Commit graph

10547 commits

Author SHA1 Message Date
Merlijn Vos
6a60ee517d
@uppy/companion: fix crash on missing filename (#6010)
Better to reject early than generating a filename when missing which
could break assumptions we don't foresee.
2025-10-14 18:47:03 +02:00
Nik Graf
9d2c7a997f
upgrade cookie-parser (#6005)
cookie-parser 1.4.7 uses a version cookie that fixed this security issue
https://github.com/advisories/GHSA-pxg6-pf52-xh8x
2025-10-09 19:27:29 +08:00
github-actions[bot]
91c6bfd7d7
[ci] release (#6008)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/companion@6.1.0

### Minor Changes

- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.

## @uppy/companion-client@5.1.0

### Minor Changes

- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.

### Patch Changes

-   Updated dependencies [5ba2c1c]
    -   @uppy/utils@7.1.0
    -   @uppy/core@5.1.0

## @uppy/core@5.1.0

### Minor Changes

- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.

### Patch Changes

-   Updated dependencies [5ba2c1c]
    -   @uppy/utils@7.1.0

## @uppy/provider-views@5.1.0

### Minor Changes

- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.

### Patch Changes

-   Updated dependencies [5ba2c1c]
    -   @uppy/utils@7.1.0
    -   @uppy/core@5.1.0

## @uppy/utils@7.1.0

### Minor Changes

- 5ba2c1c: Introduce the concept of server-side search and add support
for it for the Dropbox provider. Previously, only client-side filtering
in the currently viewed folder was possible, which was limiting. Now
users using Companion with Dropbox can perform a search across their
entire account.

## uppy@5.1.6

### Patch Changes

-   Updated dependencies [5ba2c1c]
    -   @uppy/companion-client@5.1.0
    -   @uppy/provider-views@5.1.0
    -   @uppy/core@5.1.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-10-08 22:01:27 +02:00
Prakash
5ba2c1c8d3
Server side search @uppy/Companion (#6003)
## High Level View

<img width="3367" height="1576" alt="Global Search (1)"
src="https://github.com/user-attachments/assets/134e8658-5cbd-4816-87a1-3bd42603089d"
/>


- Search View replicated , through minimal components `<GlobalSearchView
/>` and `<SearchResultItem />`
- Both components take only the minimal state needed to render the
search view no dependency on PartialTree. search response from companion
server is directly passed to GlobalSearchView for file state.
- `#buildPath` creates missing parent nodes in partialTree (if any) and
opens the folder in the normal way using a minimal wrapper over
openFolder function.
- Both interactions : "checking a file/folder" and "opening a folder"
use the same function `#buildPath` to build the path, then use the
already existing `openFolder` and `toggleCheckBox`.
- Max search results: 1000. Pagination removed for simplicity (can be
added later).
- From a UI/UX standpoint, all functionality works as expected.
- The only limitation is occasional inconsistent partial checked states
when the tree isn’t fully built — unavoidable since percolateUp and
percolateDown require the complete partialTree to sync state correctly.
This issue isn’t critical; even in other cases, we already mark folders
"checked" whereas they may be empty if not yet fetched.
- I figured out it's better to just derive the checkedState from
PartialTree , and then pass it to `GlobalSearchView` rather than keep it
separate and then worrying about checked state syncs across two views
for UI to look right.
- IMO this is the most simplest approach I could come up with. without
sacrificing any user functionality and it carefully reuses all the util
code.

---------

Co-authored-by: Merlijn Vos <merlijn@soverin.net>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2025-10-08 21:18:17 +02:00
github-actions[bot]
b7605df940
[ci] release (#6002)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/transloadit@5.1.2

### Patch Changes

- 201c422: Move `transloadit` into `dependencies` so types are resolved
without users having to install it manually.

## uppy@5.1.5

### Patch Changes

-   Updated dependencies [201c422]
    -   @uppy/transloadit@5.1.2

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-10-03 10:28:20 +02:00
Merlijn Vos
201c42294d
@uppy/transloadit: move transloadit into dependencies (#6001)
Fixes #6000
2025-10-02 18:10:53 +02:00
github-actions[bot]
98d8d1d0a1
[ci] release (#5997)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/transloadit@5.1.1

### Patch Changes

- bc2d0ed: Ensure final assembly status fetch uses `assembly_ssl_url` so
Transloadit requests stay on HTTPS.

## uppy@5.1.4

### Patch Changes

-   Updated dependencies [bc2d0ed]
    -   @uppy/transloadit@5.1.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-10-02 12:27:42 +02:00
Kevin van Zonneveld
bc2d0ed235
Use assembly_ssl_url for final status fetch (#5996)
## Summary
- ensure the final Transloadit status fetch prefers `assembly_ssl_url`
- add a changeset preparing the patch release

## Testing
- yarn workspace @uppy/transloadit test
2025-10-02 12:23:07 +02:00
github-actions[bot]
5bf7520dfa
[ci] release (#5988)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/transloadit@5.1.0

### Minor Changes

- 6f76412: Use the `transloadit` Node.js SDK's exported Assembly types
instead of our inaccurate, hand-rolled ones.

    **Warning**

The names of our type exports here are unchanged, but they do pack
slightly different types. Overall you'll find they are both more
complete, but also more loose. Runtime wise there should be no breaking
changes, but it could mean you may need a couple of extra guards to make
TypeScript happy.

A cool benefit from the new types tho, is that Robot parameters will now
autocomplete for you.
More information on these types, and our approach rolling them out, can
be found here
<https://transloadit.com/blog/2025/09/nodejs-sdk-v4/#our-approach-to-type-retrofitting>

## @uppy/components@1.0.3

### Patch Changes

-   34639ba: add imageThumbnail prop to FilesList/FilesGrid

## @uppy/svelte@5.0.2

### Patch Changes

- da754b7: Fix props reactivity. Now when the value of a prop you pass
to a component changes, it is actually picked up.
-   Updated dependencies [34639ba]
    -   @uppy/components@1.0.3

## uppy@5.1.3

### Patch Changes

-   Updated dependencies [6f76412]
    -   @uppy/transloadit@5.1.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-10-01 16:22:05 +02:00
Merlijn Vos
da754b7fa4
@uppy/svelte: fix props reactivity (#5991)
The fix in #5872 was not enough

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Fix props reactivity in Svelte components by updating plugin options
reactively and add example + tests validating Dashboard/StatusBar prop
changes.
> 
> - **Svelte components (@uppy/svelte)**:
> - **Reactivity fix**: In `components/Dashboard.svelte`,
`DashboardModal.svelte`, and `StatusBar.svelte`, switch reactive updates
from `uppy.setOptions(...)` to `plugin?.setOptions(...)` to ensure
`props` changes are applied.
> - **Examples/Tests**:
> - Add `examples/sveltekit/src/components/test/props-reactivity.svelte`
demonstrating toggling `props` for `Dashboard` and `StatusBar`.
> - Extend `examples/sveltekit/test/index.test.ts` with tests verifying
Dashboard `ariaDisabled` toggles and StatusBar `hideUploadButton`
reactivity.
> - **Changeset**:
>   - Patch release for `"@uppy/svelte"` noting props reactivity fix.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5a9c4ef00f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-10-01 16:16:47 +02:00
Murderlon
8d4045e82a
Improve changeset again 2025-10-01 16:11:51 +02:00
Murderlon
9a5eb67508
Improve a changeset 2025-10-01 12:07:44 +02:00
Murderlon
b05beda770
fixup! Use workspace:* for all packages in packages/uppy 2025-10-01 11:56:26 +02:00
Murderlon
b97e1a8593
Use workspace:* for all packages in packages/uppy 2025-10-01 11:55:38 +02:00
Kevin van Zonneveld
6f764122a9
Re-use types from the Transloadit node-sdk (#5992)
The schemas and types that we have in the Transloadit Node.js SDK v4 are
used in our API's system tests. We've also ran hundreds of thousands of
Assemblies through them, ever loosening them, until they all fit. This
means the schemas are fairly wide, but model the reality of our 15 year
old API. In the future we will make schema failures in the API fatal (as
already is the case with system tests), and we don't want to break
production traffic when we do. So we accept wider schemas than are
beautiful, and once the schemas control what is allowed in all places,
we gradually evolve the API and schemas towards being more pretty in
lockstep.

More on this in
https://transloadit.com/blog/2025/09/nodejs-sdk-v4/#our-approach-to-type-retrofitting

For uppy this means, we'll need a few more guards than we had with our
handrolled types, that actually assumed things that turned out to be not
true in all cases. Not all Assembly status responses have an id or a url
for one example. There are for instance particular errors (by Node,
Nginx, Haproxy) that would not return those. The added guards will
ensure we don't break deeply inside customer code.

This PR was completely written by gpt-5-codex, which means it was faster
and of higher quality than if I had handrolled it as a founder
unfamiliar with this codebase, but despite of that, please still review
my contribution with as much care as you would normally :)

---------

Co-authored-by: Mikael Finstad <finstaden@gmail.com>
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
2025-09-30 19:15:39 +02:00
Merlijn Vos
34639ba768
@uppy/components: add imageThumbnail prop to FilesList/FilesGrid (#5985)
Ref:
https://community.transloadit.com/t/is-it-possible-to-display-the-thumbnail-of-the-images-in-the-listbox/17711/3

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds an optional `imageThumbnail` prop to `FilesList` and `FilesGrid`
to control passing `images` to `Thumbnail` (default true in grid).
> 
> - **Components (@uppy/components)**
>   - **FilesGrid (`packages/@uppy/components/src/FilesGrid.tsx`)**
>     - Add `imageThumbnail?: boolean` prop (defaults to `true`).
> - Pass `images={imageThumbnail}` to `Thumbnail` instead of hardcoded
`images`.
>   - **FilesList (`packages/@uppy/components/src/FilesList.tsx`)**
>     - Add `imageThumbnail?: boolean` prop.
>     - Pass `images={imageThumbnail}` to `Thumbnail` (32px preview).
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
a3ab18558e. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
2025-09-29 11:03:12 +02:00
Murderlon
309f72ad6d
Remove already published changesets 2025-09-29 11:03:01 +02:00
Mikael Finstad
2509266130
Revert "[ci] release (#5973)"
This reverts commit a45cd87d39.
2025-09-26 11:30:56 +02:00
Mikael Finstad
c451203586
Revert "build(deps): bump actions/setup-node from 4 to 5" (#5986)
Reverts transloadit/uppy#5954

because it fails the release

```
/usr/local/bin/yarn cache dir
error Error: Failed to replace env in config: ${NPM_TOKEN}
    at /usr/local/lib/node_modules/yarn/lib/cli.js:95453:13
    at String.replace (<anonymous>)
    at envReplace (/usr/local/lib/node_modules/yarn/lib/cli.js:95448:16)
    at Function.normalizeConfig (/usr/local/lib/node_modules/yarn/lib/cli.js:31940:69)
    at NpmRegistry.<anonymous> (/usr/local/lib/node_modules/yarn/lib/cli.js:31970:34)
    at Generator.next (<anonymous>)
    at step (/usr/local/lib/node_modules/yarn/lib/cli.js:310:30)
    at /usr/local/lib/node_modules/yarn/lib/cli.js:321:13
info Visit https://yarnpkg.com/en/docs/cli/cache for documentation about this command.
Error: error Error: Failed to replace env in config: ${NPM_TOKEN}
    at /usr/local/lib/node_modules/yarn/lib/cli.js:95453:13
    at String.replace (<anonymous>)
    at envReplace (/usr/local/lib/node_modules/yarn/lib/cli.js:95448:16)
    at Function.normalizeConfig (/usr/local/lib/node_modules/yarn/lib/cli.js:31940:69)
    at NpmRegistry.<anonymous> (/usr/local/lib/node_modules/yarn/lib/cli.js:31970:34)
    at Generator.next (<anonymous>)
    at step (/usr/local/lib/node_modules/yarn/lib/cli.js:310:30)
    at /usr/local/lib/node_modules/yarn/lib/cli.js:321:13
```
2025-09-26 11:26:45 +02:00
github-actions[bot]
a45cd87d39
[ci] release (#5973)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/angular@1.1.0

### Minor Changes

-   92a0a0d: Add back framework wrappers for @uppy/status-bar plugin

## @uppy/react@5.1.0

### Minor Changes

-   92a0a0d: Add back framework wrappers for @uppy/status-bar plugin

### Patch Changes

-   Updated dependencies [d6b3aa5]
    -   @uppy/components@1.0.3

## @uppy/svelte@5.1.0

### Minor Changes

-   92a0a0d: Add back framework wrappers for @uppy/status-bar plugin

### Patch Changes

-   Updated dependencies [d6b3aa5]
    -   @uppy/components@1.0.3

## @uppy/vue@3.1.0

### Minor Changes

-   92a0a0d: Add back framework wrappers for @uppy/status-bar plugin

### Patch Changes

-   Updated dependencies [d6b3aa5]
    -   @uppy/components@1.0.3

## @uppy/components@1.0.3

### Patch Changes

-   d6b3aa5: fix dom ID conflicts in dropzone and file-input

## @uppy/locales@5.0.1

### Patch Changes

-   48cfa09: Update translations for pl_PL.ts

## uppy@5.1.3

### Patch Changes

-   ce0c9d6: Put "main" back in package.json
-   Updated dependencies [48cfa09]
    -   @uppy/locales@5.0.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-24 15:37:45 +02:00
dependabot[bot]
3b4b7eb12a
build(deps): bump devalue from 5.1.1 to 5.3.2 (#5937)
Bumps [devalue](https://github.com/sveltejs/devalue) from 5.1.1 to
5.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/devalue/releases">devalue's
releases</a>.</em></p>
<blockquote>
<h2>v5.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>0623a47: fix: disallow array method access when parsing</li>
<li>0623a47: fix: disallow <code>__proto__</code> properties on
objects</li>
</ul>
<h2>v5.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>ae904c5: fix: correctly differentiate between +0 and -0</li>
</ul>
<h2>v5.3.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>2896e7b: feat: support Temporal</li>
<li>fec694d: feat: support <code>URL</code> and
<code>URLSearchParams</code> objects</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md">devalue's
changelog</a>.</em></p>
<blockquote>
<h2>5.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>0623a47: fix: disallow array method access when parsing</li>
<li>0623a47: fix: disallow <code>__proto__</code> properties on
objects</li>
</ul>
<h2>5.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>ae904c5: fix: correctly differentiate between +0 and -0</li>
</ul>
<h2>5.3.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>2896e7b: feat: support Temporal</li>
<li>fec694d: feat: support <code>URL</code> and
<code>URLSearchParams</code> objects</li>
</ul>
<h2>5.2.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>e46f4c8: fix: handle repeated array buffers and subarrays</li>
<li>2dfa504: fix: handle custom classes with null proto as pojo</li>
</ul>
<h2>5.2.0</h2>
<ul>
<li>Handle custom classes with null proto as pojo (<a
href="https://redirect.github.com/sveltejs/devalue/pull/95">#95</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="86a6a66d2c"><code>86a6a66</code></a>
Version Packages (<a
href="https://redirect.github.com/sveltejs/devalue/issues/109">#109</a>)</li>
<li><a
href="0623a47c95"><code>0623a47</code></a>
Merge commit from fork</li>
<li><a
href="02d20e8a79"><code>02d20e8</code></a>
Version Packages (<a
href="https://redirect.github.com/sveltejs/devalue/issues/108">#108</a>)</li>
<li><a
href="ae904c5b18"><code>ae904c5</code></a>
fix stringify not picking up negative zero if a normal zero has appeared
befo...</li>
<li><a
href="e95b87a6cc"><code>e95b87a</code></a>
fix pkg.repository</li>
<li><a
href="8300172d1d"><code>8300172</code></a>
fix changeset config</li>
<li><a
href="434d8aefb9"><code>434d8ae</code></a>
Version Packages (<a
href="https://redirect.github.com/sveltejs/devalue/issues/106">#106</a>)</li>
<li><a
href="67c8334b82"><code>67c8334</code></a>
mention support for URL/URLSearchParams/Temporal in README</li>
<li><a
href="fec694d87e"><code>fec694d</code></a>
feat: support URL and URLSearchParams (<a
href="https://redirect.github.com/sveltejs/devalue/issues/92">#92</a>)</li>
<li><a
href="2896e7bef2"><code>2896e7b</code></a>
Add support for Temporal objects (<a
href="https://redirect.github.com/sveltejs/devalue/issues/98">#98</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sveltejs/devalue/compare/v5.1.1...v5.3.2">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~svelte-admin">svelte-admin</a>, a new
releaser for devalue since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=devalue&package-manager=npm_and_yarn&previous-version=5.1.1&new-version=5.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-22 14:47:33 +02:00
dependabot[bot]
b448e30686
build(deps): bump brace-expansion from 1.1.11 to 1.1.12 (#5820)
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion)
from 1.1.11 to 1.1.12.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/juliangruber/brace-expansion/releases">brace-expansion's
releases</a>.</em></p>
<blockquote>
<h2>v1.1.12</h2>
<ul>
<li>pkg: publish on tag 1.x  c460dbd</li>
<li>fmt  ccb8ac6</li>
<li>Fix potential ReDoS Vulnerability or Inefficient Regular Expression
(<a
href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>)
c3c73c8</li>
</ul>
<hr />
<p><a
href="https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12">https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="44f33b47c5"><code>44f33b4</code></a>
1.1.12</li>
<li><a
href="c460dbd68e"><code>c460dbd</code></a>
pkg: publish on tag 1.x</li>
<li><a
href="ccb8ac6d42"><code>ccb8ac6</code></a>
fmt</li>
<li><a
href="c3c73c8b08"><code>c3c73c8</code></a>
Fix potential ReDoS Vulnerability or Inefficient Regular Expression (<a
href="https://redirect.github.com/juliangruber/brace-expansion/issues/65">#65</a>)</li>
<li>See full diff in <a
href="https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.12">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=brace-expansion&package-manager=npm_and_yarn&previous-version=1.1.11&new-version=1.1.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-22 14:47:14 +02:00
dependabot[bot]
0a896003ec
build(deps): bump docker/metadata-action from 5.7.0 to 5.8.0 (#5870)
Bumps
[docker/metadata-action](https://github.com/docker/metadata-action) from
5.7.0 to 5.8.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/metadata-action/releases">docker/metadata-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.8.0</h2>
<ul>
<li>New <code>is_not_default_branch</code> global expression by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/metadata-action/pull/535">docker/metadata-action#535</a></li>
<li>Allow to match part of the git tag or value for semver/pep440 types
by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a>
in <a
href="https://redirect.github.com/docker/metadata-action/pull/536">docker/metadata-action#536</a>
<a
href="https://redirect.github.com/docker/metadata-action/pull/537">docker/metadata-action#537</a></li>
<li>Bump <code>@​actions/github</code> from 6.0.0 to 6.0.1 in <a
href="https://redirect.github.com/docker/metadata-action/pull/523">docker/metadata-action#523</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.56.0 to 0.62.1 in
<a
href="https://redirect.github.com/docker/metadata-action/pull/526">docker/metadata-action#526</a></li>
<li>Bump form-data from 2.5.1 to 2.5.5 in <a
href="https://redirect.github.com/docker/metadata-action/pull/533">docker/metadata-action#533</a></li>
<li>Bump moment-timezone from 0.5.47 to 0.6.0 in <a
href="https://redirect.github.com/docker/metadata-action/pull/525">docker/metadata-action#525</a></li>
<li>Bump semver from 7.7.1 to 7.7.2 in <a
href="https://redirect.github.com/docker/metadata-action/pull/524">docker/metadata-action#524</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/metadata-action/compare/v5.7.0...v5.8.0">https://github.com/docker/metadata-action/compare/v5.7.0...v5.8.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c1e51972af"><code>c1e5197</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/537">#537</a>
from crazy-max/pep440-match</li>
<li><a
href="89dd65a569"><code>89dd65a</code></a>
chore: update generated content</li>
<li><a
href="699ee45cf1"><code>699ee45</code></a>
allow to match part of the git tag or value for pep440 type</li>
<li><a
href="e0542a6360"><code>e0542a6</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/536">#536</a>
from crazy-max/semver-match</li>
<li><a
href="b7facdfcef"><code>b7facdf</code></a>
chore: update generated content</li>
<li><a
href="81c60dfb8b"><code>81c60df</code></a>
allow to match part of the git tag or value for semver type</li>
<li><a
href="de1119515d"><code>de11195</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/535">#535</a>
from crazy-max/not_def_branch</li>
<li><a
href="2f9c64b1b1"><code>2f9c64b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/533">#533</a>
from docker/dependabot/npm_and_yarn/form-data-2.5.5</li>
<li><a
href="510f746975"><code>510f746</code></a>
chore: update generated content</li>
<li><a
href="2bc3f4e0f1"><code>2bc3f4e</code></a>
is_not_default_branch global expression</li>
<li>Additional commits viewable in <a
href="902fa8ec7d...c1e51972af">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/metadata-action&package-manager=github_actions&previous-version=5.7.0&new-version=5.8.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-22 14:46:48 +02:00
dependabot[bot]
08fc143c46
build(deps-dev): bump vite from 6.3.5 to 6.3.6 (#5972)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite)
from 6.3.5 to 6.3.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.6</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->6.3.6 (2025-09-08)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: apply <code>fs.strict</code> check to HTML files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>)
(<a
href="0ab19ea9fc">0ab19ea</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a></li>
<li>fix: upgrade sirv to 3.0.2 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735">#20735</a>)
(<a
href="e11d24008b">e11d240</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/20735">#20735</a></li>
<li>test: detect ts support via <code>process.features</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544">#20544</a>)
(<a
href="7d9922972b">7d99229</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/20544">#20544</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3f337c5e24"><code>3f337c5</code></a>
release: v6.3.6</li>
<li><a
href="e11d24008b"><code>e11d240</code></a>
fix: upgrade sirv to 3.0.2 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735">#20735</a>)</li>
<li><a
href="0ab19ea9fc"><code>0ab19ea</code></a>
fix: apply <code>fs.strict</code> check to HTML files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>)</li>
<li><a
href="7d9922972b"><code>7d99229</code></a>
test: detect ts support via <code>process.features</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544">#20544</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v6.3.6/packages/vite">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=6.3.5&new-version=6.3.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-22 14:46:30 +02:00
dependabot[bot]
cff651527a
build(deps): bump actions/setup-node from 4 to 5 (#5954)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4
to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Enhance caching in setup-node with automatic package manager
detection by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li>
</ul>
<p>This update, introduces automatic caching when a valid
<code>packageManager</code> field is present in your
<code>package.json</code>. This aims to improve workflow performance and
make dependency management more seamless. To disable this automatic
caching,
set <code>package-manager-cache: false</code></p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false
</code></pre>
<ul>
<li>Upgrade action to use node24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li>
</ul>
<p>Make sure your runner is on version v2.327.1 or later to ensure
compatibility with this release. <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">See
Release Notes</a></p>
<h3>Dependency Upgrades</h3>
<ul>
<li>Upgrade <code>@​octokit/request-error</code> and
<code>@​actions/github</code> by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1227">actions/setup-node#1227</a></li>
<li>Upgrade uuid from 9.0.1 to 11.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1273">actions/setup-node#1273</a></li>
<li>Upgrade undici from 5.28.5 to 5.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1295">actions/setup-node#1295</a></li>
<li>Upgrade form-data to bring in fix for critical vulnerability by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-node/pull/1332">actions/setup-node#1332</a></li>
<li>Upgrade actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1345">actions/setup-node#1345</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v4...v5.0.0">https://github.com/actions/setup-node/compare/v4...v5.0.0</a></p>
<h2>v4.4.0</h2>
<h2>What's Changed</h2>
<h3>Bug fixes:</h3>
<ul>
<li>Make eslint-compact matcher compatible with Stylelint by <a
href="https://github.com/FloEdelmann"><code>@​FloEdelmann</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/98">actions/setup-node#98</a></li>
<li>Add support for indented eslint output by <a
href="https://github.com/fregante"><code>@​fregante</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1245">actions/setup-node#1245</a></li>
</ul>
<h3>Enhancement:</h3>
<ul>
<li>Support private mirrors by <a
href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1240">actions/setup-node#1240</a></li>
</ul>
<h3>Dependency update:</h3>
<ul>
<li>Upgrade <code>@​action/cache</code> from 4.0.2 to 4.0.3 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1262">actions/setup-node#1262</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/FloEdelmann"><code>@​FloEdelmann</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/98">actions/setup-node#98</a></li>
<li><a href="https://github.com/fregante"><code>@​fregante</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1245">actions/setup-node#1245</a></li>
<li><a
href="https://github.com/marco-ippolito"><code>@​marco-ippolito</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1240">actions/setup-node#1240</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v4...v4.4.0">https://github.com/actions/setup-node/compare/v4...v4.4.0</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a0853c2454"><code>a0853c2</code></a>
Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/actions/setup-node/issues/1345">#1345</a>)</li>
<li><a
href="b7234cc9fe"><code>b7234cc</code></a>
Upgrade action to use node24 (<a
href="https://redirect.github.com/actions/setup-node/issues/1325">#1325</a>)</li>
<li><a
href="d7a11313b5"><code>d7a1131</code></a>
Enhance caching in setup-node with automatic package manager detection
(<a
href="https://redirect.github.com/actions/setup-node/issues/1348">#1348</a>)</li>
<li><a
href="5e2628c959"><code>5e2628c</code></a>
Bumps form-data (<a
href="https://redirect.github.com/actions/setup-node/issues/1332">#1332</a>)</li>
<li><a
href="65beceff8e"><code>65becef</code></a>
Bump undici from 5.28.5 to 5.29.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1295">#1295</a>)</li>
<li><a
href="7e24a656e1"><code>7e24a65</code></a>
Bump uuid from 9.0.1 to 11.1.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1273">#1273</a>)</li>
<li><a
href="08f58d1471"><code>08f58d1</code></a>
Bump <code>@​octokit/request-error</code> and
<code>@​actions/github</code> (<a
href="https://redirect.github.com/actions/setup-node/issues/1227">#1227</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-node/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

by @mifi:

See also https://github.com/actions/setup-node/issues/614

.npmrc was added in 9ddd4d907e but it's
not entirely clear to why, so that's why I added the `rm -f` calls
instead.

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2025-09-22 14:45:48 +02:00
Prakash
944310dc67
add typescript as a dev dep in stackblitz env (#5976)
see #5968
2025-09-17 14:37:34 +05:30
Prakash
ce0c9d6ca8
add back "main" in uppy bundle (#5975)
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
2025-09-17 10:57:03 +02:00
Prakash
92a0a0d2b8
add back framework wrappers for @uppy/status-bar (#5948)
- added `react` `vue` `svelte` `angular` framwork wrappers for
`@uppy/status-bar`
- `git add -f
packages/@uppy/angular/projects/uppy/angular/src/lib/components/status-bar/`
because
https://transloadit.slack.com/archives/C0FMW9PSB/p1755632185831369?thread_ts=1755526948.473969&cid=C0FMW9PSB
2025-09-17 10:40:57 +02:00
Prakash
d6b3aa575e
@uppy/components: fix dropzone global id (#5967)
fixes #5946 

Root Cause : 

`createDropzone` used a single global `id` for the file input
(`'uppy-dropzone-file-input'`) Clicking any `<Dropzone />` did
`document.getElementById(<global-id>).click()`, which always targeted
the first input in the DOM, so files were added to the first Uppy
instance.


9bac4c8398/packages/%40uppy/components/src/hooks/dropzone.ts (L73-L77)


**Solutions :**

Simplest solution would have been to just make the input id unique per
Uppy instance using `ctx.uppy.getID()`, and click that specific input.

```typescript

const fileInputId = 'uppy-dropzone-file-input-' + ctx.uppy.getID()

```
  **Caveats**:
  
If users don’t pass a custom id to `new Uppy()`, all instances default
to uppy, so ids still collide across instances.
  Multiple Dropzones under one instance still share the same id.
  

Switched to a ref-based approach so clicks trigger the input directly,
without relying on `document.getElementById` lookups. It still falls
back to a DOM click for backward compatibility.

**StackBlitz Link :** 


https://stackblitz.com/github/qxprakash/uppy/tree/debug_dropzone/examples/react?file=package.json&embed=1&view=editor&showSidebar=1&hideTerminal=1

  


**Update: Went for the ID based solution upon discussion with the team
as it's simpler.**
2025-09-17 10:39:57 +02:00
Michał Strzelec
48cfa09a44
Update translations for pl_PL.ts (#5969)
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
2025-09-16 17:19:29 +02:00
Murderlon
145ffe7442
Dot no crash process in upload-to-cdn if version already exists 2025-09-16 16:17:39 +02:00
github-actions[bot]
54ee01105d
[ci] release (#5939)
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/golden-retriever@5.1.0

### Minor Changes

- 6c0cbe6: Converted sw.js to sw.ts so that it can be transpiled, in the
build.

### Patch Changes

-   4b6a76c: added missing exports.
- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/angular@1.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/dashboard@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/audio@3.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/aws-s3@5.0.1

### Patch Changes

-   4b6a76c: added missing exports.
- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/utils@7.0.2

## @uppy/box@4.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/companion@6.0.2

### Patch Changes

- 7e5acf1: fix the server crashing due a malformed json in a websocket
message
- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.

## @uppy/companion-client@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/components@1.0.2

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
    -   @uppy/core@5.0.2
    -   @uppy/audio@3.0.1
    -   @uppy/image-editor@4.0.1
    -   @uppy/remote-sources@3.0.1
    -   @uppy/screen-capture@5.0.1
    -   @uppy/webcam@5.0.1

## @uppy/compressor@3.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/core@5.0.2

### Patch Changes

-   4b6a76c: added missing exports.
- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/utils@7.0.2

## @uppy/dashboard@5.0.2

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/provider-views@5.0.2
    -   @uppy/thumbnail-generator@5.0.1
    -   @uppy/utils@7.0.2

## @uppy/drag-drop@5.0.2

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/drop-target@4.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/dropbox@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/facebook@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/form@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/google-drive@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/google-drive-picker@1.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/google-photos-picker@1.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/image-editor@4.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/instagram@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/onedrive@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/provider-views@5.0.2

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/react@5.0.3

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/components@1.0.2
    -   @uppy/dashboard@5.0.2
    -   @uppy/screen-capture@5.0.1
    -   @uppy/utils@7.0.2
    -   @uppy/webcam@5.0.1

## @uppy/remote-sources@3.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
    -   @uppy/core@5.0.2
    -   @uppy/box@4.0.1
    -   @uppy/dashboard@5.0.2
    -   @uppy/dropbox@5.0.1
    -   @uppy/facebook@5.0.1
    -   @uppy/google-drive@5.0.1
    -   @uppy/instagram@5.0.1
    -   @uppy/onedrive@5.0.1
    -   @uppy/unsplash@5.0.1
    -   @uppy/url@5.0.1
    -   @uppy/zoom@4.0.1

## @uppy/screen-capture@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/status-bar@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/thumbnail-generator@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/transloadit@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/tus@5.0.1
    -   @uppy/utils@7.0.2

## @uppy/tus@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/utils@7.0.2

## @uppy/unsplash@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/url@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/utils@7.0.2

## @uppy/utils@7.0.2

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
- 9bac4c8: Fix `TypeError: Cannot use 'in' operator to search for
'draggable' in null`

## @uppy/vue@3.0.3

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   9f18ac7: Export UppyContext and UppyContextSymbol
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
    -   @uppy/core@5.0.2
    -   @uppy/components@1.0.2
    -   @uppy/dashboard@5.0.2

## @uppy/webcam@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/webdav@1.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## @uppy/xhr-upload@5.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/utils@7.0.2

## @uppy/zoom@4.0.1

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [9bac4c8]
    -   @uppy/core@5.0.2
    -   @uppy/companion-client@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/utils@7.0.2

## uppy@5.1.2

### Patch Changes

- 975317d: Removed "main" from package.json, since export maps serve as
the contract for the public API.
-   Updated dependencies [4b6a76c]
-   Updated dependencies [975317d]
-   Updated dependencies [6c0cbe6]
    -   @uppy/golden-retriever@5.1.0
    -   @uppy/aws-s3@5.0.1
    -   @uppy/core@5.0.2
    -   @uppy/audio@3.0.1
    -   @uppy/box@4.0.1
    -   @uppy/companion-client@5.0.1
    -   @uppy/compressor@3.0.1
    -   @uppy/dashboard@5.0.2
    -   @uppy/drag-drop@5.0.2
    -   @uppy/drop-target@4.0.1
    -   @uppy/dropbox@5.0.1
    -   @uppy/facebook@5.0.1
    -   @uppy/form@5.0.1
    -   @uppy/google-drive-picker@1.0.1
    -   @uppy/google-drive@5.0.1
    -   @uppy/google-photos-picker@1.0.1
    -   @uppy/image-editor@4.0.1
    -   @uppy/instagram@5.0.1
    -   @uppy/onedrive@5.0.1
    -   @uppy/provider-views@5.0.2
    -   @uppy/remote-sources@3.0.1
    -   @uppy/screen-capture@5.0.1
    -   @uppy/status-bar@5.0.1
    -   @uppy/thumbnail-generator@5.0.1
    -   @uppy/transloadit@5.0.1
    -   @uppy/tus@5.0.1
    -   @uppy/unsplash@5.0.1
    -   @uppy/url@5.0.1
    -   @uppy/webcam@5.0.1
    -   @uppy/webdav@1.0.1
    -   @uppy/xhr-upload@5.0.1
    -   @uppy/zoom@4.0.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2025-09-16 16:07:17 +02:00
Prakash
8cd3702104
Optmize Stackblitz install times (#5968)
StackBlitz examples took **146+ seconds** to start due to heavy dev
dependencies

### Optimizations
 
- Eliminate heavy dev deps like `playwright (~200MB)` `@vitest/browser`
`vitest`
- Aggressive install flags: `--prefer-offline --reporter=silent
--ignore-scripts --no-optional`
- use pnpm 
- Results **React example: 146s → ~25s (83% faster)**
2025-09-16 16:04:52 +02:00
Murderlon
6da212857c
Fix changeset 2025-09-16 15:55:19 +02:00
Mikael Finstad
9f18ac7a3a
Export UppyContext and UppyContextSymbol (#5966)
Fixes #5941

---------

Co-authored-by: Merlijn Vos <merlijn@soverin.net>
2025-09-16 12:01:56 +02:00
Prakash
923197ccec
@uppy/golden-retriever : emit "complete" on restore (#5956)
fixes #5929

---------

Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2025-09-14 14:49:18 +02:00
Mikael Finstad
9bac4c8398
chekc for body null (#5959)
fixes #5953

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
2025-09-11 23:14:24 +02:00
Mikael Finstad
a72af02b79
Update config.json (#5964)
- add example-nextjs and example-reactrouter to changeset ignore too
(examples aren't part of releases)
- also remove the salty-experts-yawn.md changeset because it's no longer
relevant

this should fix broken github actions build currently on `main`

see
https://github.com/transloadit/uppy/pull/5942#issuecomment-3282585747

---------

Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
2025-09-11 23:01:54 +02:00
Prakash
6c0cbe620f
@uppy/golden-retriever: fix service worker (#5963)
this fixes #5945
2025-09-11 22:00:14 +02:00
Copilot
84cf20ea4c
Add stability warning comment to SCSS source files (#5960)
Adds a stability warning comment to the top of all `src/style.scss`
files in the following Uppy packages to inform consumers that the source
code and variables are not part of the stable API:

- @uppy/audio
- @uppy/core
- @uppy/dashboard
- @uppy/drag-drop
- @uppy/drop-target
- @uppy/image-editor
- @uppy/provider-views
- @uppy/screen-capture
- @uppy/status-bar
- @uppy/url
- @uppy/webcam

The comment added is:
```scss
// NOTE TO CONSUMERS: The code and variables in these source files are not considered stable and can change at any time, even in minor and patch releases!
```

This warning helps clarify that while the compiled CSS output and public
APIs remain stable, the internal SCSS source files, variables, and
implementation details should not be relied upon by consumers as they
may change without notice in any release.

The changes are minimal and surgical - exactly one line added to the top
of each file with no other modifications to existing code.

<!-- START COPILOT CODING AGENT SUFFIX -->

*This pull request was created as a result of the following prompt from
Copilot chat.*
> Add the following comment at the very top of each src/style.scss file
in the following Uppy packages: @uppy/audio, @uppy/core,
@uppy/dashboard, @uppy/drag-drop, @uppy/drop-target, @uppy/image-editor,
@uppy/provider-views, @uppy/screen-capture, @uppy/status-bar, @uppy/url,
@uppy/webcam.
> 
> Comment to add:
> // NOTE TO CONSUMERS: The code and variables in these source files are
not considered stable and can change at any time, even in minor and
patch releases!
> 
> Ensure the comment is the first line in each file, above any existing
code or imports.

<!-- START COPILOT CODING AGENT TIPS -->
---

 Let Copilot coding agent [set things up for
you](https://github.com/transloadit/uppy/issues/new?title=+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
Co-authored-by: Prakash <qxprakash@gmail.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
2025-09-11 21:53:40 +02:00
dependabot[bot]
f5a3d37331
build(deps): bump form-data from 2.5.1 to 2.5.5 (#5913)
Bumps [form-data](https://github.com/form-data/form-data) from 2.5.1 to
2.5.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/releases">form-data's
releases</a>.</em></p>
<blockquote>
<h2>v2.5.2</h2>
<h3>Fixes</h3>
<ul>
<li><code>Buffer.from</code> and <code>Buffer.alloc</code> require node
4+</li>
<li>npmignore temporary build files (<a
href="https://redirect.github.com/form-data/form-data/issues/532">#532</a>)</li>
<li>move util.isArray to Array.isArray (<a
href="https://redirect.github.com/form-data/form-data/issues/564">#564</a>)</li>
</ul>
<h3>Tests</h3>
<ul>
<li>migrate from travis to GHA</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/form-data/form-data/blob/v2.5.5/CHANGELOG.md">form-data's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/form-data/form-data/compare/v2.5.4...v2.5.5">v2.5.5</a>
- 2025-07-18</h2>
<h3>Commits</h3>
<ul>
<li>[meta] actually ensure the readme backup isn’t published <a
href="10626c0a9b"><code>10626c0</code></a></li>
<li>[Fix] use proper dependency <a
href="026abe5c5c"><code>026abe5</code></a></li>
</ul>
<h2><a
href="https://github.com/form-data/form-data/compare/v2.5.3...v2.5.4">v2.5.4</a>
- 2025-07-17</h2>
<h3>Fixed</h3>
<ul>
<li>[Fix] <code>append</code>: avoid a crash on nullish values <a
href="https://redirect.github.com/form-data/form-data/issues/577"><code>[#577](https://github.com/form-data/form-data/issues/577)</code></a></li>
</ul>
<h3>Commits</h3>
<ul>
<li>[eslint] update linting config <a
href="8bf2492e05"><code>8bf2492</code></a></li>
<li>[meta] add <code>auto-changelog</code> <a
href="b5101ad3d5"><code>b5101ad</code></a></li>
<li>[Tests] handle predict-v8-randomness failures in node &lt; 17 and
node &gt; 23 <a
href="0e93122358"><code>0e93122</code></a></li>
<li>[Fix] Switch to using <code>crypto</code> random for boundary values
<a
href="b88316c94b"><code>b88316c</code></a></li>
<li>[Fix] validate boundary type in <code>setBoundary()</code> method <a
href="131ae5efa3"><code>131ae5e</code></a></li>
<li>[Tests] Switch to newer v8 prediction library; enable node 24
testing <a
href="c97cfbed9e"><code>c97cfbe</code></a></li>
<li>[Refactor] use <code>hasown</code> <a
href="97ac9c208b"><code>97ac9c2</code></a></li>
<li>[meta] remove local commit hooks <a
href="be99d4eea5"><code>be99d4e</code></a></li>
<li>[Dev Deps] remove unused deps <a
href="ddbc89b6d6"><code>ddbc89b</code></a></li>
<li>[meta] fix scripts to use prepublishOnly <a
href="e351a97e9f"><code>e351a97</code></a></li>
<li>[Dev Deps] remove unused script <a
href="8f23366484"><code>8f23366</code></a></li>
<li>[Dev Deps] add missing peer dep <a
href="02ff026fda"><code>02ff026</code></a></li>
<li>[meta] fix readme capitalization <a
href="2fd5f61ebf"><code>2fd5f61</code></a></li>
</ul>
<h2><a
href="https://github.com/form-data/form-data/compare/v2.5.2...v2.5.3">v2.5.3</a>
- 2025-02-14</h2>
<h3>Merged</h3>
<ul>
<li>[Fix] set <code>Symbol.toStringTag</code> when available <a
href="https://redirect.github.com/form-data/form-data/pull/573"><code>[#573](https://github.com/form-data/form-data/issues/573)</code></a></li>
</ul>
<h3>Fixed</h3>
<ul>
<li>[Fix] set <code>Symbol.toStringTag</code> when available (<a
href="https://redirect.github.com/form-data/form-data/issues/573">#573</a>)
<a
href="https://redirect.github.com/form-data/form-data/issues/396"><code>[#396](https://github.com/form-data/form-data/issues/396)</code></a></li>
</ul>
<h3>Commits</h3>
<ul>
<li>[Refactor] use <code>Object.prototype.hasOwnProperty.call</code> <a
href="6e682d4bd4"><code>6e682d4</code></a></li>
<li>[Dev Deps] update <code>@types/node</code>, <code>browserify</code>,
<code>coveralls</code>, <code>eslint</code>, <code>formidable</code>,
<code>in-publish</code>, <code>phantomjs-prebuilt</code>,
<code>pkgfiles</code>, <code>pre-commit</code>, <code>request</code>,
<code>tape</code>, <code>typescript</code> <a
href="819f6b7a54"><code>819f6b7</code></a></li>
<li>Only apps should have lockfiles <a
href="b170ee2b22"><code>b170ee2</code></a></li>
<li>[Deps] update <code>combined-stream</code>, <code>mime-types</code>
<a
href="6b1ca1dc73"><code>6b1ca1d</code></a></li>
<li>Bumped version 2.5.3 <a
href="9457283e1d"><code>9457283</code></a></li>
<li>[Dev Deps] pin <code>request</code> which via
<code>tough-cookie</code> ^2.4 depends on <code>psl</code> <a
href="9dbe192be3"><code>9dbe192</code></a></li>
</ul>
<h2><a
href="https://github.com/form-data/form-data/compare/v2.5.1...v2.5.2">v2.5.2</a>
- 2024-10-10</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="40de5a7420"><code>40de5a7</code></a>
v2.5.5</li>
<li><a
href="026abe5c5c"><code>026abe5</code></a>
[Fix] use proper dependency</li>
<li><a
href="10626c0a9b"><code>10626c0</code></a>
[meta] actually ensure the readme backup isn’t published</li>
<li><a
href="efe6c26931"><code>efe6c26</code></a>
v2.5.4</li>
<li><a
href="c97cfbed9e"><code>c97cfbe</code></a>
[Tests] Switch to newer v8 prediction library; enable node 24
testing</li>
<li><a
href="0e93122358"><code>0e93122</code></a>
[Tests] handle predict-v8-randomness failures in node &lt; 17 and node
&gt; 23</li>
<li><a
href="b88316c94b"><code>b88316c</code></a>
[Fix] Switch to using <code>crypto</code> random for boundary
values</li>
<li><a
href="b70869dad2"><code>b70869d</code></a>
[Fix] <code>append</code>: avoid a crash on nullish values</li>
<li><a
href="131ae5efa3"><code>131ae5e</code></a>
[Fix] validate boundary type in <code>setBoundary()</code> method</li>
<li><a
href="8bf2492e05"><code>8bf2492</code></a>
[eslint] update linting config</li>
<li>Additional commits viewable in <a
href="https://github.com/form-data/form-data/compare/v2.5.1...v2.5.5">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~ljharb">ljharb</a>, a new releaser for
form-data since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=form-data&package-manager=npm_and_yarn&previous-version=2.5.1&new-version=2.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-10 22:37:03 +02:00
Prakash
567be4efab
@uppy/examples: Add new examples (#5942)
Had to create a new PR since after the 5.0 merge, #5818 was throwing
errors.

## Examples Added

- **React Router v7**
- Uppy Dashboard with Tus, XHR, and Transloadit , tus server implemented
using react-router/express adapter , rest using regular resource routes
- This still doesn't have hot reloading in the dev server though , can
be added through nodemon

- **Next.js**
  - Uppy Dashboard with Tus, XHR, and Transloadit  

- **Angular**
  - Uppy Dashboard and Dashboard Modal with Tus
2025-09-10 21:46:19 +05:30
dependabot[bot]
fc3e483fcb
build(deps-dev): bump vite from 7.0.6 to 7.0.7 (#5962)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite)
from 7.0.6 to 7.0.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.7</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v7.0.7/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted --><a
href="https://github.com/vitejs/vite/compare/v7.0.6...v7.0.7">7.0.7</a>
(2025-09-08)<!-- raw HTML omitted --></h2>
<h3>Bug Fixes</h3>
<ul>
<li>apply <code>fs.strict</code> check to HTML files (<a
href="https://redirect.github.com/vitejs/vite/issues/20736">#20736</a>)
(<a
href="6f01ff4fe0">6f01ff4</a>)</li>
<li>upgrade sirv to 3.0.2 (<a
href="https://redirect.github.com/vitejs/vite/issues/20735">#20735</a>)
(<a
href="63e2a5d232">63e2a5d</a>)</li>
</ul>
<h3>Tests</h3>
<ul>
<li>detect ts support via <code>process.features</code> (<a
href="https://redirect.github.com/vitejs/vite/issues/20544">#20544</a>)
(<a
href="45fdb16581">45fdb16</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f88a1c0999"><code>f88a1c0</code></a>
release: v7.0.7</li>
<li><a
href="45fdb16581"><code>45fdb16</code></a>
test: detect ts support via <code>process.features</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544">#20544</a>)</li>
<li><a
href="63e2a5d232"><code>63e2a5d</code></a>
fix: upgrade sirv to 3.0.2 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735">#20735</a>)</li>
<li><a
href="6f01ff4fe0"><code>6f01ff4</code></a>
fix: apply <code>fs.strict</code> check to HTML files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736">#20736</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v7.0.7/packages/vite">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=7.0.6&new-version=7.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-10 15:30:59 +02:00
Prakash
4b6a76cbf4
add missing exports (#5952)
fixes #5940
2025-09-04 22:43:50 +05:30
Prakash
f997d8b401
Revert "add missing exports" (#5951)
Reverts transloadit/uppy#5944
2025-09-04 22:29:21 +05:30
Prakash
06f8382338
add missing exports (#5944)
fixes #5940
2025-09-04 22:24:49 +05:30
Prakash
975317dd17
remove main from package.json (#5950)
redo of #5943 , forgot to add changesets , reverted in #5949
2025-09-04 17:39:50 +05:30
Prakash
d65e6e4179
Revert "packages/@uppy/* : remove "main" from package.json (#5943)" (#5949)
This reverts commit 2117874073.
2025-09-04 17:26:34 +05:30
Prakash
2117874073
packages/@uppy/* : remove "main" from package.json (#5943)
- The blocker was `@uppy/angular` — its build was failing because it
could not resolve modules and types for its dependencies
(`@uppy/dashboard`, `@uppy/utils`, `@uppy/provider-views`,
`@uppy/core`).

```typescript
------------------------------------------------------------------------------
Building entry point '@uppy/angular'
------------------------------------------------------------------------------
✖ Compiling with Angular sources in Ivy partial compilation mode.
../dashboard/lib/Dashboard.d.ts:1:106 - error TS2307: Cannot find module '@uppy/core' or its corresponding type declarations.

1 import type { Body, DefinePluginOpts, Meta, State, UIPluginOptions, UnknownPlugin, Uppy, UppyFile } from '@uppy/core';
                                                                                                           ~~~~~~~~~~~~
../dashboard/lib/Dashboard.d.ts:2:26 - error TS2307: Cannot find module '@uppy/core' or its corresponding type declarations.

2 import { UIPlugin } from '@uppy/core';
                           ~~~~~~~~~~~~
../dashboard/lib/Dashboard.d.ts:3:35 - error TS2307: Cannot find module '@uppy/provider-views' or its corresponding type declarations.


```

Angular (TypeScript with moduleResolution: node) required a "main" or
"types" field in each dependency’s package.json, and ignored their
"exports" map.
2025-09-04 17:02:01 +05:30
Mikael Finstad
075636a3b3
remove react h (#5938)
it was added in #5935 but no explanation of why.

if you look at the build output of for example
`packages/@uppy/react/lib/headless/generated/Dropzone.js`:

```js
import { jsx as _jsx } from "react/jsx-runtime";
// This file was generated by build-components.mjs
// ANY EDITS WILL BE OVERWRITTEN!
import { Dropzone as PreactDropzone, } from '@uppy/components';
import { h as preactH, render as preactRender } from 'preact';
// biome-ignore lint/correctness/noUnusedImports: it's needed
import { createElement as h, useContext, useEffect, useRef } from 'react';
import { UppyContext } from '../UppyContextProvider.js';
export default function Dropzone(props) {
    const ref = useRef(null);
    const ctx = useContext(UppyContext);
    useEffect(() => {
        if (ref.current) {
            preactRender(preactH(PreactDropzone, {
                ...props,
                ctx,
            }), ref.current);
        }
    }, [ctx, props]);
    return _jsx("div", { ref: ref });
}
```

as can be seen there is no usage of `h`. `import { jsx as _jsx } from
"react/jsx-runtime";` is being injected for React JSX. see also
https://github.com/transloadit/uppy/pull/5896#issuecomment-3169210799
2025-08-29 16:24:16 +02:00