2016-11-10 14:26:24 +01:00
{
2022-08-26 09:25:31 +02:00
"name" : "unleash-frontend-local" ,
"version" : "0.0.0" ,
"private" : true ,
2023-10-02 14:25:46 +02:00
"files" : [ "index.js" , "build" ] ,
2016-11-10 14:26:24 +01:00
"engines" : {
2023-04-18 14:42:49 +02:00
"node" : ">=18"
2016-11-10 14:26:24 +01:00
} ,
"scripts" : {
2022-08-30 10:52:30 +02:00
"build" : "vite build" ,
chore: simplify package scripts (#3736)
# Simplify package scripts
This PR's purpose is to raise a discussion surrounding our current
package scripts.
It includes some suggestions that aim to simplify the scripts and
hopefully bring a much more straightforward approach to developing and
contributing to Unleash.
Building (prod) should only happen **explicitly** and when needed.
## Before PR (current behavior)
- Clone the project;
- Open 2 terminals: One for `unleash` and another for
`unleash/frontend`;
- On `unleash`:
- Run `yarn` (which will also build, for some reason?);
- Run `yarn start:dev` to start backend in dev mode (`tsc-watch`);
- On `unleash/frontend`:
- Run `yarn` (which will also build, for some reason?);
- Run `yarn start` to start frontend in dev mode (`vite`);
So it seems to me like we build unnecessarily every time we install
dependencies. Neither dev scripts need to build the project, as backend
uses `tsc-watch` and frontend uses `vite`. I'm unsure why this is the
case, as building can take a very long time.
![image](https://github.com/Unleash/unleash/assets/14320932/5ecb7df1-e5b4-4d70-ba7e-97119f5d1116)
There's also some complexity in the way we need to split the terminal to
`cd` into `frontend` and treat it as a different project. The fact that
we have different script names is also confusing (`yarn start`, `yarn
start:dev`, etc).
## After PR
- Clone the project;
- Run `yarn` to install all dependencies;
- Run `yarn dev` to get started developing Unleash;
Running `yarn` should take care of everything needed to start
developing. This includes installing dependencies for frontend as well.
It should not build projects if we are not being explicit about it,
especially since we don't need to build them at this stage.
![image](https://github.com/Unleash/unleash/assets/14320932/614e42fc-3467-432f-91fc-624b1b35c7c1)
Running `yarn dev` should start the project in dev mode. This means
running both projects in `dev` mode, which for `backend` means running
`tsc-watch` and for `frontend` means running `vite`.
Here this PR attempts to provide a better DX by using
[concurrently](https://www.npmjs.com/package/concurrently) and
[wait-on](https://www.npmjs.com/package/wait-on) - This means both tasks
are ran simultaneously, stdout is labeled accordingly, and are stopped
together. It also means that `frontend` waits for `backend` to be
serving at `4242` before starting, since `frontend` starts pretty much
immediately with `vite` and `backend` takes a bit longer. Of course,
when the `backend` is hot-reloading you may still find some
`ECONNREFUSED`s on `frontend` stdout while it recompiles.
![image](https://github.com/Unleash/unleash/assets/14320932/8bde8ee2-3cad-4e3f-a0db-9eed60cfb04d)
No more splitting your terminal and treating `frontend` as a separate
project.
## Discussion points
Maybe there's a better alternative to `tsc-watch`? I briefly explored
some alternatives and while they had a much faster starting speed,
hot-reload was sometimes slower. IMO we should aspire to run
`src/server-dev.ts` directly and only compile when needed.
Running `dev:backend` still serves a version of the frontend (at 4242).
**Why? Can we remove that behavior?**
I can't imagine a scenario in dev where we wouldn't want to run the
latest version of the frontend with `vite`.
~~**Note:** This PR removes all other out-of-scope scripts to focus on
this revamp. If we decide to merge it, we should evaluate what other
existing scripts we still want to include. May be a good opportunity to
clean up unused ones and only include the ones we really use. This
includes scripts that our GH actions rely on.~~
**Update:** In an effort to minimize impact surface of this PR and make
it a bit more ready for merging:
- It updates some docs in
https://github.com/Unleash/unleash/pull/3736/commits/2a4ff805e87b65d9c1256effaa189ddcccba15fb
and
https://github.com/Unleash/unleash/pull/3736/commits/1bbc4882519b5a82e3116f0be255ad24a6f3ce53
to reflect our new simplified flow;
- It includes the old package scripts for now in
https://github.com/Unleash/unleash/pull/3736/commits/039bc04699ac880e491fd3ce01f9bcd6f97a94b9;
- It updates some of our GH actions to reflect the new scripts in
https://github.com/Unleash/unleash/pull/3736/commits/7782cb9b12e37ee844507e41ef2b7137eaf55666;
Given its current status I'll promote the PR to "ready for review".
I still think we should have a second look at our existing scripts and
GH actions to see what we really need and/or should adapt, but it should
be a team effort so we have a broader context. Maybe on a follow-up PR.
Does this require any changes to related projects (e.g. Enterprise)?
---------
Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-05-12 12:23:22 +02:00
"dev" : "vite" ,
2022-05-05 17:15:22 +02:00
"start" : "vite" ,
2022-12-16 19:09:24 +01:00
"start:prod" : "vite build && vite preview" ,
2022-10-19 14:02:00 +02:00
"start:sandbox" : "UNLEASH_API=https://sandbox.getunleash.io/ospro yarn run start" ,
2023-01-17 13:33:52 +01:00
"start:demo2" : "UNLEASH_API=https://sandbox.getunleash.io/ UNLEASH_BASE_PATH=/demo2/ yarn run start" ,
"start:enterprise" : "UNLEASH_API=https://unleash.herokuapp.com VITE_TEST_REDIRECT=true yarn run start" ,
2023-02-17 12:15:50 +01:00
"start:demo" : "UNLEASH_BASE_PATH=/demo/ UNLEASH_API=https://app.unleash-hosted.com/ yarn run start" ,
2023-11-17 11:42:32 +01:00
"test" : "NODE_OPTIONS=\"${NODE_OPTIONS} --no-experimental-fetch\" vitest run" ,
2023-04-18 10:35:32 +02:00
"test:snapshot" : "NODE_OPTIONS=\"${NODE_OPTIONS} --no-experimental-fetch\" yarn test -u" ,
2023-12-05 17:31:23 +01:00
"test:watch" : "NODE_OPTIONS=\"${NODE_OPTIONS} --no-experimental-fetch\" vitest watch" ,
2023-10-02 14:25:46 +02:00
"lint" : "biome lint src --apply" ,
2023-10-06 10:46:38 +02:00
"lint:check" : "biome check src" ,
2023-10-02 14:25:46 +02:00
"fmt" : "biome format src --write" ,
2023-10-06 10:46:38 +02:00
"fmt:check" : "biome check src" ,
2022-09-30 13:01:32 +02:00
"ts:check" : "tsc" ,
2023-04-18 10:35:32 +02:00
"e2e" : "NODE_OPTIONS=\"${NODE_OPTIONS} --no-experimental-fetch\" yarn run cypress open --config baseUrl='http://localhost:3000' --env AUTH_USER=admin,AUTH_PASSWORD=unleash4all" ,
2023-11-30 18:20:13 +01:00
"e2e:oss" : "yarn --cwd frontend run cypress run --spec \"cypress/oss/**/*.spec.ts\" --config baseUrl='http://localhost:4242' --env AUTH_USER=admin,AUTH_PASSWORD=unleash4all" ,
2023-04-18 10:35:32 +02:00
"e2e:heroku" : "NODE_OPTIONS=\"${NODE_OPTIONS} --no-experimental-fetch\" yarn run cypress open --config baseUrl='https://unleash.herokuapp.com' --env AUTH_USER=admin,AUTH_PASSWORD=unleash4all" ,
"gen:api" : "NODE_OPTIONS=\"${NODE_OPTIONS} --no-experimental-fetch\" orval --config orval.config.js" ,
"gen:api:demo" : "NODE_OPTIONS=\"${NODE_OPTIONS} --no-experimental-fetch\" UNLEASH_OPENAPI_URL=https://app.unleash-hosted.com/demo/docs/openapi.json yarn run gen:api" ,
chore: simplify package scripts (#3736)
# Simplify package scripts
This PR's purpose is to raise a discussion surrounding our current
package scripts.
It includes some suggestions that aim to simplify the scripts and
hopefully bring a much more straightforward approach to developing and
contributing to Unleash.
Building (prod) should only happen **explicitly** and when needed.
## Before PR (current behavior)
- Clone the project;
- Open 2 terminals: One for `unleash` and another for
`unleash/frontend`;
- On `unleash`:
- Run `yarn` (which will also build, for some reason?);
- Run `yarn start:dev` to start backend in dev mode (`tsc-watch`);
- On `unleash/frontend`:
- Run `yarn` (which will also build, for some reason?);
- Run `yarn start` to start frontend in dev mode (`vite`);
So it seems to me like we build unnecessarily every time we install
dependencies. Neither dev scripts need to build the project, as backend
uses `tsc-watch` and frontend uses `vite`. I'm unsure why this is the
case, as building can take a very long time.
![image](https://github.com/Unleash/unleash/assets/14320932/5ecb7df1-e5b4-4d70-ba7e-97119f5d1116)
There's also some complexity in the way we need to split the terminal to
`cd` into `frontend` and treat it as a different project. The fact that
we have different script names is also confusing (`yarn start`, `yarn
start:dev`, etc).
## After PR
- Clone the project;
- Run `yarn` to install all dependencies;
- Run `yarn dev` to get started developing Unleash;
Running `yarn` should take care of everything needed to start
developing. This includes installing dependencies for frontend as well.
It should not build projects if we are not being explicit about it,
especially since we don't need to build them at this stage.
![image](https://github.com/Unleash/unleash/assets/14320932/614e42fc-3467-432f-91fc-624b1b35c7c1)
Running `yarn dev` should start the project in dev mode. This means
running both projects in `dev` mode, which for `backend` means running
`tsc-watch` and for `frontend` means running `vite`.
Here this PR attempts to provide a better DX by using
[concurrently](https://www.npmjs.com/package/concurrently) and
[wait-on](https://www.npmjs.com/package/wait-on) - This means both tasks
are ran simultaneously, stdout is labeled accordingly, and are stopped
together. It also means that `frontend` waits for `backend` to be
serving at `4242` before starting, since `frontend` starts pretty much
immediately with `vite` and `backend` takes a bit longer. Of course,
when the `backend` is hot-reloading you may still find some
`ECONNREFUSED`s on `frontend` stdout while it recompiles.
![image](https://github.com/Unleash/unleash/assets/14320932/8bde8ee2-3cad-4e3f-a0db-9eed60cfb04d)
No more splitting your terminal and treating `frontend` as a separate
project.
## Discussion points
Maybe there's a better alternative to `tsc-watch`? I briefly explored
some alternatives and while they had a much faster starting speed,
hot-reload was sometimes slower. IMO we should aspire to run
`src/server-dev.ts` directly and only compile when needed.
Running `dev:backend` still serves a version of the frontend (at 4242).
**Why? Can we remove that behavior?**
I can't imagine a scenario in dev where we wouldn't want to run the
latest version of the frontend with `vite`.
~~**Note:** This PR removes all other out-of-scope scripts to focus on
this revamp. If we decide to merge it, we should evaluate what other
existing scripts we still want to include. May be a good opportunity to
clean up unused ones and only include the ones we really use. This
includes scripts that our GH actions rely on.~~
**Update:** In an effort to minimize impact surface of this PR and make
it a bit more ready for merging:
- It updates some docs in
https://github.com/Unleash/unleash/pull/3736/commits/2a4ff805e87b65d9c1256effaa189ddcccba15fb
and
https://github.com/Unleash/unleash/pull/3736/commits/1bbc4882519b5a82e3116f0be255ad24a6f3ce53
to reflect our new simplified flow;
- It includes the old package scripts for now in
https://github.com/Unleash/unleash/pull/3736/commits/039bc04699ac880e491fd3ce01f9bcd6f97a94b9;
- It updates some of our GH actions to reflect the new scripts in
https://github.com/Unleash/unleash/pull/3736/commits/7782cb9b12e37ee844507e41ef2b7137eaf55666;
Given its current status I'll promote the PR to "ready for review".
I still think we should have a second look at our existing scripts and
GH actions to see what we really need and/or should adapt, but it should
be a team effort so we have a broader context. Maybe on a follow-up PR.
Does this require any changes to related projects (e.g. Enterprise)?
---------
Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2023-05-12 12:23:22 +02:00
"gen:api:sandbox" : "NODE_OPTIONS=\"${NODE_OPTIONS} --no-experimental-fetch\" UNLEASH_OPENAPI_URL=https://sandbox.getunleash.io/demo2/docs/openapi.json yarn run gen:api"
2016-11-10 14:26:24 +01:00
} ,
2021-04-09 13:38:30 +02:00
"devDependencies" : {
chore(deps): update dependency @biomejs/biome to v1.4.0 (#5288)
[![Mend Renovate logo
banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@biomejs/biome](https://biomejs.dev)
([source](https://togithub.com/biomejs/biome)) | [`1.3.3` ->
`1.4.0`](https://renovatebot.com/diffs/npm/@biomejs%2fbiome/1.3.3/1.4.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/@biomejs%2fbiome/1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/@biomejs%2fbiome/1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/@biomejs%2fbiome/1.3.3/1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/@biomejs%2fbiome/1.3.3/1.4.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>biomejs/biome (@​biomejs/biome)</summary>
###
[`v1.4.0`](https://togithub.com/biomejs/biome/blob/HEAD/CHANGELOG.md#140-2023-11-27)
[Compare
Source](https://togithub.com/biomejs/biome/compare/af24597c1877c7b5a96bb7cc59bab655a577116f...889593e3f983a6fec642d20eea3c7f94d58fc7e1)
##### CLI
- Remove the CLI options from the `lsp-proxy`, as they were never meant
to be passed to that command. Contributed by
[@​ematipico](https://togithub.com/ematipico)
- Add option `--config-path` to `lsp-proxy` and `start` commands. It's
now possible to tell the Daemon server to load `biome.json` from a
custom path. Contributed by
[@​ematipico](https://togithub.com/ematipico)
- Add new `--diagnostic-level` option to let users control the level of
diagnostics printed by the CLI. Possible values are: `"info"`, `"warn"`,
`"hint"`. Contributed by
[@​simonxabris](https://togithub.com/simonxabris)
- Add option `--line-feed` to the `format` command. Contributed by
[@​SuperchupuDev](https://togithub.com/SuperchupuDev)
- Add option `--bracket-same-line` to the `format` command. Contributed
by [@​faultyserve](https://togithub.com/faultyserve)
- Add option `--bracket-spacing` to the `format` command. Contributed by
[@​faultyserve](https://togithub.com/faultyserve)
##### Bug fixes
- Fix the command `format`, now it returns a non-zero exit code when if
there pending diffs. Contributed by
[@​ematipico](https://togithub.com/ematipico)
##### Configuration
- Add option `formatter.lineFeed`. Contributed by
[@​SuperchupuDev](https://togithub.com/SuperchupuDev)
- Add option `javascript.formatter.bracketSameLine`. Contributed by
[@​faultyserve](https://togithub.com/faultyserve)
- Add option `javascript.formatter.bracketSpacing`. Contributed by
[@​faultyserve](https://togithub.com/faultyserve)
##### Formatter
##### New features
- Add a new option
[`--line-ending`](https://biomejs.dev/reference/configuration/#formatterlineending).
This option allows changing the type of line endings. Contributed by
[@​SuperchupuDev](https://togithub.com/SuperchupuDev)
- Added a new option called `--bracket-spacing` to the formatter. This
option allows you to control whether spaces are inserted around the
brackets of object literals.
[#​627](https://togithub.com/biomejs/biome/issues/627).
Contributed by [@​faultyserver](https://togithub.com/faultyserver)
- Added a new option called `--bracket-same-line` to the formatter. This
option allows you to control whether spaces are inserted around the
brackets of object literals.
[#​627](https://togithub.com/biomejs/biome/issues/627).
Contributed by [@​faultyserver](https://togithub.com/faultyserver)
##### Bug fixes
- Fix [#​832](https://togithub.com/biomejs/biome/issues/832), the
formatter no longer keeps an unnecessary trailing comma in type
parameter lists. Contributed by
[@​Conaclos](https://togithub.com/Conaclos)
- Fix [#​301](https://togithub.com/biomejs/biome/issues/301), the
formatter should not break before the `in` keyword. Contributed by
[@​ematipico](https://togithub.com/ematipico)
##### Linter
##### Promoted rules
-
[a11y/noInteractiveElementToNoninteractiveRole](https://biomejs.dev/linter/rules/no-interactive-element-to-noninteractive-role)
-
[complexity/noThisInStatic](https://biomejs.dev/linter/rules/no-this-in-static)
-
[complexity/useArrowFunction](https://biomejs.dev/linter/rules/use-arrow-function)
-
[correctness/noEmptyCharacterClassInRegex](https://biomejs.dev/linter/rules/no-empty-character-class-in-regex)
-
[correctness/noInvalidNewBuiltin](https://biomejs.dev/linter/rules/no-invalid-new-builtin)
-
[style/noUselessElse](https://biomejs.dev/linter/rules/no-useless-else)
-
[style/useAsConstAssertion](https://biomejs.dev/linter/rules/use-as-const-assertion)
-
[style/useShorthandAssign](https://biomejs.dev/linter/rules/use-shorthand-assign)
-
[suspicious/noApproximativeNumericConstant](https://biomejs.dev/linter/rules/no-approximative-numeric-constant)
-
[suspicious/noMisleadingInstantiator](https://biomejs.dev/linter/rules/no-misleading-instantiator)
-
[suspicious/noMisrefactoredShorthandAssign](https://biomejs.dev/linter/rules/no-misrefactored-shorthand-assign)
The following rules are now recommended:
- [a11y/noAccessKey](https://biomejs.dev/linter/rules/no-access-key)
-
[a11y/useHeadingContent](https://biomejs.dev/linter/rules/use-heading-content)
-
[complexity/useSimpleNumberKeys](https://biomejs.dev/linter/use-simple-number-keys)
The following rules are now deprecated:
-
[correctness/noNewSymbol](https://biomejs.dev/linter/rules/no-new-symbol)
The rule is replaced by
[correctness/noInvalidNewBuiltin](https://biomejs.dev/linter/rules/no-invalid-new-builtin)
##### New features
- Add
[noDefaultExport](https://biomejs.dev/linter/rules/no-default-export)
which disallows `export default`. Contributed by
[@​Conaclos](https://togithub.com/Conaclos)
- Add
[noAriaHiddenOnFocusable](https://biomejs.dev/linter/rules/no-aria-hidden-on-focusable)
which reports hidden and focusable elements. Contributed by
[@​vasucp1207](https://togithub.com/vasucp1207)
- Add
[noImplicitAnyLet](https://biomejs.dev/linter/rules/no-implicit-any-let)
that reports variables declared with `let` and without initialization
and type annotation. Contributed by
[@​TaKO8Ki](https://togithub.com/TaKO8Ki) and
[@​b4s36t4](https://togithub.com/b4s36t4)
- Add [useAwait](https://biomejs.dev/linter/rules/use-await) that
reports `async` functions that don't use an `await` expression.
- Add
[useValidAriaRole](https://biomejs.dev/linter/rules/use-valid-aria-role).
Contributed by [@​vasucp1207](https://togithub.com/vasucp1207)
- Add [useRegexLiterals](https://biomejs.dev/linter/use-regex-literals)
that suggests turning call to the regex constructor into regex literals.
COntributed by [@​Yuiki](https://togithub.com/Yuiki)
##### Enhancements
- Add an unsafe code fix for
[a11y/useAriaActivedescendantWithTabindex](https://biomejs.dev/linter/rules/use-aria-activedescendant-with-tabindex)
##### Bug fixes
- Fix [#​639](https://togithub.com/biomejs/biome/issues/639) by
ignoring unused TypeScript's mapped key. Contributed by
[@​Conaclos](https://togithub.com/Conaclos)
- Fix [#​565](https://togithub.com/biomejs/biome/issues/565) by
handling several `infer` with the same name in extends clauses of
TypeScript's conditional types. Contributed by
[@​Conaclos](https://togithub.com/Conaclos)
- Fix [#​653](https://togithub.com/biomejs/biome/issues/653).
[noUnusedImports](https://biomejs.dev/linter/rules/no-unused-imports)
now correctly removes the entire line where the unused `import` is.
Contributed by [@​Conaclos](https://togithub.com/Conaclos)
- Fix [#​607](https://togithub.com/biomejs/biome/issues/609)
`useExhaustiveDependencies`, ignore optional chaining, Contributed by
[@​msdlisper](https://togithub.com/msdlisper)
- Fix [#​676](https://togithub.com/biomejs/biome/issues/676), by
using the correct node for the `"noreferrer"` when applying the code
action. Contributed by
[@​ematipico](https://togithub.com/ematipico)
- Fix [#​455](https://togithub.com/biomejs/biome/issues/455). The
CLI can now print complex emojis to the console correctly.
- Fix [#​727](https://togithub.com/biomejs/biome/issues/727).
[noInferrableTypes](https://biomejs.dev/linter/rules/no-inferrable-types)
now correctly keeps type annotations when the initialization expression
is `null`. Contributed by
[@​Conaclos](https://togithub.com/Conaclos)
- Fix [#​784](https://togithub.com/biomejs/biome/issues/784),
[noSvgWithoutTitle](https://biomejs.dev/linter/rules/no-svg-without-title)
fixes false-positives to `aria-label` and reports svg's role attribute
is implicit. Contributed by
[@​unvalley](https://togithub.com/unvalley)
- Fix [#​834](https://togithub.com/biomejs/biome/issues/834) that
made
[noUselessLoneBlockStatements](https://biomejs.dev/linter/rules/no-useless-lone-block-statements)
reports block statements of switch clauses. Contributed by
[@​vasucp1207](https://togithub.com/vasucp1207)
- Fix [#​783](https://togithub.com/biomejs/biome/issues/834) that
made
[noUselessLoneBlockStatements](https://biomejs.dev/linter/rules/no-useless-lone-block-statements)
reports block statements of `try-catch` structures. Contributed by
[@​hougesen](https://togithub.com/hougesen)
- Fix [#​69](https://togithub.com/biomejs/biome/issues/69) that
made
[correctness/noUnnecessaryContinue](https://biomejs.dev/linter/rules/no-unnecessary-continue)
incorrectly reports a `continue` used to break a switch clause.
Contributed by [@​TaKO8Ki](https://togithub.com/TaKO8Ki)
- Fix [#​664](https://togithub.com/biomejs/biome/issues/664) by
improving the diagnostic of
[style/useNamingConvention](https://biomejs.dev/linter/use-naming-convention)
when double capital are detected in strict camel case mode. Contributed
by [@​vasucp1207](https://togithub.com/vasucp1207)
- Fix [#​643](https://togithub.com/biomejs/biome/issues/643) that
erroneously parsed the option of
[complexity/useExhaustiveDependencies](https://biomejs.dev/linter/use-naming-convention).
Contributed by [@​arendjr](https://togithub.com/arendjr)
##### Parser
##### Bug fixes
- Fix [#​846](https://togithub.com/biomejs/biome/issues/846) that
erroneously parsed `<const T,>() => {}` as a JSX tag instead of an arrow
function when both TypeScript and JSX are enabled.
##### VSCode
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40Ni4wIiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Christopher Kolstad <chriswk@getunleash.io>
2023-11-28 10:32:00 +01:00
"@biomejs/biome" : "^1.4.0" ,
2022-10-26 22:13:52 +02:00
"@codemirror/lang-json" : "6.0.1" ,
2023-06-21 13:39:25 +02:00
"@emotion/react" : "11.11.1" ,
2023-05-25 02:50:38 +02:00
"@emotion/styled" : "11.11.0" ,
chore(deps): update material-ui monorepo (#3174)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@mui/icons-material](https://mui.com/material-ui/material-icons/)
([source](https://togithub.com/mui/material-ui)) | [`5.11.0` ->
`5.11.9`](https://renovatebot.com/diffs/npm/@mui%2ficons-material/5.11.0/5.11.9)
|
[![age](https://badges.renovateapi.com/packages/npm/@mui%2ficons-material/5.11.9/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/@mui%2ficons-material/5.11.9/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/@mui%2ficons-material/5.11.9/compatibility-slim/5.11.0)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/@mui%2ficons-material/5.11.9/confidence-slim/5.11.0)](https://docs.renovatebot.com/merge-confidence/)
|
| [@mui/lab](https://mui.com/material-ui/about-the-lab/)
([source](https://togithub.com/mui/material-ui)) | [`5.0.0-alpha.119` ->
`5.0.0-alpha.120`](https://renovatebot.com/diffs/npm/@mui%2flab/5.0.0-alpha.119/5.0.0-alpha.120)
|
[![age](https://badges.renovateapi.com/packages/npm/@mui%2flab/5.0.0-alpha.120/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/@mui%2flab/5.0.0-alpha.120/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/@mui%2flab/5.0.0-alpha.120/compatibility-slim/5.0.0-alpha.119)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/@mui%2flab/5.0.0-alpha.120/confidence-slim/5.0.0-alpha.119)](https://docs.renovatebot.com/merge-confidence/)
|
| [@mui/material](https://mui.com/material-ui/getting-started/overview/)
([source](https://togithub.com/mui/material-ui)) | [`5.11.8` ->
`5.11.9`](https://renovatebot.com/diffs/npm/@mui%2fmaterial/5.11.8/5.11.9)
|
[![age](https://badges.renovateapi.com/packages/npm/@mui%2fmaterial/5.11.9/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/@mui%2fmaterial/5.11.9/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/@mui%2fmaterial/5.11.9/compatibility-slim/5.11.8)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/@mui%2fmaterial/5.11.9/confidence-slim/5.11.8)](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>mui/material-ui</summary>
###
[`v5.11.9`](https://togithub.com/mui/material-ui/blob/HEAD/CHANGELOG.md#​5119)
[Compare
Source](https://togithub.com/mui/material-ui/compare/v5.11.0...v5.11.9)
<!-- generated comparing v5.11.8..master -->
*Feb 14, 2023*
A big thanks to the 17 contributors who made this release possible. Here
are some highlights ✨:
- 🐛 [@​rangoo94](https://togithub.com/rangoo94),
[@​sai6855](https://togithub.com/sai6855), and
[@​michaldudak](https://togithub.com/michaldudak) fixed a couple
of bugs in the Autocomplete component
([#​36116](https://togithub.com/mui/material-ui/issues/36116),
[#​35640](https://togithub.com/mui/material-ui/issues/35640),
[#​36076](https://togithub.com/mui/material-ui/issues/36076),
[#​36088](https://togithub.com/mui/material-ui/issues/36088))
- many other 🐛 bug fixes and 📚 documentation improvements
##### `@mui/material@5.11.9`
- \[AppBar] Fix joinVars() not handling undefined
([#​36128](https://togithub.com/mui/material-ui/issues/36128))
[@​donaldnevermore](https://togithub.com/donaldnevermore)
- \[Autocomplete] Fix tag removal regression
([#​36116](https://togithub.com/mui/material-ui/issues/36116))
[@​michaldudak](https://togithub.com/michaldudak)
- \[Autocomplete] Correct padding of filled Autocomplete
([#​35640](https://togithub.com/mui/material-ui/issues/35640))
[@​michaldudak](https://togithub.com/michaldudak)
- \[Grid]\[Stack] classNames prefixed with Mui
([#​36167](https://togithub.com/mui/material-ui/issues/36167))
[@​sai6855](https://togithub.com/sai6855)
##### `@mui/styled-engine@5.11.9`
- \[StyledEngineProvider] Fix issue with cache not being defined
([#​36162](https://togithub.com/mui/material-ui/issues/36162))
[@​mnajdova](https://togithub.com/mnajdova)
##### `@mui/joy@5.0.0-alpha.67`
- \[Joy] Add order dashboard template
([#​36081](https://togithub.com/mui/material-ui/issues/36081))
[@​siriwatknp](https://togithub.com/siriwatknp)
- \[Joy] Remove classes prop from the components that have it
([#​36159](https://togithub.com/mui/material-ui/issues/36159))
[@​hbjORbj](https://togithub.com/hbjORbj)
- \[Joy] Miscellaneous fixes
([#​36163](https://togithub.com/mui/material-ui/issues/36163))
[@​siriwatknp](https://togithub.com/siriwatknp)
##### `@mui/base@5.0.0-alpha.118`
- \[base] Override the types of `slotProps` per slot
([#​35964](https://togithub.com/mui/material-ui/issues/35964))
[@​hbjORbj](https://togithub.com/hbjORbj)
- \[Select]\[base] Prevent unnecessary rerendering of Select options
([#​35946](https://togithub.com/mui/material-ui/issues/35946))
[@​michaldudak](https://togithub.com/michaldudak)
- \[Select]\[base] Update the generated docs
([#​36183](https://togithub.com/mui/material-ui/issues/36183))
[@​michaldudak](https://togithub.com/michaldudak)
- \[useAutocomplete] Pass only valid values for the getOptionLabel prop
([#​36088](https://togithub.com/mui/material-ui/issues/36088))
[@​rangoo94](https://togithub.com/rangoo94)
- \[useAutocomplete] Fix `useAutocomplete` disabled prop not disabling
the input
([#​36076](https://togithub.com/mui/material-ui/issues/36076))
[@​sai6855](https://togithub.com/sai6855)
- \[useInput] Add return value interface
([#​36036](https://togithub.com/mui/material-ui/issues/36036))
[@​Shorifpatwary](https://togithub.com/Shorifpatwary)
- \[UseTabPanel] Add explicit return type
([#​36053](https://togithub.com/mui/material-ui/issues/36053))
[@​Shorifpatwary](https://togithub.com/Shorifpatwary)
- \[useTabsList] Add explicit return type
([#​36048](https://togithub.com/mui/material-ui/issues/36048))
[@​sai6855](https://togithub.com/sai6855)
- \[Tab] Add explicit return type to useTab
([#​36046](https://togithub.com/mui/material-ui/issues/36046))
[@​sai6855](https://togithub.com/sai6855)
##### `@mui/material-next@6.0.0-alpha.75`
- \[Material You] Use `md` as a CSS var prefix
([#​36177](https://togithub.com/mui/material-ui/issues/36177))
[@​siriwatknp](https://togithub.com/siriwatknp)
##### Docs
- \[docs] Fix the prop type regression on the API pages
([#​36168](https://togithub.com/mui/material-ui/issues/36168))
[@​mnajdova](https://togithub.com/mnajdova)
- \[docs] Fix virtualized table column resizing
([#​36066](https://togithub.com/mui/material-ui/issues/36066))
[@​petyosi](https://togithub.com/petyosi)
- \[docs] Fix react-spring demos
([#​36023](https://togithub.com/mui/material-ui/issues/36023))
[@​oliviertassinari](https://togithub.com/oliviertassinari)
- \[docs] Fix classname mismatch on Joy docs
([#​36127](https://togithub.com/mui/material-ui/issues/36127))
[@​siriwatknp](https://togithub.com/siriwatknp)
- \[docs] Fix typo in the released version of
[@​mui/styled-engine](https://togithub.com/mui/styled-engine)
([#​36121](https://togithub.com/mui/material-ui/issues/36121))
[@​m4theushw](https://togithub.com/m4theushw)
- \[docs] Fix demos showing TypeScript instead of JavaScript
([#​35850](https://togithub.com/mui/material-ui/issues/35850))
[@​mj12albert](https://togithub.com/mj12albert)
- \[docs] Update release instructions
([#​36113](https://togithub.com/mui/material-ui/issues/36113))
[@​mj12albert](https://togithub.com/mj12albert)
- \[docs] Rename `v6-alpha` to `v6-next` in navigation
([#​36102](https://togithub.com/mui/material-ui/issues/36102))
[@​LukasTy](https://togithub.com/LukasTy)
- \[docs] Revise Joy UI "Input" page
([#​35970](https://togithub.com/mui/material-ui/issues/35970))
[@​LadyBluenotes](https://togithub.com/LadyBluenotes)
- \[docs] Revise Joy UI "Typography" page
([#​35868](https://togithub.com/mui/material-ui/issues/35868))
[@​LadyBluenotes](https://togithub.com/LadyBluenotes)
##### Examples
- \[examples]\[vitejs] Load Roboto font
([#​35678](https://togithub.com/mui/material-ui/issues/35678))
[@​oliv37](https://togithub.com/oliv37)
##### Core
- \[blog] Fix the look and feel of the media description
([#​36069](https://togithub.com/mui/material-ui/issues/36069))
[@​oliviertassinari](https://togithub.com/oliviertassinari)
- \[core] Add default preview url
([#​36118](https://togithub.com/mui/material-ui/issues/36118))
[@​siriwatknp](https://togithub.com/siriwatknp)
- \[core] Migrate all the internals exported by `tests/utils/index.js`
to TypeScript
([#​35382](https://togithub.com/mui/material-ui/issues/35382))
[@​flaviendelangle](https://togithub.com/flaviendelangle)
- \[core] Convert the waterfall module to an internal package
([#​35323](https://togithub.com/mui/material-ui/issues/35323))
[@​michaldudak](https://togithub.com/michaldudak)
- \[website] Fix homepage MD theme demo
([#​36027](https://togithub.com/mui/material-ui/issues/36027))
[@​oliviertassinari](https://togithub.com/oliviertassinari)
- \[website] Revise the Lead Designer role job ad
([#​35912](https://togithub.com/mui/material-ui/issues/35912))
[@​danilo-leal](https://togithub.com/danilo-leal)
- \[POC] Add deploy preview to PR body
([#​35995](https://togithub.com/mui/material-ui/issues/35995))
[@​siriwatknp](https://togithub.com/siriwatknp)
All contributors of this release in alphabetical order:
[@​danilo-leal](https://togithub.com/danilo-leal),
[@​donaldnevermore](https://togithub.com/donaldnevermore),
[@​flaviendelangle](https://togithub.com/flaviendelangle),
[@​hbjORbj](https://togithub.com/hbjORbj),
[@​LadyBluenotes](https://togithub.com/LadyBluenotes),
[@​LukasTy](https://togithub.com/LukasTy),
[@​m4theushw](https://togithub.com/m4theushw),
[@​michaldudak](https://togithub.com/michaldudak),
[@​mj12albert](https://togithub.com/mj12albert),
[@​mnajdova](https://togithub.com/mnajdova),
[@​oliv37](https://togithub.com/oliv37),
[@​oliviertassinari](https://togithub.com/oliviertassinari),
[@​petyosi](https://togithub.com/petyosi),
[@​rangoo94](https://togithub.com/rangoo94),
[@​sai6855](https://togithub.com/sai6855),
[@​Shorifpatwary](https://togithub.com/Shorifpatwary),
[@​siriwatknp](https://togithub.com/siriwatknp)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/Unleash/unleash).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNDguMCIsInVwZGF0ZWRJblZlciI6IjM0LjE0OC4wIn0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-22 00:53:48 +01:00
"@mui/icons-material" : "5.11.9" ,
"@mui/lab" : "5.0.0-alpha.120" ,
chore(deps): update dependency @mui/material to v5.11.10 (#3207)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@mui/material](https://mui.com/material-ui/getting-started/overview/)
([source](https://togithub.com/mui/material-ui)) | [`5.11.9` ->
`5.11.10`](https://renovatebot.com/diffs/npm/@mui%2fmaterial/5.11.9/5.11.10)
|
[![age](https://badges.renovateapi.com/packages/npm/@mui%2fmaterial/5.11.10/age-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://badges.renovateapi.com/packages/npm/@mui%2fmaterial/5.11.10/adoption-slim)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://badges.renovateapi.com/packages/npm/@mui%2fmaterial/5.11.10/compatibility-slim/5.11.9)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://badges.renovateapi.com/packages/npm/@mui%2fmaterial/5.11.10/confidence-slim/5.11.9)](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>mui/material-ui</summary>
###
[`v5.11.10`](https://togithub.com/mui/material-ui/blob/HEAD/CHANGELOG.md#​51110)
[Compare
Source](https://togithub.com/mui/material-ui/compare/v5.11.9...v5.11.10)
<!-- generated comparing v5.11.9..master -->
*Feb 20, 2023*
A big thanks to the 11 contributors who made this release possible.
This release was mostly about 🐛 bug fixes and 📚 documentation
improvements.
##### `@mui/material@5.11.10`
- <!-- 22 -->\[Avatar] Fix ownerState usage with styleOverrides when
fallback is used
([#​36228](https://togithub.com/mui/material-ui/issues/36228))
[@​sai6855](https://togithub.com/sai6855)
- <!-- 21 -->\[Badge]\[material] Replace `BadgeUnstyled` with
`useBadge` hook
([#​36158](https://togithub.com/mui/material-ui/issues/36158))
[@​hbjORbj](https://togithub.com/hbjORbj)
- <!-- 03 -->\[Switch] Fix DOM warning when `type` isn't `checkbox` or
`radio`
([#​36170](https://togithub.com/mui/material-ui/issues/36170))
[@​dani-mp](https://togithub.com/dani-mp)
- <!-- 02 -->\[TextareaAutosize] Convert code to TypeScript
([#​35862](https://togithub.com/mui/material-ui/issues/35862))
[@​sai6855](https://togithub.com/sai6855)
- <!-- 01 -->\[useMediaQuery] Fix behavior of noSsr with React 18
([#​36056](https://togithub.com/mui/material-ui/issues/36056))
[@​oliviertassinari](https://togithub.com/oliviertassinari)
##### `@mui/joy@5.0.0-alpha.68`
- <!-- 05 -->\[Joy] Add `zIndex` to theme
([#​36236](https://togithub.com/mui/material-ui/issues/36236))
[@​siriwatknp](https://togithub.com/siriwatknp)
- <!-- 04 -->\[Joy] Remove transition from all components
([#​35952](https://togithub.com/mui/material-ui/issues/35952))
[@​hbjORbj](https://togithub.com/hbjORbj)
##### Docs
- <!-- 20 -->\[docs]\[base] Fix base Input demos for Safari
([#​36213](https://togithub.com/mui/material-ui/issues/36213))
[@​mj12albert](https://togithub.com/mj12albert)
- <!-- 16 -->\[docs] Fix 301 links
[@​oliviertassinari](https://togithub.com/oliviertassinari)
- <!-- 15 -->\[docs] Fix modal transition demos
([#​36137](https://togithub.com/mui/material-ui/issues/36137))
[@​oliviertassinari](https://togithub.com/oliviertassinari)
- <!-- 14 -->\[docs] Update links to pt examples
([#​36237](https://togithub.com/mui/material-ui/issues/36237))
[@​Aleff13](https://togithub.com/Aleff13)
- <!-- 13 -->\[docs] Update custom Typography variants example
([#​36185](https://togithub.com/mui/material-ui/issues/36185))
[@​mj12albert](https://togithub.com/mj12albert)
- <!-- 12 -->\[docs] Change markdown numbering syntax
([#​36187](https://togithub.com/mui/material-ui/issues/36187))
[@​mj12albert](https://togithub.com/mj12albert)
- <!-- 11 -->\[docs] Fix switch alignment in `Disabled tree items`
section in Tree View docs
([#​36217](https://togithub.com/mui/material-ui/issues/36217))
[@​PunitSoniME](https://togithub.com/PunitSoniME)
- <!-- 10 -->\[docs] Standardize example names
([#​36112](https://togithub.com/mui/material-ui/issues/36112))
[@​samuelsycamore](https://togithub.com/samuelsycamore)
- <!-- 09 -->\[docs] Fix typo
[@​oliviertassinari](https://togithub.com/oliviertassinari)
- <!-- 08 -->\[docs] Fix markdown table alignments
([#​36136](https://togithub.com/mui/material-ui/issues/36136))
[@​oliviertassinari](https://togithub.com/oliviertassinari)
- <!-- 07 -->\[docs] Small color tweaks to the docs search bar
([#​36160](https://togithub.com/mui/material-ui/issues/36160))
[@​danilo-leal](https://togithub.com/danilo-leal)
- <!-- 06 -->\[docs]\[joy] Update class name prefixes in the `Anatomy`
section
([#​36210](https://togithub.com/mui/material-ui/issues/36210))
[@​ZeeshanTamboli](https://togithub.com/ZeeshanTamboli)
##### Core
- <!-- 19 -->\[core] Migrate nprogress to emotion
([#​36181](https://togithub.com/mui/material-ui/issues/36181))
[@​siriwatknp](https://togithub.com/siriwatknp)
- <!-- 18 -->\[core] Enforce namespace import for ReactDOM
([#​36208](https://togithub.com/mui/material-ui/issues/36208))
[@​mj12albert](https://togithub.com/mj12albert)
- <!-- 17 -->\[core] Fix deploy preview links
([#​36203](https://togithub.com/mui/material-ui/issues/36203))
[@​siriwatknp](https://togithub.com/siriwatknp)
All contributors of this release in alphabetical order:
[@​Aleff13](https://togithub.com/Aleff13),
[@​dani-mp](https://togithub.com/dani-mp),
[@​danilo-leal](https://togithub.com/danilo-leal),
[@​hbjORbj](https://togithub.com/hbjORbj),
[@​mj12albert](https://togithub.com/mj12albert),
[@​oliviertassinari](https://togithub.com/oliviertassinari),
[@​PunitSoniME](https://togithub.com/PunitSoniME),
[@​sai6855](https://togithub.com/sai6855),
[@​samuelsycamore](https://togithub.com/samuelsycamore),
[@​siriwatknp](https://togithub.com/siriwatknp),
[@​ZeeshanTamboli](https://togithub.com/ZeeshanTamboli)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/Unleash/unleash).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTIuNSIsInVwZGF0ZWRJblZlciI6IjM0LjE1Mi41In0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-02-28 01:14:49 +01:00
"@mui/material" : "5.11.10" ,
2023-12-01 15:53:05 +01:00
"@tanstack/react-table" : "^8.10.7" ,
2023-06-24 06:24:24 +02:00
"@testing-library/dom" : "8.20.1" ,
2023-07-28 20:25:08 +02:00
"@testing-library/jest-dom" : "5.17.0" ,
2022-04-17 20:16:53 +02:00
"@testing-library/react" : "12.1.5" ,
2022-08-18 15:56:39 +02:00
"@testing-library/react-hooks" : "7.0.2" ,
2023-09-30 14:59:03 +02:00
"@testing-library/user-event" : "14.5.1" ,
2023-11-27 12:17:21 +01:00
"@types/debounce" : "1.2.4" ,
2023-11-27 13:23:23 +01:00
"@types/deep-diff" : "1.0.5" ,
2023-11-29 03:16:55 +01:00
"@types/jest" : "29.5.10" ,
2023-11-27 18:56:28 +01:00
"@types/lodash.clonedeep" : "4.5.9" ,
2023-12-01 15:53:05 +01:00
"@types/lodash.mapvalues" : "^4.6.9" ,
2023-11-28 00:03:23 +01:00
"@types/lodash.omit" : "4.5.9" ,
2023-09-30 23:13:22 +02:00
"@types/node" : "18.17.19" ,
2023-11-29 10:24:30 +01:00
"@types/react" : "17.0.71" ,
"@types/react-dom" : "17.0.25" ,
2023-11-28 13:53:10 +01:00
"@types/react-linkify" : "1.0.4" ,
2022-05-05 15:34:46 +02:00
"@types/react-router-dom" : "5.3.3" ,
2023-11-28 14:08:09 +01:00
"@types/react-table" : "7.7.18" ,
2023-11-29 03:17:22 +01:00
"@types/react-test-renderer" : "17.0.9" ,
2023-11-28 15:05:09 +01:00
"@types/react-timeago" : "4.1.6" ,
2023-11-28 15:47:16 +01:00
"@types/semver" : "7.5.6" ,
2023-01-27 09:13:57 +01:00
"@types/uuid" : "^9.0.0" ,
2023-12-04 20:36:21 +01:00
"@uiw/codemirror-theme-duotone" : "4.21.21" ,
2023-12-04 23:43:58 +01:00
"@uiw/react-codemirror" : "4.21.21" ,
2023-02-15 06:02:10 +01:00
"@vitejs/plugin-react" : "3.1.0" ,
2023-06-23 11:29:13 +02:00
"cartesian" : "^1.0.1" ,
2022-08-04 16:46:41 +02:00
"chart.js" : "3.9.1" ,
2022-12-28 14:09:19 +01:00
"chartjs-adapter-date-fns" : "3.0.0" ,
2022-10-07 04:41:23 +02:00
"classnames" : "2.3.2" ,
2022-11-14 17:27:49 +01:00
"copy-to-clipboard" : "3.3.3" ,
2023-04-18 11:56:15 +02:00
"countries-and-timezones" : "^3.4.0" ,
2023-11-29 13:16:12 +01:00
"cypress" : "13.6.0" ,
2023-05-08 10:16:18 +02:00
"cypress-vite" : "^1.4.0" ,
2023-05-16 16:45:53 +02:00
"date-fns" : "2.30.0" ,
2023-04-18 11:56:15 +02:00
"date-fns-tz" : "^2.0.0" ,
2021-09-27 09:12:17 +02:00
"debounce" : "1.2.1" ,
2021-11-08 16:02:06 +01:00
"deep-diff" : "1.0.2" ,
2022-10-10 12:18:37 +02:00
"dequal" : "2.0.3" ,
2022-03-24 20:06:59 +01:00
"fast-json-patch" : "3.1.1" ,
2022-04-29 01:07:23 +02:00
"http-proxy-middleware" : "2.0.6" ,
2023-04-03 17:42:06 +02:00
"immer" : "9.0.21" ,
2023-07-20 16:15:22 +02:00
"jsdom" : "22.1.0" ,
2021-09-27 09:12:17 +02:00
"lodash.clonedeep" : "4.5.0" ,
2023-12-01 15:53:05 +01:00
"lodash.mapvalues" : "^4.6.0" ,
2022-12-02 10:39:20 +01:00
"lodash.omit" : "4.5.0" ,
2022-12-16 15:12:36 +01:00
"mermaid" : "^9.3.0" ,
2023-07-20 16:15:45 +02:00
"millify" : "^6.0.0" ,
2023-02-12 17:25:43 +01:00
"msw" : "0.49.3" ,
2022-08-18 15:56:39 +02:00
"pkginfo" : "0.4.1" ,
2022-06-07 17:35:57 +02:00
"plausible-tracker" : "0.3.8" ,
2022-02-11 01:34:06 +01:00
"prop-types" : "15.8.1" ,
2021-09-27 09:12:17 +02:00
"react" : "17.0.2" ,
2022-08-02 05:44:13 +02:00
"react-chartjs-2" : "4.3.1" ,
2023-04-21 12:48:44 +02:00
"react-confetti" : "^6.1.0" ,
2021-09-27 09:12:17 +02:00
"react-dom" : "17.0.2" ,
2023-01-20 09:50:24 +01:00
"react-dropzone" : "14.2.3" ,
2022-10-10 12:18:37 +02:00
"react-error-boundary" : "3.1.4" ,
2022-12-10 18:26:53 +01:00
"react-hooks-global-state" : "2.1.0" ,
2023-04-18 11:56:15 +02:00
"react-joyride" : "^2.5.3" ,
"react-linkify" : "^1.0.0-alpha" ,
2023-04-21 12:48:44 +02:00
"react-markdown" : "^8.0.4" ,
2023-11-30 10:13:16 +01:00
"react-router-dom" : "6.16.0" ,
2022-05-17 16:33:12 +02:00
"react-table" : "7.8.0" ,
2022-02-25 10:55:39 +01:00
"react-test-renderer" : "17.0.2" ,
2023-09-14 22:29:13 +02:00
"react-timeago" : "7.2.0" ,
2023-11-29 16:38:19 +01:00
"sass" : "1.69.5" ,
2023-07-20 20:54:00 +02:00
"semver" : "7.5.4" ,
2023-10-06 08:59:26 +02:00
"swr" : "2.2.4" ,
2023-10-30 15:19:10 +01:00
"tss-react" : "4.9.3" ,
2022-10-07 19:54:29 +02:00
"typescript" : "4.8.4" ,
2023-12-01 15:53:05 +01:00
"use-query-params" : "^2.2.1" ,
chore(deps): update dependency vanilla-jsoneditor to ^0.19.0 (#5503)
[![Mend Renovate logo
banner](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vanilla-jsoneditor](https://togithub.com/josdejong/svelte-jsoneditor)
| [`^0.18.4` ->
`^0.19.0`](https://renovatebot.com/diffs/npm/vanilla-jsoneditor/0.18.10/0.19.0)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/vanilla-jsoneditor/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vanilla-jsoneditor/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vanilla-jsoneditor/0.18.10/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vanilla-jsoneditor/0.18.10/0.19.0?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>josdejong/svelte-jsoneditor (vanilla-jsoneditor)</summary>
###
[`v0.19.0`](https://togithub.com/josdejong/svelte-jsoneditor/blob/HEAD/CHANGELOG.md#0190-2023-11-21)
[Compare
Source](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.13...v0.19.0)
##### ⚠ BREAKING CHANGES
- Changes in the package exports
##### Features
- additional classes for improved CSS targeting
([4392f2c](https://togithub.com/josdejong/svelte-jsoneditor/commit/4392f2c6523bfb5913615e8d954ceb579b70b99f))
- package exports not working in Jest
([77697b3](https://togithub.com/josdejong/svelte-jsoneditor/commit/77697b3962775e09cfe514ef16b51269618dc2d4))
##### Bug Fixes
-
[#​334](https://togithub.com/josdejong/svelte-jsoneditor/issues/334)
package exports not working in Jest
([3058c66](https://togithub.com/josdejong/svelte-jsoneditor/commit/3058c66c6536eaf2902f799a2e59054dbb7d4df2))
- wrong font in table mode
([dd448c5](https://togithub.com/josdejong/svelte-jsoneditor/commit/dd448c5fff9283a4d8d34da9e9afd0ebd9857173))
#####
[0.18.13](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.12...v0.18.13)
(2023-11-13)
##### Features
- update dependencies (`jsonrepair`, `@codemirror/autocomplete`)
([691072a](https://togithub.com/josdejong/svelte-jsoneditor/commit/691072af2ff76f4d3e864eaed033112814356fce))
#####
[0.18.12](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.11...v0.18.12)
(2023-11-08)
##### Features
- update to `jsonrepair@3.4.0`
([9ede6ea](https://togithub.com/josdejong/svelte-jsoneditor/commit/9ede6ea53c91e80e542c86e24dd3d34c70415cd8))
##### Bug Fixes
-
[#​331](https://togithub.com/josdejong/svelte-jsoneditor/issues/331)
changing contents during the `onChange` callback throws a selection
error
([6e511fa](https://togithub.com/josdejong/svelte-jsoneditor/commit/6e511faf3a0e0b70a316efa5fc756c79893fa027))
-
[#​337](https://togithub.com/josdejong/svelte-jsoneditor/issues/337)
some menu styling issues
([2eec4e6](https://togithub.com/josdejong/svelte-jsoneditor/commit/2eec4e6c4806a21a0badb32d04edd442baf6665e))
- `onChange` event not fired after calling `editor.set(...)` (see
[#​318](https://togithub.com/josdejong/svelte-jsoneditor/issues/318))
([afaca42](https://togithub.com/josdejong/svelte-jsoneditor/commit/afaca423561360f307802d2eb3ed36a6d887a35f))
- update codemirror and a couple of devDependencies
([7173333](https://togithub.com/josdejong/svelte-jsoneditor/commit/71733336b6db16be61b77a4ec4301cff3b7707c7))
- use mono font in JSON Preview
([b07d08d](https://togithub.com/josdejong/svelte-jsoneditor/commit/b07d08d9c6bd6a13d797ba1fb51efc6b657e8947))
#####
[0.18.11](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.10...v0.18.11)
(2023-10-31)
##### Features
- update codemirror, jsonrepair, and other dependencies
([90d1b77](https://togithub.com/josdejong/svelte-jsoneditor/commit/90d1b774533b9a2c9716ef580eb0af045974ef56))
##### Bug Fixes
-
[#​321](https://togithub.com/josdejong/svelte-jsoneditor/issues/321)
editor not accepting JSON created in a different JavaScript realm like
an iframe
([06fb84c](https://togithub.com/josdejong/svelte-jsoneditor/commit/06fb84cced17b5b603897e21f30c4c083015190d))
- bottom margin of welcome screen in tree and table mode
([7d1eb02](https://togithub.com/josdejong/svelte-jsoneditor/commit/7d1eb027abf8e7776d40d48c5371dc372af409ff))
- editor sometimes losing track on whether it has focus
([410f997](https://togithub.com/josdejong/svelte-jsoneditor/commit/410f997b075a274b6e8691db4c3831c71602dbe3))
- svelte giving warnings about creating components with unknown
properties
([627170a](https://togithub.com/josdejong/svelte-jsoneditor/commit/627170a3e621a5ddb0abc1aa016b0a4334bc3837))
#####
[0.18.10](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.9...v0.18.10)
(2023-10-17)
##### Bug Fixes
- rename "whole document" to "document root" and "whole item" to "item
root" to prevent confusion
([2699b71](https://togithub.com/josdejong/svelte-jsoneditor/commit/2699b71f2311d1670e29ccf41848bb283c52121d))
#####
[0.18.9](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.8...v0.18.9)
(2023-10-11)
##### Bug Fixes
- unused CSS selector warnings in Svelte
([23b82cc](https://togithub.com/josdejong/svelte-jsoneditor/commit/23b82cc022e15ccbcad6ca4d51ece52ca41682b4))
#####
[0.18.8](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.7...v0.18.8)
(2023-10-02)
##### Bug Fixes
- regression since v0.18.17 not allowing to put the cursor halfway the
value when editing a value
([3e34e8d](https://togithub.com/josdejong/svelte-jsoneditor/commit/3e34e8daafe7fcd048e5bd3d75ce72ab877aaec2))
#####
[0.18.7](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.6...v0.18.7)
(2023-09-28)
##### Bug Fixes
-
[#​315](https://togithub.com/josdejong/svelte-jsoneditor/issues/315)
cannot paste text in the search box input field in tree mode
([a9a2dc3](https://togithub.com/josdejong/svelte-jsoneditor/commit/a9a2dc32e22707d636b25587426a70518dcf069c))
#####
[0.18.6](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.5...v0.18.6)
(2023-09-27)
##### Bug Fixes
- broken import due to missing file extension
([0f734c5](https://togithub.com/josdejong/svelte-jsoneditor/commit/0f734c593e4784b3b39621c029ef614ac4350e50))
#####
[0.18.5](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.4...v0.18.5)
(2023-09-27)
##### Features
- update dependencies, most notably `jsonrepair` and `codemirror`
([f6306b0](https://togithub.com/josdejong/svelte-jsoneditor/commit/f6306b00ef6144d75593a98e0867b5a7c185156a))
##### Bug Fixes
-
[#​312](https://togithub.com/josdejong/svelte-jsoneditor/issues/312)
"Show me" button throwing an error when no position was provided in the
error message
([d839e95](https://togithub.com/josdejong/svelte-jsoneditor/commit/d839e95c59ce18ff59ac0ad338019da9dc542a18))
-
[#​312](https://togithub.com/josdejong/svelte-jsoneditor/issues/312)
the "Show me" button throwing an error when no position was provided in
the error message
([36d7934](https://togithub.com/josdejong/svelte-jsoneditor/commit/36d79345b294e31bde53cb83b6586928c653601f))
- minor styling issues with modals
([97d2d94](https://togithub.com/josdejong/svelte-jsoneditor/commit/97d2d9407d6f389962ae59a808eb3353308232f2))
- update dependencies, most notably `codemirror` and `jsonrepair`
([439eb8a](https://togithub.com/josdejong/svelte-jsoneditor/commit/439eb8ae8a6a2dfe8fa8ec71f0d5c53e28b7c4a0))
#####
[0.18.4](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.3...v0.18.4)
(2023-09-19)
##### Features
- add indentation on wrapped lines
([#​295](https://togithub.com/josdejong/svelte-jsoneditor/issues/295))
([367accf](https://togithub.com/josdejong/svelte-jsoneditor/commit/367accfa261dd3dad72243d2d4648f6c186048e7))
- improve welcome screen with action buttons to create an array or
object
([d4e301f](https://togithub.com/josdejong/svelte-jsoneditor/commit/d4e301fc9da408c700d2934719a30345522e05b9))
##### Bug Fixes
- collapsed items section not removed when empty
([3d3ad45](https://togithub.com/josdejong/svelte-jsoneditor/commit/3d3ad456cfc436b0522de534846cb4b9da929ec3))
- creating an array or object or pasting content in the welcome screen
not working
([7def339](https://togithub.com/josdejong/svelte-jsoneditor/commit/7def339d916150bc12243feccd266cbb2303b178))
- editor not getting focus in table mode when clicking inside an empty
area
([609983d](https://togithub.com/josdejong/svelte-jsoneditor/commit/609983d3a6f9271fe26971c27424965fb9823405))
- select active element on undo only when existing
([e5beebf](https://togithub.com/josdejong/svelte-jsoneditor/commit/e5beebfdc4f082888c447364b12091d2ee8ecfa5))
- selection moving to value after renaming the last key of an object
([ac31282](https://togithub.com/josdejong/svelte-jsoneditor/commit/ac312821616329c5246ca50a17d607bb4d716f2e))
- some issues with navigating in `tree` mode using arrow keys
([a3f9c92](https://togithub.com/josdejong/svelte-jsoneditor/commit/a3f9c9234686b9363ac9e4b66c7dbf21950bda85))
- when inserting a new array or object in an empty editor, set selection
inside the array/object
([821933e](https://togithub.com/josdejong/svelte-jsoneditor/commit/821933e3dfcbdde637ad78fb6d3c51e5ca6c66ee))
- when inserting a new value by typing somewhere, it doesn't initially
have the right color
([9f6ea35](https://togithub.com/josdejong/svelte-jsoneditor/commit/9f6ea354270d88c67e3696e7fe8497fbf6852be2))
#####
[0.18.3](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.2...v0.18.3)
(2023-08-30)
##### Bug Fixes
- restore the selection when going back when having multiple JSONEditor
modals
([085a9d3](https://togithub.com/josdejong/svelte-jsoneditor/commit/085a9d31de26f4f41ee04b5aab68f1f9164042c7))
- sometimes multiple cells selected in Table mode
([c7705f6](https://togithub.com/josdejong/svelte-jsoneditor/commit/c7705f6e99e6aba525bc7d17b26dc17add56645c))
#####
[0.18.2](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.1...v0.18.2)
(2023-08-25)
##### Bug Fixes
-
[#​304](https://togithub.com/josdejong/svelte-jsoneditor/issues/304)
`ReadonlyValue.svelte` wrongly importing two moved types
([ed8b058](https://togithub.com/josdejong/svelte-jsoneditor/commit/ed8b05890fd149000ab67dc476cb5ceda59e7b7a))
#####
[0.18.1](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.0...v0.18.1)
(2023-08-25)
##### Bug Fixes
-
[#​300](https://togithub.com/josdejong/svelte-jsoneditor/issues/300)
change the homepage in package.json to the Github repo
([b1977e5](https://togithub.com/josdejong/svelte-jsoneditor/commit/b1977e50475362278afc1e57eb2333bd69b5f69d))
-
[#​304](https://togithub.com/josdejong/svelte-jsoneditor/issues/304)
missing type `JSONPointer` internally
([e23abbc](https://togithub.com/josdejong/svelte-jsoneditor/commit/e23abbc3690799f5a53600c109630de31f05f953))
###
[`v0.18.13`](https://togithub.com/josdejong/svelte-jsoneditor/blob/HEAD/CHANGELOG.md#01813-2023-11-13)
[Compare
Source](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.12...v0.18.13)
###
[`v0.18.12`](https://togithub.com/josdejong/svelte-jsoneditor/blob/HEAD/CHANGELOG.md#01812-2023-11-08)
[Compare
Source](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.11...v0.18.12)
###
[`v0.18.11`](https://togithub.com/josdejong/svelte-jsoneditor/blob/HEAD/CHANGELOG.md#01811-2023-10-31)
[Compare
Source](https://togithub.com/josdejong/svelte-jsoneditor/compare/v0.18.10...v0.18.11)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy41OS44IiwidXBkYXRlZEluVmVyIjoiMzcuNTkuOCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-11-29 17:33:49 +01:00
"vanilla-jsoneditor" : "^0.19.0" ,
chore(deps): update dependency vite to v4.5.1 [security] (#5554)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vitejs.dev)
([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) |
[`4.5.0` -> `4.5.1`](https://renovatebot.com/diffs/npm/vite/4.5.0/4.5.1)
|
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/4.5.0/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/4.5.0/4.5.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
####
[CVE-2023-49293](https://togithub.com/vitejs/vite/security/advisories/GHSA-92r3-m2mg-pj97)
### Summary
When Vite's HTML transformation is invoked manually via
`server.transformIndexHtml`, the original request URL is passed in
unmodified, and the `html` being transformed contains inline module
scripts (`<script type="module">...</script>`), it is possible to inject
arbitrary HTML into the transformed output by supplying a malicious URL
query string to `server.transformIndexHtml`.
### Impact
Only apps using `appType: 'custom'` and using the default Vite HTML
middleware are affected. The HTML entry must also contain an inline
script. The attack requires a user to click on a malicious URL while
running the dev server. Restricted files aren't exposed to the attacker.
### Patches
Fixed in vite@5.0.5, vite@4.5.1, vite@4.4.12
### Details
Suppose `index.html` contains an inline module script:
```html
<script type="module">
// Inline script
</script>
```
This script is transformed into a proxy script like
```html
<script type="module" src="/index.html?html-proxy&index=0.js"></script>
```
due to Vite's HTML plugin:
https://github.com/vitejs/vite/blob/7fd7c6cebfcad34ae7021ebee28f97b1f28ef3f3/packages/vite/src/node/plugins/html.ts#L429-L465
When `appType: 'spa' | 'mpa'`, Vite serves HTML itself, and
`htmlFallbackMiddleware` rewrites `req.url` to the canonical path of
`index.html`,
https://github.com/vitejs/vite/blob/73ef074b80fa7252e0c46a37a2c94ba8cba46504/packages/vite/src/node/server/middlewares/htmlFallback.ts#L44-L47
so the `url` passed to `server.transformIndexHtml` is `/index.html`.
However, if `appType: 'custom'`, HTML is served manually, and if
`server.transformIndexHtml` is called with the unmodified request URL
(as the SSR docs suggest), then the path of the transformed `html-proxy`
script varies with the request URL. For example, a request with path `/`
produces
```html
<script type="module" src="/@​id/__x00__/index.html?html-proxy&index=0.js"></script>
```
It is possible to abuse this behavior by crafting a request URL to
contain a malicious payload like
```
"></script><script>alert('boom')</script>
```
so a request to
http://localhost:5173/?%22%3E%3C/script%3E%3Cscript%3Ealert(%27boom%27)%3C/script%3E
produces HTML output like
```html
<script type="module" src="/@​id/__x00__/?"></script><script>alert("boom")</script>?html-proxy&index=0.js"></script>
```
which demonstrates XSS.
### PoC
- Example 1. Serving HTML from `vite dev` middleware with `appType:
'custom'`
- Go to
https://stackblitz.com/edit/vitejs-vite-9xhma4?file=main.js&terminal=dev-html
- "Open in New Tab"
- Edit URL to set query string to
`?%22%3E%3C/script%3E%3Cscript%3Ealert(%27boom%27)%3C/script%3E` and
navigate
- Witness XSS:
-
![image](https://user-images.githubusercontent.com/2456381/287434281-13757894-7a63-4a73-b1e9-d2b024c19d14.png)
- Example 2. Serving HTML from SSR-style Express server (Vite dev server
runs in middleware mode):
- Go to
https://stackblitz.com/edit/vitejs-vite-9xhma4?file=main.js&terminal=server
- (Same steps as above)
- Example 3. Plain `vite dev` (this shows that vanilla `vite dev` is
_not_ vulnerable, provided `htmlFallbackMiddleware` is used)
- Go to
https://stackblitz.com/edit/vitejs-vite-9xhma4?file=main.js&terminal=dev
- (Same steps as above)
- You should _not_ see the alert box in this case
### Detailed Impact
This will probably predominantly affect [development-mode
SSR](https://vitejs.dev/guide/ssr#setting-up-the-dev-server), where
`vite.transformHtml` is called using the original `req.url`, per the
docs:
https://github.com/vitejs/vite/blob/7fd7c6cebfcad34ae7021ebee28f97b1f28ef3f3/docs/guide/ssr.md?plain=1#L114-L126
However, since this vulnerability affects `server.transformIndexHtml`,
the scope of impact may be higher to also include other ad-hoc calls to
`server.transformIndexHtml` from outside of Vite's own codebase.
My best guess at bisecting which versions are vulnerable involves the
following test script
```js
import fs from 'node:fs/promises';
import * as vite from 'vite';
const html = `
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
</head>
<body>
<script type="module">
// Inline script
</script>
</body>
</html>
`;
const server = await vite.createServer({ appType: 'custom' });
const transformed = await server.transformIndexHtml('/?%22%3E%3C/script%3E%3Cscript%3Ealert(%27boom%27)%3C/script%3E', html);
console.log(transformed);
await server.close();
```
and using it I was able to narrow down to #​13581. If this is
correct, then vulnerable Vite versions are 4.4.0-beta.2 and higher
(which includes 4.4.0).
---
### Release Notes
<details>
<summary>vitejs/vite (vite)</summary>
### [`v4.5.1`](https://togithub.com/vitejs/vite/releases/tag/v4.5.1)
[Compare
Source](https://togithub.com/vitejs/vite/compare/v4.5.0...v4.5.1)
Please refer to
[CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v4.5.1/packages/vite/CHANGELOG.md)
for details.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Enabled.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44MS4zIiwidXBkYXRlZEluVmVyIjoiMzcuODEuMyIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-06 01:30:39 +01:00
"vite" : "4.5.1" ,
2022-08-18 15:56:39 +02:00
"vite-plugin-env-compatible" : "1.1.1" ,
2023-10-01 02:51:52 +02:00
"vite-plugin-svgr" : "3.3.0" ,
2023-09-20 10:30:40 +02:00
"vite-tsconfig-paths" : "4.2.1" ,
2023-07-21 16:36:30 +02:00
"vitest" : "0.33.0" ,
2023-09-20 12:02:12 +02:00
"whatwg-fetch" : "3.6.19"
2017-02-23 22:18:23 +01:00
} ,
2023-01-05 11:57:53 +01:00
"optionalDependencies" : {
2023-07-20 12:59:55 +02:00
"orval" : "^6.17.0"
2023-01-05 11:57:53 +01:00
} ,
2022-10-14 11:44:59 +02:00
"resolutions" : {
2023-12-04 20:36:03 +01:00
"@codemirror/state" : "6.3.2" ,
2023-01-12 10:09:59 +01:00
"@xmldom/xmldom" : "^0.8.4" ,
2023-01-17 13:33:52 +01:00
"json5" : "^2.2.2" ,
2023-11-29 10:24:30 +01:00
"@types/react" : "17.0.71" ,
"@types/react-dom" : "17.0.25" ,
2023-07-20 20:54:00 +02:00
"semver" : "7.5.4"
2022-10-14 11:44:59 +02:00
} ,
2017-02-23 22:18:23 +01:00
"jest" : {
"moduleNameMapper" : {
2022-02-04 11:32:02 +01:00
"\\.(jpg|jpeg|png|gif|eot|otf|webp|ttf|woff|woff2|mp4|webm|wav|mp3|m4a|aac|oga)$" : "<rootDir>/src/__mocks__/fileMock.js" ,
"\\.svg" : "<rootDir>/src/__mocks__/svgMock.js" ,
2017-02-23 22:18:23 +01:00
"\\.(css|scss)$" : "identity-obj-proxy"
2022-02-04 11:32:02 +01:00
}
2021-04-07 09:04:48 +02:00
} ,
"browserslist" : {
2023-10-02 14:25:46 +02:00
"production" : [ ">0.2%" , "not dead" , "not op_mini all" ] ,
2021-04-07 09:04:48 +02:00
"development" : [
"last 1 chrome version" ,
"last 1 firefox version" ,
"last 1 safari version"
2021-02-05 14:33:32 +01:00
]
2021-03-30 15:14:02 +02:00
} ,
2023-09-27 09:27:38 +02:00
"dependencies" : { }
2016-11-10 14:26:24 +01:00
}