Commit graph

10547 commits

Author SHA1 Message Date
Prakash
fe229e4f50
update @examples/aws-companion (#6168)
minor config changes
2026-02-04 18:43:37 +05:30
Murderlon
9ed49719f7
fix import in upload-to-cdn.js 2026-02-03 11:30:23 +01:00
github-actions[bot]
9d87b9eab1
[ci] release (#6166)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/components@1.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- 37f69d0: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [37f69d0]
    -   @uppy/image-editor@4.2.0

## @uppy/image-editor@4.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

## @uppy/react@5.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
    -   @uppy/components@1.2.0

## @uppy/svelte@5.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
    -   @uppy/components@1.2.0

## @uppy/transloadit@5.5.0

### Minor Changes

- 37f69d0: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.

### Patch Changes

-   Updated dependencies [37f69d0]
    -   @uppy/tus@5.1.1

## @uppy/vue@3.2.0

### Minor Changes

- 37f69d0: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- 37f69d0: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
    -   @uppy/components@1.2.0

## @uppy/locales@5.1.1

### Patch Changes

-   37f69d0: Update cs_CZ dropPaste keys to use the correct variables.

## @uppy/tus@5.1.1

### Patch Changes

- 37f69d0: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.

## uppy@5.2.3

### Patch Changes

-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
-   Updated dependencies [37f69d0]
    -   @uppy/locales@5.1.1
    -   @uppy/tus@5.1.1
    -   @uppy/transloadit@5.5.0
    -   @uppy/image-editor@4.2.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-03 11:08:41 +01:00
Murderlon
c979a9d82b
@uppy/components: do not use symlink
Breaks changeset releases
2026-02-03 10:51:40 +01:00
Murderlon
37f69d088d
Revert "[ci] release (#6162)"
This reverts commit 671e6b26f4.
2026-02-03 10:51:07 +01:00
github-actions[bot]
671e6b26f4
[ci] release (#6162)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/components@1.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- c0a8776: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [c0a8776]
    -   @uppy/image-editor@4.2.0

## @uppy/image-editor@4.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

## @uppy/react@5.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
    -   @uppy/components@1.2.0

## @uppy/svelte@5.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
    -   @uppy/components@1.2.0

## @uppy/transloadit@5.5.0

### Minor Changes

- c0a8776: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.

### Patch Changes

-   Updated dependencies [c0a8776]
    -   @uppy/tus@5.1.1

## @uppy/vue@3.2.0

### Minor Changes

- c0a8776: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- c0a8776: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
    -   @uppy/components@1.2.0

## @uppy/locales@5.1.1

### Patch Changes

-   c0a8776: Update cs_CZ dropPaste keys to use the correct variables.

## @uppy/tus@5.1.1

### Patch Changes

- c0a8776: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.

## uppy@5.2.3

### Patch Changes

-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
-   Updated dependencies [c0a8776]
    -   @uppy/locales@5.1.1
    -   @uppy/tus@5.1.1
    -   @uppy/transloadit@5.5.0
    -   @uppy/image-editor@4.2.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-02-03 10:15:43 +01:00
Murderlon
8c1551322a
fixup! fixup! fixup! Update permissions for release.yml 2026-02-03 10:11:38 +01:00
Murderlon
89fbbc7224
fixup! fixup! Update permissions for release.yml 2026-02-02 15:34:02 +01:00
Murderlon
5f92af4677
fixup! Update permissions for release.yml 2026-02-02 15:14:44 +01:00
Murderlon
203e943cb1
Update permissions for release.yml 2026-02-02 15:13:55 +01:00
dependabot[bot]
24632aea47
build(deps-dev): bump tar from 7.5.5 to 7.5.7 (#6158)
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.5 to 7.5.7.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4a37eb9a1c"><code>4a37eb9</code></a>
7.5.7</li>
<li><a
href="f4a7aa9bc3"><code>f4a7aa9</code></a>
fix: properly sanitize hard links containing ..</li>
<li><a
href="394ece6ad8"><code>394ece6</code></a>
7.5.6</li>
<li><a
href="7d4cc17c76"><code>7d4cc17</code></a>
fix race puting a Link ahead of its target File</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.5.5...v7.5.7">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for tar
since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tar&package-manager=npm_and_yarn&previous-version=7.5.5&new-version=7.5.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 22:12:55 +08:00
dependabot[bot]
7c1074dbf6
build(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#6163)
Bumps [docker/login-action](https://github.com/docker/login-action) from
3.6.0 to 3.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.7.0</h2>
<ul>
<li>Add <code>scope</code> input to set scopes for the authentication
token by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/912">docker/login-action#912</a></li>
<li>Add support for AWS European Sovereign Cloud ECR by <a
href="https://github.com/dphi"><code>@​dphi</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/914">docker/login-action#914</a></li>
<li>Ensure passwords are redacted with <code>registry-auth</code> input
by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a>
in <a
href="https://redirect.github.com/docker/login-action/pull/911">docker/login-action#911</a></li>
<li>build(deps): bump lodash from 4.17.21 to 4.17.23 in <a
href="https://redirect.github.com/docker/login-action/pull/915">docker/login-action#915</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v3.6.0...v3.7.0">https://github.com/docker/login-action/compare/v3.6.0...v3.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c94ce9fb46"><code>c94ce9f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/915">#915</a>
from docker/dependabot/npm_and_yarn/lodash-4.17.23</li>
<li><a
href="8339c958ce"><code>8339c95</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/912">#912</a>
from docker/scope</li>
<li><a
href="c83e9320c8"><code>c83e932</code></a>
build(deps): bump lodash from 4.17.21 to 4.17.23</li>
<li><a
href="b268aa57e3"><code>b268aa5</code></a>
chore: update generated content</li>
<li><a
href="a603229278"><code>a603229</code></a>
documentation for scope input</li>
<li><a
href="7567f92a74"><code>7567f92</code></a>
Add scope input to set scopes for the authentication token</li>
<li><a
href="0567fa5ae8"><code>0567fa5</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/914">#914</a>
from dphi/add-support-for-amazonaws.eu</li>
<li><a
href="f6ef577545"><code>f6ef577</code></a>
feat: add support for AWS European Sovereign Cloud ECR registries</li>
<li><a
href="916386b000"><code>916386b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/911">#911</a>
from crazy-max/ensure-redact</li>
<li><a
href="5b3f94a294"><code>5b3f94a</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="5e57cd1181...c94ce9fb46">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/login-action&package-manager=github_actions&previous-version=3.6.0&new-version=3.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-02-02 22:05:54 +08:00
Murderlon
c0a8776484
Revert "[ci] release (#6153)"
This reverts commit 0ee8fef148.
2026-01-29 17:32:56 +01:00
github-actions[bot]
0ee8fef148
[ci] release (#6153)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/components@1.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- 680052b: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [850c1cb]
    -   @uppy/image-editor@4.2.0

## @uppy/image-editor@4.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

## @uppy/react@5.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [680052b]
-   Updated dependencies [850c1cb]
    -   @uppy/components@1.2.0

## @uppy/svelte@5.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

-   Updated dependencies [680052b]
-   Updated dependencies [850c1cb]
    -   @uppy/components@1.2.0

## @uppy/transloadit@5.5.0

### Minor Changes

- 680052b: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.

### Patch Changes

-   Updated dependencies [680052b]
    -   @uppy/tus@5.1.1

## @uppy/vue@3.2.0

### Minor Changes

- 850c1cb: Introduce `useImageEditor` to build your own UI for using our
image editor in React, Vue, and Svelte.

### Patch Changes

- 680052b: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [680052b]
-   Updated dependencies [850c1cb]
    -   @uppy/components@1.2.0

## @uppy/locales@5.1.1

### Patch Changes

-   680052b: Update cs_CZ dropPaste keys to use the correct variables.

## @uppy/tus@5.1.1

### Patch Changes

- 680052b: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.

## uppy@5.2.3

### Patch Changes

-   Updated dependencies [680052b]
-   Updated dependencies [680052b]
-   Updated dependencies [680052b]
-   Updated dependencies [850c1cb]
    -   @uppy/locales@5.1.1
    -   @uppy/tus@5.1.1
    -   @uppy/transloadit@5.5.0
    -   @uppy/image-editor@4.2.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-29 17:28:33 +01:00
Merlijn Vos
850c1cb1c5
Add useImageEditor (#6122)
- Create image editor abstraction in `@uppy/components`
- Refactor `Editor` (Preact) and `ImageEditor` (Uppy plugin) to put all
methods in the Uppy plugin class so they can be reused by the headless
abstraction
- Create framework hooks for React, Vue, Svelte
- Update all examples to showcase the new hook
- Symlink the `cropper.scss` (just regular CSS) from
`@uppy/image-editor` into `@uppy/components`, update `build:css` in all
framework packages to copy that file too into their own `dist/` output.
- cropper-js needs basic CSS to do the rotations and stuff which would
be very tedious to write yourself so we ship that CSS file to consumers
too so they can just import it.
- Fix memory leak where we created the image on each render inside the
original Preact plugin UI

```ts
import type { UppyFile } from '@uppy/core'
import { useImageEditor } from '@uppy/react'

interface ImageEditorProps {
  file: UppyFile<any, any>
  close: () => void
}

export function ImageEditor({ file, close }: ImageEditorProps) {
  const {
    state,
    getImageProps,
    getSaveButtonProps,
    getCancelButtonProps,
    getRotateButtonProps,
    getFlipHorizontalButtonProps,
    getZoomButtonProps,
    getCropSquareButtonProps,
    getCropLandscapeButtonProps,
    getCropPortraitButtonProps,
    getResetButtonProps,
    getRotationSliderProps,
  } = useImageEditor({ file })

  return (
    <div className="p-4 max-w-2xl w-full">
      <div className="flex justify-between items-center mb-4">
        <h2 className="text-xl font-bold">Edit Image</h2>
        <button
          type="button"
          onClick={close}
          className="text-gray-500 hover:text-gray-700"
        >
          ✕
        </button>
      </div>

      <div className="mb-4">
        {/* biome-ignore lint/a11y/useAltText: alt is provided by getImageProps() */}
        <img
          className="w-full max-h-[400px] rounded-lg border-2"
          {...getImageProps()}
        />
      </div>

      <div className="mb-4">
        <label className="block text-sm font-medium mb-2">
          Fine Rotation: {state.angle}°
          <input className="w-full mt-1" {...getRotationSliderProps()} />
        </label>
      </div>

      <div className="flex gap-2 flex-wrap mb-4">
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getRotateButtonProps(-90)}
        >
          ↶ -90°
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getRotateButtonProps(90)}
        >
          ↷ +90°
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getFlipHorizontalButtonProps()}
        >
          ⇆ Flip
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getZoomButtonProps(0.1)}
        >
          + Zoom
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getZoomButtonProps(-0.1)}
        >
          - Zoom
        </button>
      </div>

      <div className="flex gap-2 flex-wrap mb-4">
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getCropSquareButtonProps()}
        >
          1:1
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getCropLandscapeButtonProps()}
        >
          16:9
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getCropPortraitButtonProps()}
        >
          9:16
        </button>
        <button
          className="bg-gray-200 px-3 py-1 rounded disabled:opacity-50"
          {...getResetButtonProps()}
        >
          Reset
        </button>
      </div>

      <div className="flex gap-4 justify-end">
        <button
          className="bg-gray-500 text-white px-4 py-2 rounded-md"
          {...getCancelButtonProps({ onClick: close })}
        >
          Cancel
        </button>
        <button
          className="bg-green-500 text-white px-4 py-2 rounded-md disabled:opacity-50 disabled:bg-green-300"
          {...getSaveButtonProps({ onClick: close })}
        >
          Save
        </button>
      </div>
    </div>
  )
}

export default ImageEditor

```


https://github.com/user-attachments/assets/4b0a99cc-8489-41a2-aa3b-ce88110025bf

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
2026-01-29 11:13:12 +01:00
dependabot[bot]
09bf6857a1
build(deps): bump lodash from 4.17.21 to 4.17.23 (#6152)
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to
4.17.23.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dec55b7a3b"><code>dec55b7</code></a>
Bump main to v4.17.23 (<a
href="https://redirect.github.com/lodash/lodash/issues/6088">#6088</a>)</li>
<li><a
href="19c9251b36"><code>19c9251</code></a>
fix: setCacheHas JSDoc return type should be boolean (<a
href="https://redirect.github.com/lodash/lodash/issues/6071">#6071</a>)</li>
<li><a
href="b5e672995a"><code>b5e6729</code></a>
jsdoc: Add -0 and BigInt zeros to _.compact falsey values list (<a
href="https://redirect.github.com/lodash/lodash/issues/6062">#6062</a>)</li>
<li><a
href="edadd45214"><code>edadd45</code></a>
Prevent prototype pollution on baseUnset function</li>
<li><a
href="4879a7a7d0"><code>4879a7a</code></a>
doc: fix autoLink function, conversion of source links (<a
href="https://redirect.github.com/lodash/lodash/issues/6056">#6056</a>)</li>
<li><a
href="9648f692b0"><code>9648f69</code></a>
chore: remove <code>yarn.lock</code> file (<a
href="https://redirect.github.com/lodash/lodash/issues/6053">#6053</a>)</li>
<li><a
href="dfa407db0b"><code>dfa407d</code></a>
ci: remove legacy configuration files (<a
href="https://redirect.github.com/lodash/lodash/issues/6052">#6052</a>)</li>
<li><a
href="156e1965ae"><code>156e196</code></a>
feat: add renovate setup (<a
href="https://redirect.github.com/lodash/lodash/issues/6039">#6039</a>)</li>
<li><a
href="933e1061b8"><code>933e106</code></a>
ci: add pipeline for Bun (<a
href="https://redirect.github.com/lodash/lodash/issues/6023">#6023</a>)</li>
<li><a
href="072a807ff7"><code>072a807</code></a>
docs: update links related to Open JS Foundation (<a
href="https://redirect.github.com/lodash/lodash/issues/5968">#5968</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/lodash/lodash/compare/4.17.21...4.17.23">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lodash&package-manager=npm_and_yarn&previous-version=4.17.21&new-version=4.17.23)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-26 15:01:18 +01:00
Murderlon
680052b3ce
Revert "[ci] release (#6144)"
This reverts commit e290a176e7.
2026-01-23 12:52:09 +01:00
github-actions[bot]
e290a176e7
[ci] release (#6144)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/transloadit@5.5.0

### Minor Changes

- efda84c: Migrate from 'transloadit' to '@transloadit/types' to get the
types. No need to drag in the entire SDK.

### Patch Changes

-   Updated dependencies [54a46db]
    -   @uppy/tus@5.1.1

## @uppy/components@1.1.1

### Patch Changes

- fa23832: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)

## @uppy/locales@5.1.1

### Patch Changes

-   642c75d: Update cs_CZ dropPaste keys to use the correct variables.

## @uppy/tus@5.1.1

### Patch Changes

- 54a46db: Fix Node.js support by conditionally setting a property which
does not exist in Node.js instead of crashing.

## @uppy/vue@3.1.1

### Patch Changes

- fa23832: - Fix Vue components to work with kebab-case props
(`:edit-file` instead of `:editFile`)
-   Updated dependencies [fa23832]
    -   @uppy/components@1.1.1

## uppy@5.2.3

### Patch Changes

-   Updated dependencies [642c75d]
-   Updated dependencies [54a46db]
-   Updated dependencies [efda84c]
    -   @uppy/locales@5.1.1
    -   @uppy/tus@5.1.1
    -   @uppy/transloadit@5.5.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-21 10:27:20 +01:00
dependabot[bot]
877b2f8607
build(deps-dev): bump tar from 7.5.3 to 7.5.4 (#6149)
Bumps [tar](https://github.com/isaacs/node-tar) from 7.5.3 to 7.5.4.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="911c886bb1"><code>911c886</code></a>
7.5.4</li>
<li><a
href="3b1abfae65"><code>3b1abfa</code></a>
normalize out unicode ligatures</li>
<li><a
href="a43478c5c5"><code>a43478c</code></a>
remove some unused files</li>
<li><a
href="970c58f6d3"><code>970c58f</code></a>
update deps</li>
<li><a
href="bb21974894"><code>bb21974</code></a>
update changelog</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.5.3...v7.5.4">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~isaacs">isaacs</a>, a new releaser for tar
since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tar&package-manager=npm_and_yarn&previous-version=7.5.3&new-version=7.5.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-21 10:21:13 +01:00
Merlijn Vos
54a46db340
@uppy/tus: fix Node.js support (#6145)
Fixes #6119
2026-01-19 11:29:28 +01:00
Merlijn Vos
efda84cc23
@uppy/transloadit: use lighter types package (#6147)
We don't need to drag in the entire SDK just for types.
2026-01-19 11:18:43 +01:00
Merlijn Vos
fa23832f6a
@uppy/vue: support kebab-case props in generated components (#6125)
## Summary

- Fix Vue components to work with kebab-case props (`:edit-file` instead
of `:editFile`)
- Update `migrate.mjs` to parse prop names from TypeScript source files
and generate explicit `props` arrays

## Problem

The generated Vue components didn't work correctly with Vue's standard
kebab-case prop convention:

```vue
<!-- This didn't work -->
<FilesList :edit-file="handleEdit" />

<!-- Only this worked (non-standard) -->
<FilesList :editFile="handleEdit" />
```

## Root Cause

The original Vue template used `attrs` to pass props to Preact:

```ts
setup(props, { attrs }) {
  preactRender(preactH(PreactComponent, {
    ...(attrs as Props),  // attrs preserves kebab-case!
    ctx,
  }), container)
}
```

When using `:edit-file` in a Vue template, Vue passes
`attrs['edit-file']` (kebab-case preserved), but Preact expects
`editFile` (camelCase).

## Solution

Generate Vue components with explicit `props` declarations:

```ts
defineComponent({
  props: ['editFile', 'columns', 'imageThumbnail'],
  setup(props) {
    preactRender(preactH(PreactComponent, {
      ...props,  // Vue already converted kebab → camelCase
      ctx,
    }), container)
  }
})
```

When Vue components declare their props, Vue automatically converts
kebab-case template usage to camelCase in the `props` object. This is
standard Vue behavior.

## Why Simpler Alternatives Don't Work

### "Just use `props` instead of `attrs`"

Without a `props` declaration, Vue doesn't know which attributes are
props. The `props` object will be empty and everything goes to `attrs`:

```ts
// Without props declaration
defineComponent({
  setup(props, { attrs }) {
    // props = {}  (empty!)
    // attrs = { 'edit-file': fn }  (kebab-case preserved)
  }
})
```

### "Accept all props dynamically"

Vue doesn't have a "accept all props and convert casing" option. You
must explicitly declare which props you expect for Vue to handle the
conversion.

### "Just document to use camelCase"

This works but violates Vue conventions. Every Vue developer expects
`:edit-file` to work.

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Prakash <qxprakash@gmail.com>
2026-01-19 09:59:42 +01:00
Merlijn Vos
8912bafaf4
Do not trigger Companion edge deploy on yarn.lock (#6134)
This triggers way too often, which is not needed. Especially pushing to
DockerHub is very unnecessary whenever `yarn.lock` changes.
2026-01-19 11:20:27 +08:00
dependabot[bot]
ce39081512
build(deps-dev): bump tar from 6.2.1 to 7.5.3 (#6146)
Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.1 to 7.5.3.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>7.5</h2>
<ul>
<li>Added <code>zstd</code> compression support.</li>
</ul>
<h2>7.4</h2>
<ul>
<li>Deprecate <code>onentry</code> in favor of <code>onReadEntry</code>
for clarity.</li>
</ul>
<h2>7.3</h2>
<ul>
<li>Add <code>onWriteEntry</code> option</li>
</ul>
<h2>7.2</h2>
<ul>
<li>DRY the command definitions into a single <code>makeCommand</code>
method,
and update the type signatures to more appropriately infer the
return type from the options and arguments provided.</li>
</ul>
<h2>7.1</h2>
<ul>
<li>Update minipass to v7.1.0</li>
<li>Update the type definitions of <code>write()</code> and
<code>end()</code> methods on
<code>Unpack</code> and <code>Parser</code> classes to be compatible
with the
NodeJS.WritableStream type in the latest versions of
<code>@types/node</code>.</li>
</ul>
<h2>7.0</h2>
<ul>
<li>Drop support for node &lt;18</li>
<li>Rewrite in TypeScript, provide ESM and CommonJS hybrid
interface</li>
<li>Add tree-shake friendly exports, like
<code>import('tar/create')</code>
and <code>import('tar/read-entry')</code> to get individual functions or
classes.</li>
<li>Add <code>chmod</code> option that defaults to false, and deprecate
<code>noChmod</code>. That is, reverse the default option regarding
explicitly setting file system modes to match tar entry
settings.</li>
<li>Add <code>processUmask</code> option to avoid having to call
<code>process.umask()</code> when <code>chmod: true</code> (or
<code>noChmod: false</code>) is
set.</li>
</ul>
<h2>6.2</h2>
<ul>
<li>Add support for brotli compression</li>
<li>Add <code>maxDepth</code> option to prevent extraction into
excessively
deep folders.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="03138441b2"><code>0313844</code></a>
7.5.3</li>
<li><a
href="340eb285b6"><code>340eb28</code></a>
fix: sanitize absolute linkpaths properly</li>
<li><a
href="8bb83f7e51"><code>8bb83f7</code></a>
update deps</li>
<li><a
href="1c4aedd28a"><code>1c4aedd</code></a>
Fix typo in onWriteEntry documentation</li>
<li><a
href="d9ea73a9b3"><code>d9ea73a</code></a>
7.5.2</li>
<li><a
href="5e1a8e6386"><code>5e1a8e6</code></a>
Fix sync tar.list when file size reduces while reading</li>
<li><a
href="0fbeaeddf5"><code>0fbeaed</code></a>
formatting</li>
<li><a
href="2dbacfe339"><code>2dbacfe</code></a>
add types for make-tar util</li>
<li><a
href="c5865d3120"><code>c5865d3</code></a>
remove unused taprc file</li>
<li><a
href="bdb38096af"><code>bdb3809</code></a>
header: only read from ustar block if not specified in Pax</li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/node-tar/compare/v6.2.1...v7.5.3">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tar&package-manager=npm_and_yarn&previous-version=6.2.1&new-version=7.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-17 14:41:06 +01:00
dependabot[bot]
39f360b93b
build(deps): bump actions/download-artifact from 4 to 7 (#6107)
Bumps
[actions/download-artifact](https://github.com/actions/download-artifact)
from 4 to 7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>v7 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v6 had preliminary
support for Node 24, however this action was by default still running on
Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li>
<li>Download Artifact Node24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li>
<li>fix: update <code>@​actions/artifact</code> to fix Node.js 24
punycode deprecation by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li>
<li>prepare release v7.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0">https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0</a></p>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<p><strong>BREAKING CHANGE:</strong> this update supports Node
<code>v24.x</code>. This is not a breaking change per-se but we're
treating it as such.</p>
<ul>
<li>Update README for download-artifact v5 changes by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/417">actions/download-artifact#417</a></li>
<li>Update README with artifact extraction details by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/424">actions/download-artifact#424</a></li>
<li>Readme: spell out the first use of GHES by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/431">actions/download-artifact#431</a></li>
<li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li>
<li>Prepare <code>v6.0.0</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/download-artifact/pull/438">actions/download-artifact#438</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/431">actions/download-artifact#431</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v5...v6.0.0">https://github.com/actions/download-artifact/compare/v5...v6.0.0</a></p>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/407">actions/download-artifact#407</a></li>
<li>BREAKING fix: inconsistent path behavior for single artifact
downloads by ID by <a
href="https://github.com/GrantBirki"><code>@​GrantBirki</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/416">actions/download-artifact#416</a></li>
</ul>
<h2>v5.0.0</h2>
<h3>🚨 Breaking Change</h3>
<p>This release fixes an inconsistency in path behavior for single
artifact downloads by ID. <strong>If you're downloading single artifacts
by ID, the output path may change.</strong></p>
<h4>What Changed</h4>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="37930b1c2a"><code>37930b1</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/452">#452</a>
from actions/download-artifact-v7-release</li>
<li><a
href="72582b9e0a"><code>72582b9</code></a>
doc: update readme</li>
<li><a
href="0d2ec9d4cb"><code>0d2ec9d</code></a>
chore: release v7.0.0 for Node.js 24 support</li>
<li><a
href="fd7ae8fda6"><code>fd7ae8f</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/451">#451</a>
from actions/fix-storage-blob</li>
<li><a
href="d484700543"><code>d484700</code></a>
chore: restore minimatch.dep.yml license file</li>
<li><a
href="03a808050e"><code>03a8080</code></a>
chore: remove obsolete dependency license files</li>
<li><a
href="56fe6d904b"><code>56fe6d9</code></a>
chore: update <code>@​actions/artifact</code> license file to 5.0.1</li>
<li><a
href="8e3ebc4ab4"><code>8e3ebc4</code></a>
chore: update package-lock.json with <code>@​actions/artifact</code><a
href="https://github.com/5"><code>@​5</code></a>.0.1</li>
<li><a
href="1e3c4b4d49"><code>1e3c4b4</code></a>
fix: update <code>@​actions/artifact</code> to ^5.0.0 for Node.js 24
punycode fix</li>
<li><a
href="458627d354"><code>458627d</code></a>
chore: use local <code>@​actions/artifact</code> package for Node.js 24
testing</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/v4...v7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/download-artifact&package-manager=github_actions&previous-version=4&new-version=7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
2026-01-16 11:30:02 +01:00
Viktor Mec
642c75dd0e
Update the cs dropPaste translation keys to match en locale (#6135)
This fixes an issue where selecting folders was not possible in the
`Dashboard` component in the Czech locale.
2026-01-16 10:53:26 +01:00
dependabot[bot]
b3d9ef5cce
build(deps-dev): bump @sveltejs/kit from 2.20.7 to 2.49.5 (#6143)
Bumps
[@sveltejs/kit](https://github.com/sveltejs/kit/tree/HEAD/packages/kit)
from 2.20.7 to 2.49.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/kit/releases"><code>@​sveltejs/kit</code>'s
releases</a>.</em></p>
<blockquote>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.5</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: avoid overriding Vite default <code>base</code> when running
Vitest 4 (<a
href="https://redirect.github.com/sveltejs/kit/pull/14866">#14866</a>)</p>
</li>
<li>
<p>fix: ensure url decoded pathnames are not mistaken as rerouted
requests (<a
href="d9ae9b00b1"><code>d9ae9b0</code></a>)</p>
</li>
<li>
<p>fix: add length checks to remote forms (<a
href="8ed8155215"><code>8ed8155</code></a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: support instrumentation for <code>vite preview</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15105">#15105</a>)</p>
</li>
<li>
<p>fix: support for <code>URLSearchParams.has(name, value)</code>
overload (<a
href="https://redirect.github.com/sveltejs/kit/pull/15076">#15076</a>)</p>
</li>
<li>
<p>fix: put forking behind <code>experimental.forkPreloads</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15135">#15135</a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: avoid false-positive Vite config overridden warning when using
Vitest 4 (<a
href="https://redirect.github.com/sveltejs/kit/pull/15121">#15121</a>)</p>
</li>
<li>
<p>fix: add <code>typescript</code> as an optional peer dependency (<a
href="https://redirect.github.com/sveltejs/kit/pull/15074">#15074</a>)</p>
</li>
<li>
<p>fix: use hasOwn check when deep-setting object properties (<a
href="https://redirect.github.com/sveltejs/kit/pull/15127">#15127</a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: Stop re-loading already-loaded CSS during server-side route
resolution (<a
href="https://redirect.github.com/sveltejs/kit/pull/15014">#15014</a>)</p>
</li>
<li>
<p>fix: posixify the instrumentation file import on Windows (<a
href="https://redirect.github.com/sveltejs/kit/pull/14993">#14993</a>)</p>
</li>
<li>
<p>fix: Correctly handle shared memory when decoding binary form data
(<a
href="https://redirect.github.com/sveltejs/kit/pull/15028">#15028</a>)</p>
</li>
</ul>
<h2><code>@​sveltejs/kit</code><a
href="https://github.com/2"><code>@​2</code></a>.49.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>fix: suppress <code>state_referenced_locally</code> warnings in
<code>.svelte-kit/generated/root.svelte</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15013">#15013</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/kit/blob/main/packages/kit/CHANGELOG.md"><code>@​sveltejs/kit</code>'s
changelog</a>.</em></p>
<blockquote>
<h2>2.49.5</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: avoid overriding Vite default <code>base</code> when running
Vitest 4 (<a
href="https://redirect.github.com/sveltejs/kit/pull/14866">#14866</a>)</p>
</li>
<li>
<p>fix: ensure url decoded pathnames are not mistaken as rerouted
requests (<a
href="d9ae9b00b1"><code>d9ae9b0</code></a>)</p>
</li>
<li>
<p>fix: add length checks to remote forms (<a
href="8ed8155215"><code>8ed8155</code></a>)</p>
</li>
</ul>
<h2>2.49.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: support instrumentation for <code>vite preview</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15105">#15105</a>)</p>
</li>
<li>
<p>fix: support for <code>URLSearchParams.has(name, value)</code>
overload (<a
href="https://redirect.github.com/sveltejs/kit/pull/15076">#15076</a>)</p>
</li>
<li>
<p>fix: put forking behind <code>experimental.forkPreloads</code> (<a
href="https://redirect.github.com/sveltejs/kit/pull/15135">#15135</a>)</p>
</li>
</ul>
<h2>2.49.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: avoid false-positive Vite config overridden warning when using
Vitest 4 (<a
href="https://redirect.github.com/sveltejs/kit/pull/15121">#15121</a>)</p>
</li>
<li>
<p>fix: add <code>typescript</code> as an optional peer dependency (<a
href="https://redirect.github.com/sveltejs/kit/pull/15074">#15074</a>)</p>
</li>
<li>
<p>fix: use hasOwn check when deep-setting object properties (<a
href="https://redirect.github.com/sveltejs/kit/pull/15127">#15127</a>)</p>
</li>
</ul>
<h2>2.49.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p>fix: Stop re-loading already-loaded CSS during server-side route
resolution (<a
href="https://redirect.github.com/sveltejs/kit/pull/15014">#15014</a>)</p>
</li>
<li>
<p>fix: posixify the instrumentation file import on Windows (<a
href="https://redirect.github.com/sveltejs/kit/pull/14993">#14993</a>)</p>
</li>
<li>
<p>fix: Correctly handle shared memory when decoding binary form data
(<a
href="https://redirect.github.com/sveltejs/kit/pull/15028">#15028</a>)</p>
</li>
</ul>
<h2>2.49.1</h2>
<h3>Patch Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="80ffb53382"><code>80ffb53</code></a>
Version Packages (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15162">#15162</a>)</li>
<li><a
href="8ed8155215"><code>8ed8155</code></a>
Merge commit from fork</li>
<li><a
href="d9ae9b00b1"><code>d9ae9b0</code></a>
Merge commit from fork</li>
<li><a
href="ec4596a066"><code>ec4596a</code></a>
chore: Upgrade devalue (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15172">#15172</a>)</li>
<li><a
href="81cd545dd7"><code>81cd545</code></a>
fix: avoid overriding Vite default <code>base</code> when running Vitest
4 (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/14866">#14866</a>)</li>
<li><a
href="6cf9491ccd"><code>6cf9491</code></a>
chore: remove unused is_http_method helper and method set to (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15152">#15152</a>)</li>
<li><a
href="3305022433"><code>3305022</code></a>
Revert &quot;breaking: remove <code>buttonProps</code> from experimental
remote form function...</li>
<li><a
href="4f9870dd9d"><code>4f9870d</code></a>
breaking: remove <code>buttonProps</code> from experimental remote form
functions (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/14622">#14622</a>)</li>
<li><a
href="c8e4017c3c"><code>c8e4017</code></a>
Version Packages (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15129">#15129</a>)</li>
<li><a
href="50bf727f59"><code>50bf727</code></a>
chore: fix prettier ignoring source code in with build in the name (<a
href="https://github.com/sveltejs/kit/tree/HEAD/packages/kit/issues/15133">#15133</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sveltejs/kit/commits/@sveltejs/kit@2.49.5/packages/kit">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for <code>@​sveltejs/kit</code> since your
current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@sveltejs/kit&package-manager=npm_and_yarn&previous-version=2.20.7&new-version=2.49.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-16 10:46:30 +01:00
github-actions[bot]
695bb6ec07
[ci] release (#6120)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/dashboard@5.1.1

### Patch Changes

- 6975782: Remove event listener for `focus` and `click`, preventing a
memory leak.

## uppy@5.2.2

### Patch Changes

-   Updated dependencies [6975782]
    -   @uppy/dashboard@5.1.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-01-12 21:44:39 +01:00
Merlijn Vos
ca9214d67b
Upgrade yarn (#6133) 2026-01-12 11:39:20 +01:00
Merlijn Vos
e6e1466ac8
Fix useless security warnings (#6132)
We are not vulnerable but we keep getting warning about it so let's
updrade deps regardless
2026-01-12 11:16:15 +01:00
dependabot[bot]
3c159b1740
build(deps): bump @angular/compiler from 19.2.17 to 19.2.18 (#6128)
Bumps
[@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler)
from 19.2.17 to 19.2.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/releases"><code>@​angular/compiler</code>'s
releases</a>.</em></p>
<blockquote>
<h2>19.2.18</h2>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="26cdc53d9c"><img
src="https://img.shields.io/badge/26cdc53d9c-fix-green" alt="fix -
26cdc53d9c" /></a></td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@​angular/compiler</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>19.2.18 (2026-01-07)</h1>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="26cdc53d9c">26cdc53d9c</a></td>
<td>fix</td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.0.7 (2026-01-07)</h1>
<h3>compiler</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="8e808740c9">8e808740c9</a></td>
<td>fix</td>
<td>better types for a few expression AST nodes</td>
</tr>
<tr>
<td><a
href="63b1cdcf70">63b1cdcf70</a></td>
<td>fix</td>
<td>produce accurate span for typeof and void expressions</td>
</tr>
<tr>
<td><a
href="3c3ae0cb64">3c3ae0cb64</a></td>
<td>fix</td>
<td>provide location information for literal map keys</td>
</tr>
<tr>
<td><a
href="523dbaf1c3">523dbaf1c3</a></td>
<td>fix</td>
<td>stop ThisReceiver inheritance from ImplicitReceiver</td>
</tr>
</tbody>
</table>
<h3>compiler-cli</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="4d9c4567ed">4d9c4567ed</a></td>
<td>fix</td>
<td>ensure component import diagnostics are reported within the
<code>imports</code> expression</td>
</tr>
<tr>
<td><a
href="cd405685af">cd405685af</a></td>
<td>fix</td>
<td>fix up spelling of diagnostic</td>
</tr>
<tr>
<td><a
href="778460fcca">778460fcca</a></td>
<td>fix</td>
<td>support qualified names in <code>typeof</code> type references</td>
</tr>
</tbody>
</table>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="7c74674eb0">7c74674eb0</a></td>
<td>fix</td>
<td>avoid leaking view data in animations</td>
</tr>
<tr>
<td><a
href="0edbee4550">0edbee4550</a></td>
<td>fix</td>
<td>explicitly cast signal node value to String</td>
</tr>
<tr>
<td><a
href="f9c29572d2">f9c29572d2</a></td>
<td>fix</td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
<h3>forms</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="e3fba182f9">e3fba182f9</a></td>
<td>feat</td>
<td>add <code>[formField]</code> directive</td>
</tr>
<tr>
<td><a
href="561772b152">561772b152</a></td>
<td>fix</td>
<td>allow custom controls to require <code>dirty</code> input</td>
</tr>
<tr>
<td><a
href="f0fb1d8581">f0fb1d8581</a></td>
<td>fix</td>
<td>allow custom controls to require <code>hidden</code> input</td>
</tr>
<tr>
<td><a
href="ec110f170b">ec110f170b</a></td>
<td>fix</td>
<td>allow custom controls to require <code>pending</code> input</td>
</tr>
<tr>
<td><a
href="ae1dc16bb0">ae1dc16bb0</a></td>
<td>fix</td>
<td>clean up abort listener after timeout</td>
</tr>
<tr>
<td><a
href="9748b0d5da">9748b0d5da</a></td>
<td>fix</td>
<td>support custom controls with non signal-based models</td>
</tr>
<tr>
<td><a
href="6bd22df987">6bd22df987</a></td>
<td>fix</td>
<td>Support readonly arrays in signal forms</td>
</tr>
</tbody>
</table>
<h3>router</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="41cd4a6af8">41cd4a6af8</a></td>
<td>fix</td>
<td>Fix RouterLink href not updating with
<code>queryParamsHandling</code></td>
</tr>
<tr>
<td><a
href="5e9e09aee0">5e9e09aee0</a></td>
<td>fix</td>
<td>handle errors from view transition <code>updateCallbackDone</code>
promise</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.1.0-next.4 (2025-12-17)</h1>
<h2>Breaking Changes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="26cdc53d9c"><code>26cdc53</code></a>
fix(core): sanitize sensitive attributes on SVG script elements</li>
<li>See full diff in <a
href="https://github.com/angular/angular/commits/v19.2.18/packages/compiler">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/compiler&package-manager=npm_and_yarn&previous-version=19.2.17&new-version=19.2.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 11:13:45 +01:00
dependabot[bot]
71e8a56127
build(deps): bump @angular/core from 19.2.17 to 19.2.18 (#6129)
Bumps
[@angular/core](https://github.com/angular/angular/tree/HEAD/packages/core)
from 19.2.17 to 19.2.18.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/releases"><code>@​angular/core</code>'s
releases</a>.</em></p>
<blockquote>
<h2>19.2.18</h2>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="26cdc53d9c"><img
src="https://img.shields.io/badge/26cdc53d9c-fix-green" alt="fix -
26cdc53d9c" /></a></td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@​angular/core</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>19.2.18 (2026-01-07)</h1>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="26cdc53d9c">26cdc53d9c</a></td>
<td>fix</td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.0.7 (2026-01-07)</h1>
<h3>compiler</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="8e808740c9">8e808740c9</a></td>
<td>fix</td>
<td>better types for a few expression AST nodes</td>
</tr>
<tr>
<td><a
href="63b1cdcf70">63b1cdcf70</a></td>
<td>fix</td>
<td>produce accurate span for typeof and void expressions</td>
</tr>
<tr>
<td><a
href="3c3ae0cb64">3c3ae0cb64</a></td>
<td>fix</td>
<td>provide location information for literal map keys</td>
</tr>
<tr>
<td><a
href="523dbaf1c3">523dbaf1c3</a></td>
<td>fix</td>
<td>stop ThisReceiver inheritance from ImplicitReceiver</td>
</tr>
</tbody>
</table>
<h3>compiler-cli</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="4d9c4567ed">4d9c4567ed</a></td>
<td>fix</td>
<td>ensure component import diagnostics are reported within the
<code>imports</code> expression</td>
</tr>
<tr>
<td><a
href="cd405685af">cd405685af</a></td>
<td>fix</td>
<td>fix up spelling of diagnostic</td>
</tr>
<tr>
<td><a
href="778460fcca">778460fcca</a></td>
<td>fix</td>
<td>support qualified names in <code>typeof</code> type references</td>
</tr>
</tbody>
</table>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="7c74674eb0">7c74674eb0</a></td>
<td>fix</td>
<td>avoid leaking view data in animations</td>
</tr>
<tr>
<td><a
href="0edbee4550">0edbee4550</a></td>
<td>fix</td>
<td>explicitly cast signal node value to String</td>
</tr>
<tr>
<td><a
href="f9c29572d2">f9c29572d2</a></td>
<td>fix</td>
<td>sanitize sensitive attributes on SVG script elements</td>
</tr>
</tbody>
</table>
<h3>forms</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="e3fba182f9">e3fba182f9</a></td>
<td>feat</td>
<td>add <code>[formField]</code> directive</td>
</tr>
<tr>
<td><a
href="561772b152">561772b152</a></td>
<td>fix</td>
<td>allow custom controls to require <code>dirty</code> input</td>
</tr>
<tr>
<td><a
href="f0fb1d8581">f0fb1d8581</a></td>
<td>fix</td>
<td>allow custom controls to require <code>hidden</code> input</td>
</tr>
<tr>
<td><a
href="ec110f170b">ec110f170b</a></td>
<td>fix</td>
<td>allow custom controls to require <code>pending</code> input</td>
</tr>
<tr>
<td><a
href="ae1dc16bb0">ae1dc16bb0</a></td>
<td>fix</td>
<td>clean up abort listener after timeout</td>
</tr>
<tr>
<td><a
href="9748b0d5da">9748b0d5da</a></td>
<td>fix</td>
<td>support custom controls with non signal-based models</td>
</tr>
<tr>
<td><a
href="6bd22df987">6bd22df987</a></td>
<td>fix</td>
<td>Support readonly arrays in signal forms</td>
</tr>
</tbody>
</table>
<h3>router</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="41cd4a6af8">41cd4a6af8</a></td>
<td>fix</td>
<td>Fix RouterLink href not updating with
<code>queryParamsHandling</code></td>
</tr>
<tr>
<td><a
href="5e9e09aee0">5e9e09aee0</a></td>
<td>fix</td>
<td>handle errors from view transition <code>updateCallbackDone</code>
promise</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.1.0-next.4 (2025-12-17)</h1>
<h2>Breaking Changes</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="26cdc53d9c"><code>26cdc53</code></a>
fix(core): sanitize sensitive attributes on SVG script elements</li>
<li>See full diff in <a
href="https://github.com/angular/angular/commits/v19.2.18/packages/core">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/core&package-manager=npm_and_yarn&previous-version=19.2.17&new-version=19.2.18)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-12 10:59:23 +01:00
dependabot[bot]
20fce4cc34
build(deps): bump react-router from 7.8.2 to 7.12.0 (#6127)
Bumps
[react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router)
from 7.8.2 to 7.12.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/releases">react-router's
releases</a>.</em></p>
<blockquote>
<h2>v7.12.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7120</a></p>
<h2>v7.11.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7110</a></p>
<h2>v7.10.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7101</a></p>
<h2>v7.10.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7100</a></p>
<h2>v7.9.6</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v796</a></p>
<h2>v7.9.5</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v795</a></p>
<h2>v7.9.4</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v794</a></p>
<h2>v7.9.3</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v793</a></p>
<h2>v7.9.2</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v792</a></p>
<h2>v7.9.1</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v791</a></p>
<h2>v7.9.0</h2>
<p>See the changelog for release notes: <a
href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v790</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's
changelog</a>.</em></p>
<blockquote>
<h2>7.12.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>Add additional layer of CSRF protection by rejecting submissions to
UI routes from external origins. If you need to permit access to
specific external origins, you can specify them in the
<code>react-router.config.ts</code> config
<code>allowedActionOrigins</code> field. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14708">#14708</a>)</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p>Fix <code>generatePath</code> when used with suffixed params (i.e.,
&quot;/books/:id.json&quot;) (<a
href="https://redirect.github.com/remix-run/react-router/pull/14269">#14269</a>)</p>
</li>
<li>
<p>Export <code>UNSAFE_createMemoryHistory</code> and
<code>UNSAFE_createHashHistory</code> alongside
<code>UNSAFE_createBrowserHistory</code> for consistency. These are not
intended to be used for new apps but intended to help apps usiong
<code>unstable_HistoryRouter</code> migrate from v6-&gt;v7 so they can
adopt the newer APIs. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14663">#14663</a>)</p>
</li>
<li>
<p>Escape HTML in scroll restoration keys (<a
href="https://redirect.github.com/remix-run/react-router/pull/14705">#14705</a>)</p>
</li>
<li>
<p>Validate redirect locations (<a
href="https://redirect.github.com/remix-run/react-router/pull/14706">#14706</a>)</p>
</li>
<li>
<p>[UNSTABLE] Pass <code>&lt;Scripts nonce&gt;</code> value through to
the underlying <code>importmap</code> <code>script</code> tag when using
<code>future.unstable_subResourceIntegrity</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14675">#14675</a>)</p>
</li>
<li>
<p>[UNSTABLE] Add a new
<code>future.unstable_trailingSlashAwareDataRequests</code> flag to
provide consistent behavior of <code>request.pathname</code> inside
<code>middleware</code>, <code>loader</code>, and <code>action</code>
functions on document and data requests when a trailing slash is present
in the browser URL. (<a
href="https://redirect.github.com/remix-run/react-router/pull/14644">#14644</a>)</p>
<p>Currently, your HTTP and <code>request</code> pathnames would be as
follows for <code>/a/b/c</code> and <code>/a/b/c/</code></p>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c</code></td>
<td><code>/a/b/c</code> </td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c.data</code></td>
<td><code>/a/b/c</code> </td>
</tr>
</tbody>
</table>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c/</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c/</code></td>
<td><code>/a/b/c/</code> </td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c.data</code></td>
<td><code>/a/b/c</code> ⚠️</td>
</tr>
</tbody>
</table>
<p>With this flag enabled, these pathnames will be made consistent
though a new <code>_.data</code> format for client-side
<code>.data</code> requests:</p>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c</code></td>
<td><code>/a/b/c</code> </td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c.data</code></td>
<td><code>/a/b/c</code> </td>
</tr>
</tbody>
</table>
<table>
<thead>
<tr>
<th>URL <code>/a/b/c/</code></th>
<th><strong>HTTP pathname</strong></th>
<th><strong><code>request</code> pathname`</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Document</strong></td>
<td><code>/a/b/c/</code></td>
<td><code>/a/b/c/</code> </td>
</tr>
<tr>
<td><strong>Data</strong></td>
<td><code>/a/b/c/_.data</code> ⬅️</td>
<td><code>/a/b/c/</code> </td>
</tr>
</tbody>
</table>
<p>This a bug fix but we are putting it behind an opt-in flag because it
has the potential to be a &quot;breaking bug fix&quot; if you are
relying on the URL format for any other application or caching
logic.</p>
<p>Enabling this flag also changes the format of client side
<code>.data</code> requests from <code>/_root.data</code> to
<code>/_.data</code> when navigating to <code>/</code> to align with the
new format. This does not impact the <code>request</code> pathname which
is still <code>/</code> in all cases.</p>
</li>
<li>
<p>Preserve <code>clientLoader.hydrate=true</code> when using
<code>&lt;HydratedRouter unstable_instrumentations&gt;</code> (<a
href="https://redirect.github.com/remix-run/react-router/pull/14674">#14674</a>)</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="26653a6bcb"><code>26653a6</code></a>
chore: Update version for release (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14712">#14712</a>)</li>
<li><a
href="7ac2346873"><code>7ac2346</code></a>
chore: Update version for release (pre) (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14709">#14709</a>)</li>
<li><a
href="75b1ef5086"><code>75b1ef5</code></a>
Add origin checks for UI route submissions (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14708">#14708</a>)</li>
<li><a
href="c05ef936fd"><code>c05ef93</code></a>
Validate redirect locations (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14706">#14706</a>)</li>
<li><a
href="c89c32c562"><code>c89c32c</code></a>
Escape HTML in scroll restoration keys (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14705">#14705</a>)</li>
<li><a
href="cbcbf3091b"><code>cbcbf30</code></a>
fix: pass nonce to importmap script when using subResourceIntegrity (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14675">#14675</a>)</li>
<li><a
href="30f6c1d814"><code>30f6c1d</code></a>
fix(react-router): handle parameters with static suffixes in
generatePath (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/1">#1</a>...</li>
<li><a
href="7f140e098e"><code>7f140e0</code></a>
Handle data requests with trailing slash consistently (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14644">#14644</a>)</li>
<li><a
href="1954af6374"><code>1954af6</code></a>
Preserve hydrate property on client loaders during instrumentation (<a
href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14674">#14674</a>)</li>
<li><a
href="5ce5cd4ebf"><code>5ce5cd4</code></a>
chore: format</li>
<li>Additional commits viewable in <a
href="https://github.com/remix-run/react-router/commits/react-router@7.12.0/packages/react-router">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for react-router since your current
version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=react-router&package-manager=npm_and_yarn&previous-version=7.8.2&new-version=7.12.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-09 09:09:39 +01:00
dependabot[bot]
fd8f54f542
build(deps): bump preact from 10.26.9 to 10.26.10 (#6123)
Bumps [preact](https://github.com/preactjs/preact) from 10.26.9 to
10.26.10.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/preactjs/preact/releases">preact's
releases</a>.</em></p>
<blockquote>
<h2>10.26.10</h2>
<h2>Fixes</h2>
<ul>
<li>Enforce strict equality for VNode object constructors</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e6f88b0842"><code>e6f88b0</code></a>
10.26.10</li>
<li><a
href="c373f23c48"><code>c373f23</code></a>
10.26 strict equality (<a
href="https://redirect.github.com/preactjs/preact/issues/4988">#4988</a>)</li>
<li><a
href="d008a1a242"><code>d008a1a</code></a>
10.26.x</li>
<li>See full diff in <a
href="https://github.com/preactjs/preact/compare/10.26.9...10.26.10">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=preact&package-manager=npm_and_yarn&previous-version=10.26.9&new-version=10.26.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-01-08 12:00:59 +01:00
HKB
6975782339
properly remove event listener for "focus" and "click" (#6116)
fix https://github.com/transloadit/uppy/issues/6115

---------

Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2026-01-05 21:49:14 +08:00
dependabot[bot]
23186da45d
build(deps): bump aws/aws-sdk-php from 3.288.1 to 3.368.0 in /examples/aws-php (#6112)
Bumps [aws/aws-sdk-php](https://github.com/aws/aws-sdk-php) from 3.288.1
to 3.368.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/aws/aws-sdk-php/releases">aws/aws-sdk-php's
releases</a>.</em></p>
<blockquote>
<h2>Version 3.368.0</h2>
<ul>
<li><code>Aws\S3</code> - A new <code>S3EncryptionClient</code>
implementation and a new <code>KmsMaterialProvider</code>
implementation. <code>S3EncryptionClientV3</code> now supports writing
and reading objects with Key Commitment.
<code>KmsMaterialProviderV3</code> now supports verifying supplied
encryption context on <code>decryptCek</code> calls.</li>
<li><code>Aws\TimestreamInfluxDB</code> - This release adds support for
rebooting InfluxDB DbInstances and DbClusters</li>
<li><code>Aws\IoT</code> - Add support for dynamic payloads in IoT
Device Management Commands</li>
</ul>
<h2>Version 3.367.3</h2>
<ul>
<li><code>Aws\MediaTailor</code> - Added support for Ad Decision Server
Configuration enabling HTTP POST requests with custom bodies, headers,
GZIP compression, and dynamic variables. No changes required for
existing GET request configurations.</li>
<li><code>Aws\Connect</code> - Amazon Connect now supports outbound
WhatsApp contacts via the Send message block or StartOutboundChatContact
API. Send proactive messages for surveys, reminders, and updates. Offer
customers the option to switch to WhatsApp while in queue, eliminating
hold time.</li>
<li><code>Aws\BedrockAgentCoreControl</code> - This release updates
broken links for AgentCore Policy APIs in the AWS CLI and SDK
resources.</li>
<li><code>Aws\Glacier</code> - Documentation updates for Amazon
Glacier's maintenance mode</li>
<li><code>Aws\Route53Resolver</code> - Adds support for enabling
detailed metrics on Route 53 Resolver endpoints using
RniEnhancedMetricsEnabled and TargetNameServerMetricsEnabled in the
CreateResolverEndpoint and UpdateResolverEndpoint APIs, providing
enhanced visibility into Resolver endpoint and target name server
performance.</li>
<li><code>Aws\CloudWatchLogs</code> - This release allows you to import
your historical CloudTrail Lake data into CloudWatch with a few steps,
enabling you to easily consolidate operational, security, and compliance
data in one place.</li>
<li><code>Aws\EC2</code> - EC2 Capacity Manager now supports
SpotTotalCount, SpotTotalInterruptions and SpotInterruptionRate metrics
for both vCPU and instance units.</li>
<li><code>Aws\S3</code> - This release adds support for the new optional
field 'LifecycleExpirationDate' in S3 Inventory configurations.</li>
<li><code>Aws\Health</code> - Updating Health API endpoint generation
for dualstack only regions</li>
<li><code>Aws\EntityResolution</code> - Support Customer Profiles
Integration for AWS Entity Resolution</li>
<li><code>Aws\ServiceQuotas</code> - Add support for SQ Dashboard
Api</li>
</ul>
<h2>Version 3.367.2</h2>
<ul>
<li><code>Aws\WorkSpacesWeb</code> - Adds support for portal branding
customization, enabling administrators to personalize end-user portals
with custom assets.</li>
<li><code>Aws\Connect</code> - Amazon Connect now offers automated
post-chat surveys triggered when customers end conversations. This
captures timely feedback while experience is fresh, using either a
no-code form builder or Amazon Lex-powered interactive surveys.</li>
<li><code>Aws\BCMRecommendedActions</code> - Added new freetier action
types to RecommendedAction.type.</li>
<li><code>Aws\DataSync</code> - Adds Enhanced mode support for NFS and
SMB locations. SMB credentials are now managed via Secrets Manager, and
may be encrypted with service or customer managed keys. Increases
AgentArns maximum count to 8 (max 4 per TaskMode). Adds folder counters
to DescribeTaskExecution for Enhanced mode tasks.</li>
</ul>
<h2>Version 3.367.1</h2>
<ul>
<li><code>Aws\SESv2</code> - Update GetEmailIdentity and
CreateEmailIdentity response to include SigningHostedZone in
DkimAttributes. Updated PutEmailIdentityDkimSigningAttributes Response
to include SigningHostedZone.</li>
<li><code>Aws\Lambda</code> - Add Dotnet 10 (dotnet10) support to AWS
Lambda.</li>
<li><code>Aws\QuickSight</code> - This release adds new
GetIdentityContext API, Dashboard customization options for tables and
pivot tables, Visual styling options- borders and decals, map
GeocodingPreferences, KeyPairCredentials for DataSourceCredentials.
Snapshot APIs now support registered users. Parameters limit increased
to 400</li>
<li><code>Aws\Organizations</code> - Add support for policy operations
on the NETWORK SECURITY DIRECTOR POLICY policy type.</li>
<li><code>Aws\SecretsManager</code> - Add SortBy parameter to
ListSecrets</li>
</ul>
<h2>Version 3.367.0</h2>
<ul>
<li><code>Aws\S3</code> - A new S3 Transfer Manager implementation with
multipart download capabilities. It allows better ways to configure each
operation. Includes Progress Tracking, Transfer Event Listeners, and
Automatic Multipart Uploads/Downloads.</li>
<li><code>Aws\signer</code> - Adds support for Signer
GetRevocationStatus with updated endpoints</li>
<li><code>Aws\Odb</code> - The following APIs now return
CloudExadataInfrastructureArn and OdbNetworkArn fields for improved
resource identification and AWS service integration - GetCloudVmCluster,
ListCloudVmClusters, GetCloudAutonomousVmCluster, and
ListCloudAutonomousVmClusters.</li>
<li><code>Aws\BillingConductor</code> - Launch itemized custom line item
and service line item filter</li>
<li><code>Aws\CloudWatch</code> - This release introduces two additional
protocols AWS JSON 1.1 and Smithy RPC v2 CBOR, replacing the currently
utilized one, AWSQuery. AWS SDKs will prioritize the protocol that is
the most performant for each language.</li>
<li><code>Aws\PartnerCentralSelling</code> - Adds support for the new
Project.AwsPartition field on Opportunity and AWS Opportunity Summary.
Use this field to specify the AWS partition where the opportunity will
be deployed.</li>
<li><code>Aws\OpenSearchService</code> - The CreateApplication API now
supports an optional kms key arn parameter to allow customers to specify
a CMK for application encryption.</li>
<li><code>Aws\Bedrock</code> - Automated Reasoning checks in Amazon
Bedrock Guardrails is capable of generating policy scenarios to validate
policies. The GetAutomatedReasoningPolicyBuildWorkflowResultAssets API
now adds POLICY SCENARIO asset type, allowing customers to retrieve
scenarios generated by the build workflow.</li>
</ul>
<h2>Version 3.366.4</h2>
<ul>
<li><code>Aws\IVSRealTime</code> - Token Exchange introduces seamless
token exchange capabilities for IVS RTX, enabling customers to upgrade
or downgrade token capabilities and update token attributes within the
IVS client SDK without forcing clients to disconnect and reconnect.</li>
<li><code>Aws\Account</code> - This release adds a new API
(GetGovCloudAccountInformation) used to retrieve information about a
linked GovCloud account from the standard AWS partition.</li>
<li><code>Aws\Route53</code> - Amazon Route 53 now supports the EU
(Germany) Region (eusc-de-east-1) for latency records, geoproximity
records, and private DNS for Amazon VPCs in that region</li>
<li><code>Aws\AppSync</code> - Update Event API to require EventConfig
parameter in creation and update requests.</li>
<li><code>Aws\GuardDuty</code> - Adding support for Ec2LaunchTemplate
Version field</li>
<li><code>Aws\mgn</code> - Added parameters encryption, IPv4/IPv6
protocol configuration, and enhanced tagging support for replication
operations.</li>
</ul>
<h2>Version 3.366.3</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c1189f8e4b"><code>c1189f8</code></a>
3.368.0 release</li>
<li><a
href="3ab046237f"><code>3ab0462</code></a>
Update models for release</li>
<li><a
href="134cae8597"><code>134cae8</code></a>
chore: revert behat tag (<a
href="https://redirect.github.com/aws/aws-sdk-php/issues/3230">#3230</a>)</li>
<li><a
href="6827cac703"><code>6827cac</code></a>
feat: Add S3EncryptionClientV3 (<a
href="https://redirect.github.com/aws/aws-sdk-php/issues/3229">#3229</a>)</li>
<li><a
href="d8e6e0691a"><code>d8e6e06</code></a>
3.367.3 release</li>
<li><a
href="aa9302db1a"><code>aa9302d</code></a>
Update models for release</li>
<li><a
href="3dc26d6f26"><code>3dc26d6</code></a>
3.367.2 release</li>
<li><a
href="e073f79b89"><code>e073f79</code></a>
Update models for release</li>
<li><a
href="4155279437"><code>4155279</code></a>
3.367.1 release</li>
<li><a
href="73beef8d87"><code>73beef8</code></a>
Update models for release</li>
<li>Additional commits viewable in <a
href="https://github.com/aws/aws-sdk-php/compare/3.288.1...3.368.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=aws/aws-sdk-php&package-manager=composer&previous-version=3.288.1&new-version=3.368.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-22 09:24:41 +01:00
dependabot[bot]
57f2327d25
build(deps): bump actions/cache from 4 to 5 (#6108)
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/releases">actions/cache's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<blockquote>
<p>[!IMPORTANT]
<strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of
<code>2.327.1</code>.</strong></p>
<p>If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<hr />
<h2>What's Changed</h2>
<ul>
<li>Upgrade to use node24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1630">actions/cache#1630</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1684">actions/cache#1684</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.3.0...v5.0.0">https://github.com/actions/cache/compare/v4.3.0...v5.0.0</a></p>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add note on runner versions by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li>
<li>Prepare <code>v4.3.0</code> release by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1655">actions/cache#1655</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1642">actions/cache#1642</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4...v4.3.0">https://github.com/actions/cache/compare/v4...v4.3.0</a></p>
<h2>v4.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1620">actions/cache#1620</a></li>
<li>Upgrade <code>@actions/cache</code> to <code>4.0.5</code> and move
<code>@protobuf-ts/plugin</code> to dev depdencies by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1634">actions/cache#1634</a></li>
<li>Prepare release <code>4.2.4</code> by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/cache/pull/1636">actions/cache#1636</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1620">actions/cache#1620</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4...v4.2.4">https://github.com/actions/cache/compare/v4...v4.2.4</a></p>
<h2>v4.2.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use <code>@​actions/cache</code> 4.0.3 package &amp;
prepare for new release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a>
(SAS tokens for cache entries are now masked in debug logs)</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/cache/compare/v4.2.2...v4.2.3">https://github.com/actions/cache/compare/v4.2.2...v4.2.3</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's
changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h2>Changelog</h2>
<h3>5.0.1</h3>
<ul>
<li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via
<code>@actions/cache@5.0.1</code> <a
href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li>
</ul>
<h3>5.0.0</h3>
<blockquote>
<p>[!IMPORTANT]
<code>actions/cache@v5</code> runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of <code>2.327.1</code>.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>4.3.0</h3>
<ul>
<li>Bump <code>@actions/cache</code> to <a
href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li>
</ul>
<h3>4.2.4</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.5</li>
</ul>
<h3>4.2.3</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in
debug logs for cache entries)</li>
</ul>
<h3>4.2.2</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.2</li>
</ul>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up
for improved performance and reliability. <a
href="https://github.com/actions/cache">actions/cache</a> now integrates
with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st,
2025</strong>. The legacy service will also be sunset on the same date.
Changes in these release are <strong>fully backward
compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We
recommend upgrading to version <code>v4</code> or <code>v3</code> as
soon as possible before <strong>February 1st, 2025.</strong> (Upgrade
instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions
<code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated
<a href="https://github.com/actions/cache">actions/cache</a> will
fail.</p>
<p>Upgrading to the recommended versions will not break your
workflows.</p>
<h3>4.1.2</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9255dc7a25"><code>9255dc7</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1686">#1686</a>
from actions/cache-v5.0.1-release</li>
<li><a
href="8ff5423e8b"><code>8ff5423</code></a>
chore: release v5.0.1</li>
<li><a
href="9233019a15"><code>9233019</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1685">#1685</a>
from salmanmkc/node24-storage-blob-fix</li>
<li><a
href="b975f2bb84"><code>b975f2b</code></a>
fix: add peer property to package-lock.json for dependencies</li>
<li><a
href="d0a0e18134"><code>d0a0e18</code></a>
fix: update license files for <code>@​actions/cache</code>,
fast-xml-parser, and strnum</li>
<li><a
href="74de208dcf"><code>74de208</code></a>
fix: update <code>@​actions/cache</code> to ^5.0.1 for Node.js 24
punycode fix</li>
<li><a
href="ac7f1152ea"><code>ac7f115</code></a>
peer</li>
<li><a
href="b0f846b50b"><code>b0f846b</code></a>
fix: update <code>@​actions/cache</code> with storage-blob fix for
Node.js 24 punycode depr...</li>
<li><a
href="a783357455"><code>a783357</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/cache/issues/1684">#1684</a>
from actions/prepare-cache-v5-release</li>
<li><a
href="3bb0d78750"><code>3bb0d78</code></a>
docs: highlight v5 runner requirement in releases</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/cache/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:24:10 +01:00
dependabot[bot]
923a638cd2
build(deps): bump actions/upload-artifact from 5 to 6 (#6106)
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 5 to 6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>v6 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/upload-artifact@v6 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v5 had preliminary
support for Node.js 24, however this action was by default still running
on Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Upload Artifact Node 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/719">actions/upload-artifact#719</a></li>
<li>fix: update <code>@​actions/artifact</code> for Node.js 24 punycode
deprecation by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/744">actions/upload-artifact#744</a></li>
<li>prepare release v6.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/745">actions/upload-artifact#745</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0">https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="b7c566a772"><code>b7c566a</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/745">#745</a>
from actions/upload-artifact-v6-release</li>
<li><a
href="e516bc8500"><code>e516bc8</code></a>
docs: correct description of Node.js 24 support in README</li>
<li><a
href="ddc45ed9bc"><code>ddc45ed</code></a>
docs: update README to correct action name for Node.js 24 support</li>
<li><a
href="615b319bd2"><code>615b319</code></a>
chore: release v6.0.0 for Node.js 24 support</li>
<li><a
href="017748b48f"><code>017748b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/744">#744</a>
from actions/fix-storage-blob</li>
<li><a
href="38d4c7997f"><code>38d4c79</code></a>
chore: rebuild dist</li>
<li><a
href="7d27270e0c"><code>7d27270</code></a>
chore: add missing license cache files for <code>@​actions/core</code>,
<code>@​actions/io</code>, and mi...</li>
<li><a
href="5f643d3c94"><code>5f643d3</code></a>
chore: update license files for <code>@​actions/artifact</code><a
href="https://github.com/5"><code>@​5</code></a>.0.1 dependencies</li>
<li><a
href="1df1684032"><code>1df1684</code></a>
chore: update package-lock.json with <code>@​actions/artifact</code><a
href="https://github.com/5"><code>@​5</code></a>.0.1</li>
<li><a
href="b5b1a91840"><code>b5b1a91</code></a>
fix: update <code>@​actions/artifact</code> to ^5.0.0 for Node.js 24
punycode fix</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/v5...v6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-15 10:23:08 +01:00
dependabot[bot]
101fd8ca84
build(deps): bump next from 15.5.7 to 15.5.9 (#6104)
Bumps [next](https://github.com/vercel/next.js) from 15.5.7 to 15.5.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.9</h2>
<p>Please see the <a
href="https://nextjs.org/blog/security-update-2025-12-11">Next.js
Security Update</a> for information about this security patch.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c5de33e93c"><code>c5de33e</code></a>
v15.5.9</li>
<li><a
href="dd233994ae"><code>dd23399</code></a>
Backport <a
href="https://redirect.github.com/facebook/react/issues/35351">facebook/react#35351</a>
for 15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/87086">#87086</a>)</li>
<li><a
href="7526cd6f24"><code>7526cd6</code></a>
v15.5.8</li>
<li><a
href="1e9ec4133a"><code>1e9ec41</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/41">#41</a>)</li>
<li><a
href="16141e5df9"><code>16141e5</code></a>
Update React Version (<a
href="https://redirect.github.com/vercel/next.js/issues/30">#30</a>)</li>
<li><a
href="e01e589e18"><code>e01e589</code></a>
Backport Next.js changes to v15.5.8 (<a
href="https://redirect.github.com/vercel/next.js/issues/23">#23</a>)</li>
<li><a
href="b2706db1e6"><code>b2706db</code></a>
lock binaries</li>
<li>See full diff in <a
href="https://github.com/vercel/next.js/compare/v15.5.7...v15.5.9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=15.5.7&new-version=15.5.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-12 09:38:32 +01:00
github-actions[bot]
9d087791dc
[ci] release (#6096)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/golden-retriever@5.2.1

### Patch Changes

- d766c30: Fix: Don't restore `currentUploads` if no files are being
restored.
-   Updated dependencies [648f245]
    -   @uppy/utils@7.1.5

## @uppy/google-drive-picker@1.1.1

### Patch Changes

- 50e2420: Improve Google Drive Picker folder picking: Resolve also
folders inside shared drives (but not symlinks to folders)
-   Updated dependencies [648f245]
-   Updated dependencies [50e2420]
    -   @uppy/utils@7.1.5
    -   @uppy/provider-views@5.2.2

## @uppy/provider-views@5.2.2

### Patch Changes

- 50e2420: Improve Google Drive Picker folder picking: Resolve also
folders inside shared drives (but not symlinks to folders)
-   Updated dependencies [648f245]
    -   @uppy/utils@7.1.5

## @uppy/utils@7.1.5

### Patch Changes

- 648f245: Fix `complete` event never firing for XHR and make sure the
fetch aborts immediately if Uppy is cancelled before the fetch starts.

## @uppy/xhr-upload@5.1.1

### Patch Changes

- 648f245: Fix `complete` event never firing for XHR and make sure the
fetch aborts immediately if Uppy is cancelled before the fetch starts.
-   Updated dependencies [648f245]
    -   @uppy/utils@7.1.5

## uppy@5.2.1

### Patch Changes

-   Updated dependencies [648f245]
-   Updated dependencies [50e2420]
-   Updated dependencies [d766c30]
    -   @uppy/xhr-upload@5.1.1
    -   @uppy/google-drive-picker@1.1.1
    -   @uppy/provider-views@5.2.2
    -   @uppy/golden-retriever@5.2.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-12-09 10:01:30 +01:00
Mikael Finstad
d766c30f2f
don't restore currentUploads if no files (#6098)
if there are no files, no need to restore currentUploads. if we do
restore currentUploads (as we currently do), and if the upload for some
reason completes without completing all files (for example reproduced by
#5366) and the user next time re-adds some of the *same* files as
before, the upload would use only a subset of the files the user
selected (only those that are from the restored currentUploads subset),
which is wrong.
2025-12-09 13:36:47 +07:00
Mikael Finstad
648f245af0
fix xhr abort (#6097)
abortOn makes the promise (and upload) hang indefinitely, so remove it

closes #5366

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
2025-12-09 13:36:02 +07:00
Merlijn Vos
9b9e698bef
CI: update CDN publish after migration (#6100)
https://github.com/transloadit/api2/blob/main/docs/releases-bucket.md

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Switch CDN publishing from Edgly to S3-compatible Cloudflare R2/Bunny
with new env vars and updated upload script/workflows.
> 
> - **CI/CD Workflows**
> - Replace `EDGLY_*` creds with
`AWS_ACCESS_KEY_ID`/`AWS_SECRET_ACCESS_KEY` and set `AWS_REGION`,
`S3_BUCKET`, `S3_ENDPOINT` in `manual-cdn.yml` and `release.yml`.
> - Use updated env when running `upload-to-cdn.js` for both normal and
`--force` uploads.
> - **Upload Script (`packages/uppy/upload-to-cdn.js`)**
> - Switch to S3-compatible client targeting Cloudflare R2 (`endpoint`,
`forcePathStyle`) and read bucket/region from env.
> - Validate required env vars (`AWS_ACCESS_KEY_ID`,
`AWS_SECRET_ACCESS_KEY`, `S3_ENDPOINT`, `S3_BUCKET`).
> - Derive version from local `package.json` when uploading local
builds; keep npm tarball path for remote versions.
>   - Update comments/paths; remove all `EDGLY_*` references.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
502c3fec3d. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-12-08 16:05:30 +01:00
Prakash
a25226aab2
Fix @uppy/examples (#6099)
we forgot to update the examples after #5830
2025-12-08 09:48:23 +01:00
Mikael Finstad
50e242098b
resolve folder inside shared drive (#6093)
also ignore shortcuts to folders
and simplify

closes #6089

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
2025-12-05 22:45:00 +07:00
Merlijn Vos
943ed7ad56
Upgrade playwright in all packages (#6086)
To resolve security advisories. Should be merged after #6085 

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Upgrades Playwright to 1.57.0 across examples and packages, updating
corresponding yarn.lock entries.
> 
> - **Dependencies**:
> - Bump `playwright` to `1.57.0` in `examples/react/package.json`,
`examples/sveltekit/package.json`, `examples/vue/package.json`,
`packages/@uppy/dashboard/package.json`, and
`packages/@uppy/url/package.json`.
> - Update `yarn.lock` to `playwright@1.57.0` and
`playwright-core@1.57.0`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fa35f7b7ea. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-12-05 10:27:58 +01:00
dependabot[bot]
78d0c28079
build(deps): bump jws from 3.2.2 to 3.2.3 (#6091)
Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to
3.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/brianloveswords/node-jws/releases">jws's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.3</h2>
<h3>Changed</h3>
<ul>
<li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now
require
that a non empty secret is provided (via opts.secret, opts.privateKey or
opts.key)
when using HMAC algorithms.</li>
<li>Upgrading JWA version to 1.4.2, addressing a compatibility issue for
Node &gt;= 25.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/auth0/node-jws/blob/master/CHANGELOG.md">jws's
changelog</a>.</em></p>
<blockquote>
<h2>[3.2.3]</h2>
<h3>Changed</h3>
<ul>
<li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now
require
that a non empty secret is provided (via opts.secret, opts.privateKey or
opts.key)
when using HMAC algorithms.</li>
<li>Upgrading JWA version to 1.4.2, adressing a compatibility issue for
Node &gt;= 25.</li>
</ul>
<h2>[3.0.0]</h2>
<h3>Changed</h3>
<ul>
<li><strong>BREAKING</strong>: <code>jwt.verify</code> now requires an
<code>algorithm</code> parameter, and
<code>jws.createVerify</code> requires an <code>algorithm</code> option.
The <code>&quot;alg&quot;</code> field
signature headers is ignored. This mitigates a critical security flaw
in the library which would allow an attacker to generate signatures with
arbitrary contents that would be accepted by <code>jwt.verify</code>.
See
<a
href="https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/">https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/</a>
for details.</li>
</ul>
<h2><a
href="https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0">2.0.0</a>
- 2015-01-30</h2>
<h3>Changed</h3>
<ul>
<li>
<p><strong>BREAKING</strong>: Default payload encoding changed from
<code>binary</code> to
<code>utf8</code>. <code>utf8</code> is a is a more sensible default
than <code>binary</code> because
many payloads, as far as I can tell, will contain user-facing
strings that could be in any language. (<!-- raw HTML omitted --><a
href="6b6de48">6b6de48</a><!--
raw HTML omitted -->)</p>
</li>
<li>
<p>Code reorganization, thanks <a
href="https://github.com/fearphage"><code>@​fearphage</code></a>! (<!--
raw HTML omitted --><a
href="7880050">7880050</a><!--
raw HTML omitted -->)</p>
</li>
</ul>
<h3>Added</h3>
<ul>
<li>Option in all relevant methods for <code>encoding</code>. For those
few users
that might be depending on a <code>binary</code> encoding of the
messages, this
is for them. (<!-- raw HTML omitted --><a
href="6b6de48">6b6de48</a><!--
raw HTML omitted -->)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4f6e73f24d"><code>4f6e73f</code></a>
Merge commit from fork</li>
<li><a
href="bd0fea57f3"><code>bd0fea5</code></a>
version 3.2.3</li>
<li><a
href="7c3b4b4110"><code>7c3b4b4</code></a>
Enhance tests for HMAC streaming sign and verify</li>
<li><a
href="a9b8ed999d"><code>a9b8ed9</code></a>
Improve secretOrKey initialization in VerifyStream</li>
<li><a
href="6707fde62c"><code>6707fde</code></a>
Improve secret handling in SignStream</li>
<li>See full diff in <a
href="https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~julien.wollscheid">julien.wollscheid</a>, a
new releaser for jws since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jws&package-manager=npm_and_yarn&previous-version=3.2.2&new-version=3.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-05 10:24:58 +01:00
Merlijn Vos
3c3034b408
Dedupe dependencies (#6085)
With `yarn dedupe`. New type error surfaced due to new types getting
loaded.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Dedupes dependencies and updates code: aligns S3 presign tests with
checksum behavior, narrows HMAC key type, tweaks AudioOscilloscope
buffer typing, and simplifies Tus success logging.
> 
> - **AWS S3**:
> - Tests: add `requestChecksumCalculation` (from
`@aws-sdk/middleware-flexible-checksums`) to `S3Client` options to match
presign behavior.
> - Impl: change `generateHmacKey` signature to accept `string |
ArrayBuffer` (remove `Uint8Array`).
> - **Audio**:
> - `AudioOscilloscope`: change `dataArray` type to
`Uint8Array<ArrayBuffer>`.
> - **Tus**:
> - Simplify success log to `Download <url>` (remove file name
extraction).
> - **Dependencies**:
>   - Deduplicate/upgrade various packages in lockfile.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5b95865a7c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-12-05 10:22:11 +01:00
github-actions[bot]
5c6337682e
[ci] release (#6087)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/image-generator@1.0.0

### Major Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

### Patch Changes

-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1
    -   @uppy/transloadit@5.4.0

## @uppy/locales@5.1.0

### Minor Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

## @uppy/transloadit@5.4.0

### Minor Changes

-   5684efa: Export Assembly, AssemblyError, Client

## uppy@5.2.0

### Minor Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

### Patch Changes

-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1
    -   @uppy/webdav@1.1.1
    -   @uppy/transloadit@5.4.0
    -   @uppy/image-generator@1.0.0
    -   @uppy/locales@5.1.0

## @uppy/provider-views@5.2.1

### Patch Changes

-   5684efa: Refactor internal components

## @uppy/webdav@1.1.1

### Patch Changes

-   5684efa: Refactor internal components
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-12-04 12:19:08 +01:00
dependabot[bot]
e4558362b8
build(deps): bump next from 15.5.2 to 15.5.7 (#6088)
Bumps [next](https://github.com/vercel/next.js) from 15.5.2 to 15.5.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.7</h2>
<p>Please see <a
href="https://nextjs.org/blog/CVE-2025-66478">CVE-2025-66478</a> for
additional details about this release.</p>
<h2>v15.5.6</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Turbopack: don't define process.cwd() in node_modules <a
href="https://redirect.github.com/vercel/next.js/issues/83452">#83452</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/mischnic"><code>@​mischnic</code></a> for
helping!</p>
<h2>v15.5.5</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Split code-frame into separate compiled package (<a
href="https://redirect.github.com/vercel/next.js/issues/84238">#84238</a>)</li>
<li>Add deprecation warning to Runtime config (<a
href="https://redirect.github.com/vercel/next.js/issues/84650">#84650</a>)</li>
<li>fix: unstable_cache should perform blocking revalidation during ISR
revalidation (<a
href="https://redirect.github.com/vercel/next.js/issues/84716">#84716</a>)</li>
<li>feat: <code>experimental.middlewareClientMaxBodySize</code> body
cloning limit (<a
href="https://redirect.github.com/vercel/next.js/issues/84722">#84722</a>)</li>
<li>fix: missing next/link types with typedRoutes (<a
href="https://redirect.github.com/vercel/next.js/issues/84779">#84779</a>)</li>
</ul>
<h3>Misc Changes</h3>
<ul>
<li>docs: early October improvements and fixes (<a
href="https://redirect.github.com/vercel/next.js/issues/84334">#84334</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/devjiwonchoi"><code>@​devjiwonchoi</code></a>,
<a href="https://github.com/ztanner"><code>@​ztanner</code></a>, and <a
href="https://github.com/icyJoseph"><code>@​icyJoseph</code></a> for
helping!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3eaf68b09b"><code>3eaf68b</code></a>
v15.5.7</li>
<li><a
href="8367ce592a"><code>8367ce5</code></a>
update version script</li>
<li><a
href="9115040008"><code>9115040</code></a>
Update React Version for Next.js 15.5.7 (<a
href="https://redirect.github.com/vercel/next.js/issues/10">#10</a>)</li>
<li><a
href="96f699902a"><code>96f6999</code></a>
update tag</li>
<li><a
href="55ef0e3ebc"><code>55ef0e3</code></a>
v15.5.6</li>
<li><a
href="92bbbb1bec"><code>92bbbb1</code></a>
Backport: don't define <code>process.cwd()</code> in node_modules (<a
href="https://redirect.github.com/vercel/next.js/issues/84957">#84957</a>)</li>
<li><a
href="f895b72762"><code>f895b72</code></a>
Fix url-imports test on 15-5 (<a
href="https://redirect.github.com/vercel/next.js/issues/84966">#84966</a>)</li>
<li><a
href="81f530db26"><code>81f530d</code></a>
v15.5.5</li>
<li><a
href="9abbc0e9eb"><code>9abbc0e</code></a>
[backport] fix: missing <code>next/link</code> types with
<code>typedRoutes</code> (<a
href="https://redirect.github.com/vercel/next.js/issues/82814">#82814</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/84779">#84779</a>)</li>
<li><a
href="121e1b566f"><code>121e1b5</code></a>
[backport] docs: early October improvements and fixes (<a
href="https://redirect.github.com/vercel/next.js/issues/84334">#84334</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v15.5.2...v15.5.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=15.5.2&new-version=15.5.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-12-04 10:20:54 +01:00