Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , sharp, dayjs, jose, lucide-react, nanostores, npm-check-updates, playwright, react-tooltip, zustand, tailwind-merge #3

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

albertchambers
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@nanostores/react
from 0.7.2 to 0.7.3 | 1 version ahead of your current version | a month ago
on 2024-08-03
@types/react
from 18.3.3 to 18.3.4 | 1 version ahead of your current version | a month ago
on 2024-08-20
sharp
from 0.33.4 to 0.33.5 | 3 versions ahead of your current version | a month ago
on 2024-08-16
dayjs
from 1.11.12 to 1.11.13 | 1 version ahead of your current version | a month ago
on 2024-08-20
jose
from 5.6.3 to 5.7.0 | 1 version ahead of your current version | a month ago
on 2024-08-19
lucide-react
from 0.419.0 to 0.436.0 | 15 versions ahead of your current version | 22 days ago
on 2024-08-25
nanostores
from 0.10.3 to 0.11.2 | 3 versions ahead of your current version | a month ago
on 2024-08-05
npm-check-updates
from 17.0.6 to 17.1.0 | 1 version ahead of your current version | a month ago
on 2024-08-21
playwright
from 1.46.0 to 1.46.1 | 4 versions ahead of your current version | a month ago
on 2024-08-16
react-tooltip
from 5.27.1 to 5.28.0 | 2 versions ahead of your current version | a month ago
on 2024-08-04
zustand
from 4.5.4 to 4.5.5 | 1 version ahead of your current version | a month ago
on 2024-08-15
tailwind-merge
from 2.4.0 to 2.5.2 | 18 versions ahead of your current version | a month ago
on 2024-08-12

Release notes
Package name: @nanostores/react
  • 0.7.3 - 2024-08-03
    • Added Nano Stores 0.11 support.
  • 0.7.2 - 2024-02-20
    • Added Nano Stores 0.10 support.
    • Removed Node.js 16 support.
from @nanostores/react GitHub release notes
Package name: @types/react
  • 18.3.4 - 2024-08-20
  • 18.3.3 - 2024-05-23
from @types/react GitHub release notes
Package name: sharp from sharp GitHub release notes
Package name: dayjs from dayjs GitHub release notes
Package name: jose from jose GitHub release notes
Package name: lucide-react from lucide-react GitHub release notes
Package name: nanostores from nanostores GitHub release notes
Package name: npm-check-updates from npm-check-updates GitHub release notes
Package name: playwright
  • 1.46.1 - 2024-08-16

    Highlights

    #32004 - [REGRESSION]: Client Certificates don't work with Microsoft IIS
    #32004 - [REGRESSION]: Websites stall on TLS handshake errors when using Client Certificates
    #32146 - [BUG]: Credential scanners warn about internal socks-proxy TLS certificates
    #32056 - [REGRESSION]: 1.46.0 (TypeScript) - custom fixtures extend no longer chainable
    #32070 - [Bug]: --only-changed flag and project dependencies
    #32188 - [Bug]: --only-changed with shallow clone throws "unknown revision" error

    Browser Versions

    • Chromium 128.0.6613.18
    • Mozilla Firefox 128.0
    • WebKit 18.0

    This version was also tested against the following stable channels:

    • Google Chrome 127
    • Microsoft Edge 127
  • 1.46.1-beta-1724923267000 - 2024-08-29
  • 1.46.1-beta-1723837512000 - 2024-08-16
  • 1.46.1-beta-1723832682000 - 2024-08-16
  • 1.46.0 - 2024-08-05

    TLS Client Certificates

    Playwright now allows to supply client-side certificates, so that server can verify them, as specified by TLS Client Authentication.

    When client certificates are specified, all browser traffic is routed through a proxy that establishes the secure TLS connection, provides client certificates to the server and validates server certificates.

    The following snippet sets up a client certificate for https://example.com:

    import { defineConfig } from '@ playwright/test';

    export default defineConfig({
    // ...
    use: {
    clientCertificates: [{
    origin: 'https://example.com',
    certPath: './cert.pem',
    keyPath: './key.pem',
    passphrase: 'mysecretpassword',
    }],
    },
    // ...
    });

    You can also provide client certificates to a particular test project or as a parameter of browser.newContext() and apiRequest.newContext().

    --only-changed cli option

    New CLI option --only-changed allows to only run test files that have been changed since the last git commit or from a specific git "ref".

    # Only run test files with uncommitted changes
    npx playwright test --only-changed

    # Only run test files changed relative to the "main" branch
    npx playwright test --only-changed=main

    Component Testing: New router fixture

    This release introduces an experimental router fixture to intercept and handle network requests in component testing.
    There are two ways to use the router fixture:

    • Call router.route(url, handler) that behaves similarly to page.route().
    • Call router.use(handlers) and pass MSW library request handlers to it.

    Here is an example of reusing your existing MSW handlers in the test.

    import { handlers } from '@ src/mocks/handlers';

    test.beforeEach(async ({ router }) => {
    // install common handlers before each test
    await router.use(...handlers);
    });

    test('example test', async ({ mount }) => {
    // test as usual, your handlers are active
    // ...
    });

    This fixture is only available in component tests.

    UI Mode / Trace Viewer Updates

    • Test annotations are now shown in UI mode.
    • Content of text attachments is now rendered inline in the attachments pane.
    • New setting to show/hide routing actions like route.continue().
    • Request method and status are shown in the network details tab.
    • New button to copy source file location to clipboard.
    • Metadata pane now displays the baseURL.

    Miscellaneous

    Possibly breaking change

    Fixture values that are array of objects, when specified in the test.use() block, may require being wrapped into a fixture tuple. This is best seen on the example:

    import { test as base } from '@ playwright/test';

    // Define an option fixture that has an "array of objects" value
    type User = { name: string, password: string };
    const test = base.extend<{ users: User[] }>({
    users: [ [], { option: true } ],
    });

    // Specify option value in the test.use block.
    test.use({
    // WRONG: this syntax may not work for you
    users: [
    { name: 'John Doe', password: 'secret' },
    { name: 'John Smith', password: 's3cr3t' },
    ],
    // CORRECT: this syntax will work. Note extra [] around the value, and the "scope" property.
    users: [[
    { name: 'John Doe', password: 'secret' },
    { name: 'John Smith', password: 's3cr3t' },
    ], { scope: 'test' }],
    });

    test('example test', async () => {
    // ...
    });

    Browser Versions

    • Chromium 128.0.6613.18
    • Mozilla Firefox 128.0
    • WebKit 18.0

    This version was also tested against the following stable channels:

    • Google Chrome 127
    • Microsoft Edge 127
from playwright GitHub release notes
Package name: react-tooltip from react-tooltip GitHub release notes
Package name: zustand from zustand GitHub release notes
Package name: tailwind-merge
  • 2.5.2 - 2024-08-12

    Sorry for all the bugs today!

    Bug Fixes

    Full Changelog: v2.5.1...v2.5.2

    Thanks to @ brandonmcconnell, @ manavm1990, @ langy, @ jamesreaco and @ jamaluddinrumi for sponsoring tailwind-merge! ❤️

  • 2.5.2-dev.a9aa5911cc624d0ddd2ee81bcce00b932a437aea - 2024-08-30
  • 2.5.2-dev.a72f2f474fbba41c9940d3c9737cd3ad431d68da - 2024-08-12
  • 2.5.2-dev.9a68667c3a6710512dedcee4e74cbd60dbe57f38 - 2024-09-02
  • 2.5.2-dev.34753fec69281e1f001a4129b6518b2e589eb28f - 2024-08-18
  • 2.5.2-dev.1bed05d40bc8f053548fb85c40eeaac60e0234ef - 2024-08-18
  • 2.5.2-dev.0c74ac3cababfa706594629e5244995535ca70a1 - 2024-08-18
  • 2.5.1 - 2024-08-12

    Bug Fixes

    • Fix space at beginning of input causing infinite loop by @ dcastil in #457

    Full Changelog: v2.5.0...v2.5.1

    Thanks to @ brandonmcconnell, @ manavm1990, @ langy, @ jamesreaco and @ jamaluddinrumi for sponsoring tailwind-merge! ❤️

  • 2.5.1-dev.c795f4bcf2ef5a80b735db30d20f96b49a14ae57 - 2024-08-12
  • 2.5.1-dev.a9ebe22aaea320d0894ce4255eaffcb6b2d1a649 - 2024-08-12
  • 2.5.1-dev.0f0f53e1b3d930b21560eea24b467e0870854f52 - 2024-08-12
  • 2.5.1-dev.056b2a31bf7d9244aa97cc859e110bdbae6723e5 - 2024-08-12
  • 2.5.0 - 2024-08-11

    New Features

    Bug Fixes

    • Fix bg-opacity arbitrary percentages not being recognized properly by @ dcastil in #451

    Full Changelog: v2.4.0...v2.5.0

    Thanks to @ brandonmcconnell, @ manavm1990, @ langy and @ jamesreaco for sponsoring tailwind-merge! ❤️

  • 2.5.0-dev.bceb688b56d9e901493eb53cbb236c6767b27818 - 2024-08-11
  • 2.5.0-dev.b42e5961db46b205575bf54414d4f00a9ed81c23 - 2024-08-11
  • 2.5.0-dev.80d01a1abb4d048841c8757da10bb9c0e5c441c8 - 2024-08-12
  • 2.5.0-dev.41e589bb317c8203857f9293af64c6c9cbf3ddf7 - 2024-08-12
  • 2.5.0-dev.0ba31f3c3d64f1f4c334d97ec569d6a2ece5c759 - 2024-08-11
  • 2.4.0 - 2024-07-07

    New Features

    • Allow hooking into class parsing logic (experimental) by @ dcastil in #444
      • There is no info to this in the docs because this is experimental, but there is a new experimentalParseClassName property in the config that allows you to customize how tailwind-merge recognizes classes. If you're interested, you can read how to use it in the inline JSDocs and subscribe to #385 for upcoming more powerful low-level functionality.
    • Create security policy by @ dcastil in #439
      • Added documentation on how to report potential vulnerabilities
    • Avoid @ babel/runtime dependency by @ dcastil in

Snyk has created this PR to upgrade:
  - @nanostores/react from 0.7.2 to 0.7.3.
    See this package in npm: https://www.npmjs.com/package/@nanostores/react
  - @types/react from 18.3.3 to 18.3.4.
    See this package in npm: https://www.npmjs.com/package/@types/react
  - sharp from 0.33.4 to 0.33.5.
    See this package in npm: https://www.npmjs.com/package/sharp
  - dayjs from 1.11.12 to 1.11.13.
    See this package in npm: https://www.npmjs.com/package/dayjs
  - jose from 5.6.3 to 5.7.0.
    See this package in npm: https://www.npmjs.com/package/jose
  - lucide-react from 0.419.0 to 0.436.0.
    See this package in npm: https://www.npmjs.com/package/lucide-react
  - nanostores from 0.10.3 to 0.11.2.
    See this package in npm: https://www.npmjs.com/package/nanostores
  - npm-check-updates from 17.0.6 to 17.1.0.
    See this package in npm: https://www.npmjs.com/package/npm-check-updates
  - playwright from 1.46.0 to 1.46.1.
    See this package in npm: https://www.npmjs.com/package/playwright
  - react-tooltip from 5.27.1 to 5.28.0.
    See this package in npm: https://www.npmjs.com/package/react-tooltip
  - zustand from 4.5.4 to 4.5.5.
    See this package in npm: https://www.npmjs.com/package/zustand
  - tailwind-merge from 2.4.0 to 2.5.2.
    See this package in npm: https://www.npmjs.com/package/tailwind-merge

See this project in Snyk:
https://app.snyk.io/org/albertchambers/project/b720fc2d-489c-4f3d-8949-780a5329d33d?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] Logo colors not appropriate for dark mode.
2 participants