Mirrors/uppy
1
0
Fork 0
mirror of https://github.com/transloadit/uppy.git synced 2026-01-23 02:25:07 +00:00
Code Issues Projects Releases Wiki Activity
10454 commits 11 branches 4436 tags 447 MiB
Commit graph

10454 commits

This branch
This branch
All branches
Author SHA1 Message Date
Prakash
a25226aab2
Fix @uppy/examples (#6099) 
we forgot to update the examples after #5830
 2025-12-08 09:48:23 +01:00
Mikael Finstad
50e242098b
resolve folder inside shared drive (#6093) 
also ignore shortcuts to folders
and simplify

closes #6089

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
 2025-12-05 22:45:00 +07:00
Merlijn Vos
943ed7ad56
Upgrade playwright in all packages (#6086) 
To resolve security advisories. Should be merged after #6085 

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Upgrades Playwright to 1.57.0 across examples and packages, updating
corresponding yarn.lock entries.
> 
> - **Dependencies**:
> - Bump `playwright` to `1.57.0` in `examples/react/package.json`,
`examples/sveltekit/package.json`, `examples/vue/package.json`,
`packages/@uppy/dashboard/package.json`, and
`packages/@uppy/url/package.json`.
> - Update `yarn.lock` to `playwright@1.57.0` and
`playwright-core@1.57.0`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
fa35f7b7ea. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
 2025-12-05 10:27:58 +01:00
dependabot[bot]
78d0c28079
build(deps): bump jws from 3.2.2 to 3.2.3 (#6091) 
Bumps [jws](https://github.com/brianloveswords/node-jws) from 3.2.2 to
3.2.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/brianloveswords/node-jws/releases">jws's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.3</h2>
<h3>Changed</h3>
<ul>
<li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now
require
that a non empty secret is provided (via opts.secret, opts.privateKey or
opts.key)
when using HMAC algorithms.</li>
<li>Upgrading JWA version to 1.4.2, addressing a compatibility issue for
Node &gt;= 25.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/auth0/node-jws/blob/master/CHANGELOG.md">jws's
changelog</a>.</em></p>
<blockquote>
<h2>[3.2.3]</h2>
<h3>Changed</h3>
<ul>
<li>Fix advisory GHSA-869p-cjfg-cm3x: createSign and createVerify now
require
that a non empty secret is provided (via opts.secret, opts.privateKey or
opts.key)
when using HMAC algorithms.</li>
<li>Upgrading JWA version to 1.4.2, adressing a compatibility issue for
Node &gt;= 25.</li>
</ul>
<h2>[3.0.0]</h2>
<h3>Changed</h3>
<ul>
<li><strong>BREAKING</strong>: <code>jwt.verify</code> now requires an
<code>algorithm</code> parameter, and
<code>jws.createVerify</code> requires an <code>algorithm</code> option.
The <code>&quot;alg&quot;</code> field
signature headers is ignored. This mitigates a critical security flaw
in the library which would allow an attacker to generate signatures with
arbitrary contents that would be accepted by <code>jwt.verify</code>.
See
<a
href="https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/">https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/</a>
for details.</li>
</ul>
<h2><a
href="https://github.com/brianloveswords/node-jws/compare/v1.0.1...v2.0.0">2.0.0</a>
- 2015-01-30</h2>
<h3>Changed</h3>
<ul>
<li>
<p><strong>BREAKING</strong>: Default payload encoding changed from
<code>binary</code> to
<code>utf8</code>. <code>utf8</code> is a is a more sensible default
than <code>binary</code> because
many payloads, as far as I can tell, will contain user-facing
strings that could be in any language. (<!-- raw HTML omitted --><a
href="6b6de48">6b6de48</a><!--
raw HTML omitted -->)</p>
</li>
<li>
<p>Code reorganization, thanks <a
href="https://github.com/fearphage"><code>@​fearphage</code></a>! (<!--
raw HTML omitted --><a
href="7880050">7880050</a><!--
raw HTML omitted -->)</p>
</li>
</ul>
<h3>Added</h3>
<ul>
<li>Option in all relevant methods for <code>encoding</code>. For those
few users
that might be depending on a <code>binary</code> encoding of the
messages, this
is for them. (<!-- raw HTML omitted --><a
href="6b6de48">6b6de48</a><!--
raw HTML omitted -->)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4f6e73f24d"><code>4f6e73f</code></a>
Merge commit from fork</li>
<li><a
href="bd0fea57f3"><code>bd0fea5</code></a>
version 3.2.3</li>
<li><a
href="7c3b4b4110"><code>7c3b4b4</code></a>
Enhance tests for HMAC streaming sign and verify</li>
<li><a
href="a9b8ed999d"><code>a9b8ed9</code></a>
Improve secretOrKey initialization in VerifyStream</li>
<li><a
href="6707fde62c"><code>6707fde</code></a>
Improve secret handling in SignStream</li>
<li>See full diff in <a
href="https://github.com/brianloveswords/node-jws/compare/v3.2.2...v3.2.3">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~julien.wollscheid">julien.wollscheid</a>, a
new releaser for jws since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jws&package-manager=npm_and_yarn&previous-version=3.2.2&new-version=3.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-05 10:24:58 +01:00
Merlijn Vos
3c3034b408
Dedupe dependencies (#6085) 
With `yarn dedupe`. New type error surfaced due to new types getting
loaded.


<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Dedupes dependencies and updates code: aligns S3 presign tests with
checksum behavior, narrows HMAC key type, tweaks AudioOscilloscope
buffer typing, and simplifies Tus success logging.
> 
> - **AWS S3**:
> - Tests: add `requestChecksumCalculation` (from
`@aws-sdk/middleware-flexible-checksums`) to `S3Client` options to match
presign behavior.
> - Impl: change `generateHmacKey` signature to accept `string |
ArrayBuffer` (remove `Uint8Array`).
> - **Audio**:
> - `AudioOscilloscope`: change `dataArray` type to
`Uint8Array<ArrayBuffer>`.
> - **Tus**:
> - Simplify success log to `Download <url>` (remove file name
extraction).
> - **Dependencies**:
>   - Deduplicate/upgrade various packages in lockfile.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
5b95865a7c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
 2025-12-05 10:22:11 +01:00
github-actions[bot]
5c6337682e
[ci] release (#6087) 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/image-generator@1.0.0

### Major Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

### Patch Changes

-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1
    -   @uppy/transloadit@5.4.0

## @uppy/locales@5.1.0

### Minor Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

## @uppy/transloadit@5.4.0

### Minor Changes

-   5684efa: Export Assembly, AssemblyError, Client

## uppy@5.2.0

### Minor Changes

- 5684efa: Introduce @uppy/image-generator to generate images based on a
prompt using Transloadit

### Patch Changes

-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1
    -   @uppy/webdav@1.1.1
    -   @uppy/transloadit@5.4.0
    -   @uppy/image-generator@1.0.0
    -   @uppy/locales@5.1.0

## @uppy/provider-views@5.2.1

### Patch Changes

-   5684efa: Refactor internal components

## @uppy/webdav@1.1.1

### Patch Changes

-   5684efa: Refactor internal components
-   Updated dependencies [5684efa]
    -   @uppy/provider-views@5.2.1

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-12-04 12:19:08 +01:00
dependabot[bot]
e4558362b8
build(deps): bump next from 15.5.2 to 15.5.7 (#6088) 
Bumps [next](https://github.com/vercel/next.js) from 15.5.2 to 15.5.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v15.5.7</h2>
<p>Please see <a
href="https://nextjs.org/blog/CVE-2025-66478">CVE-2025-66478</a> for
additional details about this release.</p>
<h2>v15.5.6</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Turbopack: don't define process.cwd() in node_modules <a
href="https://redirect.github.com/vercel/next.js/issues/83452">#83452</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/mischnic"><code>@​mischnic</code></a> for
helping!</p>
<h2>v15.5.5</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Split code-frame into separate compiled package (<a
href="https://redirect.github.com/vercel/next.js/issues/84238">#84238</a>)</li>
<li>Add deprecation warning to Runtime config (<a
href="https://redirect.github.com/vercel/next.js/issues/84650">#84650</a>)</li>
<li>fix: unstable_cache should perform blocking revalidation during ISR
revalidation (<a
href="https://redirect.github.com/vercel/next.js/issues/84716">#84716</a>)</li>
<li>feat: <code>experimental.middlewareClientMaxBodySize</code> body
cloning limit (<a
href="https://redirect.github.com/vercel/next.js/issues/84722">#84722</a>)</li>
<li>fix: missing next/link types with typedRoutes (<a
href="https://redirect.github.com/vercel/next.js/issues/84779">#84779</a>)</li>
</ul>
<h3>Misc Changes</h3>
<ul>
<li>docs: early October improvements and fixes (<a
href="https://redirect.github.com/vercel/next.js/issues/84334">#84334</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/devjiwonchoi"><code>@​devjiwonchoi</code></a>,
<a href="https://github.com/ztanner"><code>@​ztanner</code></a>, and <a
href="https://github.com/icyJoseph"><code>@​icyJoseph</code></a> for
helping!</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3eaf68b09b"><code>3eaf68b</code></a>
v15.5.7</li>
<li><a
href="8367ce592a"><code>8367ce5</code></a>
update version script</li>
<li><a
href="9115040008"><code>9115040</code></a>
Update React Version for Next.js 15.5.7 (<a
href="https://redirect.github.com/vercel/next.js/issues/10">#10</a>)</li>
<li><a
href="96f699902a"><code>96f6999</code></a>
update tag</li>
<li><a
href="55ef0e3ebc"><code>55ef0e3</code></a>
v15.5.6</li>
<li><a
href="92bbbb1bec"><code>92bbbb1</code></a>
Backport: don't define <code>process.cwd()</code> in node_modules (<a
href="https://redirect.github.com/vercel/next.js/issues/84957">#84957</a>)</li>
<li><a
href="f895b72762"><code>f895b72</code></a>
Fix url-imports test on 15-5 (<a
href="https://redirect.github.com/vercel/next.js/issues/84966">#84966</a>)</li>
<li><a
href="81f530db26"><code>81f530d</code></a>
v15.5.5</li>
<li><a
href="9abbc0e9eb"><code>9abbc0e</code></a>
[backport] fix: missing <code>next/link</code> types with
<code>typedRoutes</code> (<a
href="https://redirect.github.com/vercel/next.js/issues/82814">#82814</a>)
(<a
href="https://redirect.github.com/vercel/next.js/issues/84779">#84779</a>)</li>
<li><a
href="121e1b566f"><code>121e1b5</code></a>
[backport] docs: early October improvements and fixes (<a
href="https://redirect.github.com/vercel/next.js/issues/84334">#84334</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v15.5.2...v15.5.7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=next&package-manager=npm_and_yarn&previous-version=15.5.2&new-version=15.5.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-04 10:20:54 +01:00
Merlijn Vos
5684efa64e
Introduce @uppy/image-generator (#6056) 
Closes #5378 

- Introduce `@uppy/image-generator`, a new plugin to generate images
based on a prompt via Transloadit
- until we have "golden templates" the idea is to just send
[steps](https://transloadit.com/docs/topics/templates/#overruling-templates-at-runtime)
- because we must send steps and since we must use signature
authentication for security, which is signed based on the params we
send, we can't reuse the `assemblyOptions` the consumers is already
passing to `@uppy/transloadit` (if they use that uploaders, not needed).
- Remove `SearchInput` (this component was trying to be too many things,
all with conditional boolean props, which is bad practise) in favor of
`useSearchForm` and reuse this hook in two new components `SearchView`
and `FilterInput`
- Reuse all the styles from `SearchProviderView`. This deviates from the
design in #5378. It felt too inconsistent to me to do another UI here
again. For the initial version, I think it's best to stay consistent and
then redesign with search providers taken into account too.
- Because the service is so slow, I went a bit further with the loading
state to show funny messages that rotate while loading mostly because
users will start thinking it is broken after 5 seconds while it fact we
are still loading. But open to ideas here.

This unfortunately means the integration for the consumer is not as lean
and pretty as you would hope. On the upside, it does give them complete
freedom.

```ts
.use(ImageGenerator, {
  assemblyOptions: async (prompt) => {
    const res = await fetch(`/assembly-options?prompt=${encodeURIComponent(prompt)}`)
    return res.json()
  }
})
```

on the consumer's server:

```ts
import crypto from 'node:crypto'

const utcDateString = (ms) => {
  return new Date(ms)
    .toISOString()
    .replace(/-/g, '/')
    .replace(/T/, ' ')
    .replace(/\.\d+Z$/, '+00:00')
}

// expire 1 hour from now (this must be milliseconds)
const expires = utcDateString(Date.now() + 1 * 60 * 60 * 1000)
const authKey = 'YOUR_TRANSLOADIT_KEY'
const authSecret = 'YOUR_TRANSLOADIT_SECRET'

const params = JSON.stringify({
  auth: {
    key: authKey,
    expires,
  },
  // can not contain any more steps, the only step must be /image/generate
  steps: {
    generated_image: { // can be named different
      robot: '/image/generate',
      result: true, // mandatory
      aspect_ratio: '2:3', // up to them
      model: 'flux-1.1-pro-ultra', // up to them
      prompt, // mandatory
      num_outputs: 2, // up to them
    },
  },
})
const signatureBytes = crypto.createHmac('sha384', authSecret).update(Buffer.from(params, 'utf-8'))
// The final signature needs the hash name in front, so
// the hashing algorithm can be updated in a backwards-compatible
// way when old algorithms become insecure.
const signature = `sha384:${signatureBytes.digest('hex')}`

// respond with { params, signature } JSON to the client
```


https://github.com/user-attachments/assets/9217e457-b38b-48ac-81f0-37a417309e98



<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds AI image generation plugin using Transloadit, exports low-level
Transloadit APIs, and replaces SearchInput with new
FilterInput/SearchView + useSearchForm across provider views.
> 
> - **New plugin: `@uppy/image-generator`**
> - UI plugin to generate images from a prompt via Transloadit
(`src/index.tsx`, styles, locale, build configs).
> - Integrated into dev Dashboard and included in `uppy` bundle and
global styles.
> - **Provider Views refactor**
> - Remove `SearchInput`; introduce `useSearchForm`, `SearchView`, and
`FilterInput` components.
> - Update `ProviderView`, `SearchProviderView`, and `Webdav` to use new
components; export them from `@uppy/provider-views`.
> - **Transloadit updates**
> - Export `Assembly`, `AssemblyError`, and `Client` from
`@uppy/transloadit`.
>   - Minor internal change: normalize `assemblyOptions.fields`.
> - **Locales**
> - Add strings for image generation and minor additions (e.g.,
`chooseFiles`).
>   - Ensure locales build depends on `@uppy/image-generator`.
> - **Build config**
> - Turborepo: add `uppy#build:css` and hook `image-generator` into
locales build.
> - **Changesets**
> - `@uppy/image-generator` major; `@uppy/transloadit` minor;
`@uppy/locales` and `uppy` minor; `@uppy/provider-views` and
`@uppy/webdav` patch.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
4b1b729069. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Prakash <qxprakash@gmail.com>
 2025-12-03 11:59:52 +01:00
Merlijn Vos
93ef1ba0e7
Resolve all angular yarn warnings (#6080) 
<!-- CURSOR_SUMMARY -->
> [!NOTE]
> Aligns Angular dependencies (including compiler-cli and animations) to
^19.2.17 in examples/angular and packages/@uppy/angular.
> 
> - **Dependencies**:
>   - `examples/angular/package.json`:
> - Bump `@angular/common`, `core`, `forms`, `platform-browser`,
`platform-browser-dynamic`, `router`, and `@angular/compiler-cli` to
`^19.2.17`.
>   - `packages/@uppy/angular/package.json`:
> - Bump `@angular/animations`, `common`, `compiler`, `core`, `forms`,
`platform-browser`, `platform-browser-dynamic`, `router` to `^19.2.17`.
>     - Update dev dependency `@angular/compiler-cli` to `^19.2.17`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
1af50119f0. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
 2025-12-03 10:54:21 +01:00
dependabot[bot]
28c27e875c
build(deps): bump validator from 13.15.20 to 13.15.22 (#6082) 
Bumps [validator](https://github.com/validatorjs/validator.js) from
13.15.20 to 13.15.22.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/validatorjs/validator.js/releases">validator's
releases</a>.</em></p>
<blockquote>
<h2>13.15.22</h2>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2622">#2622</a>
<code>isURL</code>: fix regression with hostnames with ports <a
href="https://github.com/mbtools"><code>@​mbtools</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2616">#2616</a>
<code>isLength</code>: improve handling Unicode variation selectors <a
href="https://github.com/koral"><code>@​koral</code></a>--</li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2621">#2621</a>
<a href="https://github.com/mbtools"><code>@​mbtools</code></a></li>
</ul>
</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/mbtools"><code>@​mbtools</code></a> made
their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2622">validatorjs/validator.js#2622</a></li>
<li><a href="https://github.com/koral"><code>@​koral</code></a>-- made
their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2616">validatorjs/validator.js#2616</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22">https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md">validator's
changelog</a>.</em></p>
<blockquote>
<h1>13.15.22</h1>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2622">#2622</a>
<code>isURL</code>: fix regression with hostnames with ports <a
href="https://github.com/mbtools"><code>@​mbtools</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2616">#2616</a>
<code>isLength</code>: improve handling Unicode variation selectors <a
href="https://github.com/koral"><code>@​koral</code></a>--</li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2621">#2621</a>
<a href="https://github.com/mbtools"><code>@​mbtools</code></a></li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f2b5c17dbe"><code>f2b5c17</code></a>
maintenance: 2511 release (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2627">#2627</a>)</li>
<li><a
href="d457ecaf55"><code>d457eca</code></a>
fix(isLength): correctly handle Unicode variation selectors (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2616">#2616</a>)</li>
<li><a
href="f2e3633f22"><code>f2e3633</code></a>
docs: add install instructions to contibution guide (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2621">#2621</a>)</li>
<li><a
href="cf401458b8"><code>cf40145</code></a>
fix: URL validation for hostnames with ports (no protocol) (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2622">#2622</a>)</li>
<li><a
href="4af61243ba"><code>4af6124</code></a>
maintenance: 2510 release (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2585">#2585</a>)</li>
<li>See full diff in <a
href="https://github.com/validatorjs/validator.js/compare/13.15.20...13.15.22">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~wikirik">wikirik</a>, a new releaser for
validator since your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validator&package-manager=npm_and_yarn&previous-version=13.15.20&new-version=13.15.22)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-03 10:50:49 +01:00
Merlijn Vos
32eb01e1b4
Remove output compare GitHub Action (#6081) 
This was nice when we were gradually migrating the codebase to
TypeScript so we could see if we changed a file from `.js` to `.ts` the
actual output remained the same, even when GitHub shows the entire diff
changed.

But now everything is TS and we aren't doing any JS to TS file changes
so we might as well remove this from CI.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Removes the `.github/workflows/e2e.yml` GitHub Actions job that
compared built `packages/@uppy/*/lib` outputs and posted diffs to PRs.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
f5d6a74970. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->
 2025-12-03 10:31:49 +01:00
github-actions[bot]
556e36de4c
[ci] release (#6060) 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/audio@3.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/aws-s3@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/box@4.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/compressor@3.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/core@5.2.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.
- 4817585: added icon to webdav provider, add css to truncate large file
names
-   Updated dependencies [ac12f35]
    -   @uppy/utils@7.1.4

## @uppy/dashboard@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- cc3ff31: Move golden retriever clear files logic to the restore
function. This prevents race condition bugs when storing state.
-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/thumbnail-generator@5.1.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/drag-drop@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/drop-target@4.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/dropbox@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/facebook@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/form@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/golden-retriever@5.2.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- cc3ff31: Move golden retriever clear files logic to the restore
function. This prevents race condition bugs when storing state.
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/google-drive@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/google-drive-picker@1.1.0

### Minor Changes

- e661348: Allow selecting folders with Google Drive Picker. They will
be recursively resolved.
- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/google-photos-picker@1.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/image-editor@4.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/instagram@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/onedrive@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/provider-views@5.2.0

### Minor Changes

- e661348: Allow selecting folders with Google Drive Picker. They will
be recursively resolved.
- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- 4817585: added icon to webdav provider, add css to truncate large file
names
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/remote-sources@3.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [cc3ff31]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/dashboard@5.1.0
    -   @uppy/google-drive@5.1.0
    -   @uppy/instagram@5.1.0
    -   @uppy/facebook@5.1.0
    -   @uppy/onedrive@5.1.0
    -   @uppy/unsplash@5.1.0
    -   @uppy/dropbox@5.1.0
    -   @uppy/core@5.2.0
    -   @uppy/zoom@4.1.0
    -   @uppy/box@4.1.0
    -   @uppy/url@5.1.0

## @uppy/screen-capture@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/status-bar@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/thumbnail-generator@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/transloadit@5.3.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/tus@5.1.0
    -   @uppy/utils@7.1.4

## @uppy/tus@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/unsplash@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/url@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/webcam@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/webdav@1.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/xhr-upload@5.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/zoom@4.1.0

### Minor Changes

- 79e6460: - Add PluginTypeRegistry and typed getPlugin overload in
@uppy/core
- Register plugin ids across packages so uppy.getPlugin('Dashboard' |
'Webcam') returns the concrete plugin type and removes the need to pass
generics in getPlugin()

### Patch Changes

-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/provider-views@5.2.0
    -   @uppy/core@5.2.0
    -   @uppy/utils@7.1.4

## @uppy/companion@6.2.1

### Patch Changes

- 4817585: added icon to webdav provider, add css to truncate large file
names

## @uppy/locales@5.0.1

### Patch Changes

-   c3c16ae: Improve zh-CN and zh-TW locale
-   8744c4d: Improve Dutch locale
-   Updated dependencies [ac12f35]
    -   @uppy/utils@7.1.4

## @uppy/utils@7.1.4

### Patch Changes

- ac12f35: Fix: Move completed uploads exclusion logic into uploaders.
This fixes the problem where postprocessors would not run for already
uploaded files.

## uppy@5.1.12

### Patch Changes

-   Updated dependencies [cc3ff31]
-   Updated dependencies [c3c16ae]
-   Updated dependencies [8744c4d]
-   Updated dependencies [e661348]
-   Updated dependencies [79e6460]
-   Updated dependencies [ac12f35]
-   Updated dependencies [4817585]
    -   @uppy/dashboard@5.1.0
    -   @uppy/golden-retriever@5.2.0
    -   @uppy/locales@5.0.1
    -   @uppy/provider-views@5.2.0
    -   @uppy/google-drive-picker@1.1.0
    -   @uppy/google-photos-picker@1.1.0
    -   @uppy/thumbnail-generator@5.1.0
    -   @uppy/remote-sources@3.1.0
    -   @uppy/screen-capture@5.1.0
    -   @uppy/google-drive@5.1.0
    -   @uppy/image-editor@4.1.0
    -   @uppy/drop-target@4.1.0
    -   @uppy/transloadit@5.3.0
    -   @uppy/compressor@3.1.0
    -   @uppy/status-bar@5.1.0
    -   @uppy/xhr-upload@5.1.0
    -   @uppy/drag-drop@5.1.0
    -   @uppy/instagram@5.1.0
    -   @uppy/facebook@5.1.0
    -   @uppy/onedrive@5.1.0
    -   @uppy/unsplash@5.1.0
    -   @uppy/dropbox@5.1.0
    -   @uppy/aws-s3@5.1.0
    -   @uppy/webcam@5.1.0
    -   @uppy/webdav@1.1.0
    -   @uppy/audio@3.1.0
    -   @uppy/core@5.2.0
    -   @uppy/form@5.1.0
    -   @uppy/zoom@4.1.0
    -   @uppy/box@4.1.0
    -   @uppy/tus@5.1.0
    -   @uppy/url@5.1.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-12-02 10:09:28 +01:00
dependabot[bot]
5b680f2f05
build(deps): bump body-parser from 1.20.3 to 1.20.4 (#6070) 
Bumps [body-parser](https://github.com/expressjs/body-parser) from
1.20.3 to 1.20.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/releases">body-parser's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.1</h2>
<h2>Important: Security</h2>
<ul>
<li>Security fix for <a
href="https://www.cve.org/CVERecord?id=CVE-2025-13466">CVE-2025-13466</a>
(<a
href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>ci: add dependabot by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/593">expressjs/body-parser#593</a></li>
<li>ci: use full SHAs for github action versions by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/594">expressjs/body-parser#594</a></li>
<li>deps: type-is@^2.0.1 by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/599">expressjs/body-parser#599</a></li>
<li>build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/609">expressjs/body-parser#609</a></li>
<li>build(deps): bump github/codeql-action from 3.28.13 to 3.28.15 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/610">expressjs/body-parser#610</a></li>
<li>build(deps-dev): bump eslint-plugin-promise from 6.1.1 to 6.6.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/611">expressjs/body-parser#611</a></li>
<li>build(deps-dev): bump eslint-plugin-import from 2.27.5 to 2.31.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/613">expressjs/body-parser#613</a></li>
<li>build(deps-dev): bump eslint-plugin-markdown from 3.0.0 to 3.0.1 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/612">expressjs/body-parser#612</a></li>
<li>ci: add codeql github workflows scanning by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/614">expressjs/body-parser#614</a></li>
<li>ci: update CodeQL config to ignore the test directory by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/615">expressjs/body-parser#615</a></li>
<li>build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/620">expressjs/body-parser#620</a></li>
<li>build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/619">expressjs/body-parser#619</a></li>
<li>chore(deps): unpin devDependencies by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/616">expressjs/body-parser#616</a></li>
<li>ci: add node.js 24 to test matrix by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/621">expressjs/body-parser#621</a></li>
<li>build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/623">expressjs/body-parser#623</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/624">expressjs/body-parser#624</a></li>
<li>chore: add funding to package.json by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/617">expressjs/body-parser#617</a></li>
<li>build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/625">expressjs/body-parser#625</a></li>
<li>build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/630">expressjs/body-parser#630</a></li>
<li>refactor: move common request validation to read function by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/600">expressjs/body-parser#600</a></li>
<li>deps: bump iconv-lite by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/631">expressjs/body-parser#631</a></li>
<li>doc: pull beta changelog forward into 2.0.0 by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/body-parser/pull/629">expressjs/body-parser#629</a></li>
<li>refactor: optimize raw and text parsers with shared passthrough
function by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/634">expressjs/body-parser#634</a></li>
<li>build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/640">expressjs/body-parser#640</a></li>
<li>build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/639">expressjs/body-parser#639</a></li>
<li>build(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/636">expressjs/body-parser#636</a></li>
<li>build(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/637">expressjs/body-parser#637</a></li>
<li>build(deps): bump github/codeql-action from 3.29.7 to 3.30.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/638">expressjs/body-parser#638</a></li>
<li>deps: raw-body@^3.0.1 by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/641">expressjs/body-parser#641</a></li>
<li>deps: debug@^4.4.3 by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/642">expressjs/body-parser#642</a></li>
<li>docs: add iconv-lite 0.7.0 changes to history entry by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/645">expressjs/body-parser#645</a></li>
<li>ci: add node.js 25 to test matrix by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/650">expressjs/body-parser#650</a></li>
<li>perf: move read options outside parser middlewares by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/648">expressjs/body-parser#648</a></li>
<li>test(json): add RFC 7159 whitespace edge cases by <a
href="https://github.com/Ayoub-Mabrouk"><code>@​Ayoub-Mabrouk</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/653">expressjs/body-parser#653</a></li>
<li>test: add test for urlencoded invalid defaultCharset by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/643">expressjs/body-parser#643</a></li>
<li>build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/657">expressjs/body-parser#657</a></li>
<li>build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/656">expressjs/body-parser#656</a></li>
<li>build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/655">expressjs/body-parser#655</a></li>
<li>build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/654">expressjs/body-parser#654</a></li>
<li>ci: also test on first supported node.js version by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/646">expressjs/body-parser#646</a></li>
<li>chore: switch badges from badgen.net to shields.io by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/661">expressjs/body-parser#661</a></li>
<li>Remove history.md from being packaged on publish by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/body-parser/pull/660">expressjs/body-parser#660</a></li>
<li>Release: 2.2.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/body-parser/pull/659">expressjs/body-parser#659</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/body-parser/blob/master/HISTORY.md">body-parser's
changelog</a>.</em></p>
<blockquote>
<h1>2.2.1 / 2025-11-24</h1>
<ul>
<li>Security fix for <a
href="https://github.com/expressjs/body-parser/security/advisories/GHSA-wqch-xfxh-vrr4">GHSA-wqch-xfxh-vrr4</a></li>
<li>deps:
<ul>
<li>type-is@^2.0.1</li>
<li>iconv-lite@^0.7.0
<ul>
<li>Handle split surrogate pairs when encoding UTF-8</li>
<li>Avoid false positives in <code>encodingExists</code> by using
prototype-less objects</li>
</ul>
</li>
<li>raw-body@^3.0.1</li>
<li>debug@^4.4.3</li>
</ul>
</li>
</ul>
<h1>2.2.0 / 2025-03-27</h1>
<ul>
<li>refactor: normalize common options for all parsers</li>
<li>deps:
<ul>
<li>iconv-lite@^0.6.3</li>
</ul>
</li>
</ul>
<h1>2.1.0 / 2025-02-10</h1>
<ul>
<li>deps:
<ul>
<li>type-is@^2.0.0</li>
<li>debug@^4.4.0</li>
<li>Removed destroy</li>
</ul>
</li>
<li>refactor: prefix built-in node module imports</li>
<li>use the node require cache instead of custom caching</li>
</ul>
<h1>2.0.2 / 2024-10-31</h1>
<ul>
<li>remove <code>unpipe</code> package and use native
<code>unpipe()</code> method</li>
</ul>
<h1>2.0.1 / 2024-09-10</h1>
<ul>
<li>Restore expected behavior <code>extended</code> to
<code>false</code></li>
</ul>
<h1>2.0.0 / 2024-09-10</h1>
<h2>Breaking Changes</h2>
<ul>
<li>Node.js 18 is the minimum supported version</li>
<li><code>req.body</code> is no longer always initialized to
<code>{}</code>
<ul>
<li>it is left <code>undefined</code> unless a body is parsed</li>
</ul>
</li>
<li>Remove deprecated <code>bodyParser()</code> combination
middleware</li>
<li><del><code>urlencoded</code> parser now defaults
<code>extended</code> to <code>false</code></del> as released, this is
not the case, fixed in 2.0.1</li>
<li><code>urlencoded</code> simple parser now uses <code>qs</code>
module instead of <code>querystring</code> module</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d96b63da8d"><code>d96b63d</code></a>
2.2.1 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/659">#659</a>)</li>
<li><a
href="b204886a67"><code>b204886</code></a>
sec: security patch for CVE-2025-13466</li>
<li><a
href="e20e3512e0"><code>e20e351</code></a>
feat: remove <code>history.md</code> from being packaged on publish (<a
href="https://redirect.github.com/expressjs/body-parser/issues/660">#660</a>)</li>
<li><a
href="0d7ce71c84"><code>0d7ce71</code></a>
docs: switch badges from badgen.net to shields.io (<a
href="https://redirect.github.com/expressjs/body-parser/issues/661">#661</a>)</li>
<li><a
href="168afff347"><code>168afff</code></a>
ci: also test on first supported node.js version (<a
href="https://redirect.github.com/expressjs/body-parser/issues/646">#646</a>)</li>
<li><a
href="e539a7121d"><code>e539a71</code></a>
build(deps): bump actions/setup-node from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/654">#654</a>)</li>
<li><a
href="939161277a"><code>9391612</code></a>
build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/655">#655</a>)</li>
<li><a
href="57baafb3bb"><code>57baafb</code></a>
build(deps): bump github/codeql-action from 3.30.5 to 4.31.2 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/656">#656</a>)</li>
<li><a
href="a6a088e088"><code>a6a088e</code></a>
build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 (<a
href="https://redirect.github.com/expressjs/body-parser/issues/657">#657</a>)</li>
<li><a
href="10a114d55d"><code>10a114d</code></a>
test: add test for urlencoded invalid defaultCharset (<a
href="https://redirect.github.com/expressjs/body-parser/issues/643">#643</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/body-parser/compare/1.20.3...v2.2.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=body-parser&package-manager=npm_and_yarn&previous-version=1.20.3&new-version=2.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 09:55:11 +01:00
dependabot[bot]
39b82fd231
build(deps): bump express from 4.19.2 to 4.22.0 (#6079) 
Bumps [express](https://github.com/expressjs/express) from 4.19.2 to
4.22.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases">express's
releases</a>.</em></p>
<blockquote>
<h2>4.22.0</h2>
<h2>Important: Security</h2>
<ul>
<li>Security fix for <a
href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a>
(<a
href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Refactor: improve readability by <a
href="https://github.com/sazk07"><code>@​sazk07</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6190">expressjs/express#6190</a></li>
<li>ci: add support for Node.js@23.0 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6080">expressjs/express#6080</a></li>
<li>Method functions with no path should error by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5957">expressjs/express#5957</a></li>
<li>ci: updated github actions ci workflow by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6323">expressjs/express#6323</a></li>
<li>ci: reorder <code>npm i</code> steps to fix ci for older node
versions by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6336">expressjs/express#6336</a></li>
<li>Backport: ci: add node.js 24 to test matrix by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6506">expressjs/express#6506</a></li>
<li>chore(4.x): wider range for query test skip by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6513">expressjs/express#6513</a></li>
<li>use tilde notation for certain dependencies by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6905">expressjs/express#6905</a></li>
<li>deps: qs@6.14.0 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6909">expressjs/express#6909</a></li>
<li>deps: use tilde notation for <code>qs</code> by <a
href="https://github.com/Phillip9587"><code>@​Phillip9587</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6919">expressjs/express#6919</a></li>
<li>Release: 4.22.0 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6921">expressjs/express#6921</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.2...4.22.0">https://github.com/expressjs/express/compare/4.21.2...4.22.0</a></p>
<h2>4.21.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Add funding field (v4) by <a
href="https://github.com/bjohansebas"><code>@​bjohansebas</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/6065">expressjs/express#6065</a></li>
<li>deps: path-to-regexp@0.1.11 by <a
href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5956">expressjs/express#5956</a></li>
<li>deps: bump path-to-regexp@0.1.12 by <a
href="https://github.com/jonchurch"><code>@​jonchurch</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6209">expressjs/express#6209</a></li>
<li>Release: 4.21.2 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6094">expressjs/express#6094</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.1...4.21.2">https://github.com/expressjs/express/compare/4.21.1...4.21.2</a></p>
<h2>4.21.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Backport a fix for CVE-2024-47764 to the 4.x branch by <a
href="https://github.com/joshbuker"><code>@​joshbuker</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/6029">expressjs/express#6029</a></li>
<li>Release: 4.21.1 by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/6031">expressjs/express#6031</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.21.0...4.21.1">https://github.com/expressjs/express/compare/4.21.0...4.21.1</a></p>
<h2>4.21.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Deprecate <code>&quot;back&quot;</code> magic string in redirects by
<a href="https://github.com/blakeembrey"><code>@​blakeembrey</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5935">expressjs/express#5935</a></li>
<li>finalhandler@1.3.1 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5954">expressjs/express#5954</a></li>
<li>fix(deps): serve-static@1.16.2 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5951">expressjs/express#5951</a></li>
<li>Upgraded dependency qs to 6.13.0 to match qs in body-parser by <a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/agadzinski93"><code>@​agadzinski93</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5946">expressjs/express#5946</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/4.22.0/History.md">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.22.0 / 2025-12-01</h1>
<ul>
<li>Security fix for <a
href="https://www.cve.org/CVERecord?id=CVE-2024-51999">CVE-2024-51999</a>
(<a
href="https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6">GHSA-pj86-cfqh-vqx6</a>)</li>
<li>deps: use tilde notation for dependencies</li>
<li>deps: qs@6.14.0</li>
</ul>
<h1>4.21.2 / 2024-11-06</h1>
<ul>
<li>deps: path-to-regexp@0.1.12
<ul>
<li>Fix backtracking protection</li>
</ul>
</li>
<li>deps: path-to-regexp@0.1.11
<ul>
<li>Throws an error on invalid path values</li>
</ul>
</li>
</ul>
<h1>4.21.1 / 2024-10-08</h1>
<ul>
<li>Backported a fix for <a
href="https://nvd.nist.gov/vuln/detail/CVE-2024-47764">CVE-2024-47764</a></li>
</ul>
<h1>4.21.0 / 2024-09-11</h1>
<ul>
<li>Deprecate <code>res.location(&quot;back&quot;)</code> and
<code>res.redirect(&quot;back&quot;)</code> magic string</li>
<li>deps: serve-static@1.16.2
<ul>
<li>includes send@0.19.0</li>
</ul>
</li>
<li>deps: finalhandler@1.3.1</li>
<li>deps: qs@6.13.0</li>
</ul>
<h1>4.20.0 / 2024-09-10</h1>
<ul>
<li>deps: serve-static@0.16.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: send@0.19.0
<ul>
<li>Remove link renderization in html while redirecting</li>
</ul>
</li>
<li>deps: body-parser@0.6.0
<ul>
<li>add <code>depth</code> option to customize the depth level in the
parser</li>
<li>IMPORTANT: The default <code>depth</code> level for parsing
URL-encoded data is now <code>32</code> (previously was
<code>Infinity</code>)</li>
</ul>
</li>
<li>Remove link renderization in html while using
<code>res.redirect</code></li>
<li>deps: path-to-regexp@0.1.10
<ul>
<li>Adds support for named matching groups in the routes using a
regex</li>
<li>Adds backtracking protection to parameters without regexes
defined</li>
</ul>
</li>
<li>deps: encodeurl@~2.0.0
<ul>
<li>Removes encoding of <code>\</code>, <code>|</code>, and
<code>^</code> to align better with URL spec</li>
</ul>
</li>
<li>Deprecate passing <code>options.maxAge</code> and
<code>options.expires</code> to <code>res.clearCookie</code>
<ul>
<li>Will be ignored in v5, clearCookie will set a cookie with an expires
in the past to instruct clients to delete the cookie</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="49744abd11"><code>49744ab</code></a>
4.22.0 (<a
href="https://redirect.github.com/expressjs/express/issues/6921">#6921</a>)</li>
<li><a
href="6e97452f60"><code>6e97452</code></a>
sec: security patch for CVE-2024-51999</li>
<li><a
href="6a23d34d65"><code>6a23d34</code></a>
deps: use tilde notation for <code>qs</code> (<a
href="https://redirect.github.com/expressjs/express/issues/6919">#6919</a>)</li>
<li><a
href="8c12cdf93b"><code>8c12cdf</code></a>
deps: qs@6.14.0 (<a
href="https://redirect.github.com/expressjs/express/issues/6909">#6909</a>)</li>
<li><a
href="7fea74fcf0"><code>7fea74f</code></a>
deps: use tilde notation for certain dependencies (<a
href="https://redirect.github.com/expressjs/express/issues/6905">#6905</a>)</li>
<li><a
href="dac7a0475a"><code>dac7a04</code></a>
chore: wider range for query test skip (<a
href="https://redirect.github.com/expressjs/express/issues/6513">#6513</a>)</li>
<li><a
href="997919b488"><code>997919b</code></a>
ci: add node.js 24 to test matrix (<a
href="https://redirect.github.com/expressjs/express/issues/6506">#6506</a>)</li>
<li><a
href="36fb59c6c7"><code>36fb59c</code></a>
fix(ci): reorder <code>npm i</code> steps to fix ci for older node
versions (<a
href="https://redirect.github.com/expressjs/express/issues/6336">#6336</a>)</li>
<li><a
href="3a5edfaff0"><code>3a5edfa</code></a>
fix(ci): updated github actions ci workflow (<a
href="https://redirect.github.com/expressjs/express/issues/6323">#6323</a>)</li>
<li><a
href="52d978119a"><code>52d9781</code></a>
fix(test): add test for method routes without paths <a
href="https://redirect.github.com/expressjs/express/issues/5955">#5955</a></li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.19.2...4.22.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=express&package-manager=npm_and_yarn&previous-version=4.19.2&new-version=4.22.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 09:46:06 +01:00
dependabot[bot]
21a8f1a467
build(deps): bump @angular/common from 19.2.14 to 19.2.16 (#6072) 
Bumps
[@angular/common](https://github.com/angular/angular/tree/HEAD/packages/common)
from 19.2.14 to 19.2.16.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/releases"><code>@​angular/common</code>'s
releases</a>.</em></p>
<blockquote>
<h2>19.2.16</h2>
<h3>http</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="05fe6686a9"><img
src="https://img.shields.io/badge/05fe6686a9-fix-green" alt="fix -
05fe6686a9" /></a></td>
<td>prevent XSRF token leakage to protocol-relative URLs</td>
</tr>
</tbody>
</table>
<h2>19.2.15</h2>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="70d0639bc1"><img
src="https://img.shields.io/badge/70d0639bc1-fix-green" alt="fix -
70d0639bc1" /></a></td>
<td>introduce <code>BootstrapContext</code> for improved server
bootstrapping (<a
href="https://github.com/angular/angular/tree/HEAD/packages/common/issues/63639">#63639</a>)</td>
</tr>
</tbody>
</table>
<h2>Breaking Changes</h2>
<h3>core</h3>
<ul>
<li>
<p>The server-side bootstrapping process has been changed to eliminate
the reliance on a global platform injector.</p>
<p>Before:</p>
<pre lang="ts"><code>const bootstrap = () =&gt;
bootstrapApplication(AppComponent, config);
</code></pre>
<p>After:</p>
<pre lang="ts"><code>const bootstrap = (context: BootstrapContext) =&gt;
  bootstrapApplication(AppComponent, config, context);
</code></pre>
<p>A schematic is provided to automatically update
<code>main.server.ts</code> files to pass the
<code>BootstrapContext</code> to the <code>bootstrapApplication</code>
call.</p>
<p>In addition, <code>getPlatform()</code> and
<code>destroyPlatform()</code> will now return <code>null</code> and be
a no-op respectively when running in a server environment.</p>
</li>
</ul>
<p>For more information please see: <a
href="https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7">https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@​angular/common</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>19.2.16 (2025-11-26)</h1>
<h3>http</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="05fe6686a9">05fe6686a9</a></td>
<td>fix</td>
<td>prevent XSRF token leakage to protocol-relative URLs</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.1.0-next.0 (2025-11-25)</h1>
<h3>platform-browser</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="ec9dc94cee">ec9dc94cee</a></td>
<td>feat</td>
<td>add <code>context</code> to <code>createApplication</code></td>
</tr>
<tr>
<td><a
href="ab67988d2e">ab67988d2e</a></td>
<td>feat</td>
<td>resolve JIT resources in <code>createApplication</code></td>
</tr>
</tbody>
</table>
<h3>router</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="a03c82564d">a03c82564d</a></td>
<td>feat</td>
<td>Add scroll behavior controls on router navigation</td>
</tr>
<tr>
<td><a
href="c25d749d85">c25d749d85</a></td>
<td>feat</td>
<td>Execute RunGuardsAndResolvers function in injection context</td>
</tr>
<tr>
<td><a
href="c84d372778">c84d372778</a></td>
<td>feat</td>
<td>Support wildcard params with segments trailing (<a
href="https://redirect.github.com/angular/angular/pull/64737">#64737</a>)</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>20.3.14 (2025-11-25)</h1>
<h3>http</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="0276479e7d">0276479e7d</a></td>
<td>fix</td>
<td>prevent XSRF token leakage to protocol-relative URLs</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.0.1 (2025-11-25)</h1>
<h3>compiler-cli</h3>
<p>| Commit | Type | Description |</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="05fe6686a9"><code>05fe668</code></a>
fix(http): prevent XSRF token leakage to protocol-relative URLs</li>
<li>See full diff in <a
href="https://github.com/angular/angular/commits/19.2.16/packages/common">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/common&package-manager=npm_and_yarn&previous-version=19.2.14&new-version=19.2.16)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 09:45:53 +01:00
dependabot[bot]
d2637e4d3b
build(deps): bump validator from 13.12.0 to 13.15.20 (#6041) 
Bumps [validator](https://github.com/validatorjs/validator.js) from
13.12.0 to 13.15.20.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/validatorjs/validator.js/releases">validator's
releases</a>.</em></p>
<blockquote>
<h2>13.15.20</h2>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a>
<code>isMobilePhone</code>: add <code>ar-QA</code> locale <a
href="https://github.com/WardKhaddour"><code>@​WardKhaddour</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a>
<code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales
(<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>,
<code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>,
<code>or-IN</code>) <a
href="https://github.com/avadootharajesh"><code>@​avadootharajesh</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a>
<code>isBase64</code>: improve padding regex <a
href="https://github.com/KrayzeeKev"><code>@​KrayzeeKev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a>
<code>isVAT</code>: improve <code>FR</code> locale <a
href="https://github.com/iamAmer"><code>@​iamAmer</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a>
<code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200
<a href="https://github.com/theofidry"><code>@​theofidry</code></a></li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a>
<a href="https://github.com/stoneLeaf"><code>@​stoneLeaf</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a>
<a
href="https://github.com/camillobruni"><code>@​camillobruni</code></a></li>
</ul>
</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/stoneLeaf"><code>@​stoneLeaf</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2563">validatorjs/validator.js#2563</a></li>
<li><a
href="https://github.com/WardKhaddour"><code>@​WardKhaddour</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2556">validatorjs/validator.js#2556</a></li>
<li><a
href="https://github.com/avadootharajesh"><code>@​avadootharajesh</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2576">validatorjs/validator.js#2576</a></li>
<li><a
href="https://github.com/KrayzeeKev"><code>@​KrayzeeKev</code></a> made
their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2574">validatorjs/validator.js#2574</a></li>
<li><a href="https://github.com/iamAmer"><code>@​iamAmer</code></a> made
their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2584">validatorjs/validator.js#2584</a></li>
<li><a
href="https://github.com/camillobruni"><code>@​camillobruni</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2581">validatorjs/validator.js#2581</a></li>
<li><a href="https://github.com/theofidry"><code>@​theofidry</code></a>
made their first contribution in <a
href="https://redirect.github.com/validatorjs/validator.js/pull/2608">validatorjs/validator.js#2608</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20">https://github.com/validatorjs/validator.js/compare/13.15.15...13.15.20</a></p>
<h2>13.15.15</h2>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><code>isMobilePhone</code>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a>
improve <code>el-CY</code> locale <a
href="https://github.com/rezk2ll"><code>@​rezk2ll</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a>
improve <code>pt-AO</code> locale <a
href="https://github.com/renaldodev"><code>@​renaldodev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a>
improve <code>ar-OM</code> locale <a
href="https://github.com/tomcastro"><code>@​tomcastro</code></a></li>
</ul>
</li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a>
<code>isIP</code>: allow usage of option object <a
href="https://github.com/pixelbucket-dev"><code>@​pixelbucket-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a>
<code>isPassportNumber</code>: improve <code>CA</code> locale <a
href="https://github.com/evanbechtol"><code>@​evanbechtol</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a>
<code>isBase64</code>: improve validation based on RFC4648 <a
href="https://github.com/aseyfpour"><code>@​aseyfpour</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a>
<code>isPostalCode</code>: improve <code>FR</code> locale <a
href="https://github.com/Rajput-Balram"><code>@​Rajput-Balram</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a>
<code>isBefore</code>: allow usage of option object <a
href="https://github.com/pixelbucket-dev"><code>@​pixelbucket-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a>
<code>isRgbColor</code>: allow second digit in rgba alpha value <a
href="https://github.com/controlol"><code>@​controlol</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a>
<code>isIP</code>: improve IPv6 regex <a
href="https://github.com/ShreySinha02"><code>@​ShreySinha02</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a>
<code>isPostalCode</code>: add <code>PK</code> locale <a
href="https://github.com/mateeni-dev"><code>@​mateeni-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a>
<code>isPostalCode</code>: improve <code>TW</code> locale <a
href="https://github.com/Crocsx"><code>@​Crocsx</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a>
<code>isPassportNumber</code>: improve <code>US</code> locale <a
href="https://github.com/yitzchak-schechter"><code>@​yitzchak-schechter</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a>
<code>isUUID</code>: add <code>loose</code> option <a
href="https://github.com/bc-m"><code>@​bc-m</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a>
<code>isPostalCode</code>: add <code>BD</code> locale <a
href="https://github.com/tanvirrb"><code>@​tanvirrb</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a>
<code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a
href="https://github.com/castrosu"><code>@​castrosu</code></a></li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a>
<a
href="https://github.com/EmersonRabelo"><code>@​EmersonRabelo</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a>
<a href="https://github.com/sgress454"><code>@​sgress454</code></a></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/validatorjs/validator.js/blob/master/CHANGELOG.md">validator's
changelog</a>.</em></p>
<blockquote>
<h1>13.15.20</h1>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2556">#2556</a>
<code>isMobilePhone</code>: add <code>ar-QA</code> locale <a
href="https://github.com/WardKhaddour"><code>@​WardKhaddour</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2576">#2576</a>
<code>isAlpha</code>/<code>isAlphanuneric</code>: add Indic locales
(<code>ta-IN</code>, <code>te-IN</code>, <code>kn-IN</code>,
<code>ml-IN</code>, <code>gu-IN</code>, <code>pa-IN</code>,
<code>or-IN</code>) <a
href="https://github.com/avadootharajesh"><code>@​avadootharajesh</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2574">#2574</a>
<code>isBase64</code>: improve padding regex <a
href="https://github.com/KrayzeeKev"><code>@​KrayzeeKev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2584">#2584</a>
<code>isVAT</code>: improve <code>FR</code> locale <a
href="https://github.com/iamAmer"><code>@​iamAmer</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2608">#2608</a>
<code>isURL</code>: improve protocol detection. Resolves CVE-2025-56200
<a href="https://github.com/theofidry"><code>@​theofidry</code></a></li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2563">#2563</a>
<a href="https://github.com/stoneLeaf"><code>@​stoneLeaf</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2581">#2581</a>
<a
href="https://github.com/camillobruni"><code>@​camillobruni</code></a></li>
</ul>
</li>
</ul>
<h1>13.15.15</h1>
<h3>Fixes, New Locales and Enhancements</h3>
<ul>
<li><code>isMobilePhone</code>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2514">#2514</a>
improve <code>el-CY</code> locale <a
href="https://github.com/rezk2ll"><code>@​rezk2ll</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2512">#2512</a>
improve <code>pt-AO</code> locale <a
href="https://github.com/renaldodev"><code>@​renaldodev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2502">#2502</a>
improve <code>ar-OM</code> locale <a
href="https://github.com/tomcastro"><code>@​tomcastro</code></a></li>
</ul>
</li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2089">#2089</a>
<code>isIP</code>: allow usage of option object <a
href="https://github.com/pixelbucket-dev"><code>@​pixelbucket-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2526">#2526</a>
<code>isPassportNumber</code>: improve <code>CA</code> locale <a
href="https://github.com/evanbechtol"><code>@​evanbechtol</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2491">#2491</a>
<code>isBase64</code>: improve validation based on RFC4648 <a
href="https://github.com/aseyfpour"><code>@​aseyfpour</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2479">#2479</a>
<code>isPostalCode</code>: improve <code>FR</code> locale <a
href="https://github.com/Rajput-Balram"><code>@​Rajput-Balram</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2088">#2088</a>
<code>isBefore</code>: allow usage of option object <a
href="https://github.com/pixelbucket-dev"><code>@​pixelbucket-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2346">#2346</a>
<code>isRgbColor</code>: allow second digit in rgba alpha value <a
href="https://github.com/controlol"><code>@​controlol</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2453">#2453</a>
<code>isIP</code>: improve IPv6 regex <a
href="https://github.com/ShreySinha02"><code>@​ShreySinha02</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2052">#2052</a>
<code>isPostalCode</code>: add <code>PK</code> locale <a
href="https://github.com/mateeni-dev"><code>@​mateeni-dev</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2529">#2529</a>
<code>isPostalCode</code>: improve <code>TW</code> locale <a
href="https://github.com/Crocsx"><code>@​Crocsx</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2550">#2550</a>
<code>isPassportNumber</code>: improve <code>US</code> locale <a
href="https://github.com/yitzchak-schechter"><code>@​yitzchak-schechter</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2553">#2553</a>
<code>isUUID</code>: add <code>loose</code> option <a
href="https://github.com/bc-m"><code>@​bc-m</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2551">#2551</a>
<code>isPostalCode</code>: add <code>BD</code> locale <a
href="https://github.com/tanvirrb"><code>@​tanvirrb</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2555">#2555</a>
<code>isLicensePlate</code>: improve <code>pt-PT</code> locale <a
href="https://github.com/castrosu"><code>@​castrosu</code></a></li>
<li><strong>Doc fixes and others:</strong>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2372">#2372</a>
<a
href="https://github.com/EmersonRabelo"><code>@​EmersonRabelo</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2538">#2538</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2539">#2539</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2540">#2540</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2549">#2549</a>
<a href="https://github.com/WikiRik"><code>@​WikiRik</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2537">#2537</a>
<a href="https://github.com/sgress454"><code>@​sgress454</code></a></li>
</ul>
</li>
</ul>
<h1>13.15.0</h1>
<h3>New Features / Validators</h3>
<ul>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2399">#2399</a>
<code>isISO31661Numeric</code> <a
href="https://github.com/RobinvanderVliet"><code>@​RobinvanderVliet</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2294">#2294</a>
<code>isULID</code> <a
href="https://github.com/arafatkn"><code>@​arafatkn</code></a></li>
<li><a
href="https://redirect.github.com/validatorjs/validator.js/pull/2215">#2215</a>
<code>isISO15924</code> <a
href="https://github.com/xDivisionByZerox"><code>@​xDivisionByZerox</code></a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="30d4fe02c1"><code>30d4fe0</code></a>
13.15.20</li>
<li><a
href="cbef5088f0"><code>cbef508</code></a>
fix(isURL): improve protocol detection. Resolves CVE-2025-56200 (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2608">#2608</a>)</li>
<li><a
href="6f436be369"><code>6f436be</code></a>
Fix typo in validators.test.js (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2581">#2581</a>)</li>
<li><a
href="3c857088d5"><code>3c85708</code></a>
Fix: correct French VAT (FR) validation regex and add tests (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2584">#2584</a>)</li>
<li><a
href="eee525cd11"><code>eee525c</code></a>
<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2491">#2491</a>
<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2573">#2573</a>
Simplify isBase64 to prevent stack overflow (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2574">#2574</a>)</li>
<li><a
href="abcc8ecb85"><code>abcc8ec</code></a>
feat(isAlpha, isAlphanumeric): add support for Indic locales (ta-IN,
te-IN, k...</li>
<li><a
href="72573b3d1d"><code>72573b3</code></a>
Add Qatar phone number validation (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2556">#2556</a>)</li>
<li><a
href="243f6c5fe4"><code>243f6c5</code></a>
docs(isMACAddress): improve ambiguous option description (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2563">#2563</a>)</li>
<li><a
href="3847c6f901"><code>3847c6f</code></a>
maintenance: 2505 release (<a
href="https://redirect.github.com/validatorjs/validator.js/issues/2560">#2560</a>)</li>
<li><a
href="9e503840d7"><code>9e50384</code></a>
feat(isLicensePlate): Updated isLicensePlate to accept real pt-PT
license pla...</li>
<li>Additional commits viewable in <a
href="https://github.com/validatorjs/validator.js/compare/13.12.0...13.15.20">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=validator&package-manager=npm_and_yarn&previous-version=13.12.0&new-version=13.15.20)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has
been open for over 30 days.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 09:33:32 +01:00
dependabot[bot]
80addccf39
build(deps): bump js-yaml from 3.14.1 to 3.14.2 (#6067) 
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 3.14.1 to
3.14.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md">js-yaml's
changelog</a>.</em></p>
<blockquote>
<h2>[3.14.2] - 2025-11-15</h2>
<h3>Security</h3>
<ul>
<li>Backported v4.1.1 fix to v3</li>
</ul>
<h2>[4.1.1] - 2025-11-12</h2>
<h3>Security</h3>
<ul>
<li>Fix prototype pollution issue in yaml merge (&lt;&lt;)
operator.</li>
</ul>
<h2>[4.1.0] - 2021-04-15</h2>
<h3>Added</h3>
<ul>
<li>Types are now exported as <code>yaml.types.XXX</code>.</li>
<li>Every type now has <code>options</code> property with original
arguments kept as they were
(see <code>yaml.types.int.options</code> as an example).</li>
</ul>
<h3>Changed</h3>
<ul>
<li><code>Schema.extend()</code> now keeps old type order in case of
conflicts
(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as
<code>abcd</code> instead of <code>cbad</code>).</li>
</ul>
<h2>[4.0.0] - 2021-01-03</h2>
<h3>Changed</h3>
<ul>
<li>Check <a
href="https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md">migration
guide</a> to see details for all breaking changes.</li>
<li>Breaking: &quot;unsafe&quot; tags <code>!!js/function</code>,
<code>!!js/regexp</code>, <code>!!js/undefined</code> are
moved to <a
href="https://github.com/nodeca/js-yaml-js-types">js-yaml-js-types</a>
package.</li>
<li>Breaking: removed <code>safe*</code> functions. Use
<code>load</code>, <code>loadAll</code>, <code>dump</code>
instead which are all now safe by default.</li>
<li><code>yaml.DEFAULT_SAFE_SCHEMA</code> and
<code>yaml.DEFAULT_FULL_SCHEMA</code> are removed, use
<code>yaml.DEFAULT_SCHEMA</code> instead.</li>
<li><code>yaml.Schema.create(schema, tags)</code> is removed, use
<code>schema.extend(tags)</code> instead.</li>
<li><code>!!binary</code> now always mapped to <code>Uint8Array</code>
on load.</li>
<li>Reduced nesting of <code>/lib</code> folder.</li>
<li>Parse numbers according to YAML 1.2 instead of YAML 1.1
(<code>01234</code> is now decimal,
<code>0o1234</code> is octal, <code>1:23</code> is parsed as string
instead of base60).</li>
<li><code>dump()</code> no longer quotes <code>:</code>, <code>[</code>,
<code>]</code>, <code>(</code>, <code>)</code> except when necessary, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/470">#470</a>,
<a
href="https://redirect.github.com/nodeca/js-yaml/issues/557">#557</a>.</li>
<li>Line and column in exceptions are now formatted as
<code>(X:Y)</code> instead of
<code>at line X, column Y</code> (also present in compact format), <a
href="https://redirect.github.com/nodeca/js-yaml/issues/332">#332</a>.</li>
<li>Code snippet created in exceptions now contains multiple lines with
line numbers.</li>
<li><code>dump()</code> now serializes <code>undefined</code> as
<code>null</code> in collections and removes keys with
<code>undefined</code> in mappings, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/571">#571</a>.</li>
<li><code>dump()</code> with <code>skipInvalid=true</code> now
serializes invalid items in collections as null.</li>
<li>Custom tags starting with <code>!</code> are now dumped as
<code>!tag</code> instead of <code>!&lt;!tag&gt;</code>, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/576">#576</a>.</li>
<li>Custom tags starting with <code>tag:yaml.org,2002:</code> are now
shorthanded using <code>!!</code>, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/258">#258</a>.</li>
</ul>
<h3>Added</h3>
<ul>
<li>Added <code>.mjs</code> (es modules) support.</li>
<li>Added <code>quotingType</code> and <code>forceQuotes</code> options
for dumper to configure
string literal style, <a
href="https://redirect.github.com/nodeca/js-yaml/issues/290">#290</a>,
<a
href="https://redirect.github.com/nodeca/js-yaml/issues/529">#529</a>.</li>
<li>Added <code>styles: { '!!null': 'empty' }</code> option for dumper
(serializes <code>{ foo: null }</code> as &quot;<code>foo:
</code>&quot;), <a
href="https://redirect.github.com/nodeca/js-yaml/issues/570">#570</a>.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="9963d366df"><code>9963d36</code></a>
3.14.2 released</li>
<li><a
href="10d3c8e70a"><code>10d3c8e</code></a>
dist rebuild</li>
<li><a
href="5278870a17"><code>5278870</code></a>
fix prototype pollution in merge (&lt;&lt;) (<a
href="https://redirect.github.com/nodeca/js-yaml/issues/731">#731</a>)</li>
<li>See full diff in <a
href="https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=js-yaml&package-manager=npm_and_yarn&previous-version=3.14.1&new-version=3.14.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 09:33:16 +01:00
dependabot[bot]
52704c6125
build(deps): bump node-forge from 1.3.1 to 1.3.2 (#6071) 
Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to
1.3.2.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md">node-forge's
changelog</a>.</em></p>
<blockquote>
<h2>1.3.2 - 2025-11-25</h2>
<h3>Security</h3>
<ul>
<li><strong>HIGH</strong>: ASN.1 Validator Desynchronization
<ul>
<li>An Interpretation Conflict (CWE-436) vulnerability in node-forge
versions
1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1
structures to desynchronize schema validations, yielding a semantic
divergence that may bypass downstream cryptographic verifications and
security decisions.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-12816">CVE-2025-12816</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq">GHSA-5gfm-wpxj-wjgq</a></li>
</ul>
</li>
<li><strong>HIGH</strong>: ASN.1 Unbounded Recursion
<ul>
<li>An Uncontrolled Recursion (CWE-674) vulnerability in node-forge
versions
1.3.1 and below enables remote, unauthenticated attackers to craft deep
ASN.1 structures that trigger unbounded recursive parsing. This leads to
a
Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER
inputs.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66031">CVE-2025-66031</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-554w-wpv2-vw27">GHSA-554w-wpv2-vw27</a></li>
</ul>
</li>
<li><strong>MODERATE</strong>: ASN.1 OID Integer Truncation
<ul>
<li>An Integer Overflow (CWE-190) vulnerability in node-forge versions
1.3.1
and below enables remote, unauthenticated attackers to craft ASN.1
structures containing OIDs with oversized arcs. These arcs may be
decoded
as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the
bypass of downstream OID-based security decisions.</li>
<li>Reported by Hunter Wodzenski.</li>
<li>CVE ID: <a
href="https://www.cve.org/CVERecord?id=CVE-2025-66030">CVE-2025-66030</a></li>
<li>GHSA ID: <a
href="https://github.com/digitalbazaar/forge/security/advisories/GHSA-65ch-62r8-g69g">GHSA-65ch-62r8-g69g</a></li>
</ul>
</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>[asn1] Fix for vulnerability identified by CVE-2025-12816 PKCS#12
MAC
verification bypass due to missing macData enforcement and improper
asn1.validate routine.</li>
<li>[asn1] Add <code>fromDer()</code> max recursion depth check.
<ul>
<li>Add a <code>asn1.maxDepth</code> global configurable maximum depth
of 256.</li>
<li>Add a <code>asn1.fromDer()</code> per-call <code>maxDepth</code>
option.</li>
<li><strong>NOTE</strong>: The default maximum is assumed to be higher
than needed for valid
data. If this assumption is false then this could be a breaking change.
Please file an issue if there are use cases that need a higher
maximum.</li>
<li><strong>NOTE</strong>: The per-call <code>maxDepth</code> parameter
has not been exposed up through
all of the API stack due to the complexities involved. Please file an
issue
if there are use cases that require this instead of changing the default
maximum.</li>
</ul>
</li>
<li>[asn1] Improve OID handling.
<ul>
<li>Error on parsed OID values larger than <code>2**32 - 1</code>.</li>
<li>Error on DER OID values larger than <code>2**53 - 1 </code>.</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="235ad3e70e"><code>235ad3e</code></a>
Release 1.3.2.</li>
<li><a
href="2598244117"><code>2598244</code></a>
Update changelog.</li>
<li><a
href="0032dd0be8"><code>0032dd0</code></a>
Fix typos.</li>
<li><a
href="d75e08d255"><code>d75e08d</code></a>
Run new security test.</li>
<li><a
href="a5ce91d03d"><code>a5ce91d</code></a>
Update changelog formatting.</li>
<li><a
href="4652de6ddd"><code>4652de6</code></a>
Cleanups.</li>
<li><a
href="eb932d94fb"><code>eb932d9</code></a>
Fix typo.</li>
<li><a
href="db6954ba4b"><code>db6954b</code></a>
Fix style.</li>
<li><a
href="afbf7d8e08"><code>afbf7d8</code></a>
Align error message style.</li>
<li><a
href="6607445859"><code>6607445</code></a>
Revert minor changes.</li>
<li>Additional commits viewable in <a
href="https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=node-forge&package-manager=npm_and_yarn&previous-version=1.3.1&new-version=1.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 09:31:54 +01:00
dependabot[bot]
319726493a
build(deps): bump docker/metadata-action from 5.9.0 to 5.10.0 (#6077) 
Bumps
[docker/metadata-action](https://github.com/docker/metadata-action) from
5.9.0 to 5.10.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/metadata-action/releases">docker/metadata-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.10.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.66.0 to 0.68.0 in
<a
href="https://redirect.github.com/docker/metadata-action/pull/559">docker/metadata-action#559</a>
<a
href="https://redirect.github.com/docker/metadata-action/pull/569">docker/metadata-action#569</a></li>
<li>Bump js-yaml from 3.14.1 to 3.14.2 in <a
href="https://redirect.github.com/docker/metadata-action/pull/564">docker/metadata-action#564</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0">https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c299e40c65"><code>c299e40</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/569">#569</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="f015d7914a"><code>f015d79</code></a>
chore: update generated content</li>
<li><a
href="121bcc2ca8"><code>121bcc2</code></a>
chore(deps): Bump <code>@​docker/actions-toolkit</code> from 0.67.0 to
0.68.0</li>
<li><a
href="f7b6bf41b9"><code>f7b6bf4</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/564">#564</a>
from docker/dependabot/npm_and_yarn/js-yaml-3.14.2</li>
<li><a
href="0b95c6b860"><code>0b95c6b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/565">#565</a>
from docker/dependabot/github_actions/actions/checkout-6</li>
<li><a
href="17f70d7525"><code>17f70d7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/568">#568</a>
from motoki317/docs/fix-to-24h-schedule-pattern</li>
<li><a
href="afd7e6d7bb"><code>afd7e6d</code></a>
docs(README): Fix date format from 12h to 24h in schedule pattern</li>
<li><a
href="602aff8e11"><code>602aff8</code></a>
chore(deps): Bump actions/checkout from 5 to 6</li>
<li><a
href="aecb1a49a5"><code>aecb1a4</code></a>
chore(deps): Bump js-yaml from 3.14.1 to 3.14.2</li>
<li><a
href="8d8c7c12f7"><code>8d8c7c1</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/559">#559</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li>Additional commits viewable in <a
href="318604b99e...c299e40c65">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/metadata-action&package-manager=github_actions&previous-version=5.9.0&new-version=5.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 09:31:12 +01:00
dependabot[bot]
d3baf1b3a3
build(deps): bump @angular/compiler from 19.2.14 to 19.2.17 (#6078) 
Bumps
[@angular/compiler](https://github.com/angular/angular/tree/HEAD/packages/compiler)
from 19.2.14 to 19.2.17.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/releases"><code>@​angular/compiler</code>'s
releases</a>.</em></p>
<blockquote>
<h2>19.2.17</h2>
<h3>compiler</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="7c42e2ebeb"><img
src="https://img.shields.io/badge/7c42e2ebeb-fix-green" alt="fix -
7c42e2ebeb" /></a></td>
<td>prevent XSS via SVG animation <code>attributeName</code> and
MathML/SVG URLs</td>
</tr>
</tbody>
</table>
<h2>19.2.16</h2>
<h3>http</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="05fe6686a9"><img
src="https://img.shields.io/badge/05fe6686a9-fix-green" alt="fix -
05fe6686a9" /></a></td>
<td>prevent XSRF token leakage to protocol-relative URLs</td>
</tr>
</tbody>
</table>
<h2>19.2.15</h2>
<h3>core</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="70d0639bc1"><img
src="https://img.shields.io/badge/70d0639bc1-fix-green" alt="fix -
70d0639bc1" /></a></td>
<td>introduce <code>BootstrapContext</code> for improved server
bootstrapping (<a
href="https://github.com/angular/angular/tree/HEAD/packages/compiler/issues/63639">#63639</a>)</td>
</tr>
</tbody>
</table>
<h2>Breaking Changes</h2>
<h3>core</h3>
<ul>
<li>
<p>The server-side bootstrapping process has been changed to eliminate
the reliance on a global platform injector.</p>
<p>Before:</p>
<pre lang="ts"><code>const bootstrap = () =&gt;
bootstrapApplication(AppComponent, config);
</code></pre>
<p>After:</p>
<pre lang="ts"><code>const bootstrap = (context: BootstrapContext) =&gt;
  bootstrapApplication(AppComponent, config, context);
</code></pre>
<p>A schematic is provided to automatically update
<code>main.server.ts</code> files to pass the
<code>BootstrapContext</code> to the <code>bootstrapApplication</code>
call.</p>
<p>In addition, <code>getPlatform()</code> and
<code>destroyPlatform()</code> will now return <code>null</code> and be
a no-op respectively when running in a server environment.</p>
</li>
</ul>
<p>For more information please see: <a
href="https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7">https://github.com/angular/angular/security/advisories/GHSA-68x2-mx4q-78m7</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/angular/angular/blob/main/CHANGELOG.md"><code>@​angular/compiler</code>'s
changelog</a>.</em></p>
<blockquote>
<h1>19.2.17 (2025-12-01)</h1>
<h3>compiler</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="7c42e2ebeb">7c42e2ebeb</a></td>
<td>fix</td>
<td>prevent XSS via SVG animation <code>attributeName</code> and
MathML/SVG URLs</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>19.2.16 (2025-11-26)</h1>
<h3>http</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="05fe6686a9">05fe6686a9</a></td>
<td>fix</td>
<td>prevent XSRF token leakage to protocol-relative URLs</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>21.1.0-next.0 (2025-11-25)</h1>
<h3>platform-browser</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="ec9dc94cee">ec9dc94cee</a></td>
<td>feat</td>
<td>add <code>context</code> to <code>createApplication</code></td>
</tr>
<tr>
<td><a
href="ab67988d2e">ab67988d2e</a></td>
<td>feat</td>
<td>resolve JIT resources in <code>createApplication</code></td>
</tr>
</tbody>
</table>
<h3>router</h3>
<table>
<thead>
<tr>
<th>Commit</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><a
href="a03c82564d">a03c82564d</a></td>
<td>feat</td>
<td>Add scroll behavior controls on router navigation</td>
</tr>
<tr>
<td><a
href="c25d749d85">c25d749d85</a></td>
<td>feat</td>
<td>Execute RunGuardsAndResolvers function in injection context</td>
</tr>
<tr>
<td><a
href="c84d372778">c84d372778</a></td>
<td>feat</td>
<td>Support wildcard params with segments trailing (<a
href="https://redirect.github.com/angular/angular/pull/64737">#64737</a>)</td>
</tr>
</tbody>
</table>
<!-- raw HTML omitted -->
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h1>20.3.14 (2025-11-25)</h1>
<h3>http</h3>
<p>| Commit | Type | Description |</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7c42e2ebeb"><code>7c42e2e</code></a>
fix(compiler): prevent XSS via SVG animation <code>attributeName</code>
and MathML/SVG URLs</li>
<li>See full diff in <a
href="https://github.com/angular/angular/commits/19.2.17/packages/compiler">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@angular/compiler&package-manager=npm_and_yarn&previous-version=19.2.14&new-version=19.2.17)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/transloadit/uppy/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-02 09:30:57 +01:00
Murderlon
54a3316eb8
Fix changeset 2025-12-02 09:26:12 +01:00
Mikael Finstad
cc3ff31d59
move golden retriever clear files logic (#6076) 
into #restore instead.
we currently clear files when state transitions to all files complete,
however there's an issue with that where if progress events come in
after all files are marked as completed, it will overwrite the
metadataStore, meaning the files that have been cleared will be re-added
after they were cleared. this causes files to be restored (when e.g.
refreshing the browser) when they should not (because they have already
completed). i managed to reproduce this with the google drive picker
plugin (but not with google drive non-picker)

**Tip for review:** hide whitespace changes
 2025-12-02 11:29:48 +07:00
Mikael Finstad
e6613488fc
allow selecting folders (#6074) 
for google drive #5532

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-12-02 10:34:03 +07:00
Prakash
4817585b66
@uppy/companion: fix broken icons for webdav provider (#6069) 
This fixes #6063.

It should be merged after #6059. Icon issue was fixed but This still
doesn’t fix the thumbnail preview issue, because OwnCloud and Nextcloud
don’t provide enough information about their thumbnail preview
endpoints. The docs aren’t very helpful: they mention how to make a
`PROPFIND` request to get extra metadata (such as has_preview)
[doc_ref](https://docs.nextcloud.com/server/stable/developer_manual/client_apis/WebDAV/basic.html#requesting-properties),
but I couldn’t get it to work with our webdav client.

Even if we did manage to obtain the thumbnail preview URL, it would be a
complicated capability to add, since we’d have to handle each WebDAV
server separately. That would lead to the same problems discussed here:
https://github.com/transloadit/uppy/pull/6059#issuecomment-3564642795 ,
so I don't think we need to spend anymore time on this.

**Before** 
<img width="1238" height="1014" alt="image"
src="https://github.com/user-attachments/assets/378c8b4b-640f-4e5d-9fef-48d255f729f9"
/>


**After** 
<img width="982" height="708" alt="image"
src="https://github.com/user-attachments/assets/7e20b119-c5a9-45dd-a0bd-7ddf95672137"
/>
 2025-11-29 01:25:12 +05:30
Mikael Finstad
ac12f35f5b
Move completed uploads exclusion logic (#6058) 
into uploader plugins

fixes #6051

also [fix deprecated usage of done
callback](2511142276)
 2025-11-24 19:47:45 +07:00
Ryan Wang
c3c16ae069
Update zh_CN and zh_TW locales with new and revised strings (#6064) 2025-11-24 10:16:30 +01:00
dependabot[bot]
c8eed0cf3a
build(deps): bump actions/checkout from 5 to 6 (#6066) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to
6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>V6.0.0</h2>
<ul>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
</ul>
<h2>V5.0.1</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<h2>V5.0.0</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
</ul>
<h2>V4.3.1</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<h2>V4.3.0</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
<li>Adjust positioning of user email note and permissions heading by <a
href="https://github.com/joshmgross"><code>@​joshmgross</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li>
<li>Update CODEOWNERS for actions by <a
href="https://github.com/TingluoHuang"><code>@​TingluoHuang</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li>
<li>Update package dependencies by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li>
</ul>
<h2>v4.2.2</h2>
<ul>
<li><code>url-helper.ts</code> now leverages well-known environment
variables by <a href="https://github.com/jww3"><code>@​jww3</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li>
<li>Expand unit test coverage for <code>isGhes</code> by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li>
</ul>
<h2>v4.2.1</h2>
<ul>
<li>Check out other refs/* by commit if provided, fall back to ref by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li>
</ul>
<h2>v4.2.0</h2>
<ul>
<li>Add Ref and Commit outputs by <a
href="https://github.com/lucacome"><code>@​lucacome</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li>
<li>Dependency updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>- <a
href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>,
<a
href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li>
</ul>
<h2>v4.1.7</h2>
<ul>
<li>Bump the minor-npm-dependencies group across 1 directory with 4
updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li>
<li>Check out other refs/* by commit by <a
href="https://github.com/orhantoy"><code>@​orhantoy</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li>
<li>Pin actions/checkout's own workflows to a known, good, stable
version. by <a href="https://github.com/jww3"><code>@​jww3</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li>
</ul>
<h2>v4.1.6</h2>
<ul>
<li>Check platform to set archive extension appropriately by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li>
</ul>
<h2>v4.1.5</h2>
<ul>
<li>Update NPM dependencies by <a
href="https://github.com/cory-miller"><code>@​cory-miller</code></a> in
<a
href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li>
<li>Bump github/codeql-action from 2 to 3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li>
<li>Bump actions/setup-node from 1 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li>
<li>Bump actions/upload-artifact from 2 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1af3b93b68"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li><a
href="71cf2267d8"><code>71cf226</code></a>
v6-beta (<a
href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li>
<li><a
href="069c695914"><code>069c695</code></a>
Persist creds to a separate file (<a
href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li>
<li><a
href="ff7abcd0c3"><code>ff7abcd</code></a>
Update README to include Node.js 24 support details and requirements (<a
href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/v5...v6">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=5&new-version=6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-24 10:06:14 +01:00
Kevin De Bruyn
8744c4dfbb
@uppy/locales: improve Dutch translations (#5979) 
Fixed bug in Dutch where fileManagerSelectionType would not work anymore
because {browse} was used instead of {browseFiles} and {browseFolders} +
Reviewed translations

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Refines Dutch locale with corrected translations, adds/updates strings
(including proper `browseFiles`/`browseFolders` placeholders), and
prepares a patch release.
> 
> - **Locales (`packages/@uppy/locales/src/nl_NL.ts`)**:
> - Add and update numerous Dutch strings for uploads, errors,
recording, and UI actions (e.g., `addedNumFiles`,
`dataUploadedOfUnknown`, `uploadStalled`).
> - Replace generic `browse` placeholder with
`browseFiles`/`browseFolders` variants across drop/paste prompts to
align with selection behavior.
> - Improve phrasing/grammar and clarify labels (e.g., encoding, rotate
90°, plugin names, WebDAV input label).
> - **Release**:
> - Add changeset (`.changeset/every-wings-behave.md`) to publish
`@uppy/locales` patch.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
18995ec183. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: kevind <KevinD@infosupport.com>
Co-authored-by: Mikael Finstad <finstaden@gmail.com>
Co-authored-by: Merlijn Vos <merlijn@soverin.net>
 2025-11-17 17:06:29 +01:00
Prakash
79e6460a6c
Make Generics Optional in uppy.getPlugin (#6057) 
fixes #6024.

### Problem
- `getPlugin()` defaults to `UnknownPlugin`, so methods like `openModal`
are not visible , since core is not aware of that plugin type

### Proposed change
- Introduce a types-only registry in core:
- `export interface PluginTypeRegistry<M extends Meta, B extends Body>
{}`
- Overload `getPlugin` to return a precise type when the id is a known
key of the registry.
- add `Dashboard` to  PluginTypeRegistry through module augmentation:
  - `'Dashboard': Dashboard<M, B>`.
- When a project imports from `@uppy/dashboard`, its module augmentation
extends PluginTypeRegistry, adding the correct type into it
- I've added Tests , kept them in a separate file so it's easier to
review , once this approach gets approved I'll add them to
`Uppy.test.ts`

Once this PR gets a positive review I'll add this for other plugins ,
currently only added for `@uppy/dashboard`

**Build with Local tarball can be checked here** 


https://stackblitz.com/~/github.com/qxprakash/uppy-type-test?file=type_test.ts
 2025-11-17 18:18:54 +05:30
dependabot[bot]
c788818410
build(deps): bump docker/setup-qemu-action from 3.6.0 to 3.7.0 (#6052) 
Bumps
[docker/setup-qemu-action](https://github.com/docker/setup-qemu-action)
from 3.6.0 to 3.7.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/setup-qemu-action/releases">docker/setup-qemu-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.7.0</h2>
<ul>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.56.0 to 0.67.0 in
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/217">docker/setup-qemu-action#217</a>
<a
href="https://redirect.github.com/docker/setup-qemu-action/pull/230">docker/setup-qemu-action#230</a></li>
<li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/220">docker/setup-qemu-action#220</a></li>
<li>Bump form-data from 2.5.1 to 2.5.5 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/218">docker/setup-qemu-action#218</a></li>
<li>Bump tmp from 0.2.3 to 0.2.4 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/221">docker/setup-qemu-action#221</a></li>
<li>Bump undici from 5.28.4 to 5.29.0 in <a
href="https://redirect.github.com/docker/setup-qemu-action/pull/219">docker/setup-qemu-action#219</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0">https://github.com/docker/setup-qemu-action/compare/v3.6.0...v3.7.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="c7c5346462"><code>c7c5346</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/230">#230</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="3a517a1a6f"><code>3a517a1</code></a>
chore: update generated content</li>
<li><a
href="a5b45edf7e"><code>a5b45ed</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.62.1 to
0.67.0</li>
<li><a
href="3a64278e93"><code>3a64278</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/220">#220</a>
from docker/dependabot/npm_and_yarn/brace-expansion-1...</li>
<li><a
href="94906ba253"><code>94906ba</code></a>
chore: update generated content</li>
<li><a
href="4027abfd67"><code>4027abf</code></a>
build(deps): bump brace-expansion from 1.1.11 to 1.1.12</li>
<li><a
href="bee0aaad0f"><code>bee0aaa</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/221">#221</a>
from docker/dependabot/npm_and_yarn/tmp-0.2.4</li>
<li><a
href="0d7e25756e"><code>0d7e257</code></a>
chore: update generated content</li>
<li><a
href="b86960130e"><code>b869601</code></a>
build(deps): bump tmp from 0.2.3 to 0.2.4</li>
<li><a
href="3a043edff3"><code>3a043ed</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/setup-qemu-action/issues/219">#219</a>
from docker/dependabot/npm_and_yarn/undici-5.29.0</li>
<li>Additional commits viewable in <a
href="29109295f8...c7c5346462">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/setup-qemu-action&package-manager=github_actions&previous-version=3.6.0&new-version=3.7.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-10 09:31:30 +01:00
dependabot[bot]
b13efb1621
build(deps): bump docker/metadata-action from 5.8.0 to 5.9.0 (#6053) 
Bumps
[docker/metadata-action](https://github.com/docker/metadata-action) from
5.8.0 to 5.9.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/metadata-action/releases">docker/metadata-action's
releases</a>.</em></p>
<blockquote>
<h2>v5.9.0</h2>
<ul>
<li>Add <code>tag-names</code> output to return tag names without image
base name by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/metadata-action/pull/553">docker/metadata-action#553</a></li>
<li>Bump <code>@​babel/runtime-corejs3</code> from 7.14.7 to 7.28.2 in
<a
href="https://redirect.github.com/docker/metadata-action/pull/539">docker/metadata-action#539</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.62.1 to 0.66.0 in
<a
href="https://redirect.github.com/docker/metadata-action/pull/555">docker/metadata-action#555</a></li>
<li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a
href="https://redirect.github.com/docker/metadata-action/pull/540">docker/metadata-action#540</a></li>
<li>Bump csv-parse from 5.6.0 to 6.1.0 in <a
href="https://redirect.github.com/docker/metadata-action/pull/532">docker/metadata-action#532</a></li>
<li>Bump semver from 7.7.2 to 7.7.3 in in <a
href="https://redirect.github.com/docker/metadata-action/pull/554">docker/metadata-action#554</a></li>
<li>Bump tmp from 0.2.3 to 0.2.5 in <a
href="https://redirect.github.com/docker/metadata-action/pull/541">docker/metadata-action#541</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0">https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="318604b99e"><code>318604b</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/539">#539</a>
from docker/dependabot/npm_and_yarn/babel/runtime-cor...</li>
<li><a
href="49c0a55d55"><code>49c0a55</code></a>
chore: update generated content</li>
<li><a
href="486229e3f4"><code>486229e</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/558">#558</a>
from crazy-max/fix-dist</li>
<li><a
href="f02aeab1ee"><code>f02aeab</code></a>
chore: fix dist</li>
<li><a
href="beafb97305"><code>beafb97</code></a>
chore(deps): Bump <code>@​babel/runtime-corejs3</code> from 7.14.7 to
7.28.2</li>
<li><a
href="3ff819c6c5"><code>3ff819c</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/557">#557</a>
from crazy-max/yarn-4.9.2</li>
<li><a
href="05838e9769"><code>05838e9</code></a>
update yarn to 4.9.2</li>
<li><a
href="43fa4ac0d3"><code>43fa4ac</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/metadata-action/issues/556">#556</a>
from crazy-max/dev-deps</li>
<li><a
href="b3120f2f18"><code>b3120f2</code></a>
chore: update generated content</li>
<li><a
href="1f469d21ee"><code>1f469d2</code></a>
update dev dependencies</li>
<li>Additional commits viewable in <a
href="c1e51972af...318604b99e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=docker/metadata-action&package-manager=github_actions&previous-version=5.8.0&new-version=5.9.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-10 09:31:16 +01:00
Prakash
ec75d863ec
@uppy/provider-views: add e2e tests for Server side search (#6015) 
Tests added as discussed in
[slack_discussion](https://transloadit.slack.com/archives/C0FMW9PSB/p1759931999124149?thread_ts=1759700542.941939&cid=C0FMW9PSB)

directory structure mocked : 

```
root/ 
├── first/
│   ├── second/
│   │   ├── third/
│   │   │   ├── nested-target.pdf
│   │   │   └── new-file.pdf
│   │   ├── deep-file.txt
│   │   ├── target.pdf
│   │   └── workspace.pdf
│   └── intermediate.doc
├── workspace/
│   └── project/
│       └── code.js
└── readme.md

```

Some of the mocked responses in CompanionHandler.ts aren’t used in the
tests, but I’ve kept them to preserve the legitimacy of the above
directory structure.
 2025-11-07 16:50:57 +05:30
Copilot
46f81e2bae
Fix isNetworkError to match MDN spec: readyState === 4 && status === 0 (#6050) 
closes #4253

The `isNetworkError` function incorrectly classified XHR states as
network errors. Per MDN, a network error occurs when a request completes
(`readyState === 4`) but has no HTTP status (`status === 0`), indicating
network/CORS/file access failures.

## Changes

- **Logic fix**: Changed from `(xhr.readyState !== 0 && xhr.readyState
!== 4) || xhr.status === 0` to `xhr.readyState === 4 && xhr.status ===
0`
- **Test update**: Removed invalid test expecting `readyState: 2` to be
a network error; added test verifying incomplete requests return `false`

## Example

```typescript
// Before: incorrectly treated in-progress requests as network errors
isNetworkError({ readyState: 2, status: 0 })  // true 

// After: only completed requests with no status are network errors  
isNetworkError({ readyState: 4, status: 0 })  // true ✓
isNetworkError({ readyState: 2, status: 0 })  // false ✓
```

<!-- START COPILOT CODING AGENT SUFFIX -->



<details>

<summary>Original prompt</summary>

> Update the isNetworkError function in
packages/@uppy/utils/src/isNetworkError.ts to correctly detect network
errors according to MDN documentation. The new logic should return true
only if xhr.readyState === 4 and xhr.status === 0. The updated
implementation should be:
> 
> function isNetworkError(xhr?: XMLHttpRequest): boolean {
>   if (!xhr) return false
> // finished but status is 0 — usually indicates a network/CORS/file
error
>   return xhr.readyState === 4 && xhr.status === 0
> }
> 
> export default isNetworkError
> 
> No other logic changes are needed. If you find related commentary
(e.g., outdated comments), clarify as needed.


</details>

*This pull request was created as a result of the following prompt from
Copilot chat.*
> Update the isNetworkError function in
packages/@uppy/utils/src/isNetworkError.ts to correctly detect network
errors according to MDN documentation. The new logic should return true
only if xhr.readyState === 4 and xhr.status === 0. The updated
implementation should be:
> 
> function isNetworkError(xhr?: XMLHttpRequest): boolean {
>   if (!xhr) return false
> // finished but status is 0 — usually indicates a network/CORS/file
error
>   return xhr.readyState === 4 && xhr.status === 0
> }
> 
> export default isNetworkError
> 
> No other logic changes are needed. If you find related commentary
(e.g., outdated comments), clarify as needed.

<!-- START COPILOT CODING AGENT TIPS -->
---

 Let Copilot coding agent [set things up for
you](https://github.com/transloadit/uppy/issues/new?title=+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mifi <402547+mifi@users.noreply.github.com>
 2025-11-05 13:06:21 +08:00
github-actions[bot]
7551b4cc91
[ci] release (#6049) 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/companion@6.2.0

### Minor Changes

- 0c8dd19: New Companion option `uploadHeaders` which can be used to
include a static set of headers with every request sent to all upload
destinations.

## @uppy/dashboard@5.0.4

### Patch Changes

-   5e166a1: Fix form appending for shadow dom
-   Updated dependencies [ad50314]
    -   @uppy/utils@7.1.3

## @uppy/utils@7.1.3

### Patch Changes

-   ad50314: Allow `getSafeFileId` to accept `UppyFile`

## uppy@5.1.11

### Patch Changes

-   Updated dependencies [5e166a1]
    -   @uppy/dashboard@5.0.4

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-11-03 14:26:07 +01:00
Mikael Finstad
ad50314c50
allow getSafeFileId to accept UppyFile (#6048) 
fixes #6033
also convert InternalMetadata to interface (interface is preferred when
possible)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Broaden `getSafeFileId` to accept `UppyFile` and extend types by
converting `InternalMetadata` to an interface with optional
`relativePath`.
> 
> - **utils**:
> - **`getSafeFileId`**: Broadens parameter via new `SafeFileIdBasis` so
it can accept `UppyFile`; call site logic unchanged.
> - **Types**: Convert `InternalMetadata` to an interface and add
optional `relativePath`; propagate through `UppyFile`/`generateFileID`
typings.
> - **Changeset**: Adds patch entry for `@uppy/utils`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
133240fc0f. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Merlijn Vos <merlijn@soverin.net>
 2025-11-03 20:04:57 +08:00
Murderlon
2e14f15e11
Update changeset 2025-11-03 11:48:28 +01:00
Mikael Finstad
0c8dd19dc2
Companion option uploadHeaders (#5981) 
closes #5921

also improve tests that currently depend on eachother

todo
- [x] docs https://github.com/transloadit/uppy.io/pull/394
 2025-11-03 18:34:07 +08:00
Austin Jackson
5e166a101d
@uppy/dashboard: fix form appending for shadow dom (#6031) 
Fixes #6028

I've also added `private/dev/dashboard_shadow.html` to more easily test
ShadowDOM-specific bugs.

I looked into writing a test case under
`packages/@uppy/dashboard/src/index.browser.test.ts` but couldn't get it
to work locally on Windows.

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Ensure FileCard’s hidden form is appended/cleaned up in the correct
root (Document body or ShadowRoot) using a ref-derived root node, and
add a patch changeset.
> 
> - **@uppy/dashboard – FileCard**:
> - Append hidden `form` to the correct root using `getRootNode()`
(handles Light DOM/iframes via `Document.body`, and Shadow DOM via
`ShadowRoot`).
> - Add `domRef` to root element to detect rendering context; attach
`ref` and update effect accordingly.
>   - Clean up by removing the `form` from its actual `parentNode`.
> - **Release**:
>   - Add changeset for patch: `Fix form appending for shadow dom`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
edf81e871c. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Murderlon <merlijn@soverin.net>
 2025-11-03 11:16:33 +01:00
github-actions[bot]
b1e33bcef7
[ci] release (#6046) 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/provider-views@5.1.2

### Patch Changes

-   46e339a: Add missing lodash dependency

## @uppy/react@5.1.1

### Patch Changes

-   16aa6fe: Add missing useUppyContext export

## uppy@5.1.10

### Patch Changes

-   Updated dependencies [46e339a]
    -   @uppy/provider-views@5.1.2

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-10-30 10:10:59 +01:00
Merlijn Vos
46e339a150
@uppy/provider-views: add missing lodash dependency (#6045) 
Fixes #6039
 2025-10-30 09:59:36 +01:00
Merlijn Vos
16aa6fe941
@uppy/react: export useUppyContext (#6044) 
Fixes #6043
 2025-10-30 09:59:13 +01:00
github-actions[bot]
76abdfb325
[ci] release (#6029) 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/angular@1.1.0

### Minor Changes

- 72d2d68: Remove @uppy/utils and add @uppy/status-bar to
peerDependencies

## @uppy/components@1.1.0

### Minor Changes

- 72d2d68: Add @uppy/{screen-capture,status-bar,webcam} as optional peer
dependencies

### Patch Changes

-   26bf726: Dropzone and FileInput inherit restrictions from @uppy/core

## @uppy/react@5.1.0

### Minor Changes

- 72d2d68: Add @uppy/{screen-capture,status-bar,webcam} as optional peer
dependencies

### Patch Changes

-   86f353d: Remove dashboard export from index.ts
-   Updated dependencies [72d2d68]
-   Updated dependencies [26bf726]
    -   @uppy/components@1.1.0

## @uppy/svelte@5.1.0

### Minor Changes

- 72d2d68: Add @uppy/{screen-capture,status-bar,webcam} as optional peer
dependencies

### Patch Changes

-   Updated dependencies [72d2d68]
-   Updated dependencies [26bf726]
    -   @uppy/components@1.1.0

## @uppy/transloadit@5.2.0

### Minor Changes

- 72d2d68: Remove unused @uppy/{companion-client,provider-views}
dependencies

### Patch Changes

-   Updated dependencies [08b64f9]
    -   @uppy/utils@7.1.2

## @uppy/vue@3.1.0

### Minor Changes

- 72d2d68: Add @uppy/{screen-capture,status-bar,webcam} as optional peer
dependencies

### Patch Changes

-   Updated dependencies [72d2d68]
-   Updated dependencies [26bf726]
    -   @uppy/components@1.1.0

## @uppy/onedrive@5.0.2

### Patch Changes

-   5edcb2e: Fix: Enable `supportsRefreshToken` for OneDrive
-   Updated dependencies [08b64f9]
    -   @uppy/utils@7.1.2

## @uppy/utils@7.1.2

### Patch Changes

- 08b64f9: fix ts issue with generateFileID and
`exactOptionalPropertyTypes`

## uppy@5.1.9

### Patch Changes

-   Updated dependencies [72d2d68]
-   Updated dependencies [5edcb2e]
    -   @uppy/transloadit@5.2.0
    -   @uppy/onedrive@5.0.2

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-10-28 10:15:14 +01:00
Merlijn Vos
72d2d68ea3
Fix various deps and peer deps in packages (#6030) 
**Fixes**

- `@uppy/components` incorrectly had a lot of packages in `dependencies`
while they should be `peerDependencies`. Also removed `remote-sources`
completely as this drags in a lot of plugins and we don't even need it
there.
- `@uppy/{react,vue,svelte}` now has to have the same `peerDependencies`
as `components` as the requirement has been moved up. We also mark them
as optional, they are only needed if you use a hook such as `useWebcam`
needing `@uppy/webcam`.
- Remove `companion-client` and `provider-views` from `transloadit`.
Those are never used by the package.
- Remove `@uppy/utils` from `@uppy/angular` and `@uppy/react`, we can
just use imports from `core`
- Place `@uppy/status-bar` back in peer deps. This is critical but
forgotten when status bar was put back inside frameworks.

**Implications**
- Moving peer deps to deps in `@uppy/components` now requires people to
install these dependencies. However, they kind of had to anyway before
as we require people to install the plugin on uppy (`.use(Webcam')`) if
you want to use `useWebcam` and if you try to import a dep you did not
install they would have gotten an error already.
- Note: this is not the same situation as with importing dashboard
component from @uppy/react which causes a runtime crash because
@uppy/dashboard is missing. In this case we only depend on _types_, so
we don't have this problem.
 2025-10-28 09:55:21 +01:00
dependabot[bot]
9f60e630a2
build(deps): bump actions/upload-artifact from 4 to 5 (#6038) 
Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p><strong>BREAKING CHANGE:</strong> this update supports Node
<code>v24.x</code>. This is not a breaking change per-se but we're
treating it as such.</p>
<ul>
<li>Update README.md by <a
href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li>
<li>Update README.md by <a
href="https://github.com/nebuk89"><code>@​nebuk89</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li>
<li>Readme: spell out the first use of GHES by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li>
<li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li>
<li>Prepare <code>v5.0.0</code> by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/734">actions/upload-artifact#734</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/GhadimiR"><code>@​GhadimiR</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li>
<li><a href="https://github.com/nebuk89"><code>@​nebuk89</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li>
<li><a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li>
<li><a
href="https://github.com/patrikpolyak"><code>@​patrikpolyak</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0">https://github.com/actions/upload-artifact/compare/v4...v5.0.0</a></p>
<h2>v4.6.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.3.2 package &amp; prepare for new
upload-artifact release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p>
<h2>v4.6.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update to use artifact 2.2.2 package by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/673">actions/upload-artifact#673</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1">https://github.com/actions/upload-artifact/compare/v4...v4.6.1</a></p>
<h2>v4.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Expose env vars to control concurrency and timeout by <a
href="https://github.com/yacaovsnc"><code>@​yacaovsnc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/662">actions/upload-artifact#662</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v4...v4.6.0">https://github.com/actions/upload-artifact/compare/v4...v4.6.0</a></p>
<h2>v4.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: deprecated <code>Node.js</code> version in action by <a
href="https://github.com/hamirmahal"><code>@​hamirmahal</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li>
<li>Add new <code>artifact-digest</code> output by <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/656">actions/upload-artifact#656</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/hamirmahal"><code>@​hamirmahal</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="330a01c490"><code>330a01c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/734">#734</a>
from actions/danwkennedy/prepare-5.0.0</li>
<li><a
href="03f2824452"><code>03f2824</code></a>
Update <code>github.dep.yml</code></li>
<li><a
href="905a1ecb59"><code>905a1ec</code></a>
Prepare <code>v5.0.0</code></li>
<li><a
href="2d9f9cdfa9"><code>2d9f9cd</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/725">#725</a>
from patrikpolyak/patch-1</li>
<li><a
href="9687587dec"><code>9687587</code></a>
Merge branch 'main' into patch-1</li>
<li><a
href="2848b2cda0"><code>2848b2c</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/727">#727</a>
from danwkennedy/patch-1</li>
<li><a
href="9b511775fd"><code>9b51177</code></a>
Spell out the first use of GHES</li>
<li><a
href="cd231ca1ed"><code>cd231ca</code></a>
Update GHES guidance to include reference to Node 20 version</li>
<li><a
href="de65e23aa2"><code>de65e23</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/712">#712</a>
from actions/nebuk89-patch-1</li>
<li><a
href="8747d8cd76"><code>8747d8c</code></a>
Update README.md</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/upload-artifact&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-27 09:37:24 +01:00
Mikael Finstad
08b64f93c3
@uppy/utils: fix type mismatch on getSafeFileId (#6034) 
with `exactOptionalPropertyTypes`
fixes #6033
 2025-10-27 09:36:17 +01:00
Mikael Finstad
5edcb2e885
enable supportsRefreshToken for onedrive (#6035) 
fixes #5995
 2025-10-27 09:33:57 +01:00
Prakash
86f353d2fe
@uppy/react: remove dashboard export (#6036) 
No need to export it from index.ts, since it’s already exported through
the export maps. Also, it’s an optional peer dependency, we probably
missed this in #5830 , though this might count as a breaking change now
☹️
 2025-10-27 09:33:29 +01:00
Merlijn Vos
26bf726412
@uppy/components: inherit restrictions from @uppy/core (#6014) 
Closes #5970

AI disclosure: codex made the initial implementation

---------

Co-authored-by: Mikael Finstad <finstaden@gmail.com>
 2025-10-23 10:10:45 +02:00
github-actions[bot]
55e926c347
[ci] release (#6027) 
This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to main, this PR will
be updated.


# Releases
## @uppy/status-bar@5.0.2

### Patch Changes

-   8ac1654: Change internal type from `any` to `unknown`.

## @uppy/webcam@5.0.2

### Patch Changes

-   8ac1654: - Remove TagFile type - Use UppyFile instead.
- Split UppyFile into two interfaces distinguished by the `isRemote`
boolean:
        -   LocalUppyFile
        -   RemoteUppyFile

## @uppy/xhr-upload@5.0.2

### Patch Changes

- 8ac1654: - Make `file.data` nullable - Because for ghosts it will be
`undefined` and we don't have any type to distinguish ghosts from other
(local) files. This caused a crash, because we didn't check for
`undefined` everywhere (when trying to store a blob that was
`undefined`). This means we have to add null checks in some packages
- Split UppyFile into two interfaces distinguished by the `isRemote`
boolean:
        -   LocalUppyFile
        -   RemoteUppyFile

## uppy@5.1.8

### Patch Changes

-   Updated dependencies [8ac1654]
-   Updated dependencies [8ac1654]
-   Updated dependencies [8ac1654]
    -   @uppy/status-bar@5.0.2
    -   @uppy/webcam@5.0.2
    -   @uppy/xhr-upload@5.0.2

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
 2025-10-22 21:21:09 +02:00
Mikael Finstad
8ac1654484
release missing packages (#6025) 
@uppy/xhr-upload, @uppy/webcam, @uppy/status-bar

fixes #6019

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-10-22 21:01:00 +08:00