-parser#630</a></li>
<li>refactor: move common request validation to read function by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/600">expressjs/body-parser#600</a></li>
<li>deps: bump iconv-lite by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/631">expressjs/body-parser#631</a></li>
<li>doc: pull beta changelog forward into 2.0.0 by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/body-parser/pull/629">expressjs/body-parser#629</a></li>
<li>refactor: optimize raw and text parsers with shared passthrough
function by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/634">expressjs/body-parser#634</a></li>
<li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/640">expressjs/body-parser#640</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/639">expressjs/body-parser#639</a></li>
<li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/636">expressjs/body-parser#636</a></li>
<li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/637">expressjs/body-parser#637</a></li>
<li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/638">expressjs/body-parser#638</a></li>
<li>deps: raw-body@^3.0.1 by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/641">expressjs/body-parser#641</a></li>
<li>deps: debug@^4.4.3 by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/642">expressjs/body-parser#642</a></li>
<li>docs: add iconv-lite 0.7.0 changes to history entry by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/645">expressjs/body-parser#645</a></li>
<li>ci: add node.js 25 to test matrix by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/650">expressjs/body-parser#650</a></li>
<li>perf: move read options outside parser middlewares by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/648">expressjs/body-parser#648</a></li>
<li>test(json): add RFC 7159 whitespace edge cases by <a
href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/653">expressjs/body-parser#653</a></li>
<li>test: add test for urlencoded invalid defaultCharset by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/643">expressjs/body-parser#643</a></li>
<li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/657">expressjs/body-parser#657</a></li>
<li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/656">expressjs/body-parser#656</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/655">expressjs/body-parser#655</a></li>
<li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/654">expressjs/body-parser#654</a></li>
<li>ci: also test on first supported node.js version by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/646">expressjs/body-parser#646</a></li>
<li>chore: switch badges from badgen.net to shields.io by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/661">expressjs/body-parser#661</a></li>
<li>Remove history.md from being packaged on publish by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/660">expressjs/body-parser#660</a></li>
<li>Release: 2.2.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/659">expressjs/body-parser#659</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's
changelog</a>.</em></p>
<blockquote>
<h1>2.2.1 / 2025-11-24</h1>
<ul>
<li>Security fix for <a
href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a></li>
<li>deps:
<ul>
<li>type-is@^2.0.1</li>
<li>iconv-lite@^0.7.0
<ul>
<li>Handle split surrogate pairs when encoding UTF-8</li>
<li>Avoid false positives in <code>encodingExists</code> by using
prototype-less objects</li>
</ul>
</li>
<li>raw-body@^3.0.1</li>
<li>debug@^4.4.3</li>
</ul>
</li>
</ul>
<h1>2.2.0 / 2025-03-27</h1>
<ul>
<li>refactor: normalize common options for all parsers</li>
<li>deps:
<ul>
<li>iconv-lite@^0.6.3</li>
</ul>
</li>
</ul>
<h1>2.1.0 / 2025-02-10</h1>
<ul>
<li>deps:
<ul>
<li>type-is@^2.0.0</li>
<li>debug@^4.4.0</li>
<li>Removed destroy</li>
</ul>
</li>
<li>refactor: prefix built-in node module imports</li>
<li>use the node require cache instead of custom caching</li>
</ul>
<h1>2.0.2 / 2024-10-31</h1>
<ul>
<li>remove <code>unpipe</code> package and use native
<code>unpipe()</code> method</li>
</ul>
<h1>2.0.1 / 2024-09-10</h1>
<ul>
<li>Restore expected behavior <code>extended</code> to
<code>false</code></li>
</ul>
<h1>2.0.0 / 2024-09-10</h1>
<h2>Breaking Changes</h2>
<ul>
<li>Node.js 18 is the minimum supported version</li>
<li><code>req.body</code> is no longer always initialized to
<code>{}</code>
<ul>
<li>it is left <code>undefined</code> unless a body is parsed</li>
</ul>
</li>
<li>Remove deprecated <code>bodyParser()</code> combination
middleware</li>
<li><del><code>urlencoded</code> parser now defaults
<code>extended</code> to <code>false</code></del> as released, this is
not the case, fixed in 2.0.1</li>
<li><code>urlencoded</code> simple parser now uses <code>qs</code>
module instead of <code>querystring</code> module</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d96b63da8d"><code>d96b63d</code></a>
2.2.1 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/659">#659</a>)</li>
<li><a
href="b204886a67"><code>b204886</code></a>
sec: security patch for CVE-2025-13466</li>
<li><a
href="e20e3512e0"><code>e20e351</code></a>
feat: remove <code>history.md</code> from being packaged on publish (<a
href="https://redirect.github.com/expressjs/body-parser/issues/660">#660</a>)</li>
<li><a
href="0d7ce71c84"><code>0d7ce71</code></a>
docs: switch badges from badgen.net to shields.io (<a
href="https://redirect.github.com/expressjs/body-parser/issues/661">#661</a>)</li>
<li><a
href="168afff347"><code>168afff</code></a>
ci: also test on first supported node.js version (<a
href="https://redirect.github.com/expressjs/body-parser/issues/646">#646</a>)</li>
<li><a
href="e539a7121d"><code>e539a71</code></a>
build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/654">#654</a>)</li>
<li><a
href="939161277a"><code>9391612</code></a>
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/655">#655</a>)</li>
<li><a
href="57baafb3bb"><code>57baafb</code></a>
build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/656">#656</a>)</li>
<li><a
href="a6a088e088"><code>a6a088e</code></a>
build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/657">#657</a>)</li>
<li><a
href="10a114d55d"><code>10a114d</code></a>
test: add test for urlencoded invalid defaultCharset (<a
href="https://redirect.github.com/expressjs/body-parser/issues/643">#643</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/body-parser/compare/1.20.3...v2.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=body-parser&package-manager=npm_and_yarn&previous-version=1.20.3&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-02 09:55:11 +01:00
dependabot[bot]
21a8f1a467
build(deps): bump @angular/common from 19.2.14 to 19.2.16 (#6072)
Bumps
[@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common)
from 19.2.14 to 19.2.16.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/releases"><code>@​angular/common</code>'s
releases</a>.</em></p>
<blockquote>
<h2>19.2.16</h2>
<h3>http</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="05fe6686a9"><img
src="https://img.shields.io/badge/05fe6686a9-fix-green" alt="fix -
05fe6686a9" /></a></td>
<td>prevent XSRF token leakage to protocol-relative URLs</td>
</tr>
</tbody>
</table>
<h2>19.2.15</h2>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="70d0639bc1"><img
src="https://img.shields.io/badge/70d0639bc1-fix-green" alt="fix -
70d0639bc1" /></a></td>
<td>introduce <code>BootstrapContext</code> for improved server
bootstrapping (<a
href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/63639">#63639</a>)</td>
</tr>
</tbody>
</table>
<h2>Breaking Changes</h2>
<h3>core</h3>
<ul>
<li>
<p>The server-side bootstrapping process has been changed to eliminate
the reliance on a global platform injector.</p>
<p>Before:</p>
<pre lang="ts"><code>const bootstrap = () =&gt;
bootstrapApplication(AppComponent, config);
</code></pre>
<p>After:</p>
<pre lang="ts"><code>const bootstrap = (context: BootstrapContext) =&gt;
  bootstrapApplication(AppComponent, config, context);
</code></pre>
<p>A schematic is provided to automatically update
<code>main.server.ts</code> files to pass the
<code>BootstrapContext</code> to the <code>bootstrapApplication</code>
call.</p>
<p>In addition, <code>getPlatform()</code> and
<code>destroyPlatform()</code> will now return <code>null</code> and be
a no-op respectively when running in a server environment.</p>
</li>
</ul>
<p>For more information please see: <a
href="https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7">https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@​angular/common</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>19.2.16 (2025-11-26)</h1>
<h3>http</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="05fe6686a9">05fe6686a9</a></td>
<td>fix</td>
<td>prevent XSRF token leakage to protocol-relative URLs</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.1.0-next.0 (2025-11-25)</h1>
<h3>platform-browser</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="ec9dc94cee">ec9dc94cee</a></td>
<td>feat</td>
<td>add <code>context</code> to <code>createApplication</code></td>
</tr>
<tr>
<td><a
href="ab67988d2e">ab67988d2e</a></td>
<td>feat</td>
<td>resolve JIT resources in <code>createApplication</code></td>
</tr>
</tbody>
</table>
<h3>router</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="a03c82564d">a03c82564d</a></td>
<td>feat</td>
<td>Add scroll behavior controls on router navigation</td>
</tr>
<tr>
<td><a
href="c25d749d85">c25d749d85</a></td>
<td>feat</td>
<td>Execute RunGuardsAndResolvers function in injection context</td>
</tr>
<tr>
<td><a
href="c84d372778">c84d372778</a></td>
<td>feat</td>
<td>Support wildcard params with segments trailing (<a
href="https://redirect.github.com/angular/angular/pull/64737">#64737</a>)</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>20.3.14 (2025-11-25)</h1>
<h3>http</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="0276479e7d">0276479e7d</a></td>
<td>fix</td>
<td>prevent XSRF token leakage to protocol-relative URLs</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.0.1 (2025-11-25)</h1>
<h3>compiler-cli</h3>
<p>| Commit | Type | Description |</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="05fe6686a9"><code>05fe668</code></a>
fix(http): prevent XSRF token leakage to protocol-relative URLs</li>
<li>See full diff in <a
href="https://github.com/angular/angular/commits/19.2.16/packages/common">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/common&package-manager=npm_and_yarn&previous-version=19.2.14&new-version=19.2.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-02 09:45:53 +01:00
dependabot[bot]
d2637e4d3b
build(deps): bump validator from 13.12.0 to 13.15.20 (#6041)
Bumps [validator](https://github.com/validatorjs/validator.js) from
13.12.0 to 13.15.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/validatorjs/validator.js/releases">validator's
releases</a>.</em></p>
<blockquote>
<h2>13.15.20</h2>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a>
<code>isMobilePhone</code>: add <code>ar-QA</code> locale <a
href="https://github.com/WardKhaddour"><code>@​WardKhaddour</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a>
<code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales
(<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>,
<code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>,
<code>or-IN</code>) <a
href="https://github.com/avadootharajesh"><code>@​avadootharajesh</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a>
<code>isBase64</code>: improve padding regex <a
href="https://github.com/KrayzeeKev"><code>@​KrayzeeKev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a>
<code>isVAT</code>: improve <code>FR</code> locale <a
href="https://github.com/iamAmer"><code>@​iamAmer</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a>
<code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200
<a href="https://github.com/theofidry"><code>@​theofidry</code></a></li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a>
<a href="https://github.com/stoneLeaf"><code>@​stoneLeaf</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a>
<a
href="https://github.com/camillobruni"><code>@​camillobruni</code></a></li>
</ul>
</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/stoneLeaf"><code>@​stoneLeaf</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2563">validatorjs/validator.js#2563</a></li>
<li><a
href="https://github.com/WardKhaddour"><code>@​WardKhaddour</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2556">validatorjs/validator.js#2556</a></li>
<li><a
href="https://github.com/avadootharajesh"><code>@​avadootharajesh</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2576">validatorjs/validator.js#2576</a></li>
<li><a
href="https://github.com/KrayzeeKev"><code>@​KrayzeeKev</code></a> made
their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2574">validatorjs/validator.js#2574</a></li>
<li><a href="https://github.com/iamAmer"><code>@​iamAmer</code></a> made
their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2584">validatorjs/validator.js#2584</a></li>
<li><a
href="https://github.com/camillobruni"><code>@​camillobruni</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2581">validatorjs/validator.js#2581</a></li>
<li><a href="https://github.com/theofidry"><code>@​theofidry</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2608">validatorjs/validator.js#2608</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20">https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20</a></p>
<h2>13.15.15</h2>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><code>isMobilePhone</code>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a>
improve <code>el-CY</code> locale <a
href="https://github.com/rezk2ll"><code>@​rezk2ll</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a>
improve <code>pt-AO</code> locale <a
href="https://github.com/renaldodev"><code>@​renaldodev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a>
improve <code>ar-OM</code> locale <a
href="https://github.com/tomcastro"><code>@​tomcastro</code></a></li>
</ul>
</li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a>
<code>isIP</code>: allow usage of option object <a
href="https://github.com/pixelbucket-dev"><code>@​pixelbucket-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a>
<code>isPassportNumber</code>: improve <code>CA</code> locale <a
href="https://github.com/evanbechtol"><code>@​evanbechtol</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a>
<code>isBase64</code>: improve validation based on RFC4648 <a
href="https://github.com/aseyfpour"><code>@​aseyfpour</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a>
<code>isPostalCode</code>: improve <code>FR</code> locale <a
href="https://github.com/Rajput-Balram"><code>@​Rajput-Balram</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a>
<code>isBefore</code>: allow usage of option object <a
href="https://github.com/pixelbucket-dev"><code>@​pixelbucket-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a>
<code>isRgbColor</code>: allow second digit in rgba alpha value <a
href="https://github.com/controlol"><code>@​controlol</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a>
<code>isIP</code>: improve IPv6 regex <a
href="https://github.com/ShreySinha02"><code>@​ShreySinha02</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a>
<code>isPostalCode</code>: add <code>PK</code> locale <a
href="https://github.com/mateeni-dev"><code>@​mateeni-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a>
<code>isPostalCode</code>: improve <code>TW</code> locale <a
href="https://github.com/Crocsx"><code>@​Crocsx</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a>
<code>isPassportNumber</code>: improve <code>US</code> locale <a
href="https://github.com/yitzchak-schechter"><code>@​yitzchak-schechter</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a>
<code>isUUID</code>: add <code>loose</code> option <a
href="https://github.com/bc-m"><code>@​bc-m</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a>
<code>isPostalCode</code>: add <code>BD</code> locale <a
href="https://github.com/tanvirrb"><code>@​tanvirrb</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a>
<code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a
href="https://github.com/castrosu"><code>@​castrosu</code></a></li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a>
<a
href="https://github.com/EmersonRabelo"><code>@​EmersonRabelo</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a>
<a href="https://github.com/sgress454"><code>@​sgress454</code></a></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md">validator's
changelog</a>.</em></p>
<blockquote>
<h1>13.15.20</h1>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a>
<code>isMobilePhone</code>: add <code>ar-QA</code> locale <a
href="https://github.com/WardKhaddour"><code>@​WardKhaddour</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a>
<code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales
(<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>,
<code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>,
<code>or-IN</code>) <a
href="https://github.com/avadootharajesh"><code>@​avadootharajesh</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a>
<code>isBase64</code>: improve padding regex <a
href="https://github.com/KrayzeeKev"><code>@​KrayzeeKev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a>
<code>isVAT</code>: improve <code>FR</code> locale <a
href="https://github.com/iamAmer"><code>@​iamAmer</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a>
<code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200
<a href="https://github.com/theofidry"><code>@​theofidry</code></a></li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a>
<a href="https://github.com/stoneLeaf"><code>@​stoneLeaf</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a>
<a
href="https://github.com/camillobruni"><code>@​camillobruni</code></a></li>
</ul>
</li>
</ul>
<h1>13.15.15</h1>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><code>isMobilePhone</code>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a>
improve <code>el-CY</code> locale <a
href="https://github.com/rezk2ll"><code>@​rezk2ll</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a>
improve <code>pt-AO</code> locale <a
href="https://github.com/renaldodev"><code>@​renaldodev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a>
improve <code>ar-OM</code> locale <a
href="https://github.com/tomcastro"><code>@​tomcastro</code></a></li>
</ul>
</li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a>
<code>isIP</code>: allow usage of option object <a
href="https://github.com/pixelbucket-dev"><code>@​pixelbucket-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a>
<code>isPassportNumber</code>: improve <code>CA</code> locale <a
href="https://github.com/evanbechtol"><code>@​evanbechtol</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a>
<code>isBase64</code>: improve validation based on RFC4648 <a
href="https://github.com/aseyfpour"><code>@​aseyfpour</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a>
<code>isPostalCode</code>: improve <code>FR</code> locale <a
href="https://github.com/Rajput-Balram"><code>@​Rajput-Balram</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a>
<code>isBefore</code>: allow usage of option object <a
href="https://github.com/pixelbucket-dev"><code>@​pixelbucket-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a>
<code>isRgbColor</code>: allow second digit in rgba alpha value <a
href="https://github.com/controlol"><code>@​controlol</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a>
<code>isIP</code>: improve IPv6 regex <a
href="https://github.com/ShreySinha02"><code>@​ShreySinha02</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a>
<code>isPostalCode</code>: add <code>PK</code> locale <a
href="https://github.com/mateeni-dev"><code>@​mateeni-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a>
<code>isPostalCode</code>: improve <code>TW</code> locale <a
href="https://github.com/Crocsx"><code>@​Crocsx</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a>
<code>isPassportNumber</code>: improve <code>US</code> locale <a
href="https://github.com/yitzchak-schechter"><code>@​yitzchak-schechter</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a>
<code>isUUID</code>: add <code>loose</code> option <a
href="https://github.com/bc-m"><code>@​bc-m</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a>
<code>isPostalCode</code>: add <code>BD</code> locale <a
href="https://github.com/tanvirrb"><code>@​tanvirrb</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a>
<code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a
href="https://github.com/castrosu"><code>@​castrosu</code></a></li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a>
<a
href="https://github.com/EmersonRabelo"><code>@​EmersonRabelo</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a>
<a href="https://github.com/sgress454"><code>@​sgress454</code></a></li>
</ul>
</li>
</ul>
<h1>13.15.0</h1>
<h3>New Features / Validators</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2399">#2399</a>
<code>isISO31661Numeric</code> <a
href="https://github.com/RobinvanderVliet"><code>@​RobinvanderVliet</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2294">#2294</a>
<code>isULID</code> <a
href="https://github.com/arafatkn"><code>@​arafatkn</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2215">#2215</a>
<code>isISO15924</code> <a
href="https://github.com/xDivisionByZerox"><code>@​xDivisionByZerox</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="30d4fe02c1"><code>30d4fe0</code></a>
13.15.20</li>
<li><a
href="cbef5088f0"><code>cbef508</code></a>
fix(isURL): improve protocol detection. Resolves CVE-2025-56200 (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2608">#2608</a>)</li>
<li><a
href="6f436be369"><code>6f436be</code></a>
Fix typo in validators.test.js (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2581">#2581</a>)</li>
<li><a
href="3c857088d5"><code>3c85708</code></a>
Fix: correct French VAT (FR) validation regex and add tests (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2584">#2584</a>)</li>
<li><a
href="eee525cd11"><code>eee525c</code></a>
<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2491">#2491</a>
<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2573">#2573</a>
Simplify isBase64 to prevent stack overflow (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2574">#2574</a>)</li>
<li><a
href="abcc8ecb85"><code>abcc8ec</code></a>
feat(isAlpha, isAlphanumeric): add support for Indic locales (ta-IN,
te-IN, k...</li>
<li><a
href="72573b3d1d"><code>72573b3</code></a>
Add Qatar phone number validation (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2556">#2556</a>)</li>
<li><a
href="243f6c5fe4"><code>243f6c5</code></a>
docs(isMACAddress): improve ambiguous option description (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2563">#2563</a>)</li>
<li><a
href="3847c6f901"><code>3847c6f</code></a>
maintenance: 2505 release (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2560">#2560</a>)</li>
<li><a
href="9e503840d7"><code>9e50384</code></a>
feat(isLicensePlate): Updated isLicensePlate to accept real pt-PT
license pla...</li>
<li>Additional commits viewable in <a
href="https://github.com/validatorjs/validator.js/compare/13.12.0...13.15.20">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validator&package-manager=npm_and_yarn&previous-version=13.12.0&new-version=13.15.20)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-02 09:33:32 +01:00
Mikael Finstad
cc3ff31d59
move golden retriever clear files logic (#6076)
into #restore instead.
we currently clear files when state transitions to all files complete,
however there's an issue with that where if progress events come in
after all files are marked as completed, it will overwrite the
metadataStore, meaning the files that have been cleared will be re-added
after they were cleared. this causes files to be restored (when e.g.
refreshing the browser) when they should not (because they have already
completed). i managed to reproduce this with the google drive picker
plugin (but not with google drive non-picker)

**Tip for review:** hide whitespace changes
2025-12-02 11:29:48 +07:00
Mikael Finstad
e6613488fc
allow selecting folders (#6074)
for google drive #5532

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-02 10:34:03 +07:00
Prakash
4817585b66
@uppy/companion: fix broken icons for webdav provider (#6069)
This fixes #6063.

It should be merged after #6059. Icon issue was fixed but This still
doesn’t fix the thumbnail preview issue, because OwnCloud and Nextcloud
don’t provide enough information about their thumbnail preview
endpoints. The docs aren’t very helpful: they mention how to make a
`PROPFIND` request to get extra metadata (such as has_preview)
[doc_ref](https://docs.nextcloud.com/server/stable/developer_manual/client_apis/WebDAV/basic.html#requesting-properties),
but I couldn’t get it to work with our webdav client.

Even if we did manage to obtain the thumbnail preview URL, it would be a
complicated capability to add, since we’d have to handle each WebDAV
server separately. That would lead to the same problems discussed here:
https://github.com/transloadit/uppy/pull/6059#issuecomment-3564642795 ,
so I don't think we need to spend anymore time on this.

**Before** 
<img width="1238" height="1014" alt="image"
src="https://github.com/user-attachments/assets/378c8b4b-640f-4e5d-9fef-48d255f729f9"
/>


**After** 
<img width="982" height="708" alt="image"
src="https://github.com/user-attachments/assets/7e20b119-c5a9-45dd-a0bd-7ddf95672137"
/>
2025-11-29 01:25:12 +05:30