[Snyk] Upgrade: , , sharp, dayjs, jose, lucide-react, nanostores, npm-check-updates, playwright, react-tooltip, zustand, tailwind-merge #3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- @nanostores/react from 0.7.2 to 0.7.3.
See this package in npm: https://www.npmjs.com/package/@nanostores/react
- @types/react from 18.3.3 to 18.3.4.
See this package in npm: https://www.npmjs.com/package/@types/react
- sharp from 0.33.4 to 0.33.5.
See this package in npm: https://www.npmjs.com/package/sharp
- dayjs from 1.11.12 to 1.11.13.
See this package in npm: https://www.npmjs.com/package/dayjs
- jose from 5.6.3 to 5.7.0.
See this package in npm: https://www.npmjs.com/package/jose
- lucide-react from 0.419.0 to 0.436.0.
See this package in npm: https://www.npmjs.com/package/lucide-react
- nanostores from 0.10.3 to 0.11.2.
See this package in npm: https://www.npmjs.com/package/nanostores
- npm-check-updates from 17.0.6 to 17.1.0.
See this package in npm: https://www.npmjs.com/package/npm-check-updates
- playwright from 1.46.0 to 1.46.1.
See this package in npm: https://www.npmjs.com/package/playwright
- react-tooltip from 5.27.1 to 5.28.0.
See this package in npm: https://www.npmjs.com/package/react-tooltip
- zustand from 4.5.4 to 4.5.5.
See this package in npm: https://www.npmjs.com/package/zustand
- tailwind-merge from 2.4.0 to 2.5.2.
See this package in npm: https://www.npmjs.com/package/tailwind-merge
See this project in Snyk:
https://app.snyk.io/org/albertchambers/project/b720fc2d-489c-4f3d-8949-780a5329d33d?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@nanostores/react
from 0.7.2 to 0.7.3 | 1 version ahead of your current version | a month ago
on 2024-08-03
@types/react
from 18.3.3 to 18.3.4 | 1 version ahead of your current version | a month ago
on 2024-08-20
sharp
from 0.33.4 to 0.33.5 | 3 versions ahead of your current version | a month ago
on 2024-08-16
dayjs
from 1.11.12 to 1.11.13 | 1 version ahead of your current version | a month ago
on 2024-08-20
jose
from 5.6.3 to 5.7.0 | 1 version ahead of your current version | a month ago
on 2024-08-19
lucide-react
from 0.419.0 to 0.436.0 | 15 versions ahead of your current version | 22 days ago
on 2024-08-25
nanostores
from 0.10.3 to 0.11.2 | 3 versions ahead of your current version | a month ago
on 2024-08-05
npm-check-updates
from 17.0.6 to 17.1.0 | 1 version ahead of your current version | a month ago
on 2024-08-21
playwright
from 1.46.0 to 1.46.1 | 4 versions ahead of your current version | a month ago
on 2024-08-16
react-tooltip
from 5.27.1 to 5.28.0 | 2 versions ahead of your current version | a month ago
on 2024-08-04
zustand
from 4.5.4 to 4.5.5 | 1 version ahead of your current version | a month ago
on 2024-08-15
tailwind-merge
from 2.4.0 to 2.5.2 | 18 versions ahead of your current version | a month ago
on 2024-08-12
Release notes
Package name: @nanostores/react
-
0.7.3 - 2024-08-03
- Added Nano Stores 0.11 support.
-
0.7.2 - 2024-02-20
- Added Nano Stores 0.10 support.
- Removed Node.js 16 support.
from @nanostores/react GitHub release notesPackage name: @types/react
-
18.3.4 - 2024-08-20
-
18.3.3 - 2024-05-23
from @types/react GitHub release notesPackage name: sharp
-
0.33.5 - 2024-08-16
-
0.33.5-rc.1 - 2024-08-14
-
0.33.5-rc.0 - 2024-08-13
-
0.33.4 - 2024-05-16
from sharp GitHub release notesNo content.
No content.
No content.
No content.
Package name: dayjs
-
1.11.13 - 2024-08-20
- customParseFormat supports Q quter / w ww weekOfYear (#2705) (8ca74f1)
-
1.11.12 - 2024-07-18
- Add NegativeYear Plugin support (#2640) (6a42e0d)
- add UTC support to negativeYear plugin (#2692) (f3ef705)
- Fix zero offset issue when use tz with locale (#2532) (d0e6738)
- Improve typing for min/max plugin (#2573) (4fbe94a)
- timezone plugin currect parse UTC tz (#2693) (b575c81)
from dayjs GitHub release notes1.11.13 (2024-08-20)
Bug Fixes
1.11.12 (2024-07-18)
Bug Fixes
Package name: jose
-
5.7.0 - 2024-08-19
- graduate jwksCache to stable API (0f09c12)
-
5.6.3 - 2024-07-03
- add sideEffects:false to nested ESM package.json files (f3aff1c)
from jose GitHub release notesFeatures
Fixes
Package name: lucide-react
-
0.436.0 - 2024-08-25
-
0.435.0 - 2024-08-23
-
0.434.0 - 2024-08-23
-
0.433.0 - 2024-08-23
- Fixed compilation issues when starting up Vite Dev server by @ ericfennis in #2375
-
0.432.0 - 2024-08-23
-
0.429.0 - 2024-08-21
-
0.428.0 - 2024-08-16
-
0.427.0 - 2024-08-09
-
0.426.0 - 2024-08-08
-
0.425.0 - 2024-08-08
-
0.424.0 - 2024-08-02
-
0.423.0 - 2024-08-02
-
0.422.0 - 2024-08-02
-
0.421.0 - 2024-08-02
-
0.420.0 - 2024-08-02
-
0.419.0 - 2024-08-01
from lucide-react GitHub release notesModified Icons 🔨
backpack(#2406) by @ jguddasModified Icons 🔨
milestone(#2281) by @ jguddassignpost(#2281) by @ jguddasNew icons 🎨
volume-off(#2378) by @ karsa-mistmereModified Icons 🔨
file-volume(#2378) by @ karsa-mistmerevolume-1(#2378) by @ karsa-mistmerevolume-2(#2378) by @ karsa-mistmerevolume-x(#2378) by @ karsa-mistmerevolume(#2378) by @ karsa-mistmereNew icons 🎨
trending-up-down(#2372) by @ AlportanFixes Lucide Solid
New icons 🎨
chart-gantt(#2392) by @ jguddasModified Icons 🔨
contact-round(#2391) by @ jguddascontact(#2391) by @ jguddasPackage name: nanostores
-
0.11.2 - 2024-08-05
- Fixed map types (by @ gismya).
-
0.11.1 - 2024-08-05
- Fixed types.
-
0.11.0 - 2024-08-03
- Mutate only change paths in
- Moved
- Added
- Added
- Fixed queued listeners after they are unsubscribed (by @ gismya).
- Fixed stale computed values (by @ russelldavis).
- Improved
- Reduced size (by @ Minhir).
- Improved types (by @ psd-coder).
-
0.10.3 - 2024-04-05
- Fixed incorrect previous value when listening deep store (by @ euaaaio).
from nanostores GitHub release notesdeepMap()(by @ russelldavis).Store#notify()back to public API (by @ gismya).subscribeKeys()(by @ gismya).setByKey()export (by @ yhdgms1).computed()performance (by @ russelldavis).Package name: npm-check-updates
-
17.1.0 - 2024-08-21
-
17.0.6 - 2024-08-08
from npm-check-updates GitHub release notes17.1.0
17.0.6
Package name: playwright
-
1.46.1 - 2024-08-16
- Chromium 128.0.6613.18
- Mozilla Firefox 128.0
- WebKit 18.0
- Google Chrome 127
- Microsoft Edge 127
-
1.46.1-beta-1724923267000 - 2024-08-29
-
1.46.1-beta-1723837512000 - 2024-08-16
-
1.46.1-beta-1723832682000 - 2024-08-16
-
1.46.0 - 2024-08-05
import { defineConfig } from '@ playwright/test';
# Only run test files with uncommitted changes
- Call
- Call
import { handlers } from '@ src/mocks/handlers';
- Test annotations are now shown in UI mode.
- Content of text attachments is now rendered inline in the attachments pane.
- New setting to show/hide routing actions like route.continue().
- Request method and status are shown in the network details tab.
- New button to copy source file location to clipboard.
- Metadata pane now displays the
- New
- New option to box a fixture to minimize the fixture exposure in test reports and error messages.
- New option to provide a custom fixture title to be used in test reports and error messages.
import { test as base } from '@ playwright/test';
- Chromium 128.0.6613.18
- Mozilla Firefox 128.0
- WebKit 18.0
- Google Chrome 127
- Microsoft Edge 127
from playwright GitHub release notesHighlights
#32004 - [REGRESSION]: Client Certificates don't work with Microsoft IIS
#32004 - [REGRESSION]: Websites stall on TLS handshake errors when using Client Certificates
#32146 - [BUG]: Credential scanners warn about internal socks-proxy TLS certificates
#32056 - [REGRESSION]: 1.46.0 (TypeScript) - custom fixtures extend no longer chainable
#32070 - [Bug]: --only-changed flag and project dependencies
#32188 - [Bug]: --only-changed with shallow clone throws "unknown revision" error
Browser Versions
This version was also tested against the following stable channels:
TLS Client Certificates
Playwright now allows to supply client-side certificates, so that server can verify them, as specified by TLS Client Authentication.
When client certificates are specified, all browser traffic is routed through a proxy that establishes the secure TLS connection, provides client certificates to the server and validates server certificates.
The following snippet sets up a client certificate for
https://example.com:export default defineConfig({
// ...
use: {
clientCertificates: [{
origin: 'https://example.com',
certPath: './cert.pem',
keyPath: './key.pem',
passphrase: 'mysecretpassword',
}],
},
// ...
});
You can also provide client certificates to a particular test project or as a parameter of browser.newContext() and apiRequest.newContext().
--only-changedcli optionNew CLI option
--only-changedallows to only run test files that have been changed since the last git commit or from a specific git "ref".npx playwright test --only-changed
# Only run test files changed relative to the "main" branch
npx playwright test --only-changed=main
Component Testing: New
routerfixtureThis release introduces an experimental
routerfixture to intercept and handle network requests in component testing.There are two ways to use the router fixture:
router.route(url, handler)that behaves similarly to page.route().router.use(handlers)and pass MSW library request handlers to it.Here is an example of reusing your existing MSW handlers in the test.
test.beforeEach(async ({ router }) => {
// install common handlers before each test
await router.use(...handlers);
});
test('example test', async ({ mount }) => {
// test as usual, your handlers are active
// ...
});
This fixture is only available in component tests.
UI Mode / Trace Viewer Updates
baseURL.Miscellaneous
maxRetriesoption in apiRequestContext.fetch() which retries on theECONNRESETnetwork error.Possibly breaking change
Fixture values that are array of objects, when specified in the
test.use()block, may require being wrapped into a fixture tuple. This is best seen on the example:// Define an option fixture that has an "array of objects" value
type User = { name: string, password: string };
const test = base.extend<{ users: User[] }>({
users: [ [], { option: true } ],
});
// Specify option value in the test.use block.
test.use({
// WRONG: this syntax may not work for you
users: [
{ name: 'John Doe', password: 'secret' },
{ name: 'John Smith', password: 's3cr3t' },
],
// CORRECT: this syntax will work. Note extra [] around the value, and the "scope" property.
users: [[
{ name: 'John Doe', password: 'secret' },
{ name: 'John Smith', password: 's3cr3t' },
], { scope: 'test' }],
});
test('example test', async () => {
// ...
});
Browser Versions
This version was also tested against the following stable channels:
Package name: react-tooltip
-
5.28.0 - 2024-08-04
- chore: Update dark theme logos styling (Fixes #1209) by @ rahulharpal1603 in #1213
- feat: support for disabled tooltip callback by @ nareshpingale in #1211
- @ rahulharpal1603 made their first contribution in #1213
- @ nareshpingale made their first contribution in #1211
-
5.28.0-beta.1224.rc.0 - 2024-09-03
-
5.27.1 - 2024-07-03
- Remove warning about styles already being injected by @ gabrieljablonski in #1203
- Clear timeout refs correctly by @ gabrieljablonski in #1205
from react-tooltip GitHub release notesIf you like ReactTooltip, please give the project a star on GitHub 🌟
What's Changed
New Contributors
Full Changelog: v5.27.1...v5.28.0
If you like ReactTooltip, please give the project a star on GitHub 🌟
What's Changed
Full Changelog: v5.27.0...v5.27.1
Package name: zustand
-
4.5.5 - 2024-08-15
- fix(storage): avoid calling setItem with the state just retrieved by @ double-thinker in #2678
- chore(deps): update dependencies by @ dai-shi in #2680
- @ alwalxed made their first contribution in #2634
- @ YashChauhan858 made their first contribution in #2636
- @ donutcube made their first contribution in #2650
- @ vorant94 made their first contribution in #2661
- @ jeppester made their first contribution in #2667
- @ ryota-murakami made their first contribution in #2668
- @ double-thinker made their first contribution in #2678
-
4.5.4 - 2024-06-26
- fix: no type field in package.json by @ dai-shi in #2622
from zustand GitHub release notesThis improves the
persistmiddleware behavior for an edge case.What's Changed
New Contributors
Full Changelog: v4.5.4...v4.5.5
There was an issue in v4.5.3 with some bundlers.
What's Changed
Full Changelog: v4.5.3...v4.5.4
Package name: tailwind-merge
Sorry for all the bugs today!
Bug Fixes
Full Changelog: v2.5.1...v2.5.2
Thanks to @ brandonmcconnell, @ manavm1990, @ langy, @ jamesreaco and @ jamaluddinrumi for sponsoring tailwind-merge! ❤️
Bug Fixes
Full Changelog: v2.5.0...v2.5.1
Thanks to @ brandonmcconnell, @ manavm1990, @ langy, @ jamesreaco and @ jamaluddinrumi for sponsoring tailwind-merge! ❤️
New Features
Bug Fixes
Full Changelog: v2.4.0...v2.5.0
Thanks to @ brandonmcconnell, @ manavm1990, @ langy and @ jamesreaco for sponsoring tailwind-merge! ❤️
New Features
experimentalParseClassNameproperty in the config that allows you to customize how tailwind-merge recognizes classes. If you're interested, you can read how to use it in the inline JSDocs and subscribe to #385 for upcoming more powerful low-level functionality.@ babel/runtimedependency by @ dcastil in