[Snyk] Upgrade: , add-to-calendar-button-react, chart.js, dompurify, framer-motion, highlight.js, path-to-regexp, react-day-picker, react-icons, react-router, react-router-dom, react-spinners, styled-components #899
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@reduxjs/toolkit
⚠️ This is a major version upgrade, and may be a breaking change | 2 months ago
⚠️ This is a major version upgrade, and may be a breaking change | a month ago
from 2.2.4 to 2.2.7 | 3 versions ahead of your current version | a month ago
on 2024-07-27
add-to-calendar-button-react
from 2.6.14 to 2.6.18 | 4 versions ahead of your current version | 3 months ago
on 2024-06-18
chart.js
from 4.4.2 to 4.4.3 | 1 version ahead of your current version | 4 months ago
on 2024-05-17
dompurify
from 3.1.3 to 3.1.6 | 3 versions ahead of your current version | 2 months ago
on 2024-07-05
framer-motion
from 11.2.10 to 11.3.28 | 63 versions ahead of your current version | 23 days ago
on 2024-08-15
highlight.js
from 11.9.0 to 11.10.0 | 1 version ahead of your current version | 2 months ago
on 2024-07-06
path-to-regexp
from 6.2.2 to 7.1.0 | 2 versions ahead of your current version
on 2024-07-13
react-day-picker
from 8.10.1 to 9.0.8 | 20 versions ahead of your current version
on 2024-08-07
react-icons
from 5.2.1 to 5.3.0 | 1 version ahead of your current version | 25 days ago
on 2024-08-13
react-router
from 6.23.1 to 6.26.1 | 13 versions ahead of your current version | 23 days ago
on 2024-08-15
react-router-dom
from 6.23.1 to 6.26.1 | 13 versions ahead of your current version | 23 days ago
on 2024-08-15
react-spinners
from 0.13.8 to 0.14.1 | 2 versions ahead of your current version | 2 months ago
on 2024-06-26
styled-components
from 6.1.11 to 6.1.12 | 1 version ahead of your current version | 2 months ago
on 2024-07-17
Release notes
Package name: @reduxjs/toolkit
This bugfix release fixes issues with "TS type portability" errors, improves build artifact tree shaking behavior, and exports some additional TS types.
Changelog
TS Type Portability
We've had a slew of issues reported around "TS type portability" errors, such as:
The error messages are typically along the lines of:
@ aryaemami59 did some deep investigation and concluded these were due to a mixture of using
interface
instead oftype
in most places, not pre-bundling our TS typedefs, and not exporting some of the unique symbols we use internally.Arya put together a highly detailed writeup and set of fixes in #4467: Fix: TypeScript Type Portability Issues, and that appears to resolve all of those issues we've seen. Thank you!
Other Changes
Arya also did significant work to improve RTK's treeshaking, tweaking internal definitions to let bundlers better separate out unused code.
We've exported additional types like
UpdateDefinitions
andRetryOptions
, per request.listenerMiddleware.withTypes()
methods now allow passing in anExtraArgument
generic.What's Changed
Full Changelog: v2.2.6...v2.2.7
This bugfix release:
useIsomorphicLayoutEffect
usage in line with React Redux in React Native environmentsFetchBaseQueryArgs
typecreateEntityAdapter
sorting perf improvements that could (in specific cases) cause Immer to throw an errorWhat's Changed
useIsomorphicLayoutEffect
usage in React Native environments by @ aryaemami59 in #4436Full Changelog: v2.2.5...v2.2.6
Package name: add-to-calendar-button-react
bump
new common class for all host elements to optimize styling via ::parts
Package name: chart.js
Essential Links
Bugs Fixed
Documentation
Development
Thanks to @ DAcodedBEAT, @ EricWittrock, @ LeeLenaleee, @ LiamSwayne, @ dependabot and @ dependabot[bot]
Essential Links
Bugs Fixed
Types
Documentation
Development
Thanks to @ DAcodedBEAT, @ LeeLenaleee, @ Megaemce, @ dependabot, @ dependabot[bot], @ mirumirumi, @ smoonsf and @ waszkiewiczja
Package name: dompurify
bower.js
, thanks @ HakumenNCisNaN
checks, thanks @ tulachnodeType
property, thanks @ ssi02014Package name: framer-motion
v11.3.28
v11.3.28-alpha.1
v11.3.28-alpha.0
v11.3.27
v11.3.26
v11.3.25
v11.3.25-alpha.12
v11.3.25-alpha.11
v11.3.25-alpha.10
v11.3.25-alpha.9
Package name: highlight.js
Sorry for the wait, this one is a doozie, thanks to all the contributors who made it possible!
CAVEATS / POTENTIALLY BREAKING CHANGES
Important
This version drops support for Node 16.x, which is no longer supported by Node.js.
Core Grammars:
satisfies
operator Kisaragi Hiuor
conflicts with string highlighting Mohamed Aliself
variable [Lee Falin][]goto
to be recognized as a keyword in Java Alvin Joysudo
Alvin Joynew
keyword without capturing it within variables/class names Cameron Taylor_
separators, add hex p exponents Lisa Ugrayjustify-items
andjustify-self
attributes Vasily Polovnyovaccent-color
,appearance
,color-scheme
,rotate
,scale
andtranslate
attributes Carl Räftingselect
,option
,optgroup
,picture
andsource
to list of known tags Vasily Polovnyovinset
,inset-*
,border-start-*-radius
andborder-end-*-radius
attributes Vasily Polovnyovtext-decoration-skip-ink
,text-decoration-thickness
andtext-underline-offset
attributes Vasily PolovnyovNew Grammars:
Developer Tool:
highlight
API Misha KaletskyThemes:
1c-light
theme a like in the IDE 1C:Enterprise 8 (for 1c) Vitaly BarilkoVersion 11.9.0
CAVEATS / POTENTIALLY BREAKING CHANGES
node
buildstyles/*.css
files now ship un-minifiedwith minified counterparts as:
styles/*.min.css
mvorisek(this makes things consistent with our
cdn
builds)Parser:
New Grammars:
Core Grammars:
if
while
for
[Omar Hussein][]x0-x30
andw0-w30
ARMv8 registers Nicholas Thompsonfinal
,is
,macro
keywords and$
identifiers Robert Borgheseabstract
declaration from keyword Robert Borghesemacro
keyword Bradley Mackey@ unchecked
and@ Sendable
support Bradley Mackey//> using foo bar
[Jamie Thompson][]!assert
compiler flag [idleberg][]eprintln!
macro qoheniacwarn_unqualified_access
is an attribute Bradley Mackeyrecord
andvar
as keywords Guillaume LaforgeDeveloper Tool:
highlight
API. Shah Shabbir AhmmedPackage name: path-to-regexp
Added
strict
option to detect potential ReDOS issuesFixed
suffix + prefix
when not specifiedTokenData
TokenData
manually, previouslyparse
filled it in automaticallyComments
strict: true
and I'm probably releasing a V8 with it enabled by default ASAP as a necessary security mitigationv7.0.0...v7.1.0
Hi all! There's a few major breaking changes in this release so read carefully.
Breaking changes:
compile
only accepts strings as values (i.e. no numbers, useString(value)
before compiling a path)encode !== false
, it must be an array of strings\p{XID_Continue}
).?
,*
,+
) must be used after a param explicitly wrapped in{}
/
or.
*
) has been added back and matches Express.js expected behaviorendsWith
optionstrict: true
totrailing: false
;
,,
,!
, and@
for future use-casestokensToRegexp
,tokensToFunction
andregexpToFunction
in favor of simplifying exports/
can be repeated multiple times in a matched path (i.e./foo
works like//foo
, etc)encode
anddecode
no longer receive the token as the second parameterencodeURIComponent
and decode defaults todecodeURIComponent
Added:
encodePath
to fix an issue aroundencode
being used for both path and parameters (the path and parameter should be encoded slightly differently)loose
as an option to support arbitrarily matching the delimiter in paths, e.g.foo/bar
andfoo///bar
should work the sameencode
anddecode
to be set tofalse
which skips all processing of the parameters input/outputTokenData
(exported, returned byparse
) as inputRequests for feedback:
{}
is an obvious drawback but I'm seeking feedback on whether it helps make path behavior clearer/
and.
as implicit prefixesv6.2.2...v7.0.0
No API changes. Documentation only release.
Changed
v6.2.1...v6.2.2
Package name: react-day-picker
This release fixes a regression in v9.0.7 affecting range mode.
What's Changed
Full Changelog: v9.0.7...v9.0.8
This release improves compatibility with v8 and fix an issue with the calendar navigation.
What's Changed
startMonth
orendMonth
change by @ gpbl in #2343defaultLocale
by @ gpbl in #2348undefined
as initially selected value, as it was in v8 by @ gpbl in #2341calendar
toroot
in the examples by @ gpbl in #2347New Contributors
Full Changelog: v9.0.6...v9.0.7
This release addresses the failed import of the common-js module for some app builder and add new
data-
attributes to help the integration with Tailwind. Thanks for your feedback!What's Changed
New Contributors
Full Changelog: v9.0.5...v9.0.6
This release improves the range mode behavior (see the updated docs) and address some styling issues.
What's Changed