dependabot[bot] opened a new pull request, #68095: URL: https://github.com/apache/airflow/pull/68095
Bumps the legacy-ui-package-updates group with 33 updates in the /airflow/www directory: | Package | From | To | | --- | --- | --- | | [axios](https://github.com/axios/axios) | `1.13.6` | `1.16.1` | | [echarts](https://github.com/apache/echarts) | `6.0.0` | `6.1.0` | | [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` | | [moment-timezone](https://github.com/moment/moment-timezone) | `0.6.0` | `0.6.2` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.6` | | [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.14` | `19.2.15` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.6` | | [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) | `7.13.1` | `7.16.0` | | [redoc](https://github.com/Redocly/redoc) | `2.5.2` | `2.5.3` | | [swagger-ui-dist](https://github.com/swagger-api/swagger-ui) | `5.32.0` | `5.32.6` | | [type-fest](https://github.com/sindresorhus/type-fest) | `5.4.4` | `5.7.0` | | [validator](https://github.com/validatorjs/validator.js) | `13.15.26` | `13.15.35` | | [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) | `7.29.0` | `7.29.7` | | [@babel/eslint-parser](https://github.com/babel/babel/tree/HEAD/eslint/babel-eslint-parser) | `7.28.6` | `7.29.7` | | [@babel/plugin-transform-runtime](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-runtime) | `7.29.0` | `7.29.7` | | [@babel/preset-env](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-env) | `7.29.0` | `7.29.7` | | [@babel/preset-react](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-react) | `7.28.5` | `7.29.7` | | [@babel/preset-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-preset-typescript) | `7.28.5` | `7.29.7` | | [@types/color](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/color) | `4.2.0` | `4.2.1` | | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.56.1` | `8.60.0` | | [babel-jest](https://github.com/jestjs/jest/tree/HEAD/packages/babel-jest) | `30.2.0` | `30.4.1` | | [babel-loader](https://github.com/babel/babel-loader) | `10.0.0` | `10.1.1` | | [eslint-import-resolver-typescript](https://github.com/import-js/eslint-import-resolver-typescript) | `4.4.4` | `4.4.5` | | [eslint-plugin-promise](https://github.com/eslint-community/eslint-plugin-promise) | `7.2.1` | `7.3.0` | | [eslint-plugin-react-hooks](https://github.com/facebook/react/tree/HEAD/packages/eslint-plugin-react-hooks) | `7.0.1` | `7.1.1` | | [globals](https://github.com/sindresorhus/globals) | `17.4.0` | `17.6.0` | | [jest](https://github.com/jestjs/jest/tree/HEAD/packages/jest) | `30.2.0` | `30.4.2` | | [jest-environment-jsdom](https://github.com/jestjs/jest/tree/HEAD/packages/jest-environment-jsdom) | `30.2.0` | `30.4.1` | | [mini-css-extract-plugin](https://github.com/webpack/mini-css-extract-plugin) | `2.10.0` | `2.10.2` | | [prettier](https://github.com/prettier/prettier) | `3.8.1` | `3.8.3` | | [stylelint](https://github.com/stylelint/stylelint) | `17.4.0` | `17.12.0` | | [terser-webpack-plugin](https://github.com/webpack/minimizer-webpack-plugin) | `5.3.17` | `5.6.1` | | [webpack](https://github.com/webpack/webpack) | `5.105.4` | `5.107.2` | Updates `axios` from 1.13.6 to 1.16.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases";>axios's releases</a>.</em></p> <blockquote> <h2>v1.16.1 — May 13, 2026</h2> <p>This release ships a defence-in-depth fix for prototype pollution in <code>formDataToJSON</code>, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Prototype Pollution Defence-in-Depth:</strong> Hardened <code>formDataToJSON</code> against already-polluted <code>Object.prototype</code> by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (<strong><a href="https://redirect.github.com/axios/axios/issues/7413";>#7413</a></strong>)</li> <li><strong>Proxy Cleartext Leak:</strong> Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (<strong><a href="https://redirect.github.com/axios/axios/issues/10858";>#10858</a></strong>)</li> <li><strong>CI Cache Removal:</strong> Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (<strong><a href="https://redirect.github.com/axios/axios/issues/10882";>#10882</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Data URI Parsing:</strong> Updated the <code>fromDataURI</code> regex to match RFC 2397 more strictly, fixing edge cases in <code>data:</code> URL handling. (<strong><a href="https://redirect.github.com/axios/axios/issues/10829";>#10829</a></strong>)</li> <li><strong>Unicode Headers:</strong> Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10850";>#10850</a></strong>)</li> <li><strong>XHR Upload Progress:</strong> Guarded against malformed <code>ProgressEvent</code> payloads emitted by some environments during XHR upload, preventing crashes when <code>loaded</code> / <code>total</code> are missing or invalid. (<strong><a href="https://redirect.github.com/axios/axios/issues/10868";>#10868</a></strong>)</li> <li><strong>Webpack 4 Fetch Adapter:</strong> Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (<strong><a href="https://redirect.github.com/axios/axios/issues/10864";>#10864</a></strong>)</li> <li><strong>Type Definitions:</strong> Made <code>parseReviver</code> <code>context.source</code> optional in the type definitions to align with the ES2023 specification. (<strong><a href="https://redirect.github.com/axios/axios/issues/10837";>#10837</a></strong>)</li> <li><strong>URL Object Support Reverted:</strong> Reverted the change that allowed passing a <code>URL</code> object as <code>config.url</code> (originally <strong><a href="https://redirect.github.com/axios/axios/issues/10866";>#10866</a></strong>) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (<strong><a href="https://redirect.github.com/axios/axios/issues/10874";>#10874</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Cycle Detection Refactor:</strong> Replaced the array-based cycle tracker in <code>toJSONObject</code> with a <code>WeakSet</code>, improving performance and memory behaviour on large nested structures. (<strong><a href="https://redirect.github.com/axios/axios/issues/10832";>#10832</a></strong>)</li> <li><strong>composeSignals Cleanup:</strong> Refactored <code>composeSignals</code> to use a clearer early-return structure, simplifying the cancellation/abort composition path. (<strong><a href="https://redirect.github.com/axios/axios/issues/10844";>#10844</a></strong>)</li> <li><strong>AI Readiness & Repo Docs:</strong> Added <code>AGENTS.md</code> and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (<strong><a href="https://redirect.github.com/axios/axios/issues/10835";>#10835</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10841";>#10841</a></strong>)</li> <li><strong>Docs Improvements:</strong> Clarified the GET request example, fixed the interceptor <code>eject</code> example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (<strong><a href="https://redirect.github.com/axios/axios/issues/10836";>#10836</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10853";>#10853</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10856";>#10856</a></strong>)</li> <li><strong>Sponsorship Tooling:</strong> Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (<strong><a href="https://redirect.github.com/axios/axios/issues/10843";>#10843</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10859";>#10859</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10869";>#10869</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>@commitlint/cli</code> from 20.5.0 to 20.5.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10846";>#10846</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/hpinmetaverse";><code>@hpinmetaverse</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10836";>#10836</a></strong>)</li> <li><strong><a href="https://github.com/tommyhgunz14";><code>@tommyhgunz14</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7413";>#7413</a></strong>)</li> <li><strong><a href="https://github.com/abhu85";><code>@abhu85</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10829";>#10829</a></strong>)</li> <li><strong><a href="https://github.com/divyanshuraj1095";><code>@divyanshuraj1095</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10853";>#10853</a></strong>)</li> <li><strong><a href="https://github.com/sagodi97";><code>@sagodi97</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10856";>#10856</a></strong>)</li> <li><strong><a href="https://github.com/rkdfx";><code>@rkdfx</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10868";>#10868</a></strong>)</li> <li><strong><a href="https://github.com/Liuwei1125";><code>@Liuwei1125</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10866";>#10866</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1";>Full Changelog</a></p> <h2>v1.16.0 — May 2, 2026</h2> <p>This release adds support for the QUERY HTTP method and a new <code>ECONNREFUSED</code> error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.</p> <h2>⚠️ Notable Changes</h2> <p>A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md";>axios's changelog</a>.</em></p> <blockquote> <h2>v1.16.1 — May 13, 2026</h2> <p>This release ships a defence-in-depth fix for prototype pollution in <code>formDataToJSON</code>, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Prototype Pollution Defence-in-Depth:</strong> Hardened <code>formDataToJSON</code> against already-polluted <code>Object.prototype</code> by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (<strong><a href="https://redirect.github.com/axios/axios/issues/7413";>#7413</a></strong>)</li> <li><strong>Proxy Cleartext Leak:</strong> Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (<strong><a href="https://redirect.github.com/axios/axios/issues/10858";>#10858</a></strong>)</li> <li><strong>CI Cache Removal:</strong> Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (<strong><a href="https://redirect.github.com/axios/axios/issues/10882";>#10882</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Data URI Parsing:</strong> Updated the <code>fromDataURI</code> regex to match RFC 2397 more strictly, fixing edge cases in <code>data:</code> URL handling. (<strong><a href="https://redirect.github.com/axios/axios/issues/10829";>#10829</a></strong>)</li> <li><strong>Unicode Headers:</strong> Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10850";>#10850</a></strong>)</li> <li><strong>XHR Upload Progress:</strong> Guarded against malformed <code>ProgressEvent</code> payloads emitted by some environments during XHR upload, preventing crashes when <code>loaded</code> / <code>total</code> are missing or invalid. (<strong><a href="https://redirect.github.com/axios/axios/issues/10868";>#10868</a></strong>)</li> <li><strong>Webpack 4 Fetch Adapter:</strong> Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (<strong><a href="https://redirect.github.com/axios/axios/issues/10864";>#10864</a></strong>)</li> <li><strong>Type Definitions:</strong> Made <code>parseReviver</code> <code>context.source</code> optional in the type definitions to align with the ES2023 specification. (<strong><a href="https://redirect.github.com/axios/axios/issues/10837";>#10837</a></strong>)</li> <li><strong>URL Object Support Reverted:</strong> Reverted the change that allowed passing a <code>URL</code> object as <code>config.url</code> (originally <strong><a href="https://redirect.github.com/axios/axios/issues/10866";>#10866</a></strong>) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (<strong><a href="https://redirect.github.com/axios/axios/issues/10874";>#10874</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Cycle Detection Refactor:</strong> Replaced the array-based cycle tracker in <code>toJSONObject</code> with a <code>WeakSet</code>, improving performance and memory behaviour on large nested structures. (<strong><a href="https://redirect.github.com/axios/axios/issues/10832";>#10832</a></strong>)</li> <li><strong>composeSignals Cleanup:</strong> Refactored <code>composeSignals</code> to use a clearer early-return structure, simplifying the cancellation/abort composition path. (<strong><a href="https://redirect.github.com/axios/axios/issues/10844";>#10844</a></strong>)</li> <li><strong>AI Readiness & Repo Docs:</strong> Added <code>AGENTS.md</code> and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (<strong><a href="https://redirect.github.com/axios/axios/issues/10835";>#10835</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10841";>#10841</a></strong>)</li> <li><strong>Docs Improvements:</strong> Clarified the GET request example, fixed the interceptor <code>eject</code> example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (<strong><a href="https://redirect.github.com/axios/axios/issues/10836";>#10836</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10853";>#10853</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10856";>#10856</a></strong>)</li> <li><strong>Sponsorship Tooling:</strong> Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (<strong><a href="https://redirect.github.com/axios/axios/issues/10843";>#10843</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10859";>#10859</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10869";>#10869</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>@commitlint/cli</code> from 20.5.0 to 20.5.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10846";>#10846</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/hpinmetaverse";><code>@hpinmetaverse</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10836";>#10836</a></strong>)</li> <li><strong><a href="https://github.com/tommyhgunz14";><code>@tommyhgunz14</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7413";>#7413</a></strong>)</li> <li><strong><a href="https://github.com/abhu85";><code>@abhu85</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10829";>#10829</a></strong>)</li> <li><strong><a href="https://github.com/divyanshuraj1095";><code>@divyanshuraj1095</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10853";>#10853</a></strong>)</li> <li><strong><a href="https://github.com/sagodi97";><code>@sagodi97</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10856";>#10856</a></strong>)</li> <li><strong><a href="https://github.com/rkdfx";><code>@rkdfx</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10868";>#10868</a></strong>)</li> <li><strong><a href="https://github.com/Liuwei1125";><code>@Liuwei1125</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10866";>#10866</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1";>Full Changelog</a></p> <h2>v1.16.0 — May 2, 2026</h2> <p>This release adds support for the QUERY HTTP method and a new <code>ECONNREFUSED</code> error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.</p> <h2>⚠️ Notable Changes</h2> <p>A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197";><code>1337d6b</code></a> chore(release): prepare release 1.16.1 (<a href="https://redirect.github.com/axios/axios/issues/10877";>#10877</a>)</li> <li><a href="https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e";><code>858a790</code></a> fix: remove all caches (<a href="https://redirect.github.com/axios/axios/issues/10882";>#10882</a>)</li> <li><a href="https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa";><code>34adfd9</code></a> revert: "fix: support URL object as config.url input (<a href="https://redirect.github.com/axios/axios/issues/10866";>#10866</a>)" (<a href="https://redirect.github.com/axios/axios/issues/10874";>#10874</a>)</li> <li><a href="https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f";><code>847d89b</code></a> fix: support URL object as config.url input (<a href="https://redirect.github.com/axios/axios/issues/10866";>#10866</a>)</li> <li><a href="https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212";><code>4094886</code></a> fix(progress): guard malformed XHR upload events (<a href="https://redirect.github.com/axios/axios/issues/10868";>#10868</a>)</li> <li><a href="https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7";><code>44f0c5b</code></a> chore: change sponsorship link and add Twicsy advertisement (<a href="https://redirect.github.com/axios/axios/issues/10869";>#10869</a>)</li> <li><a href="https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6";><code>64e1095</code></a> chore: update PR and issue template to use h2 (<a href="https://redirect.github.com/axios/axios/issues/10865";>#10865</a>)</li> <li><a href="https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280";><code>3e6b4e1</code></a> fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...</li> <li><a href="https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129";><code>c4453ba</code></a> fix: add the ability to add additional sponsors to the process sponsors scrip...</li> <li><a href="https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793";><code>caa00a9</code></a> fix: https data in cleartext to proxy (<a href="https://redirect.github.com/axios/axios/issues/10858";>#10858</a>)</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.13.6...v1.16.1";>compare view</a></li> </ul> </details> <details> <summary>Install script changes</summary> <p>This version modifies <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Updates `chakra-react-select` from 4.0.3 to 4.10.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/csandman/chakra-react-select/releases";>chakra-react-select's releases</a>.</em></p> <blockquote> <h2>4.10.1</h2> <h2>What's Changed</h2> <ul> <li>fix: Reduce selected menu option styles specificity by <a href="https://github.com/csandman";><code>@csandman</code></a> in <a href="https://redirect.github.com/csandman/chakra-react-select/pull/338";>csandman/chakra-react-select#338</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/csandman/chakra-react-select/compare/v4.10.0...v4.10.1";>https://github.com/csandman/chakra-react-select/compare/v4.10.0...v4.10.1</a></p> <h2>4.10.0</h2> <h2>What's Changed</h2> <ul> <li>fix: Switch peer dependencies to depend on <code>@chakra-ui/react</code> instead of sub-packages by <a href="https://github.com/csandman";><code>@csandman</code></a> in <a href="https://redirect.github.com/csandman/chakra-react-select/pull/336";>csandman/chakra-react-select#336</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/csandman/chakra-react-select/compare/v4.9.2...v4.10.0";>https://github.com/csandman/chakra-react-select/compare/v4.9.2...v4.10.0</a></p> <h2>4.9.2</h2> <h2>What's Changed</h2> <ul> <li>fix: Change package <code>type</code> back to default of <code>"commonjs"</code> by <a href="https://github.com/csandman";><code>@csandman</code></a> in <a href="https://redirect.github.com/csandman/chakra-react-select/pull/331";>csandman/chakra-react-select#331</a> <ul> <li>This was to fix <a href="https://redirect.github.com/csandman/chakra-react-select/issues/329";>#329</a>, which was being caused by Jest importing the wrong build of the package.</li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/csandman/chakra-react-select/compare/v4.9.1...v4.9.2";>https://github.com/csandman/chakra-react-select/compare/v4.9.1...v4.9.2</a></p> <h2>4.9.1</h2> <h2>What's Changed</h2> <ul> <li>fix: Fix <code>react-select</code> core <code>Props</code> type export by <a href="https://github.com/csandman";><code>@csandman</code></a> in <a href="https://redirect.github.com/csandman/chakra-react-select/pull/324";>csandman/chakra-react-select#324</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/csandman/chakra-react-select/compare/v4.9.0...v4.9.1";>https://github.com/csandman/chakra-react-select/compare/v4.9.0...v4.9.1</a></p> <h2>4.9.0</h2> <h2>What's Changed</h2> <ul> <li>chore: Switch to tsup for building and update dependencies by <a href="https://github.com/csandman";><code>@csandman</code></a> in <a href="https://redirect.github.com/csandman/chakra-react-select/pull/298";>csandman/chakra-react-select#298</a> <ul> <li>This change should finally make this package fully support ESM, where as before it didn't really which was causing some issues. It should fix an issue with the ID prop not matching mentioned in <a href="https://redirect.github.com/csandman/chakra-react-select/issues/260";>#260</a>, without the need for a workaround. Check the <a href="https://redirect.github.com/csandman/chakra-react-select/pull/298";>PR description</a> for full details!</li> </ul> </li> </ul> <p>I tested this change in a few different environments with different module resolution setups but it's possible I missed a case. If it ends up not working for your particular setup, please open a <a href="https://github.com/csandman/chakra-react-select/issues/new?assignees=csandman&labels=Bug&projects=&template=bug_report.yml&title=%5BBUG%5D+";>bug report</a> with as much specific information as you can give me, such as:</p> <ul> <li>Chakra Package Versions</li> <li>React Version</li> <li>TypeScript or Vanilla</li> <li>Yarn or NPM (and which version of the package manager you're on)</li> <li>Your jsconfig/tsconfig setup</li> </ul> <p>I'm not likely to figure out what's going on if I can't replicate the environment locally, so the more information you can provide the better!</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/csandman/chakra-react-select/compare/v4.8.0...v4.9.0";>https://github.com/csandman/chakra-react-select/compare/v4.8.0...v4.9.0</a></p> <h2>4.8.0</h2> <h2>What's Changed</h2> <ul> <li>chore: Update all dependencies by <a href="https://github.com/csandman";><code>@csandman</code></a> in <a href="https://redirect.github.com/csandman/chakra-react-select/pull/315";>csandman/chakra-react-select#315</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/csandman/chakra-react-select/commit/b49461f52213e8324a14f157a3f441d52567a736";><code>b49461f</code></a> 4.10.1</li> <li><a href="https://github.com/csandman/chakra-react-select/commit/2269b856b29c3f9144c16e19dc147a30bf94c33b";><code>2269b85</code></a> Merge pull request <a href="https://redirect.github.com/csandman/chakra-react-select/issues/338";>#338</a> from csandman/fix/selected-menu-option-styles</li> <li><a href="https://github.com/csandman/chakra-react-select/commit/61bfe641c67d5b3d3cd91e280b7829a3f7ca2204";><code>61bfe64</code></a> Generalize the dependency version of <code>react-select</code></li> <li><a href="https://github.com/csandman/chakra-react-select/commit/f80680161916fa03fdba48b65fd284e38cb77649";><code>f806801</code></a> Reduce selected menu option styles specificity</li> <li><a href="https://github.com/csandman/chakra-react-select/commit/9b9ddcc899f2ae207bf13f2f2d16ff4198bf7d19";><code>9b9ddcc</code></a> 4.10.0</li> <li><a href="https://github.com/csandman/chakra-react-select/commit/12d7cc63ff645b61629c388ad3093c37a08f5081";><code>12d7cc6</code></a> Merge pull request <a href="https://redirect.github.com/csandman/chakra-react-select/issues/336";>#336</a> from csandman/fix/switch-to-chakra-ui-react-imports</li> <li><a href="https://github.com/csandman/chakra-react-select/commit/f9822c4fb9f79e4cd9e6c99553b9700ae8a3ac24";><code>f9822c4</code></a> Remove CodeSandbox CI</li> <li><a href="https://github.com/csandman/chakra-react-select/commit/b495516eb142c536f91154c695802c213f130db1";><code>b495516</code></a> Update TSConfig once more</li> <li><a href="https://github.com/csandman/chakra-react-select/commit/cef98ceaeb55c39bee52dda6ba29e5c01a7e6fe3";><code>cef98ce</code></a> Switch to using the single package import approach for <code>@chakra-ui/react</code></li> <li><a href="https://github.com/csandman/chakra-react-select/commit/c68d4a72945e11cf682bb790250cf3ce17180b6f";><code>c68d4a7</code></a> 4.9.2</li> <li>Additional commits viewable in <a href="https://github.com/csandman/chakra-react-select/compare/v4.0.3...v4.10.1";>compare view</a></li> </ul> </details> <details> <summary>Install script changes</summary> <p>This version modifies <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Updates `echarts` from 6.0.0 to 6.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/apache/echarts/releases";>echarts's releases</a>.</em></p> <blockquote> <h2>6.1.0</h2> <ul> <li>[Feature] [axis] Support <code>dataMin</code> and <code>dataMax</code> option for calculating a nice axis extent. <a href="https://redirect.github.com/apache/echarts/pull/20838";>#20838</a> (<a href="https://github.com/Justin-ZS";>Justin-ZS</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Feature] [axis] Comprehensively enable all types of axis (i.e., <code>"value"</code>/<code>"time"</code>/<code>"category"</code>/<code>"log"</code>) to render series (typically <code>"bar"</code>/<code>"pictorialBar"</code>/<code>"candlestick"</code>/<code>"boxplot"</code>) without overflow (including the case <code>"category"</code> axis with <code>boundaryGap: false</code>); provide <code>containShape</code> option; provide some corresponding <code>clip</code> option. <a href="https://github.com/apache/echarts/commit/dbfaf6a73";>dbfaf6a73</a> <a href="https://github.com/apache/echarts/commit/fe932a2aa";>fe932a2aa</a> <a href="https://github.com/apache/echarts/commit/3973b21ee";>3973b21ee</a> (<a href="https://github.com/100pah";>100pah</a>) <a href="https://redirect.github.com/apache/echarts/pull/21511";>#21511</a> (<a href="https://github.com/akashsonune";>Akash Sonune</a>)</li> <li>[Feature] [axis] Automatically exclude non-positive series data values on <code>"log"</code> axis. <a href="https://github.com/apache/echarts/commit/dedc5dc18";>dedc5dc18</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Feature] [axis] Enable <code>axisLabel.formatter</code> to receive its index for working with <code>customValues</code>. <a href="https://redirect.github.com/apache/echarts/pull/21220";>#21220</a> <a href="https://redirect.github.com/apache/echarts/pull/21432";>#21432</a> (<a href="https://github.com/szymonpachucki";>Szymon Pachucki</a>, <a href="https://github.com/Ovilia";>Ovilia</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Feature] [line] Add <code>triggerEvent</code> option for more control over mouse event. <a href="https://redirect.github.com/apache/echarts/pull/21001";>#21001</a> (<a href="https://github.com/sjcobb";>Steven Cobb</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Feature] [pie] Add <code>tangential-noflip</code> rotation mode to keep labels tangential without flipping. <a href="https://redirect.github.com/apache/echarts/pull/21258";>#21258</a> (<a href="https://github.com/MC-YCY";>春秋半夏</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Feature] [gauge] <code>progress.color</code> supports <code>'auto'</code>. <a href="https://redirect.github.com/apache/echarts/pull/21224";>#21224</a> (<a href="https://github.com/StNimmerlein";>StNimmerlein</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Feature] [radar] Add <code>clockwise</code> option. <a href="https://redirect.github.com/apache/echarts/pull/21143";>#21143</a> (<a href="https://github.com/daidr";>Dai Xuezhou</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Feature] [candlestick] [dataZoom] Add <code>cursor</code> option for <code>candlestick</code> series and add <code>cursorGrab</code> option & <code>cursorGrabbing</code> for <code>'inside'</code> dataZoom. <a href="https://redirect.github.com/apache/echarts/pull/21558";>#21558</a> (<a href="https://github.com/diysimon";>zuming</a>, <a href="https://github.com/Ovilia";>Ovilia</a>, <a href="https://github.com/100pah";>100pah</a>)</li> <li>[Feature] [scatter] [effectScatter] [geo] Enable <code>clip</code> option on <code>"scatter"</code>/<code>"effectScatter"</code> on <code>geo</code>. <a href="https://github.com/apache/echarts/commit/417592289";>417592289</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Feature] [visualMap] Add <code>seriesTargets</code> option for multiple series-dimension mappings. <a href="https://redirect.github.com/apache/echarts/pull/20703";>#20703</a> (<a href="https://github.com/Justin-ZS";>Justin-ZS</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Feature] [matrix] Support <code>matrix.x/y.length</code> for conveniently creating a headless matrix without composing an array. <a href="https://redirect.github.com/apache/echarts/pull/21191";>#21191</a> (<a href="https://github.com/100pah";>100pah</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Feature] [matrix] Add <code>triggerEvent</code> option to support triggering event on matrix cells. <a href="https://redirect.github.com/apache/echarts/pull/21390";>#21390</a> (<a href="https://github.com/natsuokawai";>Natsuo Kawai</a>, <a href="https://github.com/100pah";>100pah</a>)</li> <li>[Feature] [i18n] add Latvian(LV) translation. <a href="https://redirect.github.com/apache/echarts/pull/21546";>#21546</a> (<a href="https://github.com/EPoikans";>EPoikans</a>)</li> <li>[Fix] [axis] Change and clarify the rounding error and auto-precision utils and solutions. <a href="https://github.com/apache/echarts/commit/479dcd454";>479dcd454</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [axis] Fix chart does not work when using <code>customValues</code> with <code>formatter</code> in time axis (<code>axis.type: 'time'</code>) label. <a href="https://redirect.github.com/apache/echarts/pull/21352";>#21352</a> (<a href="https://github.com/Srajan-Sanjay-Saxena";>Srajan Sanjay Saxena</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [axis] Fix and clarify <code>alignTick</code> strategy, and fix <code>LogScale</code> precision. <a href="https://github.com/apache/echarts/commit/a6ab2458f";>a6ab2458f</a> <a href="https://github.com/apache/echarts/commit/ffcc636fb";>ffcc636fb</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [axis] Fix duplicate ticks when using time axis (<code>axis.type: 'time'</code>) or <code>customValues</code>, which causes jitter of <code>splitArea</code>; fix the <code>showMin/MaxLabel</code> handling of a category axis (<code>axis.type: 'category'</code>); enable a uniform <code>bandWidth</code> calculation in numeric axis (<code>axis.type: 'value' | 'time' | 'log'</code>). <a href="https://github.com/apache/echarts/commit/8de2b64fa";>8de2b64fa</a> <a href="https://github.com/apache/echarts/commit/15af0db02";>15af0db02</a> <a href="https://github.com/apache/echarts/commit/8ddaa5c69";>8ddaa5c69</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [axis] Fix time axis (<code>axis.type: 'time'</code>) bug when value scale is in millisecond. <a href="https://github.com/apache/echarts/commit/40b77b464";>40b77b464</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [bar] Fix wrong label position when bar series has a 0 width/height. <a href="https://redirect.github.com/apache/echarts/pull/21218";>#21218</a> (<a href="https://github.com/Justin-ZS";>Justin-ZS</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Fix] [scatter] Fix jitter layout does not support progressive rendering and cause chart to be frozen and potential NPE. <a href="https://redirect.github.com/apache/echarts/pull/21436";>#21436</a> (<a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [lines] Fix effect symbol flip on unidirectional loop end when <code>roundTrip</code> is not enabled. <a href="https://redirect.github.com/apache/echarts/pull/21320";>#21320</a> (<a href="https://github.com/mynk2611";>Mayank Mehta</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [candlestick] Fix candlestick render error with <code>series.encode</code> on horizontal layout. <a href="https://redirect.github.com/apache/echarts/pull/21325";>#21325</a> (<a href="https://github.com/PPRAMANIK62";>Purbayan Pramanik</a>, <a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [parallel] Fix incorrect axis extent when any subsequent series has a larger value than the first. <a href="https://redirect.github.com/apache/echarts/pull/21387";>#21387</a> (<a href="https://github.com/jackhickson";>jackhickson</a>, <a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [pie] Support axes extent union pie center automatically when pie is laid out on Cartesian (<code>grid</code> component). <a href="https://github.com/apache/echarts/commit/18a23a875";>18a23a875</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [treemap] Fix treemap can not be zoomed out after a zoom-in when <code>scaleLimit</code> is specified <a href="https://redirect.github.com/apache/echarts/pull/21427";>#21427</a> (<a href="https://github.com/liuyizhou";>TateLiu</a>, <a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [lines] Fix potential <code>tooltip</code> XSS vulnerability in lines series (<code>series.type: 'lines'</code>). <a href="https://redirect.github.com/apache/echarts/pull/21608";>#21608</a> (<a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [map] [geo] Fix the failed synchronization and visual artifacts on geo roaming and animation. <a href="https://github.com/apache/echarts/commit/417592289";>417592289</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [tooltip] Fix <code>tooltip</code> content does not refresh when changing tooltip trigger from <code>'axis'</code> to <code>'item'</code>. <a href="https://redirect.github.com/apache/echarts/pull/20710";>#20710</a> (<a href="https://github.com/Justin-ZS";>Justin-ZS</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [tooltip] <code>valueFormatter</code> callback param <code>dataIndex</code> should be <code>rawDataIndex</code> rather than <code>dataZoom</code> filtered <code>dataIndex</code>. <a href="https://redirect.github.com/apache/echarts/pull/21479";>#21479</a> (<a href="https://github.com/100pah";>100pah</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [axisPointer] Fix <code>axisPointer</code> shadow and enable clipping - it is previously only applicable to <code>"category"</code> axis, but is buggy in numeric axis with <code>"bar"</code> series. <a href="https://github.com/apache/echarts/commit/8de2b64fa";>8de2b64fa</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [axisPointer] Fix visual artifacts caused by failed <code>axisPointer</code> restoration. <a href="https://github.com/apache/echarts/commit/56a32c0bb";>56a32c0bb</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [hoverLayer] Fix visual artifacts arisen on hover layer. <a href="https://redirect.github.com/ecomfe/zrender/pull/1151";>zrender#1151</a> <a href="https://github.com/apache/echarts/commit/933585126";>933585126</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [marker] Fix <code>marker</code> fails to render with <code>dataset</code> and <code>encode</code>. <a href="https://redirect.github.com/apache/echarts/pull/21439";>#21439</a> (<a href="https://github.com/plainheart";>plainheart</a>, <a href="https://github.com/100pah";>100pah</a>).</li> <li>[Fix] [dataZoom] Fix wrong position of the <code>dataZoom</code> when the <code>series</code> has only one data point. <a href="https://redirect.github.com/apache/echarts/pull/21196";>#21196</a> (<a href="https://github.com/alesmit";>alesmit</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Fix] [dataZoom] Fix <code>dataZoom</code> bug that data info disappears when dragging released; fix <code>dataZoom</code> dragging cursor style. <a href="https://github.com/apache/echarts/commit/64305a4b8";>64305a4b8</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [dataZoom] Apply a better auto-precision method; fix unexpected behaviors when <code>dataZoom</code> controls axes with <code>alignTicks: true</code>. <a href="https://github.com/apache/echarts/commit/d168bf237";>d168bf237</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [dataZoom] Fix <code>AxisProxy</code> can not be cleared when <code>dataZoom</code> option changed; fix related <code>onZero</code> behaviors. <a href="https://github.com/apache/echarts/commit/52ceb924a";>52ceb924a</a> <a href="https://github.com/apache/echarts/commit/2e82d33c3";>2e82d33c3</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [areaStyle] Fix <code>areaStyle</code> render error when dimension name is empty string. <a href="https://redirect.github.com/apache/echarts/pull/21219";>#21219</a> (<a href="https://github.com/Justin-ZS";>Justin-ZS</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Fix] [sunburst] Fix root node label may not be centered. <a href="https://redirect.github.com/apache/echarts/pull/21306";>#21306</a> (<a href="https://github.com/akashsonune";>Akash Sonune</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Fix] [matrix] Fix matrix label formatter does not work. <a href="https://redirect.github.com/apache/echarts/pull/21410";>#21410</a> (<a href="https://github.com/Justin-ZS";>Justin-ZS</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Fix] [toolbox] Fix <code>emphasis</code> color is the same as the default color. <a href="https://redirect.github.com/apache/echarts/pull/21384";>#21384</a> (<a href="https://github.com/Ovilia";>Ovilia</a>) <a href="https://github.com/apache/echarts/commit/b094f987d";>b094f987d</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [toolbox] Fix the <code>dataView</code> component does not fit the dark mode. <a href="https://redirect.github.com/apache/echarts/pull/21176";>#21176</a> (<a href="https://github.com/notthistrain";>notthistrain</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> <li>[Fix] [progressive] Fix progressive rendering issues. <a href="https://github.com/apache/echarts/commit/91a60fc76";>91a60fc76</a> (<a href="https://github.com/100pah";>100pah</a>)</li> <li>[Fix] [labelLine] Fix <code>labelLine.smooth</code> can not be reset. <a href="https://redirect.github.com/apache/echarts/pull/21425";>#21425</a> (<a href="https://github.com/fanwww";>fanwww</a>, <a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [graphic] Fix stroke corner gap due to not closing path in <code>roundRect</code> helper. <a href="https://redirect.github.com/ecomfe/zrender/pull/1155";>zrender#1155</a> (<a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [svg] Enhance SVG <code>encodeBase64</code> compatibility to make it available in more environments like Web Worker/NodeJS/Bun. <a href="https://redirect.github.com/ecomfe/zrender/pull/1145";>zrender#1145</a> (<a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [core] Mark <code>echarts</code> instance object as <code>raw</code> in <code>Vue</code>. <a href="https://redirect.github.com/apache/echarts/pull/21293";>#21293</a> (<a href="https://github.com/plainheart";>plainheart</a>)</li> <li>[Fix] [chord] Add the missing export entry for chord chart. <a href="https://redirect.github.com/apache/echarts/pull/21197";>#21197</a> (<a href="https://github.com/plainheart";>plainheart</a>, <a href="https://github.com/Ovilia";>Ovilia</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/apache/echarts/commit/c5a48f5f97d23e5379720870b8444cd05b50ffb4";><code>c5a48f5</code></a> Merge pull request <a href="https://redirect.github.com/apache/echarts/issues/21612";>#21612</a> from apache/release-dev</li> <li><a href="https://github.com/apache/echarts/commit/77e5222d15690b539505eb7690b8ff53b52aab9c";><code>77e5222</code></a> release 6.1.0-rc.2</li> <li><a href="https://github.com/apache/echarts/commit/21f17bec20d42623edcd66f91cf2344d2bced6b1";><code>21f17be</code></a> fixRegression(map,geo): Resolve circular dependencies introduced by this vers...</li> <li><a href="https://github.com/apache/echarts/commit/830e8b6ec780ff24d59577c69e3bbf69f1df315e";><code>830e8b6</code></a> chore: Supplement package.json (for module cjs declaration) to source release.</li> <li><a href="https://github.com/apache/echarts/commit/ed0e2103071744cb97887757679336cec1d8dac4";><code>ed0e210</code></a> chore: Fix <code>addHeader</code> tool and add missing license headers.</li> <li><a href="https://github.com/apache/echarts/commit/cc78ada709b6028371b24f5449ad7a4dda93f992";><code>cc78ada</code></a> Merge pull request <a href="https://redirect.github.com/apache/echarts/issues/21611";>#21611</a> from apache/release-dev</li> <li><a href="https://github.com/apache/echarts/commit/3f6e0125fdd8a485c59652cdf628144fcea1702f";><code>3f6e012</code></a> release: Build release.</li> <li><a href="https://github.com/apache/echarts/commit/d69405f83fe2be367beb0ff1e08b49380d6485c6";><code>d69405f</code></a> chore: Add missing headers.</li> <li><a href="https://github.com/apache/echarts/commit/6998ed02fcfe39aafcefc47f4fb4822b36b0642d";><code>6998ed0</code></a> release: Upgrade npm version.</li> <li><a href="https://github.com/apache/echarts/commit/8cb374b15ca842e057812715caf73acf17649a5b";><code>8cb374b</code></a> fix(build): Fix build commands.</li> <li>Additional commits viewable in <a href="https://github.com/apache/echarts/compare/6.0.0...6.1.0";>compare view</a></li> </ul> </details> <br /> Updates `lodash` from 4.17.23 to 4.18.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/lodash/lodash/releases";>lodash's releases</a>.</em></p> <blockquote> <h2>4.18.1</h2> <h2>Bugs</h2> <p>Fixes a <code>ReferenceError</code> issue in <code>lodash</code> <code>lodash-es</code> <code>lodash-amd</code> and <code>lodash.template</code> when using the <code>template</code> and <code>fromPairs</code> functions from the modular builds. See <a href="https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769";>lodash/lodash#6167</a></p> <p>These defects were related to how lodash distributions are built from the main branch using <a href="https://github.com/lodash-archive/lodash-cli";>https://github.com/lodash-archive/lodash-cli</a>. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.</p> <p>There is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:</p> <ul> <li><code>lodash</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm";>https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm</a></li> <li><code>lodash-es</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es";>https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es</a></li> <li><code>lodash-amd</code>: <a href="https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd";>https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd</a></li> <li><code>lodash.template</code><a href="https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages";>https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages</a></li> </ul> <h2>4.18.0</h2> <h2>v4.18.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.0";>https://github.com/lodash/lodash/compare/4.17.23...4.18.0</a></p> <h3>Security</h3> <p><strong><code>_.unset</code> / <code>_.omit</code></strong>: Fixed prototype pollution via <code>constructor</code>/<code>prototype</code> path traversal (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh";>GHSA-f23m-r3pf-42rh</a>, <a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b";>fe8d32e</a>). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now <code>constructor</code> and <code>prototype</code> are blocked unconditionally as non-terminal path keys, matching <code>baseSet</code>. Calls that previously returned <code>true</code> and deleted the property now return <code>false</code> and leave the target untouched.</p> <p><strong><code>_.template</code></strong>: Fixed code injection via <code>imports</code> keys (<a href="https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc";>GHSA-r5fr-rjxr-66jc</a>, CVE-2026-4800, <a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6";>879aaa9</a>). Fixes an incomplete patch for CVE-2021-23337. The <code>variable</code> option was validated against <code>reForbiddenIdentifierChars</code> but <code>importsKeys</code> was left unguarded, allowing code injection via the same <code>Function()</code> constructor sink. <code>imports</code> keys containing forbidden identifier characters now throw <code>"Invalid imports option passed into _.template"</code>.</p> <h3>Docs</h3> <ul> <li>Add security notice for <code>_.template</code> in threat model and API docs (<a href="https://redirect.github.com/lodash/lodash/pull/6099";>#6099</a>)</li> <li>Document <code>lower > upper</code> behavior in <code>_.random</code> (<a href="https://redirect.github.com/lodash/lodash/pull/6115";>#6115</a>)</li> <li>Fix quotes in <code>_.compact</code> jsdoc (<a href="https://redirect.github.com/lodash/lodash/pull/6090";>#6090</a>)</li> </ul> <h3><code>lodash.*</code> modular packages</h3> <p><a href="https://redirect.github.com/lodash/lodash/pull/6157";>Diff</a></p> <p>We have also regenerated and published a select number of the <code>lodash.*</code> modular packages.</p> <p>These modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:</p> <ul> <li><a href="https://www.npmjs.com/package/lodash.orderby";>lodash.orderby</a></li> <li><a href="https://www.npmjs.com/package/lodash.tonumber";>lodash.tonumber</a></li> <li><a href="https://www.npmjs.com/package/lodash.trim";>lodash.trim</a></li> <li><a href="https://www.npmjs.com/package/lodash.trimend";>lodash.trimend</a></li> <li><a href="https://www.npmjs.com/package/lodash.sortedindexby";>lodash.sortedindexby</a></li> <li><a href="https://www.npmjs.com/package/lodash.zipobjectdeep";>lodash.zipobjectdeep</a></li> <li><a href="https://www.npmjs.com/package/lodash.unset";>lodash.unset</a></li> <li><a href="https://www.npmjs.com/package/lodash.omit";>lodash.omit</a></li> <li><a href="https://www.npmjs.com/package/lodash.template";>lodash.template</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e";><code>cb0b9b9</code></a> release(patch): bump main to 4.18.1 (<a href="https://redirect.github.com/lodash/lodash/issues/6177";>#6177</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51";><code>75535f5</code></a> chore: prune stale advisory refs (<a href="https://redirect.github.com/lodash/lodash/issues/6170";>#6170</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4";><code>62e91bc</code></a> docs: remove n_ Node.js < 6 REPL note from README (<a href="https://redirect.github.com/lodash/lodash/issues/6165";>#6165</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4";><code>59be2de</code></a> release(minor): bump to 4.18.0 (<a href="https://redirect.github.com/lodash/lodash/issues/6161";>#6161</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d";><code>af63457</code></a> fix: broken tests for _.template 879aaa9</li> <li><a href="https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0";><code>1073a76</code></a> fix: linting issues</li> <li><a href="https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6";><code>879aaa9</code></a> fix: validate imports keys in _.template</li> <li><a href="https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b";><code>fe8d32e</code></a> fix: block prototype pollution in baseUnset via constructor/prototype traversal</li> <li><a href="https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d";><code>18ba0a3</code></a> refactor(fromPairs): use baseAssignValue for consistent assignment (<a href="https://redirect.github.com/lodash/lodash/issues/6153";>#6153</a>)</li> <li><a href="https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2";><code>b819080</code></a> ci: add dist sync validation workflow (<a href="https://redirect.github.com/lodash/lodash/issues/6137";>#6137</a>)</li> <li>Additional commits viewable in <a href="https://github.com/lodash/lodash/compare/4.17.23...4.18.1";>compare view</a></li> </ul> </details> <br /> Updates `moment-timezone` from 0.6.0 to 0.6.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/moment/moment-timezone/releases";>moment-timezone's releases</a>.</em></p> <blockquote> <h2>Release 0.6.2</h2> <ul> <li>Updated data to IANA TZDB <code>2026b</code>. <a href="https://redirect.github.com/moment/moment-timezone/issues/1145";>#1145</a></li> </ul> <h2>Release 0.6.1</h2> <ul> <li>Updated data to IANA TZDB <code>2026a</code>. <a href="https://redirect.github.com/moment/moment-timezone/issues/1140";>#1140</a></li> </ul> <p><strong>NOTE:</strong> This release does <em>not</em> include recently-announced DST changes for British Columbia, Canada. Those changes will likely be in <code>2026b</code>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/moment/moment-timezone/blob/develop/changelog.md";>moment-timezone's changelog</a>.</em></p> <blockquote> <h3><code>0.6.2</code> <em>2026-04-26</em></h3> <ul> <li>Updated data to IANA TZDB <code>2026b</code>. <a href="https://redirect.github.com/moment/moment-timezone/pull/1145";>#1145</a></li> </ul> <h3><code>0.6.1</code> <em>2026-03-18</em></h3> <ul> <li>Updated data to IANA TZDB <code>2026a</code>. <a href="https://redirect.github.com/moment/moment-timezone/pull/1140";>#1140</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/moment/moment-timezone/commit/466c8906ddb72a8cebaaa357542a7784e689c079";><code>466c890</code></a> Bump version and build moment-timezone 0.6.2</li> <li><a href="https://github.com/moment/moment-timezone/commit/e311deb6c763ac883a3fb264a24e76606065999d";><code>e311deb</code></a> Merge pull request <a href="https://redirect.github.com/moment/moment-timezone/issues/1145";>#1145</a> from moment/data/2026b</li> <li><a href="https://github.com/moment/moment-timezone/commit/32700092ca83062422dfff44a2d65555f74310d0";><code>3270009</code></a> data: Add 2026b</li> <li><a href="https://github.com/moment/moment-timezone/commit/f498d964fcb2957a1bcffedec304f591f4d59b6c";><code>f498d96</code></a> build(deps): bump picomatch from 2.3.1 to 2.3.2 (<a href="https://redirect.github.com/moment/moment-timezone/issues/1143";>#1143</a>)</li> <li><a href="https://github.com/moment/moment-timezone/commit/13e724cb72093aa297f6e4a5acd69cbb4afd52a5";><code>13e724c</code></a> Build moment-timezone 0.6.1</li> <li><a href="https://github.com/moment/moment-timezone/commit/22070ffa805483afbd0080b706b630e8a1dad684";><code>22070ff</code></a> Bump version to 0.6.1</li> <li><a href="https://github.com/moment/moment-timezone/commit/b4ebddb72a322007ee8fe465509a05b75816e8a1";><code>b4ebddb</code></a> Merge pull request <a href="https://redirect.github.com/moment/moment-timezone/issues/1140";>#1140</a> from moment/automated/data-update</li> <li><a href="https://github.com/moment/moment-timezone/commit/cb47a65338c249718d4364fb0b38821e02196d37";><code>cb47a65</code></a> data: Add 2026a</li> <li><a href="https://github.com/moment/moment-timezone/commit/026466a994947f92004dad12efb8a4a28d3d35d7";><code>026466a</code></a> build(deps): bump lodash from 4.17.21 to 4.17.23 (<a href="https://redirect.github.com/moment/moment-timezone/issues/1137";>#1137</a>)</li> <li><a href="https://github.com/moment/moment-timezone/commit/6dc54138e70d57dffce12f71e1b800463e7a6fe2";><code>6dc5413</code></a> Update Antarctica guess tests for 2026</li> <li>Additional commits viewable in <a href="https://github.com/moment/moment-timezone/compare/0.6.0...0.6.2";>compare view</a></li> </ul> </details> <br /> Updates `react` from 19.2.4 to 19.2.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases";>react's releases</a>.</em></p> <blockquote> <h2>19.2.6 (May 6th, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Type hardening and performance improvements (<a href="https://redirect.github.com/facebook/react/pull/36425";>#36425</a> by <a href="https://github.com/eps1lon";><code>@eps1lon</code></a> and <a href="https://github.com/unstubbable";><code>@unstubbable</code></a>)</li> </ul> <h2>19.2.5 (April 8th, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Add more cycle protections (<a href="https://redirect.github.com/facebook/react/pull/36236";>#36236</a> by <a href="https://github.com/eps1lon";><code>@eps1lon</code></a> and <a href="https://github.com/unstubbable";><code>@unstubbable</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/facebook/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401";><code>eaf3e95</code></a> Version 19.2.6</li> <li><a href="https://github.com/facebook/react/commit/23f4f9f30da9e9af2108c18bb197bae75ab584ea";><code>23f4f9f</code></a> 19.2.5</li> <li>See full diff in <a href="https://github.com/facebook/react/commits/v19.2.6/packages/react";>compare view</a></li> </ul> </details> <br /> Updates `@types/react` from 19.2.14 to 19.2.15 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react";>compare view</a></li> </ul> </details> <br /> Updates `react-dom` from 19.2.4 to 19.2.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases";>react-dom's releases</a>.</em></p> <blockquote> <h2>19.2.6 (May 6th, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Type hardening and performance improvements (<a href="https://redirect.github.com/facebook/react/pull/36425";>#36425</a> by <a href="https://github.com/eps1lon";><code>@eps1lon</code></a> and <a href="https://github.com/unstubbable";><code>@unstubbable</code></a>)</li> </ul> <h2>19.2.5 (April 8th, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Add more cycle protections (<a href="https://redirect.github.com/facebook/react/pull/36236";>#36236</a> by <a href="https://github.com/eps1lon";><code>@eps1lon</code></a> and <a href="https://github.com/unstubbable";><code>@unstubbable</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/facebook/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401";><code>eaf3e95</code></a> Version 19.2.6</li> <li><a href="https://github.com/facebook/react/commit/23f4f9f30da9e9af2108c18bb197bae75ab584ea";><code>23f4f9f</code></a> 19.2.5</li> <li>See full diff in <a href="https://github.com/facebook/react/commits/v19.2.6/packages/react-dom";>compare view</a></li> </ul> </details> <br /> Updates `react-router-dom` from 7.13.1 to 7.16.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md";>react-router-dom's changelog</a>.</em></p> <blockquote> <h2>v7.16.0</h2> <h3>Patch Changes</h3> <ul> <li>Remove stale/invalid <code>unpkg</code> field from <code>package.json</code>. This was removed from other packages with the release of v7 but missed in the <code>react-router-dom</code> re-export package (<a href="https://redirect.github.com/remix-run/react-router/pull/15075";>#15075</a>)</li> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/[email protected]";><code>[email protected]</code></a></li> </ul> </li> </ul> <h2>v7.15.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/[email protected]";><code>[email protected]</code></a></li> </ul> </li> </ul> <h2>v7.15.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/[email protected]";><code>[email protected]</code></a></li> </ul> </li> </ul> <h2>v7.14.2</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/[email protected]";><code>[email protected]</code></a></li> </ul> </li> </ul> <h2>v7.14.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/[email protected]";><code>[email protected]</code></a></li> </ul> </li> </ul> <h2>7.14.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><code>[email protected]</code></li> </ul> </li> </ul> <h2>7.13.2</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><code>[email protected]</code></li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remix-run/react-router/commit/8984d23f86ca7ae5655711744b77816090bda4e6";><code>8984d23</code></a> Release v7.16.0 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15105";>#15105</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/3ed77afcde0ad9aea79f1afe5f05a700b201f289";><code>3ed77af</code></a> chore: format</li> <li><a href="https://github.com/remix-run/react-router/commit/e96962bc6159a2290632849b55872a3878753342";><code>e96962b</code></a> fix: remove stale unpkg field from react-router-dom (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15075";>#15075</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/587d08fca6ca61e00f44c1eda95bf6e6a9ab76ef";><code>587d08f</code></a> Release v7.15.1 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15038";>#15038</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/97c8de79c38f107acd15f74d8295c7bf75894a5d";><code>97c8de7</code></a> Release v7.15.0 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15018";>#15018</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/cf1d25003aa1217dc21c16e95d483601940ae9af";><code>cf1d250</code></a> Release v7.14.2 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14993";>#14993</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/197674ba9fc1b72b452e17894e5e783bdab7a087";><code>197674b</code></a> Release 7.14.1 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14973";>#14973</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/a87774f997d8ba497c97562840f0766250c3e4ce";><code>a87774f</code></a> Add new release process (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14916";>#14916</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/e31077b0c380d9764dbced4c753e9ff99387045d";><code>e31077b</code></a> chore: Update version for release (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14945";>#14945</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/6683e85a9d7d607a45a3f6374afcc598a474f602";><code>6683e85</code></a> chore: Update version for release (pre) (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14943";>#14943</a>)</li> <li>Additional commits viewable in <a href="https://github.com/remix-run/react-router/commits/[email protected]/packages/react-router-dom";>compare view</a></li> </ul> </details> <br /> Updates `redoc` from 2.5.2 to 2.5.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Redocly/redoc/... _Description has been truncated_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
