mirror of
https://github.com/Unleash/unleash.git
synced 2025-08-09 13:47:13 +02:00
tmp/metrics-frontend
1460 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Thomas Heartman
|
c619cb9ec5
|
chore(1-3835): improve json diff view (#10146)
Replaces the existing JSON diff implementation we use with `json-diff-react` (35kb unpacked, according to npm), a react-fork of the popular `json-diff` library. The change is behind a new flag. The new library has several advantages: - nicer formatting (including nested objects) - we don't need to calculate the diff manually anymore - option to hide/reveal unchanged properties There's still a few more things to put in place (such as handling of no changes) and overflow handling when you have very long properties. Here's a few comparison screenies: Old (below) vs new (above):  Fold and unfold:   In change requests:  Strategy re-ordering: Folded:  Unfolded:  Old:  |
||
Christopher Kolstad
|
bf67dea2f7
|
chore: Bumped Yarn to 4.9.2 (#10126) | ||
Tymoteusz Czech
|
553ffc62b7
|
fix: orval for ESM (#10086)
updated Orval and configured it to be compatible with v7. --------- Co-authored-by: Thomas Heartman <thomas@getunleash.io> |
||
|
Thomas Heartman
|
16df33b078
|
feat: add lifecycle trend graphs (#10077)
Adds lifecycle trend graphs to the insights page. The graphs are each placed within their own boxes. The boxes do not have any more information in them yet. Also, because the data returned from the API is still all zeroes, I've used mock data that matches the sketches. Finally, the chart configuration and how it's split into a LifecycleChart that lazy loads a LifecycleChartComponent is based on the LineChart and LineChartComponent that we use elsewhere on the insights page. Light mode: <img width="1562" alt="image" src="https://github.com/user-attachments/assets/6dd11168-be24-42d4-aa97-a7a55651fa0e" /> We might want to tweak some colors in dark mode, but maybe not? 🤷🏼  |
||
renovate[bot]
|
e67e60a363
|
chore(deps): update dependency typescript to v5.8.3 (#7480)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [typescript](https://www.typescriptlang.org/) ([source](https://redirect.github.com/microsoft/TypeScript)) | [`5.6.3` -> `5.8.3`](https://renovatebot.com/diffs/npm/typescript/5.6.3/5.8.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [typescript](https://www.typescriptlang.org/) ([source](https://redirect.github.com/microsoft/TypeScript)) | [`5.4.5` -> `5.8.3`](https://renovatebot.com/diffs/npm/typescript/5.4.5/5.8.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>microsoft/TypeScript (typescript)</summary> ### [`v5.8.3`](https://redirect.github.com/microsoft/TypeScript/compare/v5.8.2...68cead182cc24afdc3f1ce7c8ff5853aba14b65a) [Compare Source](https://redirect.github.com/microsoft/TypeScript/compare/v5.8.2...v5.8.3) ### [`v5.8.2`](https://redirect.github.com/microsoft/TypeScript/compare/v5.7.3...beb69e4cdd61b1a0fd9ae21ae58bd4bd409d7217) [Compare Source](https://redirect.github.com/microsoft/TypeScript/compare/v5.7.3...v5.8.2) ### [`v5.7.3`](https://redirect.github.com/microsoft/TypeScript/releases/tag/v5.7.3): TypeScript 5.7.3 [Compare Source](https://redirect.github.com/microsoft/TypeScript/compare/v5.7.2...v5.7.3) For release notes, check out the [release announcement](https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/). - [fixed issues query for Typescript 5.7.0 (Beta)](https://redirect.github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.7.0%22+is%3Aclosed+). - [fixed issues query for Typescript 5.7.1 (RC)](https://redirect.github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.7.1%22+is%3Aclosed+). - [fixed issues query for Typescript 5.7.2 (Stable)](https://redirect.github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.7.2%22+is%3Aclosed+). - [fixed issues query for Typescript 5.7.3 (Stable)](https://redirect.github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.7.2%22+is%3Aclosed+). Downloads are available on [npm](https://www.npmjs.com/package/typescript) ### [`v5.7.2`](https://redirect.github.com/microsoft/TypeScript/releases/tag/v5.7.2): TypeScript 5.7 [Compare Source](https://redirect.github.com/microsoft/TypeScript/compare/v5.6.3...v5.7.2) For release notes, check out the [release announcement](https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/). - [fixed issues query for Typescript 5.7.0 (Beta)](https://redirect.github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.7.0%22+is%3Aclosed+). - [fixed issues query for Typescript 5.7.1 (RC)](https://redirect.github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.7.1%22+is%3Aclosed+). - [fixed issues query for Typescript 5.7.2 (Stable)](https://redirect.github.com/Microsoft/TypeScript/issues?utf8=%E2%9C%93\&q=milestone%3A%22TypeScript+5.7.2%22+is%3Aclosed+). Downloads are available on: - [npm](https://www.npmjs.com/package/typescript) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjAuMSIsInVwZGF0ZWRJblZlciI6IjQwLjExLjkiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImRlcGVuZGVuY2llcyJdfQ==--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Nuno Góis <github@nunogois.com> |
||
dependabot[bot]
|
e65865d410
|
chore(deps-dev): bump http-proxy-middleware from 2.0.7 to 2.0.9 in /frontend (#9786)
Bumps [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) from 2.0.7 to 2.0.9. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chimurai/http-proxy-middleware/releases">http-proxy-middleware's releases</a>.</em></p> <blockquote> <h2>v2.0.9</h2> <h2>What's Changed</h2> <ul> <li>fix(fixRequestBody): check readableLength by <a href="https://github.com/chimurai"><code>@chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1097">chimurai/http-proxy-middleware#1097</a></li> <li>chore(package): v2.0.9 by <a href="https://github.com/chimurai"><code>@chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1099">chimurai/http-proxy-middleware#1099</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9</a></p> <h2>v2.0.8</h2> <h2>What's Changed</h2> <ul> <li>fix(fixRequestBody): prevent multiple .write() calls by <a href="https://github.com/chimurai"><code>@chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090">chimurai/http-proxy-middleware#1090</a></li> <li>fix(fixRequestBody): handle invalid request by <a href="https://github.com/chimurai"><code>@chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091">chimurai/http-proxy-middleware#1091</a></li> <li>chore(package): v2.0.8 by <a href="https://github.com/chimurai"><code>@chimurai</code></a> in <a href="https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094">chimurai/http-proxy-middleware#1094</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8">https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md">http-proxy-middleware's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9">v2.0.9</a></h2> <ul> <li>fix(fixRequestBody): check readableLength</li> </ul> <h2><a href="https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8">v2.0.8</a></h2> <ul> <li>fix(fixRequestBody): prevent multiple .write() calls</li> <li>fix(fixRequestBody): handle invalid request</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
renovate[bot]
|
d17d68d6aa
|
chore(deps): update node.js to v22 (#9487) | ||
Gastón Fournier
|
abe160eb7d
|
feat: Unleash v7 ESM migration (#9877)
We're migrating to ESM, which will allow us to import the latest versions of our dependencies. Co-Authored-By: Christopher Kolstad <chriswk@getunleash.io> |
||
|
renovate[bot]
|
6a2953f768
|
chore(deps): update dependency vite to v5.4.19 [security] (#9899)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.18` -> `5.4.19`](https://renovatebot.com/diffs/npm/vite/5.4.18/5.4.19) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-46565](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-859w-5945-r5v3) ### Summary The contents of files in [the project `root`](https://vite.dev/config/shared-options.html#root) that are denied by a file matching pattern can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. Only files that are under [project `root`](https://vite.dev/config/shared-options.html#root) and are denied by a file matching pattern can be bypassed. - Examples of file matching patterns: `.env`, `.env.*`, `*.{crt,pem}`, `**/.env` - Examples of other patterns: `**/.git/**`, `.git/**`, `.git/**/*` ### Details [`server.fs.deny`](https://vite.dev/config/server-options.html#server-fs-deny) can contain patterns matching against files (by default it includes `.env`, `.env.*`, `*.{crt,pem}` as such patterns). These patterns were able to bypass for files under `root` by using a combination of slash and dot (`/.`). ### PoC ``` npm create vite@latest cd vite-project/ cat "secret" > .env npm install npm run dev curl --request-target /.env/. http://localhost:5173 ```   --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v5.4.19`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.19) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.18...v5.4.19) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.19/packages/vite/CHANGELOG.md) for details. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNjQuMCIsInVwZGF0ZWRJblZlciI6IjM5LjI2NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
Gastón Fournier
|
a88e781391
|
feat: run cypress against current branch (#9793)
## About the changes Currently, we're running against the older version of our UI. When making changes to it we want to make sure we're testing the current code **Details in comments** --------- Co-authored-by: Tymoteusz Czech <2625371+Tymek@users.noreply.github.com> |
||
|
renovate[bot]
|
61c98a9994
|
chore(deps): update dependency http-proxy-middleware to v2.0.8 [security] (#9787)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [http-proxy-middleware](https://redirect.github.com/chimurai/http-proxy-middleware) | [`2.0.7` -> `2.0.8`](https://renovatebot.com/diffs/npm/http-proxy-middleware/2.0.7/2.0.8) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-32996](https://nvd.nist.gov/vuln/detail/CVE-2025-32996) In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. --- ### Release Notes <details> <summary>chimurai/http-proxy-middleware (http-proxy-middleware)</summary> ### [`v2.0.8`](https://redirect.github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8) [Compare Source](https://redirect.github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8) #### What's Changed - fix(fixRequestBody): prevent multiple .write() calls by [@​chimurai](https://redirect.github.com/chimurai) in [https://github.com/chimurai/http-proxy-middleware/pull/1090](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090) - fix(fixRequestBody): handle invalid request by [@​chimurai](https://redirect.github.com/chimurai) in [https://github.com/chimurai/http-proxy-middleware/pull/1091](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091) - chore(package): v2.0.8 by [@​chimurai](https://redirect.github.com/chimurai) in [https://github.com/chimurai/http-proxy-middleware/pull/1094](https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094) **Full Changelog**: https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMzguMCIsInVwZGF0ZWRJblZlciI6IjM5LjIzOC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
6af36288ab
|
chore(deps-dev): bump vite from 5.4.16 to 5.4.18 in /frontend (#9766)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 5.4.16 to 5.4.18. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v5.4.18</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v5.4.18/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v5.4.17</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v5.4.17/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/v5.4.18/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted -->5.4.18 (2025-04-10)<!-- raw HTML omitted --></h2> <ul> <li>fix: backport <a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19830">#19830</a>, reject requests with <code>#</code> in request-target (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19831">#19831</a>) (<a href=" |
||
Ivar Conradi Østhus
|
e63b28c1b8
|
feat: use Unleash React SDK in Admin UI (#9723)
In this PR I integrate the Unleash React SDK with the Admin UI. We also take advantage of Unleash Hosted Edge behind the scenes with multiple regions to get the evaluations close to the end user. |
||
|
renovate[bot]
|
097c83edfb
|
chore(deps): update dependency vite to v5.4.16 [security] (#9666)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.15` -> `5.4.16`](https://renovatebot.com/diffs/npm/vite/5.4.15/5.4.16) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-31125](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-4r4m-qw57-chr8) ### Summary The contents of arbitrary files can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Details - base64 encoded content of non-allowed files is exposed using `?inline&import` (originally reported as `?import&?inline=1.wasm?init`) - content of non-allowed files is exposed using `?raw?import` `/@​fs/` isn't needed to reproduce the issue for files inside the project root. ### PoC Original report (check details above for simplified cases): The ?import&?inline=1.wasm?init ending allows attackers to read arbitrary files and returns the file content if it exists. Base64 decoding needs to be performed twice ``` $ npm create vite@latest $ cd vite-project/ $ npm install $ npm run dev ``` Example full URL `http://localhost:5173/@​fs/C:/windows/win.ini?import&?inline=1.wasm?init` --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v5.4.16`](https://redirect.github.com/vitejs/vite/compare/v5.4.15...v5.4.16) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.15...v5.4.16) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
98a0fba1cb
|
chore(deps): update dependency vite to v5.4.15 [security] (#9663)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.14` -> `5.4.15`](https://renovatebot.com/diffs/npm/vite/5.4.14/5.4.15) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-30208](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-x574-m823-4x7w) ### Summary The contents of arbitrary files can be returned to the browser. ### Impact Only apps explicitly exposing the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) are affected. ### Details `@fs` denies access to files outside of Vite serving allow list. Adding `?raw??` or `?import&raw??` to the URL bypasses this limitation and returns the file content if it exists. This bypass exists because trailing separators such as `?` are removed in several places, but are not accounted for in query string regexes. ### PoC ```bash $ npm create vite@latest $ cd vite-project/ $ npm install $ npm run dev $ echo "top secret content" > /tmp/secret.txt # expected behaviour $ curl "http://localhost:5173/@​fs/tmp/secret.txt" <body> <h1>403 Restricted</h1> <p>The request url "/tmp/secret.txt" is outside of Vite serving allow list. # security bypassed $ curl "http://localhost:5173/@​fs/tmp/secret.txt?import&raw??" export default "top secret content\n" //# sourceMappingURL=data:application/json;base64,eyJ2... ``` --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v5.4.15`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.15) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.14...v5.4.15) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.15/packages/vite/CHANGELOG.md) for details. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
cf91852234
|
chore(deps): update dependency @uiw/react-codemirror to v4.23.10 (#9572)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@uiw/react-codemirror](https://uiwjs.github.io/react-codemirror) ([source](https://redirect.github.com/uiwjs/react-codemirror)) | [`4.23.9` -> `4.23.10`](https://renovatebot.com/diffs/npm/@uiw%2freact-codemirror/4.23.9/4.23.10) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>uiwjs/react-codemirror (@​uiw/react-codemirror)</summary> ### [`v4.23.10`](https://redirect.github.com/uiwjs/react-codemirror/releases/tag/v4.23.10) [Compare Source](https://redirect.github.com/uiwjs/react-codemirror/compare/v4.23.9...v4.23.10) [](https://jaywcjlove.github.io/#/sponsor) [](https://uiwjs.github.io/npm-unpkg/#/pkg/@​uiw/react-codemirror@4.23.10/file/README.md) Documentation v4.23.10: https://raw.githack.com/uiwjs/react-codemirror/b920d7f/index.html\ Comparing Changes: https://github.com/uiwjs/react-codemirror/compare/v4.23.9...v4.23.10 ```shell npm i @​uiw/react-codemirror@4.23.10 ``` - 🐞 fix: Fix flash of content on initialization ([#​717](https://redirect.github.com/uiwjs/react-codemirror/issues/717)) [`b11562d`](https://redirect.github.com/uiwjs/react-codemirror/commit/b11562d) [@​colsondonohue](https://redirect.github.com/colsondonohue) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
42abfccdb1
|
chore(deps): update dependency @uiw/codemirror-theme-duotone to v4.23.10 (#9571)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@uiw/codemirror-theme-duotone](https://uiwjs.github.io/react-codemirror/#/theme/data/duotone/light) ([source](https://redirect.github.com/uiwjs/react-codemirror)) | [`4.23.9` -> `4.23.10`](https://renovatebot.com/diffs/npm/@uiw%2fcodemirror-theme-duotone/4.23.9/4.23.10) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>uiwjs/react-codemirror (@​uiw/codemirror-theme-duotone)</summary> ### [`v4.23.10`](https://redirect.github.com/uiwjs/react-codemirror/releases/tag/v4.23.10) [Compare Source](https://redirect.github.com/uiwjs/react-codemirror/compare/v4.23.9...v4.23.10) [](https://jaywcjlove.github.io/#/sponsor) [](https://uiwjs.github.io/npm-unpkg/#/pkg/@​uiw/react-codemirror@4.23.10/file/README.md) Documentation v4.23.10: https://raw.githack.com/uiwjs/react-codemirror/b920d7f/index.html\ Comparing Changes: https://github.com/uiwjs/react-codemirror/compare/v4.23.9...v4.23.10 ```shell npm i @​uiw/react-codemirror@4.23.10 ``` - 🐞 fix: Fix flash of content on initialization ([#​717](https://redirect.github.com/uiwjs/react-codemirror/issues/717)) [`b11562d`](https://redirect.github.com/uiwjs/react-codemirror/commit/b11562d) [@​colsondonohue](https://redirect.github.com/colsondonohue) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
eca36eeb5c
|
chore(deps): update dependency vitest to v3.0.8 (#9515)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vitest](https://redirect.github.com/vitest-dev/vitest) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)) | [`3.0.7` -> `3.0.8`](https://renovatebot.com/diffs/npm/vitest/3.0.7/3.0.8) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>vitest-dev/vitest (vitest)</summary> ### [`v3.0.8`](https://redirect.github.com/vitest-dev/vitest/releases/tag/v3.0.8) [Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v3.0.7...v3.0.8) ##### 🐞 Bug Fixes - Fix fetch cache multiple writes - by [@​hi-ogawa](https://redirect.github.com/hi-ogawa) in [https://github.com/vitest-dev/vitest/issues/7546](https://redirect.github.com/vitest-dev/vitest/issues/7546) [<samp>(1a8b4)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/1a8b4337) - Use browser.isolate instead of config.isolate - by [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7560](https://redirect.github.com/vitest-dev/vitest/issues/7560) [<samp>(4b5ed)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4b5ed902) - Remove vestigial spy stub, import directly from `@vitest/spy` - by [@​mrginglymus](https://redirect.github.com/mrginglymus) in [https://github.com/vitest-dev/vitest/issues/7575](https://redirect.github.com/vitest-dev/vitest/issues/7575) [<samp>(7f7ff)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/7f7ff11c) - Correctly split the argv string - by [@​btea](https://redirect.github.com/btea) in [https://github.com/vitest-dev/vitest/issues/7533](https://redirect.github.com/vitest-dev/vitest/issues/7533) [<samp>(4325a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/4325ac67) - **browser**: - Remove [@​testing-library/dom](https://redirect.github.com/testing-library/dom) from dependencies - by [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7555](https://redirect.github.com/vitest-dev/vitest/issues/7555) [<samp>(5387a)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/5387a5b3) - Improve source map handling for bundled files - by [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7534](https://redirect.github.com/vitest-dev/vitest/issues/7534) [<samp>(e2c57)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/e2c570b6) - Print related test file and potential test in unhandled errors - by [@​sheremet-va](https://redirect.github.com/sheremet-va) in [https://github.com/vitest-dev/vitest/issues/7564](https://redirect.github.com/vitest-dev/vitest/issues/7564) [<samp>(fee90)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/fee90d85) - **runner**: - Fix `beforeEach/All` cleanup callback timeout - by [@​hi-ogawa](https://redirect.github.com/hi-ogawa) in [https://github.com/vitest-dev/vitest/issues/7500](https://redirect.github.com/vitest-dev/vitest/issues/7500) [<samp>(0c292)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/0c2924b7) - Fix and simplify `Task.suite` initialization - by [@​hi-ogawa](https://redirect.github.com/hi-ogawa) in [https://github.com/vitest-dev/vitest/issues/7414](https://redirect.github.com/vitest-dev/vitest/issues/7414) [<samp>(ca9ff)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/ca9ffac5) - **snapshot**: - Allow inline snapshot calls on same location with same snapshot - by [@​jycouet](https://redirect.github.com/jycouet) and [@​hi-ogawa](https://redirect.github.com/hi-ogawa) in [https://github.com/vitest-dev/vitest/issues/7464](https://redirect.github.com/vitest-dev/vitest/issues/7464) [<samp>(d5cb8)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/d5cb8212) - **vite-node**: - Fix `buildStart` on Vite 6 - by [@​hi-ogawa](https://redirect.github.com/hi-ogawa) in [https://github.com/vitest-dev/vitest/issues/7480](https://redirect.github.com/vitest-dev/vitest/issues/7480) [<samp>(c0f47)</samp>](https://redirect.github.com/vitest-dev/vitest/commit/c0f47e03) ##### [View changes on GitHub](https://redirect.github.com/vitest-dev/vitest/compare/v3.0.7...v3.0.8) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOTQuMSIsInVwZGF0ZWRJblZlciI6IjM5LjE5NC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
076006a5d3
|
chore(deps): update dependency swr to v2.3.3 (#9514)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [swr](https://swr.vercel.app) ([source](https://redirect.github.com/vercel/swr)) | [`2.3.2` -> `2.3.3`](https://renovatebot.com/diffs/npm/swr/2.3.2/2.3.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>vercel/swr (swr)</summary> ### [`v2.3.3`](https://redirect.github.com/vercel/swr/releases/tag/v2.3.3) [Compare Source](https://redirect.github.com/vercel/swr/compare/v2.3.2...v2.3.3) ##### Patches - enhance: use empty prototype object by [@​huozhi](https://redirect.github.com/huozhi) in [https://github.com/vercel/swr/pull/4099](https://redirect.github.com/vercel/swr/pull/4099) - Initialise nextFocusRevalidatedAt on mount by [@​mgoodfellow](https://redirect.github.com/mgoodfellow) in [https://github.com/vercel/swr/pull/2857](https://redirect.github.com/vercel/swr/pull/2857) ##### Misc - Update Twitter references to X by [@​ManuLpz4](https://redirect.github.com/ManuLpz4) in [https://github.com/vercel/swr/pull/4103](https://redirect.github.com/vercel/swr/pull/4103) #### New Contributors - [@​ManuLpz4](https://redirect.github.com/ManuLpz4) made their first contribution in [https://github.com/vercel/swr/pull/4103](https://redirect.github.com/vercel/swr/pull/4103) - [@​mgoodfellow](https://redirect.github.com/mgoodfellow) made their first contribution in [https://github.com/vercel/swr/pull/2857](https://redirect.github.com/vercel/swr/pull/2857) **Full Changelog**: https://github.com/vercel/swr/compare/v2.3.2...v2.3.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xOTQuMSIsInVwZGF0ZWRJblZlciI6IjM5LjE5NC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
f3d33fe808
|
chore(deps): update dependency @uiw/react-codemirror to v4.23.9 (#9474)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@uiw/react-codemirror](https://uiwjs.github.io/react-codemirror) ([source](https://redirect.github.com/uiwjs/react-codemirror)) | [`4.23.8` -> `4.23.9`](https://renovatebot.com/diffs/npm/@uiw%2freact-codemirror/4.23.8/4.23.9) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>uiwjs/react-codemirror (@​uiw/react-codemirror)</summary> ### [`v4.23.9`](https://redirect.github.com/uiwjs/react-codemirror/releases/tag/v4.23.9) [Compare Source](https://redirect.github.com/uiwjs/react-codemirror/compare/v4.23.8...v4.23.9) [](https://jaywcjlove.github.io/#/sponsor) [](https://uiwjs.github.io/npm-unpkg/#/pkg/@​uiw/react-codemirror@4.23.9/file/README.md) Documentation v4.23.9: https://raw.githack.com/uiwjs/react-codemirror/fc8f5fa/index.html\ Comparing Changes: https://github.com/uiwjs/react-codemirror/compare/v4.23.8...v4.23.9 ```shell npm i @​uiw/react-codemirror@4.23.9 ``` - 🐞 fix(theme): correctly extend basic light theme ([#​716](https://redirect.github.com/uiwjs/react-codemirror/issues/716)) [`e191c2a`](https://redirect.github.com/uiwjs/react-codemirror/commit/e191c2a) [@​veksen](https://redirect.github.com/veksen) - 🆎 type: module in codemirror-extensions-basic-setup ([#​702](https://redirect.github.com/uiwjs/react-codemirror/issues/702)) [`a657654`](https://redirect.github.com/uiwjs/react-codemirror/commit/a657654) [@​PuruVJ](https://redirect.github.com/PuruVJ) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODUuNCIsInVwZGF0ZWRJblZlciI6IjM5LjE4NS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
6d77b30f7a
|
chore(deps): update yarn to v4.7.0 (#9475)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [yarn](https://redirect.github.com/yarnpkg/berry) ([source](https://redirect.github.com/yarnpkg/berry/tree/HEAD/packages/yarnpkg-cli)) | [`4.6.0` -> `4.7.0`](https://renovatebot.com/diffs/npm/yarn/4.6.0/4.7.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>yarnpkg/berry (yarn)</summary> ### [`v4.7.0`]( |
||
|
renovate[bot]
|
5e29119e08
|
chore(deps): update dependency @uiw/codemirror-theme-duotone to v4.23.9 (#9473)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@uiw/codemirror-theme-duotone](https://uiwjs.github.io/react-codemirror/#/theme/data/duotone/light) ([source](https://redirect.github.com/uiwjs/react-codemirror)) | [`4.23.8` -> `4.23.9`](https://renovatebot.com/diffs/npm/@uiw%2fcodemirror-theme-duotone/4.23.8/4.23.9) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>uiwjs/react-codemirror (@​uiw/codemirror-theme-duotone)</summary> ### [`v4.23.9`](https://redirect.github.com/uiwjs/react-codemirror/releases/tag/v4.23.9) [Compare Source](https://redirect.github.com/uiwjs/react-codemirror/compare/v4.23.8...v4.23.9) [](https://jaywcjlove.github.io/#/sponsor) [](https://uiwjs.github.io/npm-unpkg/#/pkg/@​uiw/react-codemirror@4.23.9/file/README.md) Documentation v4.23.9: https://raw.githack.com/uiwjs/react-codemirror/fc8f5fa/index.html\ Comparing Changes: https://github.com/uiwjs/react-codemirror/compare/v4.23.8...v4.23.9 ```shell npm i @​uiw/react-codemirror@4.23.9 ``` - 🐞 fix(theme): correctly extend basic light theme ([#​716](https://redirect.github.com/uiwjs/react-codemirror/issues/716)) [`e191c2a`](https://redirect.github.com/uiwjs/react-codemirror/commit/e191c2a) [@​veksen](https://redirect.github.com/veksen) - 🆎 type: module in codemirror-extensions-basic-setup ([#​702](https://redirect.github.com/uiwjs/react-codemirror/issues/702)) [`a657654`](https://redirect.github.com/uiwjs/react-codemirror/commit/a657654) [@​PuruVJ](https://redirect.github.com/PuruVJ) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODUuNCIsInVwZGF0ZWRJblZlciI6IjM5LjE4NS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
b2bb1b3bb2
|
chore(deps): update dependency cypress to v14 (#9263) | ||
|
renovate[bot]
|
01d97ef0f4
|
chore(deps): update dependency vitest to v3.0.7 (#9421)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vitest](https://redirect.github.com/vitest-dev/vitest) ([source](https://redirect.github.com/vitest-dev/vitest/tree/HEAD/packages/vitest)) | [`3.0.6` -> `3.0.7`](https://renovatebot.com/diffs/npm/vitest/3.0.6/3.0.7) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>vitest-dev/vitest (vitest)</summary> ### [`v3.0.7`](https://redirect.github.com/vitest-dev/vitest/compare/v3.0.6...v3.0.7) [Compare Source](https://redirect.github.com/vitest-dev/vitest/compare/v3.0.6...v3.0.7) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODUuNCIsInVwZGF0ZWRJblZlciI6IjM5LjE4NS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
5563d9c0f0
|
chore(deps): update dependency sass to v1.85.1 (#9410)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [sass](https://redirect.github.com/sass/dart-sass) | [`1.85.0` -> `1.85.1`](https://renovatebot.com/diffs/npm/sass/1.85.0/1.85.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>sass/dart-sass (sass)</summary> ### [`v1.85.1`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1851) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.85.0...1.85.1) - Fix a bug where global Sass functions whose names overlap with CSS math functions could incorrectly be treated as CSS math functions even though they used Sass-only features, causing compilation failures. For example, `round(-$var / 2)` previously threw an error but now works as intended. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODUuNCIsInVwZGF0ZWRJblZlciI6IjM5LjE4NS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
1aae86b457
|
chore(deps): update dependency react-dropzone to v14.3.8 (#9409)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [react-dropzone](https://redirect.github.com/react-dropzone/react-dropzone) | [`14.3.5` -> `14.3.8`](https://renovatebot.com/diffs/npm/react-dropzone/14.3.5/14.3.8) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>react-dropzone/react-dropzone (react-dropzone)</summary> ### [`v14.3.8`](https://redirect.github.com/react-dropzone/react-dropzone/releases/tag/v14.3.8) [Compare Source](https://redirect.github.com/react-dropzone/react-dropzone/compare/v14.3.7...v14.3.8) ##### Bug Fixes - **event_type:** 🎨 Update drop event type to include FileSystemFileHandle ([d6911c9]( |
||
|
renovate[bot]
|
add39ad63e
|
chore(deps): update dependency msw to v2.7.3 (#9408)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [msw](https://mswjs.io) ([source](https://redirect.github.com/mswjs/msw)) | [`2.7.1` -> `2.7.3`](https://renovatebot.com/diffs/npm/msw/2.7.1/2.7.3) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>mswjs/msw (msw)</summary> ### [`v2.7.3`](https://redirect.github.com/mswjs/msw/releases/tag/v2.7.3) [Compare Source](https://redirect.github.com/mswjs/msw/compare/v2.7.2...v2.7.3) #### v2.7.3 (2025-02-24) ##### Bug Fixes - do not treat static asset requests as unhandled by default ([#​2440](https://redirect.github.com/mswjs/msw/issues/2440), [docs](https://mswjs.io/docs/api/is-common-asset-request)) ([`eb45e7a`]( |
||
|
renovate[bot]
|
88c3f50073
|
chore(deps): update dependency sass to v1.85.0 (#9393)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [sass](https://redirect.github.com/sass/dart-sass) | [`1.83.4` -> `1.85.0`](https://renovatebot.com/diffs/npm/sass/1.83.4/1.85.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>sass/dart-sass (sass)</summary> ### [`v1.85.0`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1850) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.84.0...1.85.0) - No longer fully trim redundant selectors generated by `@extend`. This caused unacceptable performance issues for certain heavy users of `@extend`. We'll try to find a more performant way to accomplish it in the future. ### [`v1.84.0`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1840) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.83.4...1.84.0) - Allow newlines in whitespace in the indented syntax. - **Potentially breaking bug fix**: Selectors with unmatched brackets now always produce a parser error. Previously, some edge cases like `[foo#{"]:is(bar"}) {a: b}` would compile without error, but this was an unintentional bug. - Fix a bug in which various Color Level 4 functions weren't allowed in plain CSS. - Fix the error message for `@extend` without a selector and possibly other parsing edge-cases in contexts that allow interpolation. ##### Embedded Host - Fixed the implementation of the `SassBoolean` type to adhere to the spec, now using a class instead of an interface. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzYuMiIsInVwZGF0ZWRJblZlciI6IjM5LjE3Ni4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
1f5c07e3aa
|
chore(deps): update dependency msw to v2.7.1 (#9387)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [msw](https://mswjs.io)
([source](https://redirect.github.com/mswjs/msw)) | [`2.7.0` ->
`2.7.1`](https://renovatebot.com/diffs/npm/msw/2.7.0/2.7.1) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>mswjs/msw (msw)</summary>
###
[`v2.7.1`](https://redirect.github.com/mswjs/msw/releases/tag/v2.7.1)
[Compare
Source](https://redirect.github.com/mswjs/msw/compare/v2.7.0...v2.7.1)
#### v2.7.1 (2025-02-20)
##### Bug Fixes
- **HttpResponse:** support non-configurable status codes
([#​2434](https://redirect.github.com/mswjs/msw/issues/2434))
([`0cf639e`](
|
||
|
renovate[bot]
|
fb0dea7e42
|
chore(deps): update dependency swr to v2.3.2 (#9365)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [swr](https://swr.vercel.app) ([source](https://redirect.github.com/vercel/swr)) | [`2.3.0` -> `2.3.2`](https://renovatebot.com/diffs/npm/swr/2.3.0/2.3.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>vercel/swr (swr)</summary> ### [`v2.3.2`](https://redirect.github.com/vercel/swr/releases/tag/v2.3.2) [Compare Source](https://redirect.github.com/vercel/swr/compare/v2.3.1...v2.3.2) #### Patches - (fix) keepPreviousData: return fallback instead of undefined value by [@​dvoytenko](https://redirect.github.com/dvoytenko) in [https://github.com/vercel/swr/pull/4087](https://redirect.github.com/vercel/swr/pull/4087) **Full Changelog**: https://github.com/vercel/swr/compare/v2.3.1...v2.3.2 ### [`v2.3.1`](https://redirect.github.com/vercel/swr/releases/tag/v2.3.1) [Compare Source](https://redirect.github.com/vercel/swr/compare/v2.3.0...v2.3.1) ##### Fixes - fix: missing `throwOnError` in SWRMutationHook options by [@​Ram4GB](https://redirect.github.com/Ram4GB) in [https://github.com/vercel/swr/pull/3054](https://redirect.github.com/vercel/swr/pull/3054) - fix: sever env detection for deno by [@​elrrrrrrr](https://redirect.github.com/elrrrrrrr) in [https://github.com/vercel/swr/pull/4064](https://redirect.github.com/vercel/swr/pull/4064) - keepPreviousData: return fallback instead of undefined value by [@​dvoytenko](https://redirect.github.com/dvoytenko) in [https://github.com/vercel/swr/pull/4084](https://redirect.github.com/vercel/swr/pull/4084) ##### Misc - ci: update pnpm setup and lock pnpm vesion by [@​huozhi](https://redirect.github.com/huozhi) in [https://github.com/vercel/swr/pull/4085](https://redirect.github.com/vercel/swr/pull/4085) - build: bump bundler by [@​huozhi](https://redirect.github.com/huozhi) in [https://github.com/vercel/swr/pull/4086](https://redirect.github.com/vercel/swr/pull/4086) - refactor: type improvement of `useSWRHandler` by [@​samuel871211](https://redirect.github.com/samuel871211) in [https://github.com/vercel/swr/pull/4075](https://redirect.github.com/vercel/swr/pull/4075) ##### New Contributors - [@​Ram4GB](https://redirect.github.com/Ram4GB) made their first contribution in [https://github.com/vercel/swr/pull/3054](https://redirect.github.com/vercel/swr/pull/3054) - [@​elrrrrrrr](https://redirect.github.com/elrrrrrrr) made their first contribution in [https://github.com/vercel/swr/pull/4064](https://redirect.github.com/vercel/swr/pull/4064) - [@​dvoytenko](https://redirect.github.com/dvoytenko) made their first contribution in [https://github.com/vercel/swr/pull/4084](https://redirect.github.com/vercel/swr/pull/4084) - [@​samuel871211](https://redirect.github.com/samuel871211) made their first contribution in [https://github.com/vercel/swr/pull/4075](https://redirect.github.com/vercel/swr/pull/4075) **Full Changelog**: https://github.com/vercel/swr/compare/v2.3.0...v2.3.1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzYuMiIsInVwZGF0ZWRJblZlciI6IjM5LjE3Ni4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
d53efccde5
|
chore(deps): update dependency semver to v7.7.1 (#9354)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [semver](https://redirect.github.com/npm/node-semver) | [`7.7.0` ->
`7.7.1`](https://renovatebot.com/diffs/npm/semver/7.7.0/7.7.1) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>npm/node-semver (semver)</summary>
###
[`v7.7.1`](https://redirect.github.com/npm/node-semver/blob/HEAD/CHANGELOG.md#771-2025-02-03)
[Compare
Source](https://redirect.github.com/npm/node-semver/compare/v7.7.0...v7.7.1)
##### Bug Fixes
-
[`af761c0`](
|
||
|
renovate[bot]
|
cdad65c098
|
chore(deps): update dependency @uiw/react-codemirror to v4.23.8 (#9353)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@uiw/react-codemirror](https://uiwjs.github.io/react-codemirror) ([source](https://redirect.github.com/uiwjs/react-codemirror)) | [`4.23.7` -> `4.23.8`](https://renovatebot.com/diffs/npm/@uiw%2freact-codemirror/4.23.7/4.23.8) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>uiwjs/react-codemirror (@​uiw/react-codemirror)</summary> ### [`v4.23.8`](https://redirect.github.com/uiwjs/react-codemirror/releases/tag/v4.23.8) [Compare Source](https://redirect.github.com/uiwjs/react-codemirror/compare/v4.23.7...v4.23.8) [](https://jaywcjlove.github.io/#/sponsor) [](https://uiwjs.github.io/npm-unpkg/#/pkg/@​uiw/react-codemirror@4.23.8/file/README.md) Documentation v4.23.8: https://raw.githack.com/uiwjs/react-codemirror/62aac6a/index.html\ Comparing Changes: https://github.com/uiwjs/react-codemirror/compare/v4.23.7...v4.23.8 ```shell npm i @​uiw/react-codemirror@4.23.8 ``` - 🐞 fix: Pass diffConfig to options in CodeMirrorMerge component ([#​712](https://redirect.github.com/uiwjs/react-codemirror/issues/712)) [`a95fb47`](https://redirect.github.com/uiwjs/react-codemirror/commit/a95fb47) [@​snelsi](https://redirect.github.com/snelsi) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzYuMiIsInVwZGF0ZWRJblZlciI6IjM5LjE3Ni4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
7f81c38daa
|
chore(deps): update dependency @uiw/codemirror-theme-duotone to v4.23.8 (#9349)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@uiw/codemirror-theme-duotone](https://uiwjs.github.io/react-codemirror/#/theme/data/duotone/light) ([source](https://redirect.github.com/uiwjs/react-codemirror)) | [`4.23.7` -> `4.23.8`](https://renovatebot.com/diffs/npm/@uiw%2fcodemirror-theme-duotone/4.23.7/4.23.8) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>uiwjs/react-codemirror (@​uiw/codemirror-theme-duotone)</summary> ### [`v4.23.8`](https://redirect.github.com/uiwjs/react-codemirror/releases/tag/v4.23.8) [Compare Source](https://redirect.github.com/uiwjs/react-codemirror/compare/v4.23.7...v4.23.8) [](https://jaywcjlove.github.io/#/sponsor) [](https://uiwjs.github.io/npm-unpkg/#/pkg/@​uiw/react-codemirror@4.23.8/file/README.md) Documentation v4.23.8: https://raw.githack.com/uiwjs/react-codemirror/62aac6a/index.html\ Comparing Changes: https://github.com/uiwjs/react-codemirror/compare/v4.23.7...v4.23.8 ```shell npm i @​uiw/react-codemirror@4.23.8 ``` - 🐞 fix: Pass diffConfig to options in CodeMirrorMerge component ([#​712](https://redirect.github.com/uiwjs/react-codemirror/issues/712)) [`a95fb47`](https://redirect.github.com/uiwjs/react-codemirror/commit/a95fb47) [@​snelsi](https://redirect.github.com/snelsi) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNzYuMiIsInVwZGF0ZWRJblZlciI6IjM5LjE3Ni4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
Nuno Góis
|
17d3f67ec1
|
chore: upgrade vitest to 3.0.6 (#9337)
https://linear.app/unleash/issue/2-3296/upgrade-vitest Follow-up to https://github.com/Unleash/unleash/pull/9212 The ☝️ PR was failing some tests because `chartjs-adapter-date-fns` is imported as a [side effect](https://stackoverflow.com/questions/41127479/es6-import-for-side-effects-meaning) and seems to be CommonJS-only. When Vitest loads it, it fails to find named exports (like `_adapters`). By inlining `chartjs-adapter-date-fns` in our Vitest test config, esbuild transforms it into a proper ES module for testing. Additionally, we’re upgrading from v1.4.0 to v3.0.6 directly since our code seems to be fully compatible. >Vitest requires Vite >=v5.0.0 and Node >=v18.0.0 |
||
|
renovate[bot]
|
c1fc07f402
|
chore(deps): update dependency jsonpath-plus to v10.3.0 [security] (#9326)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [jsonpath-plus](https://redirect.github.com/s3u/JSONPath) | [`10.2.0` -> `10.3.0`](https://renovatebot.com/diffs/npm/jsonpath-plus/10.2.0/10.3.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-1302](https://nvd.nist.gov/vuln/detail/CVE-2025-1302) Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for CVE-2024-21534. --- ### Release Notes <details> <summary>s3u/JSONPath (jsonpath-plus)</summary> ### [`v10.3.0`](https://redirect.github.com/s3u/JSONPath/blob/HEAD/CHANGES.md#1030) [Compare Source](https://redirect.github.com/s3u/JSONPath/compare/v10.2.0...v10.3.0) - fix(eval): rce using non-string prop names ([#​237](https://redirect.github.com/s3u/JSONPath/issues/237)) - feat(demo): make demo link shareable ([#​238](https://redirect.github.com/s3u/JSONPath/issues/238)) - chore: update deps. and devDeps. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNjcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjE2Ny4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
99a27d51a9
|
chore(deps): update dependency @codemirror/state to v6.5.2 (#9278)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@codemirror/state](https://redirect.github.com/codemirror/state) | [`6.5.1` -> `6.5.2`](https://renovatebot.com/diffs/npm/@codemirror%2fstate/6.5.1/6.5.2) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>codemirror/state (@​codemirror/state)</summary> ### [`v6.5.2`](https://redirect.github.com/codemirror/state/blob/HEAD/CHANGELOG.md#652-2025-02-03) [Compare Source](https://redirect.github.com/codemirror/state/compare/6.5.1...6.5.2) ##### Bug fixes Fix a bug where reconfiguring a field with a new `init` value didn't update the value of the field. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNjQuMSIsInVwZGF0ZWRJblZlciI6IjM5LjE2NC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
9d453e6881
|
chore(deps): update yarn to v4.6.0 (#9248)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [yarn](https://redirect.github.com/yarnpkg/berry) ([source](https://redirect.github.com/yarnpkg/berry/tree/HEAD/packages/yarnpkg-cli)) | [`4.5.3` -> `4.6.0`](https://renovatebot.com/diffs/npm/yarn/4.5.3/4.6.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>yarnpkg/berry (yarn)</summary> ### [`v4.6.0`]( |
||
|
renovate[bot]
|
6602e664a1
|
chore(deps): update testing-library monorepo (#9247)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@testing-library/react](https://redirect.github.com/testing-library/react-testing-library) | [`16.1.0` -> `16.2.0`](https://renovatebot.com/diffs/npm/@testing-library%2freact/16.1.0/16.2.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | | [@testing-library/user-event](https://redirect.github.com/testing-library/user-event) | [`14.5.2` -> `14.6.1`](https://renovatebot.com/diffs/npm/@testing-library%2fuser-event/14.5.2/14.6.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>testing-library/react-testing-library (@​testing-library/react)</summary> ### [`v16.2.0`](https://redirect.github.com/testing-library/react-testing-library/releases/tag/v16.2.0) [Compare Source](https://redirect.github.com/testing-library/react-testing-library/compare/v16.1.0...v16.2.0) ##### Features - Add support for React error handlers ([#​1354](https://redirect.github.com/testing-library/react-testing-library/issues/1354)) ([9618c51]( |
||
|
renovate[bot]
|
cc25a2134c
|
chore(deps): update dependency swr to v2.3.0 (#9235)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [swr](https://swr.vercel.app) ([source](https://redirect.github.com/vercel/swr)) | [`2.2.5` -> `2.3.0`](https://renovatebot.com/diffs/npm/swr/2.2.5/2.3.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>vercel/swr (swr)</summary> ### [`v2.3.0`](https://redirect.github.com/vercel/swr/compare/v2.2.5...v2.3.0) [Compare Source](https://redirect.github.com/vercel/swr/compare/v2.2.5...v2.3.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNDUuMCIsInVwZGF0ZWRJblZlciI6IjM5LjE0NS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
bec490df3c
|
chore(deps): update dependency semver to v7.7.0 (#9233)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [semver](https://redirect.github.com/npm/node-semver) | [`7.6.3` -> `7.7.0`](https://renovatebot.com/diffs/npm/semver/7.6.3/7.7.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>npm/node-semver (semver)</summary> ### [`v7.7.0`](https://redirect.github.com/npm/node-semver/blob/HEAD/CHANGELOG.md#770-2025-01-29) [Compare Source](https://redirect.github.com/npm/node-semver/compare/v7.6.3...v7.7.0) ##### Features - [`0864b3c`]( |
||
Mateusz Kwasniewski
|
c86ea091b7
|
feat: virtual autocomplete (#9181) | ||
|
renovate[bot]
|
575bc41af0
|
chore(deps): update dependency vite to v5.4.14 (#9187)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.12` -> `5.4.14`](https://renovatebot.com/diffs/npm/vite/5.4.12/5.4.14) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v5.4.14`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.14) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.13...v5.4.14) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.14/packages/vite/CHANGELOG.md) for details. ### [`v5.4.13`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.13) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.12...v5.4.13) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.13/packages/vite/CHANGELOG.md) for details. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNDUuMCIsInVwZGF0ZWRJblZlciI6IjM5LjE0NS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
f7b346e792
|
chore(deps): update dependency tss-react to v4.9.15 (#9186)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [tss-react](https://www.tss-react.dev) ([source](https://redirect.github.com/garronej/tss-react)) | [`4.9.14` -> `4.9.15`](https://renovatebot.com/diffs/npm/tss-react/4.9.14/4.9.15) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>garronej/tss-react (tss-react)</summary> ### [`v4.9.15`](https://redirect.github.com/garronej/tss-react/releases/tag/v4.9.15) [Compare Source](https://redirect.github.com/garronej/tss-react/compare/v4.9.14...v4.9.15) <!-- Release notes generated using configuration in .github/release.yaml at refs/heads/main --> **Full Changelog**: https://github.com/garronej/tss-react/compare/v4.9.14...v4.9.15 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNDUuMCIsInVwZGF0ZWRJblZlciI6IjM5LjE0NS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
d83422ac45
|
chore(deps): update dependency sass to v1.83.4 (#9185)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [sass](https://redirect.github.com/sass/dart-sass) | [`1.83.0` -> `1.83.4`](https://renovatebot.com/diffs/npm/sass/1.83.0/1.83.4) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>sass/dart-sass (sass)</summary> ### [`v1.83.4`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1834) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.83.3...1.83.4) - No user-visible changes. ### [`v1.83.3`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1833) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.83.2...1.83.3) - No user-visible changes. ### [`v1.83.2`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1832) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.83.1...1.83.2) - Properly display deprecation IDs for the JS Sass API. - Don't display deprecation IDs for user-defined deprecations. ### [`v1.83.1`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1831) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.83.0...1.83.1) - Fix a bug where `--quiet-deps` would get deactivated for `@content` blocks, even when those blocks were entirely contained within dependencies. - Include deprecation IDs in deprecation warnings to make it easier to determine what to pass to `--silence-deprecation` or `--fatal-deprecation`. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xNDUuMCIsInVwZGF0ZWRJblZlciI6IjM5LjE0NS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
938f12908b
|
chore(deps): update dependency @types/react to v18.3.18 (#9146)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@types/react](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/react) ([source](https://redirect.github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react)) | [`18.3.17` -> `18.3.18`](https://renovatebot.com/diffs/npm/@types%2freact/18.3.17/18.3.18) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMjUuMSIsInVwZGF0ZWRJblZlciI6IjM5LjEyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
89cb9dc59a
|
chore(deps): update dependency vite to v5.4.12 [security] (#9131)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [vite](https://vite.dev) ([source](https://redirect.github.com/vitejs/vite/tree/HEAD/packages/vite)) | [`5.4.11` -> `5.4.12`](https://renovatebot.com/diffs/npm/vite/5.4.11/5.4.12) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2025-24010](https://redirect.github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6) ### Summary Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. ### Upgrade Path Users that does not match either of the following conditions should be able to upgrade to a newer version of Vite that fixes the vulnerability without any additional configuration. - Using the backend integration feature - Using a reverse proxy in front of Vite - Accessing the development server via a domain other than `localhost` or `*.localhost` - Using a plugin / framework that connects to the WebSocket server on their own from the browser #### Using the backend integration feature If you are using the backend integration feature and not setting [`server.origin`](https://vite.dev/config/server-options.html#server-origin), you need to add the origin of the backend server to the [`server.cors.origin`](https://redirect.github.com/expressjs/cors#configuration-options) option. Make sure to set a specific origin rather than `*`, otherwise any origin can access your development server. #### Using a reverse proxy in front of Vite If you are using a reverse proxy in front of Vite and sending requests to Vite with a hostname other than `localhost` or `*.localhost`, you need to add the hostname to the new [`server.allowedHosts`](https://vite.dev/config/server-options.html#server-allowedhosts) option. For example, if the reverse proxy is sending requests to `http://vite:5173`, you need to add `vite` to the `server.allowedHosts` option. #### Accessing the development server via a domain other than `localhost` or `*.localhost` You need to add the hostname to the new [`server.allowedHosts`](https://vite.dev/config/server-options.html#server-allowedhosts) option. For example, if you are accessing the development server via `http://foo.example.com:8080`, you need to add `foo.example.com` to the `server.allowedHosts` option. #### Using a plugin / framework that connects to the WebSocket server on their own from the browser If you are using a plugin / framework, try upgrading to a newer version of Vite that fixes the vulnerability. If the WebSocket connection appears not to be working, the plugin / framework may have a code that connects to the WebSocket server on their own from the browser. In that case, you can either: - fix the plugin / framework code to the make it compatible with the new version of Vite - set `legacy.skipWebSocketTokenCheck: true` to opt-out the fix for [2] while the plugin / framework is incompatible with the new version of Vite - When enabling this option, **make sure that you are aware of the security implications** described in the impact section of [2] above. ### Mitigation without upgrading Vite #### [1]: Permissive default CORS settings Set `server.cors` to `false` or limit `server.cors.origin` to trusted origins. #### [2]: Lack of validation on the Origin header for WebSocket connections There aren't any mitigations for this. #### [3]: Lack of validation on the Host header for HTTP requests Use Chrome 94+ or use HTTPS for the development server. ### Details There are three causes that allowed malicious websites to send any requests to the development server: #### [1]: Permissive default CORS settings Vite sets the [`Access-Control-Allow-Origin`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin) header depending on [`server.cors`](https://vite.dev/config/server-options.html#server-cors) option. The default value was `true` which sets `Access-Control-Allow-Origin: *`. This allows websites on any origin to `fetch` contents served on the development server. Attack scenario: 1. The attacker serves a malicious web page (`http://malicious.example.com`). 2. The user accesses the malicious web page. 3. The attacker sends a `fetch('http://127.0.0.1:5173/main.js')` request by JS in that malicious web page. This request is normally blocked by same-origin policy, but that's not the case for the reasons above. 4. The attacker gets the content of `http://127.0.0.1:5173/main.js`. #### [2]: Lack of validation on the Origin header for WebSocket connections Vite starts a WebSocket server to handle HMR and other functionalities. This WebSocket server [did not perform validation on the Origin header](https://redirect.github.com/vitejs/vite/blob/v6.0.7/packages/vite/src/node/server/ws.ts#L145-L157) and was vulnerable to Cross-Site WebSocket Hijacking (CSWSH) attacks. With that attack, an attacker can read and write messages on the WebSocket connection. Vite only sends some information over the WebSocket connection ([list of the file paths that changed, the file content where the errored happened, etc.](https://redirect.github.com/vitejs/vite/blob/v6.0.7/packages/vite/types/hmrPayload.d.ts#L12-L72)), but plugins can send arbitrary messages and may include more sensitive information. Attack scenario: 1. The attacker serves a malicious web page (`http://malicious.example.com`). 2. The user accesses the malicious web page. 3. The attacker runs `new WebSocket('http://127.0.0.1:5173', 'vite-hmr')` by JS in that malicious web page. 4. The user edits some files. 5. Vite sends some HMR messages over WebSocket. 6. The attacker gets the content of the HMR messages. #### [3]: Lack of validation on the Host header for HTTP requests Unless [`server.https`](https://vite.dev/config/server-options.html#server-https) is set, Vite starts the development server on HTTP. Non-HTTPS servers are vulnerable to DNS rebinding attacks without validation on the Host header. But Vite did not perform validation on the Host header. By exploiting this vulnerability, an attacker can send arbitrary requests to the development server bypassing the same-origin policy. 1. The attacker serves a malicious web page that is served on **HTTP** (`http://malicious.example.com:5173`) (HTTPS won't work). 2. The user accesses the malicious web page. 3. The attacker changes the DNS to point to 127.0.0.1 (or other private addresses). 4. The attacker sends a `fetch('/main.js')` request by JS in that malicious web page. 5. The attacker gets the content of `http://127.0.0.1:5173/main.js` bypassing the same origin policy. ### Impact #### [1]: Permissive default CORS settings Users with the default `server.cors` option may: - get the source code stolen by malicious websites - give the attacker access to functionalities that are not supposed to be exposed externally - Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behind `server.proxy` may have those functionalities. #### [2]: Lack of validation on the Origin header for WebSocket connections All users may get the file paths of the files that changed and the file content where the error happened be stolen by malicious websites. For users that is using a plugin that sends messages over WebSocket, that content may be stolen by malicious websites. For users that is using a plugin that has a functionality that is triggered by messages over WebSocket, that functionality may be exploited by malicious websites. #### [3]: Lack of validation on the Host header for HTTP requests Users using HTTP for the development server and using a browser that is not Chrome 94+ may: - get the source code stolen by malicious websites - give the attacker access to functionalities that are not supposed to be exposed externally - Vite core does not have any functionality that causes changes somewhere else when receiving a request, but plugins may implement those functionalities and servers behind `server.proxy` may have those functionalities. Chrome 94+ users are not affected for [3], because [sending a request to a private network page from public non-HTTPS page is forbidden](https://developer.chrome.com/blog/private-network-access-update#chrome_94) since Chrome 94. ### Related Information Safari has [a bug that blocks requests to loopback addresses from HTTPS origins](https://bugs.webkit.org/show_bug.cgi?id=171934). This means when the user is using Safari and Vite is listening on lookback addresses, there's another condition of "the malicious web page is served on HTTP" to make [1] and [2] to work. ### PoC #### [2]: Lack of validation on the Origin header for WebSocket connections 1. I used the `react` template which utilizes HMR functionality. ``` npm create vite@latest my-vue-app-react -- --template react ``` 2. Then on a malicious server, serve the following POC html: ```html <!doctype html> <html lang="en"> <head> <meta charset="utf-8" /> <title>vite CSWSH</title> </head> <body> <div id="logs"></div> <script> const div = document.querySelectorAll('#logs')[0]; const ws = new WebSocket('ws://localhost:5173','vite-hmr'); ws.onmessage = event => { const logLine = document.createElement('p'); logLine.innerHTML = event.data; div.append(logLine); }; </script> </body> </html> ``` 3. Kick off Vite ``` npm run dev ``` 4. Load the development server (open `http://localhost:5173/`) as well as the malicious page in the browser. 5. Edit `src/App.jsx` file and intentionally place a syntax error 6. Notice how the malicious page can view the websocket messages and a snippet of the source code is exposed Here's a video demonstrating the POC: https://github.com/user-attachments/assets/a4ad05cd-0b34-461c-9ff6-d7c8663d6961 --- ### Release Notes <details> <summary>vitejs/vite (vite)</summary> ### [`v5.4.12`](https://redirect.github.com/vitejs/vite/releases/tag/v5.4.12) [Compare Source](https://redirect.github.com/vitejs/vite/compare/v5.4.11...v5.4.12) Please refer to [CHANGELOG.md](https://redirect.github.com/vitejs/vite/blob/v5.4.12/packages/vite/CHANGELOG.md) for details. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
2a06a71f28
|
chore(deps): update dependency @codemirror/state to v6.5.1 (#9129)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@codemirror/state](https://redirect.github.com/codemirror/state) | [`6.5.0` -> `6.5.1`](https://renovatebot.com/diffs/npm/@codemirror%2fstate/6.5.0/6.5.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>codemirror/state (@​codemirror/state)</summary> ### [`v6.5.1`](https://redirect.github.com/codemirror/state/blob/HEAD/CHANGELOG.md#651-2025-01-10) [Compare Source](https://redirect.github.com/codemirror/state/compare/6.5.0...6.5.1) ##### Bug fixes `countColumn` no longer loops infinitely when given a `to` that's higher than the input string's length. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
ed9c0a466c
|
chore(deps): update dependency cypress to v13.17.0 (#9035)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [cypress](https://cypress.io) ([source](https://redirect.github.com/cypress-io/cypress)) | [`13.16.1` -> `13.17.0`](https://renovatebot.com/diffs/npm/cypress/13.16.1/13.17.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>cypress-io/cypress (cypress)</summary> ### [`v13.17.0`](https://redirect.github.com/cypress-io/cypress/releases/tag/v13.17.0) [Compare Source](https://redirect.github.com/cypress-io/cypress/compare/v13.16.1...v13.17.0) Changelog: https://docs.cypress.io/app/references/changelog#13-17-0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44MC4wIiwidXBkYXRlZEluVmVyIjoiMzkuODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
6163d8b93f
|
chore(deps): update dependency sass to v1.83.0 (#9032)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [sass](https://redirect.github.com/sass/dart-sass) | [`1.81.1` -> `1.83.0`](https://renovatebot.com/diffs/npm/sass/1.81.1/1.83.0) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>sass/dart-sass (sass)</summary> ### [`v1.83.0`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1830) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.82.0...1.83.0) - Allow trailing commas in *all* argument and parameter lists. ### [`v1.82.0`](https://redirect.github.com/sass/dart-sass/blob/HEAD/CHANGELOG.md#1820) [Compare Source](https://redirect.github.com/sass/dart-sass/compare/1.81.1...1.82.0) ##### Command-Line Interface - Improve `--watch` mode reliability when making multiple changes at once, such as checking out a different Git branch. - Parse the `calc-size()` function as a calculation now that it's supported in some browsers. ##### Dart API - Add a `SassCalculation.calcSize()` function. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 7pm every weekday,before 5am every weekday" in timezone Europe/Madrid, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44MC4wIiwidXBkYXRlZEluVmVyIjoiMzkuODAuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
||
|
renovate[bot]
|
9265eb3a02
|
chore(deps): update dependency msw to v2.7.0 (#9030)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [msw](https://mswjs.io)
([source](https://redirect.github.com/mswjs/msw)) | [`2.6.9` ->
`2.7.0`](https://renovatebot.com/diffs/npm/msw/2.6.9/2.7.0) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
<details>
<summary>mswjs/msw (msw)</summary>
###
[`v2.7.0`](https://redirect.github.com/mswjs/msw/releases/tag/v2.7.0)
[Compare
Source](https://redirect.github.com/mswjs/msw/compare/v2.6.9...v2.7.0)
##### v2.7.0 (2024-12-17)
##### Features
- use `picocolors` instead of `chalk`
([#​2377](https://redirect.github.com/mswjs/msw/issues/2377))
([`85bdd82`](
|