Skip to content

Update Mend: high confidence minor and patch dependency updates #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mend-for-github-com wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update Mend: high confidence minor and patch dependency updates #2

mend-for-github-com wants to merge 1 commit into from

Conversation

@mend-for-github-com
Copy link

@mend-for-github-com mend-for-github-com bot commented Aug 16, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@braintree/sanitize-url 7.0.1 -> 7.1.1 age confidence
@floating-ui/react (source) 0.26.22 -> 0.27.16 age confidence
@lezer/highlight 1.2.0 -> 1.2.3 age confidence
@monaco-editor/react 4.6.0 -> 4.7.0 age confidence
@pmmmwh/react-refresh-webpack-plugin 0.5.15 -> 0.6.2 age confidence
@types/babel__preset-env (source) 7.9.7 -> 7.10.0 age confidence
@types/chance (source) 1.1.6 -> 1.1.7 age confidence
@​types/dompurify 3.0.5 -> 3.2.0 age confidence
@types/hoist-non-react-statics (source) 3.3.5 -> 3.3.7 age confidence
@types/ini (source) 4.1.0 -> 4.1.1 age confidence
@types/jquery (source) 3.5.30 -> 3.5.33 age confidence
@types/lodash (source) 4.17.7 -> 4.17.21 age confidence
@types/node-forge (source) 1.3.11 -> 1.3.14 age confidence
@types/papaparse (source) 5.3.14 -> 5.5.1 age confidence
@types/prismjs (source) 1.26.4 -> 1.26.5 age confidence
@types/react-color (source) 3.0.12 -> 3.0.13 age confidence
@types/react-transition-group (source) 4.4.10 -> 4.4.12 age confidence
@types/redux-mock-store (source) 1.0.6 -> 1.5.0 age confidence
@types/semver (source) 7.5.8 -> 7.7.1 age confidence
@types/webpack-env (source) 1.18.5 -> 1.18.8 age confidence
autoprefixer 10.4.20 -> 10.4.22 age confidence
chance (source) 1.1.12 -> 1.1.13 age confidence
comlink 4.4.1 -> 4.4.2 age confidence
cypress-recurse 1.35.3 -> 1.37.1 age confidence
esbuild 0.20.2 -> 0.27.1 age confidence
esbuild-loader 4.2.2 -> 4.4.0 age confidence
eslint-plugin-import 2.29.1 -> 2.32.0 age confidence
eslint-plugin-jest-dom 5.4.0 -> 5.5.0 age confidence
eslint-plugin-jsx-a11y 6.9.0 -> 6.10.2 age confidence
eslint-plugin-react 7.35.0 -> 7.37.5 age confidence
fork-ts-checker-webpack-plugin 9.0.2 -> 9.1.0 age confidence
html-webpack-plugin 5.6.0 -> 5.6.5 age confidence
i18next-parser 9.0.1 -> 9.3.0 age confidence
mini-css-extract-plugin 2.9.0 -> 2.9.4 age confidence
moment-timezone (source) 0.5.45 -> 0.6.0 age confidence
nanoid 5.0.9 -> 5.1.6 age confidence
node-forge 1.3.2 -> 1.3.3 age confidence
papaparse (source) 5.4.1 -> 5.5.3 age confidence
postcss (source) 8.4.41 -> 8.5.6 age confidence
postcss-loader 8.1.1 -> 8.2.0 age confidence
prismjs 1.29.0 -> 1.30.0 age confidence
rc-tree 5.8.8 -> 5.13.1 age confidence
re-resizable 6.9.17 -> 6.11.2 age confidence
react-draggable 4.4.6 -> 4.5.0 age confidence
react-dropzone 14.2.3 -> 14.3.8 age confidence
react-highlight-words 0.20.0 -> 0.21.0 age confidence
react-loading-skeleton 3.4.0 -> 3.5.0 age confidence
react-redux 9.1.2 -> 9.2.0 age confidence
react-select (source) 5.8.0 -> 5.10.2 age confidence
react-use 17.5.1 -> 17.6.0 age confidence
react-virtualized-auto-sizer 1.0.24 -> 1.0.26 age confidence
react-zoom-pan-pinch 3.4.4 -> 3.7.0 age confidence
redux-mock-store 1.5.4 -> 1.5.5 age confidence
rollup-plugin-dts 6.1.1 -> 6.3.0 age confidence
rxjs (source) 7.8.1 -> 7.8.2 age confidence
semver 7.6.3 -> 7.7.3 age confidence
stylelint (source) 16.8.1 -> 16.26.1 age confidence
terser-webpack-plugin 5.3.10 -> 5.3.15 age confidence
ts-jest (source) 29.2.4 -> 29.4.6 age confidence
tslib (source) 2.6.3 -> 2.8.1 age confidence
typescript (source) 5.4.5 -> 5.9.3 age confidence
webpack 5.91.0 -> 5.103.0 age confidence
webpack-dev-server 5.0.4 -> 5.2.2 age confidence
yaml (source) 2.4.5 -> 2.8.2 age confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

braintree/sanitize-url (@​braintree/sanitize-url)

v7.1.1

Compare Source

  • DevDependency Changes

    • happy-dom to 15.11.6

  • Update (sub-)dependencies

    • cross-spawn to 7.0.6
    • micromatch to 4.0.8
    • vite to 4.5.5

v7.1.0

Compare Source

  • Updated to handle back-slashes

v7.0.4

Compare Source

  • Updates get-func-name to 2.0.2

v7.0.3

Compare Source

  • Dependencies
    • Update braces to 3.0.3

v7.0.2

Compare Source

  • Improve sanitization of whitespace escapes
floating-ui/floating-ui (@​floating-ui/react)

v0.27.16

Compare Source

Patch Changes

v0.27.15

Compare Source

Patch Changes

v0.27.14

Compare Source

Patch Changes
  • fix(FloatingFocusManager): allow marking ancestor nodes with data-floating-ui-inert. Fixes outside presses not working when clicking on a parent ancestor node.
  • feat(FloatingPortal): support ShadowRoot containers
  • fix(useRole): ensure aria-selected=true is present without being active with select role
  • fix: only use blur capture to mark inside floating tree if FloatingPortal exists. Prevents blocking closeOnFocusOut behavior.
  • fix(FloatingFocusManager): clear previously focused elements that are disconnected more often

v0.27.13

Compare Source

Patch Changes
  • fix(FloatingFocusManager): ensure focus is always returned correctly in deep nested trees
  • fix(markOthers): exclude elements with role="status" and output elements
  • Update dependencies: @floating-ui/[email protected], @floating-ui/[email protected]

v0.27.12

Compare Source

Patch Changes
  • fix(FloatingFocusManager): ensure aria-hidden/inert are cleaned up correctly when mixing outsideElementsInert true/false
  • fix(safePolygon): revert to checking if any nested child is open

v0.27.11

Compare Source

Patch Changes
  • fix(FloatingFocusManager): check if target is connected for restoreFocus prop
  • Update dependencies: @floating-ui/[email protected]

v0.27.10

Compare Source

Patch Changes
  • fix(safePolygon): handle pointer moving outside of all floating elements in a tree with a close delay
  • fix(useDismiss): bail out of blur to mark inside react tree if floating tree exists

v0.27.9

Compare Source

Patch Changes
  • fix(useListNavigation): reset internal focusItemOnOpen state when floating element is closed. This prevents the first item being highlighted on open under certain conditions when it shouldn't be.
  • fix(FloatingOverlay): lockScroll detection on iPad
  • fix(useListNavigation): avoid item rerenders upon open
  • fix(FloatingFocusManager): check for blurring to nested elements inside the React tree without FloatingTree
  • fix(FloatingFocusManager): always prevent scroll upon returning focus
  • refactor(useHover): improve handleClose option and docs. You can now more easily write a custom event handler function, including exported types.
  • feat(FloatingOverlay): add lockScroll scrollbar width CSS variable (--floating-ui-scrollbar-width)
  • feat(useListNavigation, Composite): allow disabledIndices to be a function

v0.27.8

Compare Source

Patch Changes
  • feat: export most utils under @floating-ui/react/utils. This makes it a lot easier to write your own custom interaction hooks, or copy/paste the existing ones to change the way they are implemented yourself without patching or waiting for features/breaking changes.
  • perf(FloatingFocusManager): move manual tabindex handling on floating element to an event. Improves performance when the floating element has a large amount of content or the content changes frequently e.g. virtualized scrolling.
  • fix(FloatingFocusManager): prioritize returning focus to reference if available
  • feat(useListNavigation): add parentOrientation prop

v0.27.7

Compare Source

Patch Changes
  • fix(useTransitionStatus): avoid browser from painting before floating element opens. With FloatingDelayGroup, this avoids a flicker when moving between floating elements to ensure one is always open with no missing frames.
  • fix(useListNavigation): correctly scroll to the selected item on open when using a pointer and FloatingFocusManager initialFocus is not in use
  • fix(useHover): clean up blockPointerEvents when opened with click after hover
  • fix(useRole): improve "combobox" role
  • fix(useRole): handle custom id attributes
  • feat: experimental NextFloatingDelayGroup (and useNextFloatingDelayGroup). Unlike FloatingDelayGroup, this component doesn't cause a re-render of unrelated consumers of the context when the delay changes, improving performance. This will eventually become the new default for FloatingDelayGroup in v1 (Next), as its API is different.
  • perf(FloatingFocusManager): ignore manual tabindex handling for non-dialog role floating elements
  • fix(useHover): prevent floating element unexpectedly closing when close to reference element when not using safePolygon() and a close delay
  • perf(useFloating): refactor events emitter
  • fix(FloatingFocusManager): ensure floating elements with no tabbable content are assigned tabIndex=0 when initialFocus is -1
  • fix(useListNavigation): handle list navigation for nested lists with mixed orientation

v0.27.6

Compare Source

Patch Changes
  • fix(useFloating): prevent error when using inline middleware when passing a real DOM element to refs.setPositionReference due to element.getClientRects() not being handled
  • fix: avoid marking root ancestor combobox with aria-hidden when nested virtual floating element opens
  • fix(FloatingFocusManager): set inert attribute value to empty string instead of "true"
  • fix(FloatingFocusManager): correct tabbing to different document contexts
  • fix(useClick): fix toggle behavior with Enter key when reference element is anchor
  • feat(FloatingFocusManager): getInsideElements prop. Allows you to specify elements that are considered as "inside" the floating element. These will avoid being marked with aria-hidden and data-floating-ui-inert attributes.
  • fix(useFocus): improve :focus-visible checks

v0.27.5

Compare Source

Patch Changes
  • fix(FloatingFocusManager): return focus on outside press if possible for non-context nested floating elements
  • perf: improve performance by only clearing used timeouts
  • fix(useMergeRefs): support React 19 ref cleanup
  • fix(FloatingFocusManager): avoid returning to unrelated references

v0.27.4

Compare Source

Patch Changes
  • fix(useListNavigation): use parent's orientation when opening/closing nested menus, correctly supporting grid submenus
  • fix(FloatingList): avoid race condition between registering/unregistering nodes and setting indices

v0.27.3

Compare Source

Patch Changes
  • feat(FloatingFocusManager): accept FloatingRootContext as the context prop
  • fix(useListNavigation): check for virtual pointer on pointerenter
  • refactor: use jsx runtime
  • Update dependencies: @floating-ui/[email protected]

v0.27.2

Compare Source

Patch Changes
  • fix(FloatingFocusManager): prevent stale inert/aria-hidden attributes from being left on outside elements

v0.27.1

Compare Source

Patch Changes

v0.27.0

Compare Source

Minor Changes
  • chore: deprecate inner and useInnerOffset. This technique of aligning an inner element to the reference has poor performance with longer lists, doesn't fit with the middleware paradigm, doesn't work on touch, and has a better custom alternative using native onScroll that is encouraged instead.
  • breaking: drop React 16 support. 17 is the minimum supported version.
  • fix(useId): add | undefined return type for React 17
Patch Changes
  • feat(FloatingFocusManager): add outsideElementsInert prop. This enables pointer modality without a backdrop.
  • perf(useListNavigation): simplify focusing to remove unneeded asynchronicity
  • fix(useDismiss): allow native clicks to work with referencePress
  • fix(useDismiss): read target overflow style for scrollbar press check. Fixes an issue where outside presses would be incorrectly prevented if the target element that was pressed appeared scrollable but was actually not.
  • fix(FloatingFocusManager): check for 'safe-polygon' reason on return focus

v0.26.28

Compare Source

Patch Changes
  • fix(Composite): change focus to be sync
  • fix(useClick): improve consistency when combining with useHover()
  • feat(useClick): add stickIfOpen prop to determine whether to remain open upon first click when first opened by another event
  • feat(Composite): add RTL support
  • fix(FloatingFocusManager): ensure returnFocus is ignored correctly when using disabled prop
  • fix(useListNavigation): incorrect behaviour with RTL grid

v0.26.27

Compare Source

Patch Changes
  • fix(useListNavigation): ignore Home/End key press for typeable combobox references
  • fix(useListNavigation): ensure submenu references are set as virtualItemRef on floating close
  • fix(inner): use list ref length for fallback detection
  • fix(FloatingPortal): allow root to be reactive from null to an element

v0.26.26

Compare Source

Patch Changes
  • fix(useFloating): access domReference instead of reference
  • feat(FloatingFocusManager): specify element to return focus to

v0.26.25

Compare Source

Patch Changes
  • fix(useListNavigation): handle virtual nested Home/End key press
  • fix(useHover): ignore insignificant movement when resetting restMs
  • fix(useListNavigation): ignore duplicate arrow navigation when composing
  • feat(useDelayGroup): add enabled option
  • fix(useDismiss): handle IME keydown events on Escape
  • fix(inner): round max-height only if not scrollable

v0.26.24

Compare Source

Patch Changes
  • fix(FloatingOverlay): correct multiple locks behavior on iOS
  • fix(FloatingFocusManager): avoid returning focus to nearest tabbable element of the reference if it gets removed when the floating element closes to avoid unwanted focus effects of unrelated elements firing. Tab index context remains preserved if the floating element is portaled.
  • refactor: use React.JSX.Element types. Ensure you've upgraded to the latest @types/react patches (versions since May 6, 2023)
  • fix(FloatingArrow): avoid requiring leading space for manually specified transform style property
  • fix(inner): round maxHeight and apply minItemsVisible only when scrollable
  • Update dependencies: @floating-ui/[email protected], @floating-ui/[email protected]

v0.26.23

Compare Source

Patch Changes
  • feat: add onOpenChange reason string for FloatingFocusManager's closeOnFocusOut handling
  • fix(inner): correctly handle borders
  • fix(FloatingArrow): ignore staticOffset prop if floating element is shifted. Fixes an issue where the arrow could potentially point to nothing if it was shifted enough from its reference element.
  • fix(useListNavigation, Composite): prevent onNavigate from potentially passing in an undefined value instead of null
  • fix(useHover): blockPointerEvents no longer adds pointer-events: none to unintended <body> elements.
  • fix: manage focus on element with floating props spread on it
  • fix(FloatingFocusManager): support keepMounted behavior with disabled prop
lezer-parser/highlight (@​lezer/highlight)

v1.2.3

Compare Source

Bug fixes

Fix a regression in 1.2.2 when assigning new highlight tags to nodes.

v1.2.2

Compare Source

Bug fixes

Fix an issue where adding additional highlighting info for a node that already had some rule would drop the old info.

v1.2.1

Compare Source

Bug fixes

Give Tag objects an optional string name for debugging, and use it in their toString method.

suren-atoyan/monaco-react (@​monaco-editor/react)

v4.7.0

Compare Source

  • package: update @​monaco-editor/loader to the latest (v1.5.0) version (this uses monaco-editor v0.52.2)
  • package: inherit all changes from v4.7.0-rc.0
pmmmwh/react-refresh-webpack-plugin (@​pmmmwh/react-refresh-webpack-plugin)

v0.6.2

Compare Source

Fixes
  • Relaxed peer dependency requirement on type-fest to allow v5.x
    (#​934)

v0.6.1

Compare Source

Fixes
  • Ensure this propagates into module factory properly
    (#​921)

v0.6.0

Compare Source

BREAKING

  • Minimum required Node.js version has been bumped to 18.12.0.

  • Minimum required webpack version has been bumped to 5.2.0.

  • Minimum supported webpack-dev-server version has been bumped to 4.8.0.

  • Minimum supported webpack-plugin-serve version has been bumped to 1.0.0.

  • overlay.sockHost, overlay.sockPath, overlay.sockPort, overlay.sockProtocol and overlay.useURLPolyfill have all been removed.
    (#​850)

    It was necessary to support WDS below 4.8.0 (published in April 2022).

    It is no-longer necessary as a direct integration with WDS is now possible.

Features
  • Added helper script to better support use cases where React and/or React-DOM are externalized
    (#​852)
Fixes
  • Ensure plugin injected entries are no-op in production
    (#​900)
Internal

  • Dropped support for Webpack 4 / WDS 3
    (#​850,
    #​904)

  • Migrated from ansi-html to anser in error overlay
    (#​854)

  • Bumped all development dependencies
    (#​905)

v0.5.17

Compare Source

Fixes
  • Ensure this propagates into module factory properly
    (#​922)

v0.5.16

Compare Source

Fixes
  • Fixed out of order cleanup when using top-level await
    (#​898)
postcss/autoprefixer (autoprefixer)

v10.4.22

Compare Source

  • Fixed stretch prefixes on new Can I Use database.
  • Updated fraction.js.

v10.4.21

Compare Source

chancejs/chancejs (chance)

v1.1.13

Compare Source

GoogleChromeLabs/comlink (comlink)

v4.4.2

Compare Source

Merged #​653 which brings a performance optimization for message handling.

Full Changelog: GoogleChromeLabs/comlink@v4.4.1...v4.4.2

bahmutov/cypress-recurse (cypress-recurse)

v1.37.1

Compare Source

Bug Fixes

[v1.37.0](https:/

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 9 times, most recently from 468a532 to 5170c88 Compare August 23, 2024 06:30
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 10 times, most recently from 1eb7145 to 1c11cc6 Compare August 31, 2024 05:45
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 8 times, most recently from efe4e04 to e860d2f Compare September 7, 2024 05:44
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 7 times, most recently from 8a486eb to 86c651e Compare November 14, 2025 15:10
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 9 times, most recently from 029ad5c to 29fa408 Compare November 22, 2025 07:44
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 6 times, most recently from 5add9c1 to ec4ace9 Compare December 1, 2025 09:34
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch 6 times, most recently from 955860b to e88b2a0 Compare December 8, 2025 00:09
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/mend-high-confidence-minor-and-patch-dependency-updates branch from e88b2a0 to d9ebbae Compare December 9, 2025 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/frontend dependencies no-changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant