mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
main
5306 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 Andrew Aquino
|
887ea21237 |
feat: show Spinner before agent logs are rendered (#25820)
related to DEVEX-313 https://github.com/user-attachments/assets/5fb074bd-7ee7-4f11-9c0a-30567cd71abc |
||
|
Jon Ayers
|
ec19bc41d8 | fix: escape appearance values in HTML output (#25804) | ||
|
TJ
|
b411f09383 |
fix(site/src/pages/AgentsPage): use sentence case for UI labels (#25941)
Converts all title-case UI labels in the Coder Agents area to sentence
case for consistency. Also renames the "New Agent" sidebar button to
"New chat".
## Changes
### Settings headings
| Before | After |
|---|---|
| Personal Instructions | Personal instructions |
| Chat Layout | Chat layout |
| Keyboard Shortcuts | Keyboard shortcuts |
| Thinking Display | Thinking display |
| Shell Output Display | Shell output display |
| Code Diff Display | Code diff display |
| Autostop Fallback | Autostop fallback |
| Workspace Autostop Fallback | Workspace autostop fallback |
| Auto-Archive Inactive Conversations | Auto-archive inactive
conversations |
| Conversation Retention Period | Conversation retention period |
| Chat Debug Data Retention | Chat debug data retention |
| System Instructions | System instructions |
| Context Compaction | Context compaction |
| Cost Tracking | Cost tracking |
| Provider Configuration | Provider configuration |
| Virtual Desktop | Virtual desktop |
### Select/option labels
| Before | After |
|---|---|
| Always Expanded | Always expanded |
| Always Collapsed | Always collapsed |
### Sidebar and nav labels
| Before | After |
|---|---|
| New Agent | New chat |
| Personal Skills | Personal skills |
| Manage Agents | Manage agents |
| MCP Servers | MCP servers |
| Back to Settings | Back to settings |
| Back to Agents | Back to agents |
### Form field labels
| Before | After |
|---|---|
| Display Name | Display name |
| Client Secret | Client secret |
| Header Name | Header name |
| Tool Allow List | Tool allow list |
| Tool Deny List | Tool deny list |
| Spend Limit | Spend limit |
| Cache Read | Cache read |
| Cache Write | Cache write |
| Model Identifier | Model identifier |
| Context Limit | Context limit |
| Compression Threshold | Compression threshold |
### Model form titles
| Before | After |
|---|---|
| Add Model | Add model |
| Edit Model | Edit model |
| Duplicate Model | Duplicate model |
### Admin/limits labels
| Before | After |
|---|---|
| Group Limits | Group limits |
| Per-User Overrides | Per-user overrides |
| Default Spend Limit | Default spend limit |
### Other
| Before | After |
|---|---|
| Weekly/Workspace Usage | Weekly/Workspace usage |
| View Usage | View usage |
| attached image / attached file | Attached image / Attached file |
### Not changed (server-provided labels)
Model config field labels like "Reasoning Effort", "Max Completion
Tokens", "Send Reasoning", etc. are provided by the server via
`field.label` and rendered as-is by `snakeToPrettyLabel`. These require
a server-side change to use sentence case.
All corresponding story and test assertions updated to match.
> 🤖 Generated by Coder Agents on behalf of @tracyjohnsonux
|
||
|
Jaayden Halko
|
eea427f288 |
fix: inline ports panel in workspace pill on mobile (#25042)
closes CODAGT-326 <img width="335" height="658" alt="Screenshot 2026-06-02 at 18 29 39" src="https://github.com/user-attachments/assets/ee103047-67ad-403c-b67b-eb2147726db3" /> On viewports below the `md` Tailwind breakpoint, the agents-chat workspace pill becomes full width via the existing `mobile-full-width-dropdown` CSS hook. The `Ports (X)` item used a Radix `DropdownMenuSub` which opened a flyout sub-content to the right of the parent menu, so on mobile the sub-content had nowhere to render and clipped off the right edge. Mirror the inline sub-panel pattern already used by the agent chat input plus menu: lift a `view: "main" | "ports"` state into `WorkspacePill`, and on mobile swap the same dropdown's contents to a `Back` + ports list panel instead of opening a flyout. Desktop keeps the existing flyout sub-menu unchanged. Closes [CODAGT-326](https://linear.app/codercom/issue/CODAGT-326/port-forward-menu-is-cut-off-on-mobile-viewports). Visual coverage is added via two new Storybook stories at the `mobile1` (375 px) viewport: `MobilePortsInlinePanel` (full interaction + assertions) and `MobilePortsInlinePanelOpen` (visual / Chromatic capture stop point). <details> <summary>Implementation plan</summary> ### Why The dropdown content already gets full viewport width on `< 768 px` via the `mobile-full-width-dropdown` CSS hook in `site/src/index.css`. A Radix `DropdownMenuSub` opens to the right of its trigger, so on mobile it has no room and clips. Forcing the sub-content to also be full-width would overlap the parent and break keyboard / focus flow. The existing convention for nested menus on mobile in this codebase is the inline sub-panel (see `plusMenuView` in `AgentChatInput.tsx`). ### `WorkspacePill.tsx` - Add `view: "main" | "ports"` state and reset to `"main"` on close. - Extract `usePortsData(workspace, agent, enabled)` and a shared `PortsList` so desktop sub-content and mobile inline panel share one renderer. - Replace `PortsSubMenuItem` with `PortsMenuItem`, which uses `useIsBelowMdViewport()` to render either: - **Mobile:** a regular `DropdownMenuItem` whose `onSelect` calls `event.preventDefault()` (keeps the dropdown open) and switches to the inline view. - **Desktop:** the existing `DropdownMenuSub` flyout, behavior unchanged. - Add `MobilePortsPanel` rendered inside the parent `DropdownMenuContent` when `view === "ports"`. Includes a `Back` item that returns to the main view. - Add a small reactive `useIsBelowMdViewport()` hook around the existing `isBelowMdViewport` helper. </details> > Created on behalf of @jaayden by Coder Agents. |
||
|
Cian Johnston
|
7195be87b1 |
fix(site): CredentialField: mask api key after submit (#25848)
Fixes CODAGT-525 * Re-masks the field after submit * Sets font to monospaced for legibility * Extracts `createDeferred` to `testHelpers` |
||
|
blinkagent[bot]
|
2269cec830 | feat(site): populate Model name from Known Model display name (#25862) | ||
|
dependabot[bot]
|
81288656cd |
chore: bump the vite group across 1 directory with 3 updates (#25951)
Bumps the vite group with 3 updates in the /site directory: [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react), [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest). Updates `@vitejs/plugin-react` from 6.0.1 to 6.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/releases">@vitejs/plugin-react's releases</a>.</em></p> <blockquote> <h2>plugin-react@6.0.2</h2> <h3>Allow all options in reactCompilerPreset (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3> <p>This is a type only change. Only <code>compilationMode</code> and <code>target</code> options were available for <code>reactCompilerPreset</code>.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md">@vitejs/plugin-react's changelog</a>.</em></p> <blockquote> <h2>6.0.2 (2026-05-14)</h2> <h3>Allow all options in reactCompilerPreset (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1189">#1189</a>)</h3> <p>This is a type only change. Only <code>compilationMode</code> and <code>target</code> options were available for <code>reactCompilerPreset</code>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/6535b55e956b425e6650ffc2cc98fd23cca1d231"><code>6535b55</code></a> release: plugin-react@6.0.2</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/bf0e43b756e3be81f8572d59727c218311f431ef"><code>bf0e43b</code></a> feat(react): whitelist debugging-options (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1189">#1189</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/3bd1f08ae0b82ee0e96feb2ff265e61c6fe74b54"><code>3bd1f08</code></a> feat: use carets for rolldown versions (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1216">#1216</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/2b8df67323265d1ff5ddf47b2db9ab0b9de5c688"><code>2b8df67</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1218">#1218</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/8fa9619e1b1f51b079f4c1df6bcf076dcafc5aed"><code>8fa9619</code></a> fix(deps): update react 19.2.6 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1211">#1211</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/a4296ad2995a8d493528b8d5450a1209de2943cb"><code>a4296ad</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1209">#1209</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/323ccd72576be636b50baa7d9ce816cc94d5991e"><code>323ccd7</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1196">#1196</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/a7506e105df00cdadc58c0aecc4512d8cfdd9765"><code>a7506e1</code></a> chore(deps): update vite 8.0.10 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1198">#1198</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/02cff2a0cf5c7e9792b1612baa380228f5e4d3c1"><code>02cff2a</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1184">#1184</a>)</li> <li><a href="https://github.com/vitejs/vite-plugin-react/commit/4b9c890cdb21078ac45a86873b24f7e8613b8526"><code>4b9c890</code></a> fix(deps): update react 19.2.5 (<a href="https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react/issues/1181">#1181</a>)</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.2/packages/plugin-react">compare view</a></li> </ul> </details> <br /> Updates `vite` from 8.0.10 to 8.0.14 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v8.0.14</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.14/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.13</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.13/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.12</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.12/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.11</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.11/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.13...v8.0.14">8.0.14</a> (2026-05-21)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>update rolldown to 1.0.2 (<a href="https://redirect.github.com/vitejs/vite/issues/22484">#22484</a>) (<a href="https://github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0">96efc88</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> update all non-major dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22471">#22471</a>) (<a href="https://github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3">98b8163</a>)</li> <li><strong>dev:</strong> handle errors when sending messages to vite server (<a href="https://redirect.github.com/vitejs/vite/issues/22450">#22450</a>) (<a href="https://github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217">e8e9a34</a>)</li> <li><strong>html:</strong> handle trailing slash paths in transformIndexHtml (<a href="https://redirect.github.com/vitejs/vite/issues/22480">#22480</a>) (<a href="https://github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693">5d94d1b</a>)</li> <li><strong>optimizer:</strong> pass oxc jsx options to transformSync in dependency scan (<a href="https://redirect.github.com/vitejs/vite/issues/22342">#22342</a>) (<a href="https://github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262">b3132da</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li><strong>deps:</strong> update rolldown-related dependencies (<a href="https://redirect.github.com/vitejs/vite/issues/22470">#22470</a>) (<a href="https://github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f">7cb728e</a>)</li> <li>remove irrelevant commits from changelog (<a href="https://github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086">2c69495</a>)</li> </ul> <h3>Code Refactoring</h3> <ul> <li><strong>glob:</strong> do not rewrite import path for absolute base (<a href="https://redirect.github.com/vitejs/vite/issues/22310">#22310</a>) (<a href="https://github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302">0ae2844</a>)</li> </ul> <h3>Tests</h3> <ul> <li><strong>css:</strong> sass does not use main field (<a href="https://redirect.github.com/vitejs/vite/issues/22449">#22449</a>) (<a href="https://github.com/vitejs/vite/commit/ebf39a04329ddc6ba765e006a5d463680a952270">ebf39a0</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.12...v8.0.13">8.0.13</a> (2026-05-14)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li><strong>bundled-dev:</strong> add lazy bundling support (<a href="https://redirect.github.com/vitejs/vite/issues/21406">#21406</a>) (<a href="https://github.com/vitejs/vite/commit/4f0949f3f13e4b2b34d32bf7b2b4de5f26bea192">4f0949f</a>)</li> <li><strong>optimizer:</strong> improve the esbuild plugin converter to pass some properties of build result to <code>onEnd</code> (<a href="https://redirect.github.com/vitejs/vite/issues/22357">#22357</a>) (<a href="https://github.com/vitejs/vite/commit/47071ce53f21726cf39e999c4407c4828ecbe957">47071ce</a>)</li> <li>update rolldown to 1.0.1 (<a href="https://redirect.github.com/vitejs/vite/issues/22444">#22444</a>) (<a href="https://github.com/vitejs/vite/commit/8c766a6c5ee014969c4e32f29cc265e8e2c96e18">8c766a6</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li><strong>build:</strong> copy public directory after building same environment with <code>write=false</code> (<a href="https://redirect.github.com/vitejs/vite/issues/22328">#22328</a>) (<a href="https://github.com/vitejs/vite/commit/158e8ae8efdf7075ab295727e36b5ff68da3243e">158e8ae</a>)</li> <li><strong>css:</strong> await sass/less/styl worker disposal on teardown (fix <a href="https://redirect.github.com/vitejs/vite/issues/22274">#22274</a>) (<a href="https://redirect.github.com/vitejs/vite/issues/22275">#22275</a>) (<a href="https://github.com/vitejs/vite/commit/b7edcb7d0dd17ddfeef4ace78d610c099216dade">b7edcb7</a>)</li> <li><strong>css:</strong> keep deprecated <code>name</code>/<code>originalFileName</code> in synthetic <code>assetFileNames</code> call (<a href="https://redirect.github.com/vitejs/vite/issues/22439">#22439</a>) (<a href="https://github.com/vitejs/vite/commit/8e59c97a44d923c4c06f67287a793c9aa5a4ebaa">8e59c97</a>)</li> <li>make <code>isBundled</code> per environment (<a href="https://redirect.github.com/vitejs/vite/issues/22257">#22257</a>) (<a href="https://github.com/vitejs/vite/commit/a5763266170f8606836da5c6f987b4b2fd6ddc55">a576326</a>)</li> <li><strong>ssr:</strong> avoid rewriting labels that collide with imports (<a href="https://redirect.github.com/vitejs/vite/issues/22451">#22451</a>) (<a href="https://github.com/vitejs/vite/commit/d9b18e0387a253628d3d834288e79c5f7e85d566">d9b18e0</a>)</li> </ul> <h3>Miscellaneous Chores</h3> <ul> <li>remove irrelevant commits from changelog (<a href="https://redirect.github.com/vitejs/vite/issues/22430">#22430</a>) (<a href="https://github.com/vitejs/vite/commit/6ea383859aaf0ef8e673b458f164e84aeb6ff51d">6ea3838</a>)</li> <li>update changelog (<a href="https://redirect.github.com/vitejs/vite/issues/22413">#22413</a>) (<a href="https://github.com/vitejs/vite/commit/fcdc87cc6799857e2bab0f44f333a681694fff74">fcdc87c</a>)</li> </ul> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.11...v8.0.12">8.0.12</a> (2026-05-11)<!-- raw HTML omitted --></h2> <h3>Features</h3> <ul> <li>update rolldown to 1.0.0 (<a href="https://redirect.github.com/vitejs/vite/issues/22401">#22401</a>) (<a href="https://github.com/vitejs/vite/commit/cf0ff4154b26cffbf18541ade1a50818842731d3">cf0ff41</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitejs/vite/commit/c917f1ef9d9c6ef131af96d89089d8ec680b18f2"><code>c917f1e</code></a> release: v8.0.14</li> <li><a href="https://github.com/vitejs/vite/commit/5d94d1bffdb2a15de9341194d89baec86ce1f693"><code>5d94d1b</code></a> fix(html): handle trailing slash paths in transformIndexHtml (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22480">#22480</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/98b81632139d51820f82036e58d6fbbf122b77b3"><code>98b8163</code></a> fix(deps): update all non-major dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22471">#22471</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/96efc88570b6a6ddf1a910f106920cbac07b3cf0"><code>96efc88</code></a> feat: update rolldown to 1.0.2 (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22484">#22484</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/ebf39a04329ddc6ba765e006a5d463680a952270"><code>ebf39a0</code></a> test(css): sass does not use main field (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22449">#22449</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/0ae2844ab6d6d1ccf78a2975b8132769fc35b302"><code>0ae2844</code></a> refactor(glob): do not rewrite import path for absolute base (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22310">#22310</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/7cb728eb629cc677661f1bc52a044ffc0b87fc7f"><code>7cb728e</code></a> chore(deps): update rolldown-related dependencies (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22470">#22470</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/b3132dacea9c6e0cf526cd9f0f09d850f577c262"><code>b3132da</code></a> fix(optimizer): pass oxc jsx options to transformSync in dependency scan ...</li> <li><a href="https://github.com/vitejs/vite/commit/e8e9a34dcf2540139de558a10187630884d10217"><code>e8e9a34</code></a> fix(dev): handle errors when sending messages to vite server (<a href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22450">#22450</a>)</li> <li><a href="https://github.com/vitejs/vite/commit/2c69495f250edf01132d4a20128de19dbe836086"><code>2c69495</code></a> chore: remove irrelevant commits from changelog</li> <li>Additional commits viewable in <a href="https://github.com/vitejs/vite/commits/v8.0.14/packages/vite">compare view</a></li> </ul> </details> <br /> Updates `vitest` from 4.1.5 to 4.1.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">vitest's releases</a>.</em></p> <blockquote> <h2>v4.1.7</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> <h2>v4.1.6</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Provide project reference in <code>ToMatchScreenshotResolvePath</code> - by <a href="https://github.com/macarie"><code>@macarie</code></a> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a> <a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw HTML omitted -->(31882)<!-- raw HTML omitted --></a></li> <li>Global <code>sequence.concurrent: true</code> with top-level <code>test(..., { concurrent: false })</code> + depreacte <code>sequential</code> test API and options - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a> <a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Simplify orchestrator otel carrier - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a> <a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li> </ul> <h3> 🏎 Performance</h3> <ul> <li>Stringify diff objects only once - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a> <a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View changes on GitHub</a></h5> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a> chore: release v4.1.6</li> <li><a href="https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06"><code>18af98c</code></a> fix(browser): simplify orchestrator otel carrier (<a href="https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest/issues/10285">#10285</a>)</li> <li><a href="https://github.com/vitest-dev/vitest/commit/31882607cc67c7bf52ead13a606321ffdb06a857"><code>3188260</code></a> feat(browser): provide project reference in <code>ToMatchScreenshotResolvePath</code> (#...</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/vitest">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
36e71e04ed |
chore: bump @types/node from 20.19.39 to 20.19.41 in /site (#25955)
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.19.39 to 20.19.41. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
5bb089b0cd |
chore: bump postcss from 8.5.10 to 8.5.15 in /site (#25962)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [postcss](https://github.com/postcss/postcss) from 8.5.10 to 8.5.15. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.5.15</h2> <ul> <li>Fixed declaration parsing performance (by <a href="https://github.com/homanp"><code>@homanp</code></a>).</li> </ul> <h2>8.5.14</h2> <ul> <li>Fixed custom syntax regression (by <a href="https://github.com/43081j"><code>@43081j</code></a>).</li> </ul> <h2>8.5.13</h2> <ul> <li>Fixed <code>postcss-scss</code> commend regression.</li> </ul> <h2>8.5.12</h2> <ul> <li>Fixed reading any file via user-generated CSS.</li> <li>Added <code>opts.unsafeMap</code> to disable checks.</li> </ul> <h2>8.5.11</h2> <ul> <li>Fixed nested brackets parsing performance (by <a href="https://github.com/offset"><code>@offset</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.5.15</h2> <ul> <li>Fixed declaration parsing performance (by <a href="https://github.com/homanp"><code>@homanp</code></a>).</li> </ul> <h2>8.5.14</h2> <ul> <li>Fixed custom syntax regression (by <a href="https://github.com/43081j"><code>@43081j</code></a>).</li> </ul> <h2>8.5.13</h2> <ul> <li>Fixed <code>postcss-scss</code> commend regression.</li> </ul> <h2>8.5.12</h2> <ul> <li>Fixed reading any file via user-generated CSS.</li> <li>Added <code>opts.unsafeMap</code> to disable checks.</li> </ul> <h2>8.5.11</h2> <ul> <li>Fixed nested brackets parsing performance (by <a href="https://github.com/offset"><code>@offset</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/eae46db765d752cf8f40c4fa2b0b85030079c43d"><code>eae46db</code></a> Release 8.5.15 version</li> <li><a href="https://github.com/postcss/postcss/commit/79508ffa59e42c02056aca61b88bc393c8b516c4"><code>79508ff</code></a> Update CI actions</li> <li><a href="https://github.com/postcss/postcss/commit/b128e2131288a411c6e28071d0929542c49e74eb"><code>b128e21</code></a> Speed up declaration parsing by avoiding creating new array on each token</li> <li><a href="https://github.com/postcss/postcss/commit/9825dca02c33cf610e2a842be767468b67fbecf9"><code>9825dca</code></a> Fix code format</li> <li><a href="https://github.com/postcss/postcss/commit/55789c865281e2be194fa5b4e41dd046be3a2307"><code>55789c8</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/84fbbe9009cb3cc3bbb4cc3a9b65d468f4844d95"><code>84fbbe9</code></a> Install older pnpm action for old Node.js</li> <li><a href="https://github.com/postcss/postcss/commit/9f860bd78ec1dbc4f0ae72d693f03f956baa38cb"><code>9f860bd</code></a> Revert pnpm action for old Node.js</li> <li><a href="https://github.com/postcss/postcss/commit/08771986d47359545f502e009763e223b66bfcf6"><code>0877198</code></a> Update CI actions</li> <li><a href="https://github.com/postcss/postcss/commit/b2d1a335cea818f8b27e5cfb90147648afe3e582"><code>b2d1a33</code></a> Fix linter warnings</li> <li><a href="https://github.com/postcss/postcss/commit/0700dac92283bc259977dff2743ca74a00f58267"><code>0700dac</code></a> Merge pull request <a href="https://redirect.github.com/postcss/postcss/issues/2088">#2088</a> from rootvector2/add-oss-fuzz-harness</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.5.10...8.5.15">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
532660d4f8 |
chore: bump @vitest/browser-playwright from 4.1.1 to 4.1.7 in /site (#25959)
Bumps [@vitest/browser-playwright](https://github.com/vitest-dev/vitest/tree/HEAD/packages/browser-playwright) from 4.1.1 to 4.1.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitest-dev/vitest/releases">@vitest/browser-playwright's releases</a>.</em></p> <blockquote> <h2>v4.1.7</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>runner</strong>: Limit concurrency per task branch in addition to per leaf callbacks (backport) - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10384">vitest-dev/vitest#10384</a> <a href="https://github.com/vitest-dev/vitest/commit/4f0f2a1ee"><!-- raw HTML omitted -->(4f0f2)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.6...v4.1.7">View changes on GitHub</a></h5> <h2>v4.1.6</h2> <h3> 🐞 Bug Fixes</h3> <ul> <li><strong>browser</strong>: Provide project reference in <code>ToMatchScreenshotResolvePath</code> - by <a href="https://github.com/macarie"><code>@macarie</code></a> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10138">vitest-dev/vitest#10138</a> <a href="https://github.com/vitest-dev/vitest/commit/31882607c"><!-- raw HTML omitted -->(31882)<!-- raw HTML omitted --></a></li> <li>Global <code>sequence.concurrent: true</code> with top-level <code>test(..., { concurrent: false })</code> + depreacte <code>sequential</code> test API and options - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10196">vitest-dev/vitest#10196</a> <a href="https://github.com/vitest-dev/vitest/commit/2847dfa2a"><!-- raw HTML omitted -->(2847d)<!-- raw HTML omitted --></a></li> <li><strong>browser</strong>: Simplify orchestrator otel carrier - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10285">vitest-dev/vitest#10285</a> <a href="https://github.com/vitest-dev/vitest/commit/18af98cee"><!-- raw HTML omitted -->(18af9)<!-- raw HTML omitted --></a></li> </ul> <h3> 🏎 Performance</h3> <ul> <li>Stringify diff objects only once - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10276">vitest-dev/vitest#10276</a> <a href="https://github.com/vitest-dev/vitest/commit/9f7b1528c"><!-- raw HTML omitted -->(9f7b1)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.5...v4.1.6">View changes on GitHub</a></h5> <h2>v4.1.5</h2> <h3> 🚀 Experimental Features</h3> <ul> <li><strong>coverage</strong>: Istanbul to support <code>instrumenter</code> option - by <a href="https://github.com/BartWaardenburg"><code>@BartWaardenburg</code></a> and <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10119">vitest-dev/vitest#10119</a> <a href="https://github.com/vitest-dev/vitest/commit/0e0ff41c7"><!-- raw HTML omitted -->(0e0ff)<!-- raw HTML omitted --></a></li> </ul> <h3> 🐞 Bug Fixes</h3> <ul> <li>--project negation excludes browser instances - by <a href="https://github.com/felamaslen"><code>@felamaslen</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10131">vitest-dev/vitest#10131</a> <a href="https://github.com/vitest-dev/vitest/commit/9423dc084"><!-- raw HTML omitted -->(9423d)<!-- raw HTML omitted --></a></li> <li>Project color label on html reporter - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10142">vitest-dev/vitest#10142</a> <a href="https://github.com/vitest-dev/vitest/commit/596f73986"><!-- raw HTML omitted -->(596f7)<!-- raw HTML omitted --></a></li> <li>Fix <code>vi.defineHelper</code> called as object method - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10163">vitest-dev/vitest#10163</a> <a href="https://github.com/vitest-dev/vitest/commit/122c25b5b"><!-- raw HTML omitted -->(122c2)<!-- raw HTML omitted --></a></li> <li>Alias <code>agent</code> reporter to <code>minimal</code> - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10157">vitest-dev/vitest#10157</a> <a href="https://github.com/vitest-dev/vitest/commit/663b99fe3"><!-- raw HTML omitted -->(663b9)<!-- raw HTML omitted --></a></li> <li>Respect diff config options in soft assertions - by <a href="https://github.com/Copilot"><code>@Copilot</code></a>, <strong>sheremet-va</strong> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8696">vitest-dev/vitest#8696</a> <a href="https://github.com/vitest-dev/vitest/commit/9787dedad"><!-- raw HTML omitted -->(9787d)<!-- raw HTML omitted --></a></li> <li>Respect diff config options in soft assertions " - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/8696">vitest-dev/vitest#8696</a> <a href="https://github.com/vitest-dev/vitest/commit/7dc6d54fd"><!-- raw HTML omitted -->(7dc6d)<!-- raw HTML omitted --></a></li> <li><strong>ast-collect</strong>: Recognize _<em>vi_import</em> prefix in static test discovery - by <a href="https://github.com/Yejneshwar"><code>@Yejneshwar</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10129">vitest-dev/vitest#10129</a> <a href="https://github.com/vitest-dev/vitest/commit/325463ab2"><!-- raw HTML omitted -->(32546)<!-- raw HTML omitted --></a></li> <li><strong>coverage</strong>: Descriptive error message when reports directory is removed during test run - by <a href="https://github.com/DaveT1991"><code>@DaveT1991</code></a> and <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10117">vitest-dev/vitest#10117</a> <a href="https://github.com/vitest-dev/vitest/commit/1413382e1"><!-- raw HTML omitted -->(14133)<!-- raw HTML omitted --></a></li> <li><strong>snapshot</strong>: Increase default snapshot max output length - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> and <strong>Codex</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10150">vitest-dev/vitest#10150</a> <a href="https://github.com/vitest-dev/vitest/commit/21e66ff63"><!-- raw HTML omitted -->(21e66)<!-- raw HTML omitted --></a></li> <li><strong>ui</strong>: Fix jsx/tsx syntax highlight - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10152">vitest-dev/vitest#10152</a> <a href="https://github.com/vitest-dev/vitest/commit/f1b1f6c7b"><!-- raw HTML omitted -->(f1b1f)<!-- raw HTML omitted --></a></li> <li><strong>web-worker</strong>: Support MessagePort objects referenced inside postMessage data - by <a href="https://github.com/whitphx"><code>@whitphx</code></a> and <strong>Claude Opus 4.6 (1M context)</strong> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/9927">vitest-dev/vitest#9927</a> and <a href="https://redirect.github.com/vitest-dev/vitest/issues/10124">vitest-dev/vitest#10124</a> <a href="https://github.com/vitest-dev/vitest/commit/7ad7d39af"><!-- raw HTML omitted -->(7ad7d)<!-- raw HTML omitted --></a></li> <li><strong>api</strong>: Make test-specification options writable - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10154">vitest-dev/vitest#10154</a> <a href="https://github.com/vitest-dev/vitest/commit/6abd557b7"><!-- raw HTML omitted -->(6abd5)<!-- raw HTML omitted --></a></li> </ul> <h5> <a href="https://github.com/vitest-dev/vitest/compare/v4.1.4...v4.1.5">View changes on GitHub</a></h5> <h2>v4.1.4</h2> <h3> 🚀 Experimental Features</h3> <ul> <li><strong>coverage</strong>: <ul> <li>Default to text reporter <code>skipFull</code> if agent detected - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10018">vitest-dev/vitest#10018</a> <a href="https://github.com/vitest-dev/vitest/commit/53757804c"><!-- raw HTML omitted -->(53757)<!-- raw HTML omitted --></a></li> </ul> </li> <li><strong>experimental</strong>: <ul> <li>Expose <code>assertion</code> as a public field - by <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/10095">vitest-dev/vitest#10095</a> <a href="https://github.com/vitest-dev/vitest/commit/a120e3ab8"><!-- raw HTML omitted -->(a120e)<!-- raw HTML omitted --></a></li> <li>Support aria snapshot - by <a href="https://github.com/hi-ogawa"><code>@hi-ogawa</code></a>, <strong>Claude Opus 4.6 (1M context)</strong>, <a href="https://github.com/AriPerkkio"><code>@AriPerkkio</code></a>, <strong>Codex</strong> and <a href="https://github.com/sheremet-va"><code>@sheremet-va</code></a> in <a href="https://redirect.github.com/vitest-dev/vitest/issues/9668">vitest-dev/vitest#9668</a> <a href="https://github.com/vitest-dev/vitest/commit/d4fbb5cc9"><!-- raw HTML omitted -->(d4fbb)<!-- raw HTML omitted --></a></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/vitest-dev/vitest/commit/a09d47236e19fd3151351080c667036ca6164dc4"><code>a09d472</code></a> chore: release v4.1.7</li> <li><a href="https://github.com/vitest-dev/vitest/commit/a8fd24c1cad2320b19fcc651413c7d928423bdc1"><code>a8fd24c</code></a> chore: release v4.1.6</li> <li><a href="https://github.com/vitest-dev/vitest/commit/e399846850fedf10b8228cbe46a419628998acd9"><code>e399846</code></a> chore: release v4.1.5</li> <li><a href="https://github.com/vitest-dev/vitest/commit/ac04bac206f49d793e7277084f707aee718aa936"><code>ac04bac</code></a> chore: release v4.1.4</li> <li><a href="https://github.com/vitest-dev/vitest/commit/2dc0d62eaf08d8acb1f5042fdb8ac5b4a19fdc73"><code>2dc0d62</code></a> chore: release v4.1.3</li> <li><a href="https://github.com/vitest-dev/vitest/commit/5a5fa49feca7e7133d4326d84fd37e24f1a6b56b"><code>5a5fa49</code></a> fix: fix <code>defineHelper</code> for webkit async stack trace + update playwright 1.59...</li> <li><a href="https://github.com/vitest-dev/vitest/commit/fc6f482f4c54bf6a766a0ff502b9843994af5bf5"><code>fc6f482</code></a> chore: release v4.1.2</li> <li>See full diff in <a href="https://github.com/vitest-dev/vitest/commits/v4.1.7/packages/browser-playwright">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
e5b6469f6f |
chore: bump @babel/plugin-syntax-typescript from 7.28.6 to 7.29.7 in /site (#25964)
Bumps [@babel/plugin-syntax-typescript](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-syntax-typescript) from 7.28.6 to 7.29.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases">@babel/plugin-syntax-typescript's releases</a>.</em></p> <blockquote> <h2>v7.29.7 (2026-05-25)</h2> <p>Re-release all packages with npm provenance attestations</p> <h2>v7.29.6 (2026-05-25)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/18014">#18014</a> Catchup source map position in preserveFormat (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/18001">#18001</a> [7.x packport]Improve input source map handling (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code>, <code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17998">#17998</a> Preserve original identifier names from input sourcemaps (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-syntax-typescript/issues/17992">#17992</a>) (<a href="https://github.com/Andarist"><code>@Andarist</code></a>)</li> </ul> </li> </ul> <h4>Committers: 3</h4> <ul> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Mateusz Burzyński (<a href="https://github.com/Andarist"><code>@Andarist</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> <h2>v7.29.5 (2026-05-05)</h2> <h4>🏠 Internal</h4> <ul> <li><code>babel-preset-env</code> <ul> <li>Update <code>@babel/*</code> dependencies</li> </ul> </li> </ul> <h2>v7.29.4 (2026-05-05)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-plugin-transform-modules-systemjs</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17974">#17974</a> [7.x backport]fix(systemjs): improve module string name support (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 1</h4> <ul> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> <h2>v7.29.3 (2026-04-30)</h2> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17923">#17923</a> Support flow extends bound (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-helper-create-class-features-plugin</code>, <code>babel-plugin-proposal-decorators</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17931">#17931</a> fix(decorators): replace super within all removed static elements (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-register</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17915">#17915</a> Fix thread synchronization issues in <code>@babel/register</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-compat-data</code>, <code>babel-plugin-bugfix-safari-rest-destructuring-rhs-array</code>, <code>babel-preset-env</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17788">#17788</a> Add bugfix plugin for Safari array rest destructuring bug (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-parser</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090"><code>4fba754</code></a> v7.29.7</li> <li>See full diff in <a href="https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-syntax-typescript">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
d370736f55 |
chore: bump motion from 12.38.0 to 12.40.0 in /site (#25960)
Bumps [motion](https://github.com/motiondivision/motion) from 12.38.0 to 12.40.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/motiondivision/motion/blob/main/CHANGELOG.md">motion's changelog</a>.</em></p> <blockquote> <h2>[12.40.0] 2026-05-21</h2> <h3>Added</h3> <ul> <li><code>path</code> option to <code>transition</code>.</li> <li><code>arc()</code> for motion along an arc.</li> </ul> <h2>[12.39.0] 2026-05-18</h2> <h3>Added</h3> <ul> <li>Support for <code>repeatType</code> and <code>repeatDelay</code> in animation sequences.</li> </ul> <h3>Fixed</h3> <ul> <li>Variants: Re-run keyframe animations when switching between variant labels even when they share identical keyframe arrays.</li> <li>Drag: Preserve in-flight motion value animations across React 19 reorder unmount/remount so <code>dragSnapToOrigin</code> no longer leaves the drag transform stranded after a layout swap.</li> <li><code>LazyMotion</code>: Share React contexts between the <code>framer-motion</code> and <code>framer-motion/m</code> (and therefore <code>motion/react</code> and <code>motion/react-m</code>) CJS bundles so that <code><m.div></code> from the <code>/m</code> subpath picks up features loaded by <code><LazyMotion></code> from the main entry point.</li> <li><code>useScroll</code>: Support hydrating <code>target</code> and <code>container</code> refs from anywhere in the tree.</li> <li>Drag: Gesture no longer starts from incorrect start point when rendered inside <code><AnimatePresence initial={false} /></code>.</li> <li>Drag: <code>dragConstraints</code>, when set as viewport-relative ref, no longer break on scroll.§</li> <li>Updated <code>visualElement</code> hydration order.</li> <li><code>useAnimate</code>: Now respects <code>skipAnimations</code>.</li> <li><code>AnimatePresence</code>: Fix object-form <code>initial</code> values not applied on re-entry after exit completes.</li> <li><code>scroll</code>: Fixed callback progress when tracking an element.</li> <li><code>useScroll</code>: Fix hardware acceleration when tracking an element.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/motiondivision/motion/commit/38ebb9480e5b25a51e09e2ec866c101d01d82c60"><code>38ebb94</code></a> v12.40.0</li> <li><a href="https://github.com/motiondivision/motion/commit/b1f766c7221cfdbf868e2f66675d6d2e2ff8f50e"><code>b1f766c</code></a> Latest</li> <li><a href="https://github.com/motiondivision/motion/commit/bca554401519e8ef45db1dcc8c52580998251c73"><code>bca5544</code></a> Merge pull request <a href="https://redirect.github.com/motiondivision/motion/issues/3699">#3699</a> from motiondivision/lochie/arcs-injectable</li> <li><a href="https://github.com/motiondivision/motion/commit/f1a96cfaff8de87712539bf250205134c8e121d9"><code>f1a96cf</code></a> arc(): rename amp/rotate, expose MotionPath, fix explicit cw/ccw</li> <li><a href="https://github.com/motiondivision/motion/commit/b4aaba0d161cce6db7b2070ec3fd141e1dbcda95"><code>b4aaba0</code></a> pathRotation: non-destructive orientToPath rotation channel</li> <li><a href="https://github.com/motiondivision/motion/commit/8604ef3d9048127d61a8bbd94698e56368e70926"><code>8604ef3</code></a> Make arcs injectable via <code>transition.path = arc()</code></li> <li><a href="https://github.com/motiondivision/motion/commit/f90fe294c559c3bd7b13e762b0b2aefe837dc000"><code>f90fe29</code></a> add <code>orientToPath</code></li> <li><a href="https://github.com/motiondivision/motion/commit/9ebe999fe93e6431ce026a998cb2aeabe690d03b"><code>9ebe999</code></a> fix: test</li> <li><a href="https://github.com/motiondivision/motion/commit/bc2107e8963b35c0f264810d8dcb8b7b96ac7cb5"><code>bc2107e</code></a> Revert "no should"</li> <li><a href="https://github.com/motiondivision/motion/commit/6eeb92dc2228419a1d2ba33bec5df36c3357683a"><code>6eeb92d</code></a> no should</li> <li>Additional commits viewable in <a href="https://github.com/motiondivision/motion/compare/v12.38.0...v12.40.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
73249e7c1a |
chore: bump react-router from 7.12.0 to 7.15.1 in /site (#25963)
Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 7.12.0 to 7.15.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/releases">react-router's releases</a>.</em></p> <blockquote> <h2>v7.15.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7151</a></p> <h2>v7.15.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7150</a></p> <h2>v7.14.2</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7142</a></p> <h2>v7.14.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7141</a></p> <h2>v7.14.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140</a></p> <h2>v7.13.2</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132</a></p> <h2>v7.13.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131</a></p> <h2>v7.13.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7130</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's changelog</a>.</em></p> <blockquote> <h2>v7.15.1</h2> <h3>Patch Changes</h3> <ul> <li>Update router to operate on fetcher Maps in an immutable manner to avoid delayed React renders from potentially reading an updated but not yet committed Map. This could result in brief flickers in some fetcher-driven optimistic UI scenarios. (<a href="https://redirect.github.com/remix-run/react-router/pull/15028">#15028</a>)</li> <li>Fix <code>serverLoader()</code> returning stale SSR data when a client navigation aborts pending hydration before the hydration <code>clientLoader</code> resolves (<a href="https://redirect.github.com/remix-run/react-router/pull/15022">#15022</a>)</li> <li>Fix <code>RouterProvider</code> <code>onError</code> callback not being called for synchronous initial loader errors in SPA mode (<a href="https://redirect.github.com/remix-run/react-router/pull/15039">#15039</a>) (<a href="https://redirect.github.com/remix-run/react-router/pull/14942">#14942</a>)</li> <li>Memoize <code>useFetchers</code> to return a stable identity and only change if fetchers changed (<a href="https://redirect.github.com/remix-run/react-router/pull/15028">#15028</a>)</li> <li>Internal refactor to consolidate mutation request detection through shared utility (<a href="https://redirect.github.com/remix-run/react-router/pull/15033">#15033</a>)</li> </ul> <h3>Unstable Changes</h3> <p>⚠️ <em><a href="https://reactrouter.com/community/api-development-strategy#unstable-flags">Unstable features</a> are not recommended for production use</em></p> <ul> <li>Add a new <code>unstable_useRouterState()</code> hook that consolidates access to active and pending router states (RFC: <a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/12358">#12358</a>) (<a href="https://redirect.github.com/remix-run/react-router/pull/15017">#15017</a>) <ul> <li> <p>Data/Framework/RSC only — throws when used without a data router</p> </li> <li> <p>This should allow you to consolidate usages of the following hooks which will likely be deprecated and removed in a future major version</p> <ul> <li><code>useLocation</code></li> <li><code>useSearchParams</code></li> <li><code>useParams</code></li> <li><code>useMatches</code></li> <li><code>useNavigationType</code></li> <li><code>useNavigation</code></li> </ul> <pre lang="ts"><code>let { active, pending } = unstable_useRouterState(); <p>// Active is always populated with the current location active.location; // replaces <code>useLocation()</code> active.searchParams; // replaces <code>useSearchParams()[0]</code> active.params; // replaces <code>useParams()</code> active.matches; // replaces <code>useMatches()</code> active.type; // replaces <code>useNavigationType()</code></p> <p>// Pending is only populated during a navigation pending.location; // replaces <code>useNavigation().location</code> pending.searchParams; // equivalent to <code>new URLSearchParams(useNavigation().search)</code> pending.params; // Not directly accessible today pending.matches; // Not directly accessible today pending.type; // Not directly accessible today pending.state; // replaces <code>useNavigation().state</code> pending.formMethod; // replaces useNavigation().formMethod pending.formAction; // replaces useNavigation().formAction pending.formEncType; // replaces useNavigation().formEncType pending.formData; // replaces useNavigation().formData pending.json; // replaces useNavigation().json pending.text; // replaces useNavigation().text </code></pre></p> </li> </ul> </li> </ul> <h2>v7.15.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remix-run/react-router/commit/587d08fca6ca61e00f44c1eda95bf6e6a9ab76ef"><code>587d08f</code></a> Release v7.15.1 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15038">#15038</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/89996bd067d841b0e3be0e0b95e013e67a6a522a"><code>89996bd</code></a> Fire onError for initial-load errors when RouterProvider mounts late (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15039">#15039</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/4322e58ded9b7f5c29de0f110a97f6f2a7c34fbc"><code>4322e58</code></a> Update docs for useRouterState</li> <li><a href="https://github.com/remix-run/react-router/commit/fadd6c490cc84abc560a2413ee6fa0f2617d098d"><code>fadd6c4</code></a> Merge branch 'main' into release</li> <li><a href="https://github.com/remix-run/react-router/commit/6bf91cef0e5d3d224d5580d485b6b716d96742d1"><code>6bf91ce</code></a> chore: format</li> <li><a href="https://github.com/remix-run/react-router/commit/44c34783abbdd2be1a9fe1a4b843d49e704f9a0e"><code>44c3478</code></a> fix: prevent fetcher formData flicker and eliminate state.fetchers mutations ...</li> <li><a href="https://github.com/remix-run/react-router/commit/7e6725a4c513dea08689e72cf632bcd4f75e0171"><code>7e6725a</code></a> Cleanup lint issues (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15030">#15030</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/aabd30c8d17fe698a64e096c9ee357cf1c3588fb"><code>aabd30c</code></a> Use shared isMutationMethod check (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15033">#15033</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/954a4a6afe4a1a3bd3086dcc2f838cd2635fae3b"><code>954a4a6</code></a> Fix stale SSR data when hydration is aborted by a same-route navigation (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/15022">#15022</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/041cd3236e39edd4d0a2d34999a46b61211c1605"><code>041cd32</code></a> fix(react-router): Internal preloads refactor to preserve types (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router/issues/14860">#14860</a>)</li> <li>Additional commits viewable in <a href="https://github.com/remix-run/react-router/commits/react-router@7.15.1/packages/react-router">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
5e2889f682 |
chore: bump @types/lodash from 4.17.21 to 4.17.24 in /site (#25969)
Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.17.21 to 4.17.24. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/lodash">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
1c81b25bba |
chore: bump tailwind-merge from 2.6.0 to 2.6.1 in /site (#25965)
Bumps [tailwind-merge](https://github.com/dcastil/tailwind-merge) from 2.6.0 to 2.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dcastil/tailwind-merge/releases">tailwind-merge's releases</a>.</em></p> <blockquote> <h2>v2.6.1</h2> <h3>Bug Fixes</h3> <ul> <li>Fix arbitrary value using <code>color-mix</code> not being detected as color by <a href="https://github.com/dcastil"><code>@dcastil</code></a> in <a href="https://redirect.github.com/dcastil/tailwind-merge/issues/591">#591</a> <ul> <li>This fix was backported from v3.3.1 to make it available for v2 users.</li> </ul> </li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dcastil/tailwind-merge/compare/v2.6.0...v2.6.1">https://github.com/dcastil/tailwind-merge/compare/v2.6.0...v2.6.1</a></p> <p>Thanks to <a href="https://github.com/brandonmcconnell"><code>@brandonmcconnell</code></a>, <a href="https://github.com/manavm1990"><code>@manavm1990</code></a>, <a href="https://github.com/langy"><code>@langy</code></a>, <a href="https://github.com/roboflow"><code>@roboflow</code></a>, <a href="https://github.com/syntaxfm"><code>@syntaxfm</code></a>, <a href="https://github.com/getsentry"><code>@getsentry</code></a>, <a href="https://github.com/codecov"><code>@codecov</code></a>, a private sponsor, <a href="https://github.com/block"><code>@block</code></a>, <a href="https://github.com/openclaw"><code>@openclaw</code></a> and more via <a href="https://github.com/thnxdev"><code>@thnxdev</code></a> for sponsoring tailwind-merge! ❤️</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dcastil/tailwind-merge/commit/03778635bfd7c73f0181e9aefbc5b01a0f804961"><code>0377863</code></a> v2.6.1</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/ce73bc0b0363b7458c2a0cb6d874bf328bd17ea4"><code>ce73bc0</code></a> Update publish workflow</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/793325f4ed96f9f4845cdf421629895694fc1171"><code>793325f</code></a> add v2.6.1 to changelog</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/d4ec7cda0b79cff64cc01f60d16317f5871a6d88"><code>d4ec7cd</code></a> .gitignore: Add Claude stuff</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/10e326ae5569c3989bf4ea65efb26e4b76bec82c"><code>10e326a</code></a> Cherry-picked: Merge pull request <a href="https://redirect.github.com/dcastil/tailwind-merge/issues/591">#591</a> from dcastil/bugfix/590/fix-arbitrary-...</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/47c87d84cb18f22501aa219f65e226518a7a3c51"><code>47c87d8</code></a> Merge pull request <a href="https://redirect.github.com/dcastil/tailwind-merge/issues/515">#515</a> from dcastil/dependabot/npm_and_yarn/vite-5.4.14</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/35eb83f10f8a0fd423cd6ad271da0b1bafdc25bd"><code>35eb83f</code></a> Merge pull request <a href="https://redirect.github.com/dcastil/tailwind-merge/issues/516">#516</a> from dcastil/dependabot/npm_and_yarn/dot-github/actio...</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/faf70ccde1e74be8598ac5d1d20fda4d63b1c038"><code>faf70cc</code></a> Bump undici from 5.28.4 to 5.28.5 in /.github/actions/metrics-report</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/99f3ca4b381597c520c5c23da9315088a208b9d9"><code>99f3ca4</code></a> Bump vite from 5.4.6 to 5.4.14</li> <li><a href="https://github.com/dcastil/tailwind-merge/commit/fb91ba41f4703719d6abfb1fa90f0814be17889b"><code>fb91ba4</code></a> Merge pull request <a href="https://redirect.github.com/dcastil/tailwind-merge/issues/514">#514</a> from dcastil/other/480/make-label-name-in-label-workf...</li> <li>Additional commits viewable in <a href="https://github.com/dcastil/tailwind-merge/compare/v2.6.0...v2.6.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
da3ce16d00 |
chore: bump protobufjs from 7.5.6 to 7.6.1 in /site (#25958)
Bumps [protobufjs](https://github.com/protobufjs/protobuf.js) from 7.5.6 to 7.6.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/protobufjs/protobuf.js/releases">protobufjs's releases</a>.</em></p> <blockquote> <h2>protobufjs: v7.6.1</h2> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1">7.6.1</a> (2026-05-22)</h2> <h3>Bug Fixes</h3> <ul> <li>Backport misc utility hardening (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2280">#2280</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0">8a45c13</a>)</li> <li>Treat fixed64 as unsigned in converters (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2266">#2266</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb">479dfdc</a>)</li> </ul> <h2>protobufjs: v7.6.0</h2> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0">7.6.0</a> (2026-05-18)</h2> <h3>Features</h3> <ul> <li>Support BigInt conversions (7.x) (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2258">#2258</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7">f769242</a>)</li> </ul> <h2>protobufjs: v7.5.9</h2> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9">7.5.9</a> (2026-05-17)</h2> <h3>Bug Fixes</h3> <ul> <li>Backport bundler-safe optional module lookups (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2254">#2254</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797">0853a62</a>)</li> </ul> <h2>protobufjs: v7.5.8</h2> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8">7.5.8</a> (2026-05-12)</h2> <h3>Bug Fixes</h3> <ul> <li>Backport parser hardening to 7.x (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2245">#2245</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26">54b593f</a>)</li> </ul> <h2>protobufjs: v7.5.7</h2> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7">7.5.7</a> (2026-05-09)</h2> <h3>Bug Fixes</h3> <ul> <li>Restore first-match namespace lookup (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2236">#2236</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5">cc7d595</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.1/CHANGELOG.md">protobufjs's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.6.0...protobufjs-v7.6.1">7.6.1</a> (2026-05-22)</h2> <h3>Bug Fixes</h3> <ul> <li>Backport misc utility hardening (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2280">#2280</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0">8a45c13</a>)</li> <li>Treat fixed64 as unsigned in converters (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2266">#2266</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb">479dfdc</a>)</li> </ul> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.9...protobufjs-v7.6.0">7.6.0</a> (2026-05-18)</h2> <h3>Features</h3> <ul> <li>Support BigInt conversions (7.x) (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2258">#2258</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7">f769242</a>)</li> </ul> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.8...protobufjs-v7.5.9">7.5.9</a> (2026-05-17)</h2> <h3>Bug Fixes</h3> <ul> <li>Backport bundler-safe optional module lookups (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2254">#2254</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797">0853a62</a>)</li> </ul> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.7...protobufjs-v7.5.8">7.5.8</a> (2026-05-12)</h2> <h3>Bug Fixes</h3> <ul> <li>Backport parser hardening to 7.x (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2245">#2245</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26">54b593f</a>)</li> </ul> <h2><a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7">7.5.7</a> (2026-05-09)</h2> <h3>Bug Fixes</h3> <ul> <li>Restore first-match namespace lookup (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2236">#2236</a>) (<a href="https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5">cc7d595</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/protobufjs/protobuf.js/commit/f0b50d2fa1247d6652618190c2d6602e6830b90d"><code>f0b50d2</code></a> chore: release protobufjs-v7.x (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2268">#2268</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/8a45c13d22ec2d05ab1b7935fcb5331ea59a9cd0"><code>8a45c13</code></a> fix: Backport misc utility hardening (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2280">#2280</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/479dfdcc690feb9f71986049d3d38c7a0f979abb"><code>479dfdc</code></a> fix: Treat fixed64 as unsigned in converters (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2266">#2266</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/e30c3341382b504a975d0d83f19170218cb461c3"><code>e30c334</code></a> chore: release protobufjs-v7.x (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2260">#2260</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/f76924244504b159efe1bb13b154fd17be3c13e7"><code>f769242</code></a> feat: Support BigInt conversions (7.x) (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2258">#2258</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/ab3862d133ab9b824f12eab5f993784333543dbf"><code>ab3862d</code></a> chore: release protobufjs-v7.x (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2255">#2255</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/0853a625680f9247596b84ef48082b8f4e554797"><code>0853a62</code></a> fix: Backport bundler-safe optional module lookups (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2254">#2254</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/d7035f9b7f06210ea343cab1f2f1cc18ee5cc1d6"><code>d7035f9</code></a> chore: release protobufjs-v7.x (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2248">#2248</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/54b593ffd960f7fe4b0c448a12542c3de0a0cf26"><code>54b593f</code></a> fix: Backport parser hardening to 7.x (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2245">#2245</a>)</li> <li><a href="https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a"><code>e88fcea</code></a> chore: release protobufjs-v7.x (<a href="https://redirect.github.com/protobufjs/protobuf.js/issues/2239">#2239</a>)</li> <li>Additional commits viewable in <a href="https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.6.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
cc533846db |
chore: bump @babel/core from 7.29.0 to 7.29.7 in /site (#25956)
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.29.0 to 7.29.7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/babel/babel/releases">@babel/core's releases</a>.</em></p> <blockquote> <h2>v7.29.7 (2026-05-25)</h2> <p>Re-release all packages with npm provenance attestations</p> <h2>v7.29.6 (2026-05-25)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/18014">#18014</a> Catchup source map position in preserveFormat (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> </li> <li><code>babel-core</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/18001">#18001</a> [7.x packport]Improve input source map handling (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-core</code>, <code>babel-generator</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17998">#17998</a> Preserve original identifier names from input sourcemaps (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992">#17992</a>) (<a href="https://github.com/Andarist"><code>@Andarist</code></a>)</li> </ul> </li> </ul> <h4>Committers: 3</h4> <ul> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> <li>Mateusz Burzyński (<a href="https://github.com/Andarist"><code>@Andarist</code></a>)</li> <li>Nicolò Ribaudo (<a href="https://github.com/nicolo-ribaudo"><code>@nicolo-ribaudo</code></a>)</li> </ul> <h2>v7.29.5 (2026-05-05)</h2> <h4>🏠 Internal</h4> <ul> <li><code>babel-preset-env</code> <ul> <li>Update <code>@babel/*</code> dependencies</li> </ul> </li> </ul> <h2>v7.29.4 (2026-05-05)</h2> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-plugin-transform-modules-systemjs</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17974">#17974</a> [7.x backport]fix(systemjs): improve module string name support (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>Committers: 1</h4> <ul> <li>Huáng Jùnliàng (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> <h2>v7.29.3 (2026-04-30)</h2> <h4>👓 Spec Compliance</h4> <ul> <li><code>babel-parser</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17923">#17923</a> Support flow extends bound (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>🐛 Bug Fix</h4> <ul> <li><code>babel-helper-create-class-features-plugin</code>, <code>babel-plugin-proposal-decorators</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17931">#17931</a> fix(decorators): replace super within all removed static elements (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> <li><code>babel-register</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17915">#17915</a> Fix thread synchronization issues in <code>@babel/register</code> (<a href="https://github.com/liuxingbaoyu"><code>@liuxingbaoyu</code></a>)</li> </ul> </li> <li><code>babel-compat-data</code>, <code>babel-plugin-bugfix-safari-rest-destructuring-rhs-array</code>, <code>babel-preset-env</code> <ul> <li><a href="https://redirect.github.com/babel/babel/pull/17788">#17788</a> Add bugfix plugin for Safari array rest destructuring bug (<a href="https://github.com/JLHwung"><code>@JLHwung</code></a>)</li> </ul> </li> </ul> <h4>💅 Polish</h4> <ul> <li><code>babel-parser</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090"><code>4fba754</code></a> v7.29.7</li> <li><a href="https://github.com/babel/babel/commit/04ea6b27fdac8f40c3481aec2080ac9678779509"><code>04ea6b2</code></a> v7.29.6</li> <li><a href="https://github.com/babel/babel/commit/99f498a9b9fa0b900d603fbe8f6601bb3b9e42bb"><code>99f498a</code></a> [7.x packport]Improve input source map handling (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/18001">#18001</a>)</li> <li><a href="https://github.com/babel/babel/commit/feba0a3654c596bd369d1ef1231f5d56666d56dc"><code>feba0a3</code></a> Preserve original identifier names from input sourcemaps (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17992">#17992</a>) (<a href="https://github.com/babel/babel/tree/HEAD/packages/babel-core/issues/17998">#17998</a>)</li> <li>See full diff in <a href="https://github.com/babel/babel/commits/v7.29.7/packages/babel-core">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
5320702a8a |
chore: bump axios from 1.16.0 to 1.16.1 in /site (#25954)
Bumps [axios](https://github.com/axios/axios) from 1.16.0 to 1.16.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.16.1 — May 13, 2026</h2> <p>This release ships a defence-in-depth fix for prototype pollution in <code>formDataToJSON</code>, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Prototype Pollution Defence-in-Depth:</strong> Hardened <code>formDataToJSON</code> against already-polluted <code>Object.prototype</code> by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (<strong><a href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li> <li><strong>Proxy Cleartext Leak:</strong> Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (<strong><a href="https://redirect.github.com/axios/axios/issues/10858">#10858</a></strong>)</li> <li><strong>CI Cache Removal:</strong> Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (<strong><a href="https://redirect.github.com/axios/axios/issues/10882">#10882</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Data URI Parsing:</strong> Updated the <code>fromDataURI</code> regex to match RFC 2397 more strictly, fixing edge cases in <code>data:</code> URL handling. (<strong><a href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li> <li><strong>Unicode Headers:</strong> Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10850">#10850</a></strong>)</li> <li><strong>XHR Upload Progress:</strong> Guarded against malformed <code>ProgressEvent</code> payloads emitted by some environments during XHR upload, preventing crashes when <code>loaded</code> / <code>total</code> are missing or invalid. (<strong><a href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li> <li><strong>Webpack 4 Fetch Adapter:</strong> Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (<strong><a href="https://redirect.github.com/axios/axios/issues/10864">#10864</a></strong>)</li> <li><strong>Type Definitions:</strong> Made <code>parseReviver</code> <code>context.source</code> optional in the type definitions to align with the ES2023 specification. (<strong><a href="https://redirect.github.com/axios/axios/issues/10837">#10837</a></strong>)</li> <li><strong>URL Object Support Reverted:</strong> Reverted the change that allowed passing a <code>URL</code> object as <code>config.url</code> (originally <strong><a href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (<strong><a href="https://redirect.github.com/axios/axios/issues/10874">#10874</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Cycle Detection Refactor:</strong> Replaced the array-based cycle tracker in <code>toJSONObject</code> with a <code>WeakSet</code>, improving performance and memory behaviour on large nested structures. (<strong><a href="https://redirect.github.com/axios/axios/issues/10832">#10832</a></strong>)</li> <li><strong>composeSignals Cleanup:</strong> Refactored <code>composeSignals</code> to use a clearer early-return structure, simplifying the cancellation/abort composition path. (<strong><a href="https://redirect.github.com/axios/axios/issues/10844">#10844</a></strong>)</li> <li><strong>AI Readiness & Repo Docs:</strong> Added <code>AGENTS.md</code> and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (<strong><a href="https://redirect.github.com/axios/axios/issues/10835">#10835</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10841">#10841</a></strong>)</li> <li><strong>Docs Improvements:</strong> Clarified the GET request example, fixed the interceptor <code>eject</code> example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (<strong><a href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li> <li><strong>Sponsorship Tooling:</strong> Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (<strong><a href="https://redirect.github.com/axios/axios/issues/10843">#10843</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10859">#10859</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10869">#10869</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>@commitlint/cli</code> from 20.5.0 to 20.5.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10846">#10846</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/hpinmetaverse"><code>@hpinmetaverse</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>)</li> <li><strong><a href="https://github.com/tommyhgunz14"><code>@tommyhgunz14</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li> <li><strong><a href="https://github.com/abhu85"><code>@abhu85</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li> <li><strong><a href="https://github.com/divyanshuraj1095"><code>@divyanshuraj1095</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>)</li> <li><strong><a href="https://github.com/sagodi97"><code>@sagodi97</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li> <li><strong><a href="https://github.com/rkdfx"><code>@rkdfx</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li> <li><strong><a href="https://github.com/Liuwei1125"><code>@Liuwei1125</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1">Full Changelog</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2>v1.16.1 — May 13, 2026</h2> <p>This release ships a defence-in-depth fix for prototype pollution in <code>formDataToJSON</code>, hardens proxy and CI workflows, restores Webpack 4 compatibility for the fetch adapter, and includes several small bug fixes and maintenance improvements.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Prototype Pollution Defence-in-Depth:</strong> Hardened <code>formDataToJSON</code> against already-polluted <code>Object.prototype</code> by walking own properties only, so attacker-controlled keys inherited from a poisoned prototype cannot propagate through deserialization. (<strong><a href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li> <li><strong>Proxy Cleartext Leak:</strong> Fixed an issue where HTTPS request data could be transmitted in cleartext to an HTTP proxy under certain configurations. (<strong><a href="https://redirect.github.com/axios/axios/issues/10858">#10858</a></strong>)</li> <li><strong>CI Cache Removal:</strong> Removed all GitHub Actions caches as a defence-in-depth measure against cache poisoning vectors in the build pipeline. (<strong><a href="https://redirect.github.com/axios/axios/issues/10882">#10882</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Data URI Parsing:</strong> Updated the <code>fromDataURI</code> regex to match RFC 2397 more strictly, fixing edge cases in <code>data:</code> URL handling. (<strong><a href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li> <li><strong>Unicode Headers:</strong> Preserved Unicode header values when running through request interceptors, so non-ASCII header content is no longer corrupted before dispatch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10850">#10850</a></strong>)</li> <li><strong>XHR Upload Progress:</strong> Guarded against malformed <code>ProgressEvent</code> payloads emitted by some environments during XHR upload, preventing crashes when <code>loaded</code> / <code>total</code> are missing or invalid. (<strong><a href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li> <li><strong>Webpack 4 Fetch Adapter:</strong> Fixed an "unexpected token" error caused by syntax in the fetch adapter that Webpack 4 could not parse, restoring compatibility for legacy bundler users. (<strong><a href="https://redirect.github.com/axios/axios/issues/10864">#10864</a></strong>)</li> <li><strong>Type Definitions:</strong> Made <code>parseReviver</code> <code>context.source</code> optional in the type definitions to align with the ES2023 specification. (<strong><a href="https://redirect.github.com/axios/axios/issues/10837">#10837</a></strong>)</li> <li><strong>URL Object Support Reverted:</strong> Reverted the change that allowed passing a <code>URL</code> object as <code>config.url</code> (originally <strong><a href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>) due to regressions; this support will be reintroduced in a later release once the underlying issues are addressed. (<strong><a href="https://redirect.github.com/axios/axios/issues/10874">#10874</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Cycle Detection Refactor:</strong> Replaced the array-based cycle tracker in <code>toJSONObject</code> with a <code>WeakSet</code>, improving performance and memory behaviour on large nested structures. (<strong><a href="https://redirect.github.com/axios/axios/issues/10832">#10832</a></strong>)</li> <li><strong>composeSignals Cleanup:</strong> Refactored <code>composeSignals</code> to use a clearer early-return structure, simplifying the cancellation/abort composition path. (<strong><a href="https://redirect.github.com/axios/axios/issues/10844">#10844</a></strong>)</li> <li><strong>AI Readiness & Repo Docs:</strong> Added <code>AGENTS.md</code> and related contributor-guide updates for both human and AI agents, plus post-release documentation improvements. (<strong><a href="https://redirect.github.com/axios/axios/issues/10835">#10835</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10841">#10841</a></strong>)</li> <li><strong>Docs Improvements:</strong> Clarified the GET request example, fixed the interceptor <code>eject</code> example to reference the correct instance, and corrected the Buzzoid sponsor description in the README. (<strong><a href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li> <li><strong>Sponsorship Tooling:</strong> Fixed empty sponsor arrays in the sponsor processing script, added the ability to inject additional sponsors, updated the sponsorship link, and added a Twicsy advertisement entry. (<strong><a href="https://redirect.github.com/axios/axios/issues/10843">#10843</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10859">#10859</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10869">#10869</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>@commitlint/cli</code> from 20.5.0 to 20.5.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10846">#10846</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/hpinmetaverse"><code>@hpinmetaverse</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10836">#10836</a></strong>)</li> <li><strong><a href="https://github.com/tommyhgunz14"><code>@tommyhgunz14</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7413">#7413</a></strong>)</li> <li><strong><a href="https://github.com/abhu85"><code>@abhu85</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10829">#10829</a></strong>)</li> <li><strong><a href="https://github.com/divyanshuraj1095"><code>@divyanshuraj1095</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10853">#10853</a></strong>)</li> <li><strong><a href="https://github.com/sagodi97"><code>@sagodi97</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10856">#10856</a></strong>)</li> <li><strong><a href="https://github.com/rkdfx"><code>@rkdfx</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10868">#10868</a></strong>)</li> <li><strong><a href="https://github.com/Liuwei1125"><code>@Liuwei1125</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10866">#10866</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1">Full Changelog</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/1337d6b537afb2d3f501074c8ac4ef4308221197"><code>1337d6b</code></a> chore(release): prepare release 1.16.1 (<a href="https://redirect.github.com/axios/axios/issues/10877">#10877</a>)</li> <li><a href="https://github.com/axios/axios/commit/858a790cec06054547d0d3f941916d6fb2a4d18e"><code>858a790</code></a> fix: remove all caches (<a href="https://redirect.github.com/axios/axios/issues/10882">#10882</a>)</li> <li><a href="https://github.com/axios/axios/commit/34adfd90efc9c145488399e1cf7fa96de67080fa"><code>34adfd9</code></a> revert: "fix: support URL object as config.url input (<a href="https://redirect.github.com/axios/axios/issues/10866">#10866</a>)" (<a href="https://redirect.github.com/axios/axios/issues/10874">#10874</a>)</li> <li><a href="https://github.com/axios/axios/commit/847d89b43654405d9a231e0b669832c2092b621f"><code>847d89b</code></a> fix: support URL object as config.url input (<a href="https://redirect.github.com/axios/axios/issues/10866">#10866</a>)</li> <li><a href="https://github.com/axios/axios/commit/40948863677bb793bfff0293cce7e7b4f8a1b212"><code>4094886</code></a> fix(progress): guard malformed XHR upload events (<a href="https://redirect.github.com/axios/axios/issues/10868">#10868</a>)</li> <li><a href="https://github.com/axios/axios/commit/44f0c5bf73c45df6009365141faa394d73596bd7"><code>44f0c5b</code></a> chore: change sponsorship link and add Twicsy advertisement (<a href="https://redirect.github.com/axios/axios/issues/10869">#10869</a>)</li> <li><a href="https://github.com/axios/axios/commit/64e1095efedc64c9fecf5176bd9cf2e5e93140d6"><code>64e1095</code></a> chore: update PR and issue template to use h2 (<a href="https://redirect.github.com/axios/axios/issues/10865">#10865</a>)</li> <li><a href="https://github.com/axios/axios/commit/3e6b4e1f311b43aa1dc77d78150a601d9fe4b280"><code>3e6b4e1</code></a> fix: error unexpected token in fetch JS compatibility issue with Webpack 4 (#...</li> <li><a href="https://github.com/axios/axios/commit/c4453bab70f53575175903aee60810c821f72129"><code>c4453ba</code></a> fix: add the ability to add additional sponsors to the process sponsors scrip...</li> <li><a href="https://github.com/axios/axios/commit/caa00a90b524bb67ed033474abcf4d8645ced793"><code>caa00a9</code></a> fix: https data in cleartext to proxy (<a href="https://redirect.github.com/axios/axios/issues/10858">#10858</a>)</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.16.0...v1.16.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
91aee5010d |
chore: bump @fontsource-variable/geist from 5.2.8 to 5.2.9 in /site (#25953)
Bumps [@fontsource-variable/geist](https://github.com/fontsource/font-files/tree/HEAD/fonts/variable/geist) from 5.2.8 to 5.2.9. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/fontsource/font-files/commits/HEAD/fonts/variable/geist">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
0182219011 |
chore: bump the react group across 1 directory with 3 updates (#25950)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps the react group with 3 updates in the /site directory: [react](https://github.com/facebook/react/tree/HEAD/packages/react), [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) and [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom). Updates `react` from 19.2.5 to 19.2.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases">react's releases</a>.</em></p> <blockquote> <h2>19.2.6 (May 6th, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Type hardening and performance improvements (<a href="https://redirect.github.com/facebook/react/pull/36425">#36425</a> by <a href="https://github.com/eps1lon"><code>@eps1lon</code></a> and <a href="https://github.com/unstubbable"><code>@unstubbable</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/facebook/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401"><code>eaf3e95</code></a> Version 19.2.6</li> <li>See full diff in <a href="https://github.com/facebook/react/commits/v19.2.6/packages/react">compare view</a></li> </ul> </details> <br /> Updates `@types/react` from 19.2.14 to 19.2.15 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> Updates `react-dom` from 19.2.5 to 19.2.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/react/releases">react-dom's releases</a>.</em></p> <blockquote> <h2>19.2.6 (May 6th, 2026)</h2> <h2>React Server Components</h2> <ul> <li>Type hardening and performance improvements (<a href="https://redirect.github.com/facebook/react/pull/36425">#36425</a> by <a href="https://github.com/eps1lon"><code>@eps1lon</code></a> and <a href="https://github.com/unstubbable"><code>@unstubbable</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/facebook/react/commit/eaf3e95ca92be7a23d3c9cc8ffd6f199a40be401"><code>eaf3e95</code></a> Version 19.2.6</li> <li>See full diff in <a href="https://github.com/facebook/react/commits/v19.2.6/packages/react-dom">compare view</a></li> </ul> </details> <br /> Updates `@types/react` from 19.2.14 to 19.2.15 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Paweł Banaszewski
|
f22d4e2cbb |
feat: add ai_gateway_keys table and related RBAC (#25563)
Adds table to store keys that AI Gateway standalone replicas will use to authenticate into Coderd. Also adds RBAC and audit boilerplate. |
||
|
Ethan
|
49c2142d2d |
fix: allow unlinking chat workspaces (#25833)
This allows a Coder Agents chat to detach from its linked workspace without deleting or changing the workspace, so a different workspace can be linked later. It adds detach controls wherever the linked workspace appears, including the workspace pill menu, fallback workspace badges, and the workspace picker. The workspace selection state now updates consistently across desktop and mobile. Running workspace: <img width="453" height="296" alt="image" src="https://github.com/user-attachments/assets/ac5197a7-f0f4-4123-bbea-d3ddaca7a3e4" /> Stopped workspace: <img width="389" height="203" alt="image" src="https://github.com/user-attachments/assets/f5a8a90c-4bb0-405a-ade3-791146687b2d" /> Closes CODAGT-510 |
||
|
Ethan
|
97dde1f824 |
fix: refresh attach workspace picker dynamically (#25834)
After the chat agent creates a workspace via the `create_workspace` tool, opening the composer `+` menu and clicking "Attach workspace" could show "No workspaces found" until a full page refresh, even though the workspace pill already rendered the linked workspace correctly. The picker was sourced only from the `owner:me` workspace list query, whose cache could be stale right after `create_workspace` completed. The fix derives the picker options at render time from both the owner workspace list and the linked workspace already fetched by ID for the pill, prepending or replacing the linked workspace only when the current user owns it. This keeps the picker consistent with the pill without broadening visibility beyond `owner:me` or invalidating workspace lists on chat link updates. Relates to CODAGT-510 |
||
|
TJ
|
fc01aeeb0f |
fix(site): show condensed count for multi-provider in sessions list (#25705)
The Provider column in the AI sessions list now shows: - **Multiple providers**: condensed count badge (e.g. `2 providers`) - **Single provider**: icon + display name badge (e.g. `OpenAI`) (existing behavior) - **Empty**: nothing rendered ## Changes | File | Change | |------|--------| | `ListSessionsRow.tsx` | Conditional rendering for the provider cell based on `providers.length` | | `ListSessionsRow.stories.tsx` | Added stories: `SingleProvider`, `MultipleProviders`, `EmptyProviders` | | `ListSessionsPageView.stories.tsx` | `MultipleSessions` story alternates single/multi provider rows | > Generated by Coder Agents on behalf of @tracyjohnsonux |
||
|
Ethan
|
aa9ef66d81 |
fix(site/src/pages/AgentsPage): drop misleading response-startup warning (#25905)
The agents UI showed "Response startup is taking longer than expected" after a 15s grace period while waiting on the LLM provider. The message implied a problem was about to occur, but it does not actually lead to a timeout. The typical underlying cause is provider slowness rather than a client-side issue, so the warning is alarmist and unhelpful. Drop the delayed message and its timer entirely. The `starting` phase now keeps showing the shimmering "Thinking..." indicator until the first stream chunk arrives. Also remove the now-dead `startingResetKey` / `chatID` plumbing that only existed to remount the placeholder and reset the delayed-message timer when switching chats. Closes CODAGT-536 |
||
|
Ethan
|
644820cb28 |
fix(site/src/pages/AgentsPage): stabilize settings story (#25899)
I ran into the `SettingsViewResets` Storybook flake twice on my branch. The story reopens Agents settings immediately after clicking `Back to Agents`, but the helper was synchronously checking for the desktop `Settings` link before React Router had finished rendering `/agents`; on desktop it could then fall through to the mobile-only `More options` menu and fail. Use `findByRole` for the desktop `Settings` link so the helper waits for the accessible sidebar link before clicking it, matching the existing Storybook interaction pattern used elsewhere in Agents stories. |
||
|
Danny Kopping
|
a85462bd49 |
feat: support adding GitHub Copilot AI provider via UI (#25888)
Copilot is the only AI provider type that could not be added through the `/ai/settings` UI. The aibridge runtime and the env-var seeding path already supported it, but the runtime CRUD API rejected `type=copilot` and the UI omitted it entirely. The root cause is that Copilot's auth model (a per-request GitHub OAuth token, with no pre-shared key) does not fit the credential-centric add-provider flow that every other provider uses. ## Backend Allow `type=copilot` in `CreateAIProviderRequest.Validate()`, and reject `api_keys` for Copilot on both create (validation) and update (handler sentinel), mirroring the existing Bedrock guards. Copilot carries no stored credential. ## Frontend Add Copilot to the provider type picker (with the `github-copilot.svg` icon) and give the form a credential-free branch: name, display name, and a free-text endpoint defaulting to `https://api.business.githubcopilot.com`, with copy explaining that authentication happens via the user's GitHub token at request time. Copilot maps to the distinct `copilot` wire type rather than collapsing to `openai`, and the edit flow recovers it correctly. The endpoint stays required with a business-tier default; users on the individual or enterprise endpoints edit the field. 🤖 Generated with [Claude Code](https://claude.com/claude-code) |
||
|
Ethan
|
1fcb4002d7 |
fix: show execute tool errors (#25886)
Execute tool failures that only return an `error` field, such as stopped-workspace connection failures, were rendered as a generic failed command without showing the backend detail. Normalize execute results into transcript blocks so shell output and tool errors both render in the *expanded* command transcript, and add Storybook coverage for connection errors plus output-with-error cases. <img width="832" height="482" alt="image" src="https://github.com/user-attachments/assets/50b04b9a-b153-48e5-ab5e-6c2fa000f21e" /> edit: i've dropped the red on the danger icon, though it was pre-existing. no point alerting the user to an error the model will handle. Closes CODAGT-530 |
||
|
Atif Ali
|
6f5220202d | fix(site/src/modules/resources): clarify agent log download button label (#25641) | ||
|
TJ
|
22cbf85e96 |
fix(site): adjust agents sidebar spacing (#25857)
Fixes minor spacing issues in the agents sidebar. ## Changes - Reduce gap between New Agent / Search nav items from `gap-1` (0.25rem) to `gap-[0.15rem]` - Change Chats header top spacing from `mt-4` (margin-top 1rem) to `pt-6` (padding-top 1.5rem) - Remove `pt-5` padding-top from the scroll content groups container (Today, Yesterday, etc.) - Add `pr-1` (0.25rem padding-right) to the unread indicator circle > Generated by Coder Agents on behalf of @tracyjohnsonux |
||
|
dependabot[bot]
|
011914bb14 |
chore: bump axios from 1.15.2 to 1.16.0 in /site (#25861)
Bumps [axios](https://github.com/axios/axios) from 1.15.2 to 1.16.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.16.0 — May 2, 2026</h2> <p>This release adds support for the QUERY HTTP method and a new <code>ECONNREFUSED</code> error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.</p> <h2>⚠️ Notable Changes</h2> <p>A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:</p> <ul> <li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and <code>maxContentLength</code>.</strong> These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li> <li><strong>Proxy requests now preserve user-supplied <code>Host</code> headers.</strong> Previously, the proxy path could overwrite a custom <code>Host</code>. Virtual-host-style routing through a proxy will now behave correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li> <li><strong>Basic auth credentials embedded in URLs are now URL-decoded.</strong> If you have percent-encoded credentials in a URL (e.g. <code>https://user:p%40ss@host</code>), the decoded value is what now goes on the wire. (<strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong><code>parseProtocol</code> now strictly requires a colon in the protocol separator.</strong> Strings that loosely parsed as protocols before may no longer match. (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Deprecated <code>unescape()</code> replaced with modern UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct; consumers depending on legacy <code>unescape()</code> quirks may see different output bytes. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong><code>transformRequest</code> input typing change was reverted.</strong> The typing change introduced in <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> was reverted in <a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a> after follow-up review — net behavior is unchanged from 1.15.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP method across adapters and type definitions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li> <li><strong>ECONNREFUSED Error Constant:</strong> Exposed <code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so callers can match connection-refused failures without comparing string literals (closes <a href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>). (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong>Encode Helper Export:</strong> Exported the internal <code>encode</code> helper from <code>buildURL</code> so userland param serializers can reuse the same encoding logic that axios uses internally. (<strong><a href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>HTTP Adapter — Redirects & Headers:</strong> Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing <code>requestDetails</code> argument on <code>beforeRedirect</code>, preserved user-supplied <code>Host</code> headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (<strong><a href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong>HTTP Adapter — Streams & Timeouts:</strong> Preserved the partial response object on <code>AxiosError</code> when a stream is aborted after headers arrive, honoured the <code>timeout</code> option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and <code>maxRedirects: 0</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li> <li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code> / <code>maxContentLength</code> in the fetch adapter, set the <code>User-Agent</code> header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a <code>TypeError</code> in restricted environments. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li> <li><strong>XHR Adapter:</strong> Unsubscribed the <code>cancelToken</code> and <code>AbortSignal</code> listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong>Error Handling:</strong> Attached the parsed response to <code>AxiosError</code> when <code>JSON.parse</code> fails inside <code>dispatchRequest</code>, prevented <code>settle</code> from emitting <code>undefined</code> error codes, and tightened the <code>parseProtocol</code> regex to require a colon in the protocol separator. (<strong><a href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Types & Exports:</strong> Aligned the CommonJS <code>CancelToken</code> typings with the ESM build, fixed a compiler error caused by <code>RawAxiosHeaders</code>, and re-exported <code>create</code> from the package index. (<strong><a href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li> <li><strong>UTF-8 Encoding:</strong> Replaced the deprecated <code>unescape()</code> call with a modern UTF-8 encoding implementation. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong>Misc Cleanup:</strong> Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (<strong><a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Refactor — ES6 Modernisation:</strong> Modernised the <code>utils</code> module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (<strong><a href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li> <li><strong>Docs:</strong> Documented <code>paramsSerializer.encode</code> for strict RFC 3986 query encoding, updated the <code>parseReviver</code> TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li> <li><strong>Reverted:</strong> Reverted the <code>transformRequest</code> input typing change from <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> after follow-up review. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>actions/setup-node</code>, the <code>github-actions</code> group, and <code>postcss</code> (in <code>/docs</code>) to their latest versions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li> <li><strong>Release:</strong> Updated changelog and packages, and prepared the 1.16.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/singhankit001"><code>@singhankit001</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li> <li><strong><a href="https://github.com/cuiweixie"><code>@cuiweixie</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong><a href="https://github.com/iruizsalinas"><code>@iruizsalinas</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong><a href="https://github.com/MarcosNocetti"><code>@MarcosNocetti</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong><a href="https://github.com/deepview-autofix"><code>@deepview-autofix</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2>v1.16.0 — May 2, 2026</h2> <p>This release adds support for the QUERY HTTP method and a new <code>ECONNREFUSED</code> error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.</p> <h2>⚠️ Notable Changes</h2> <p>A handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:</p> <ul> <li><strong>Fetch adapter now enforces <code>maxBodyLength</code> and <code>maxContentLength</code>.</strong> These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>)</li> <li><strong>Proxy requests now preserve user-supplied <code>Host</code> headers.</strong> Previously, the proxy path could overwrite a custom <code>Host</code>. Virtual-host-style routing through a proxy will now behave correctly. (<strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>)</li> <li><strong>Basic auth credentials embedded in URLs are now URL-decoded.</strong> If you have percent-encoded credentials in a URL (e.g. <code>https://user:p%40ss@host</code>), the decoded value is what now goes on the wire. (<strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong><code>parseProtocol</code> now strictly requires a colon in the protocol separator.</strong> Strings that loosely parsed as protocols before may no longer match. (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Deprecated <code>unescape()</code> replaced with modern UTF-8 encoding.</strong> Non-ASCII URL handling is now spec-correct; consumers depending on legacy <code>unescape()</code> quirks may see different output bytes. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong><code>transformRequest</code> input typing change was reverted.</strong> The typing change introduced in <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> was reverted in <a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a> after follow-up review — net behavior is unchanged from 1.15.2. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>QUERY HTTP Method:</strong> Added support for the QUERY HTTP method across adapters and type definitions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10802">#10802</a></strong>)</li> <li><strong>ECONNREFUSED Error Constant:</strong> Exposed <code>ECONNREFUSED</code> as a constant on <code>AxiosError</code> so callers can match connection-refused failures without comparing string literals (closes <a href="https://redirect.github.com/axios/axios/issues/6485">#6485</a>). (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong>Encode Helper Export:</strong> Exported the internal <code>encode</code> helper from <code>buildURL</code> so userland param serializers can reuse the same encoding logic that axios uses internally. (<strong><a href="https://redirect.github.com/axios/axios/issues/6897">#6897</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>HTTP Adapter — Redirects & Headers:</strong> Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing <code>requestDetails</code> argument on <code>beforeRedirect</code>, preserved user-supplied <code>Host</code> headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (<strong><a href="https://redirect.github.com/axios/axios/issues/10794">#10794</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10800">#10800</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6241">#6241</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10822">#10822</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a></strong>)</li> <li><strong>HTTP Adapter — Streams & Timeouts:</strong> Preserved the partial response object on <code>AxiosError</code> when a stream is aborted after headers arrive, honoured the <code>timeout</code> option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and <code>maxRedirects: 0</code>. (<strong><a href="https://redirect.github.com/axios/axios/issues/10708">#10708</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7149">#7149</a></strong>)</li> <li><strong>Fetch Adapter:</strong> Enforced <code>maxBodyLength</code> / <code>maxContentLength</code> in the fetch adapter, set the <code>User-Agent</code> header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a <code>TypeError</code> in restricted environments. (<strong><a href="https://redirect.github.com/axios/axios/issues/10795">#10795</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10772">#10772</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10806">#10806</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a></strong>)</li> <li><strong>XHR Adapter:</strong> Unsubscribed the <code>cancelToken</code> and <code>AbortSignal</code> listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong>Error Handling:</strong> Attached the parsed response to <code>AxiosError</code> when <code>JSON.parse</code> fails inside <code>dispatchRequest</code>, prevented <code>settle</code> from emitting <code>undefined</code> error codes, and tightened the <code>parseProtocol</code> regex to require a colon in the protocol separator. (<strong><a href="https://redirect.github.com/axios/axios/issues/10724">#10724</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> <li><strong>Types & Exports:</strong> Aligned the CommonJS <code>CancelToken</code> typings with the ESM build, fixed a compiler error caused by <code>RawAxiosHeaders</code>, and re-exported <code>create</code> from the package index. (<strong><a href="https://redirect.github.com/axios/axios/issues/7414">#7414</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6389">#6389</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/6460">#6460</a></strong>)</li> <li><strong>UTF-8 Encoding:</strong> Replaced the deprecated <code>unescape()</code> call with a modern UTF-8 encoding implementation. (<strong><a href="https://redirect.github.com/axios/axios/issues/7378">#7378</a></strong>)</li> <li><strong>Misc Cleanup:</strong> Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (<strong><a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Refactor — ES6 Modernisation:</strong> Modernised the <code>utils</code> module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong>Tests:</strong> Hardened the HTTP test server lifecycle to fix flaky <code>FormData</code> EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (<strong><a href="https://redirect.github.com/axios/axios/issues/10820">#10820</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10791">#10791</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10796">#10796</a></strong>)</li> <li><strong>Docs:</strong> Documented <code>paramsSerializer.encode</code> for strict RFC 3986 query encoding, updated the <code>parseReviver</code> TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10821">#10821</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10782">#10782</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10759">#10759</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10804">#10804</a></strong>)</li> <li><strong>Reverted:</strong> Reverted the <code>transformRequest</code> input typing change from <a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a> after follow-up review. (<strong><a href="https://redirect.github.com/axios/axios/issues/10745">#10745</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10810">#10810</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>actions/setup-node</code>, the <code>github-actions</code> group, and <code>postcss</code> (in <code>/docs</code>) to their latest versions. (<strong><a href="https://redirect.github.com/axios/axios/issues/10785">#10785</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10813">#10813</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10814">#10814</a></strong>)</li> <li><strong>Release:</strong> Updated changelog and packages, and prepared the 1.16.0 release. (<strong><a href="https://redirect.github.com/axios/axios/issues/10790">#10790</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve axios:</p> <ul> <li><strong><a href="https://github.com/singhankit001"><code>@singhankit001</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10588">#10588</a></strong>)</li> <li><strong><a href="https://github.com/cuiweixie"><code>@cuiweixie</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7419">#7419</a></strong>)</li> <li><strong><a href="https://github.com/iruizsalinas"><code>@iruizsalinas</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10787">#10787</a></strong>)</li> <li><strong><a href="https://github.com/MarcosNocetti"><code>@MarcosNocetti</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10680">#10680</a></strong>)</li> <li><strong><a href="https://github.com/deepview-autofix"><code>@deepview-autofix</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10729">#10729</a></strong>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc"><code>df53d7d</code></a> chore(release): prepare release 1.16.0 (<a href="https://redirect.github.com/axios/axios/issues/10834">#10834</a>)</li> <li><a href="https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e"><code>9d92bcd</code></a> fix: gadgets and smaller issues (<a href="https://redirect.github.com/axios/axios/issues/10833">#10833</a>)</li> <li><a href="https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435"><code>5107ee6</code></a> fix: prevent undefined error codes in settle (<a href="https://redirect.github.com/axios/axios/issues/7276">#7276</a>)</li> <li><a href="https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8"><code>e573499</code></a> fix(fetch): defer global access in fetch adapter (<a href="https://redirect.github.com/axios/axios/issues/7260">#7260</a>)</li> <li><a href="https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3"><code>ad68e1a</code></a> fix(http): honor timeout during connect without redirects (<a href="https://redirect.github.com/axios/axios/issues/10819">#10819</a>)</li> <li><a href="https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d"><code>2a51828</code></a> fix(http): decode URL basic auth credentials (<a href="https://redirect.github.com/axios/axios/issues/10825">#10825</a>)</li> <li><a href="https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1"><code>0e8b6bb</code></a> fix(http): preserve user-supplied Host header when forwarding through a proxy...</li> <li><a href="https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b"><code>79f39e1</code></a> docs: document paramsSerializer.encode for strict RFC 3986 query encoding (<a href="https://redirect.github.com/axios/axios/issues/1">#1</a>...</li> <li><a href="https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e"><code>0fe3a5f</code></a> [Docs/Types] Update <code>parseReviver</code> TypeScript definitions for ES2023 and add ...</li> <li><a href="https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d"><code>cd6737f</code></a> chore: matches the sibling responseStream.on(aborted) handler and added tests...</li> <li>Additional commits viewable in <a href="https://github.com/axios/axios/compare/v1.15.2...v1.16.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/coder/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Yevhenii Shcherbina
|
1a91d31793 |
feat: add user AI budget override endpoints (#25439)
Implements https://linear.app/codercom/issue/AIGOV-285 Follow the structure established in https://github.com/coder/coder/pull/25203 ## Summary Adds the `user_ai_budget_overrides` table and CRUD API at `/api/v2/users/{user}/ai/budget`. An override sets a custom per-user spend cap that supersedes group-budget resolution, attributing spend to a specific group. ## Schema ```sql CREATE TABLE user_ai_budget_overrides ( user_id UUID PRIMARY KEY REFERENCES users(id) ON DELETE CASCADE, group_id UUID NOT NULL REFERENCES groups(id) ON DELETE CASCADE, spend_limit_micros BIGINT NOT NULL CHECK (spend_limit_micros >= 0), created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() ); ``` ## Membership lifecycle The membership invariant — a user must be a member of the attributed group, including when that group is "Everyone" — would naturally be expressed as a composite FK on `(user_id, group_id) → group_members_expanded(user_id, group_id)`. PostgreSQL doesn't allow foreign keys to reference views, so enforcement is split across two mechanisms: - **Write-time check.** A CHECK constraint on the table (`user_ai_budget_overrides_must_be_group_member`) calls a `STABLE` function `is_group_member(user_id, group_id)` that queries `group_members_expanded`. The view surfaces both regular group memberships and the implicit "Everyone" group memberships from `organization_members`. Any INSERT or UPDATE that violates the predicate is rejected with a Postgres `check_violation`, which the handler maps to a 400. `is_group_member` is defined as a general predicate, reusable by any future table that needs the same check. - **Cascade on removal.** Two `BEFORE DELETE` triggers handle membership loss: - `trigger_delete_user_ai_budget_overrides_on_group_member_delete` on `group_members` — covers regular group removals (admin action, OIDC sync). - `trigger_delete_user_ai_budget_overrides_on_org_member_delete` on `organization_members` — covers the "Everyone" group, whose membership lives in `organization_members`. The single-column FKs on `users(id)` and `groups(id)` remain to cascade on user or group deletion (those paths don't pass through `group_members`). ## Authorization The dbauthz layer gates each operation against the `User` and (for writes) `Group` resources: | Operation | User resource | Group resource | |-----------|----------------|----------------| | `GET` | `ActionRead` | — | | `PUT` | `ActionUpdate` | `ActionUpdate` | | `DELETE` | `ActionUpdate` | `ActionUpdate` | For `DELETE`, the dbauthz layer fetches the existing override first to learn the attributed `group_id`, then runs both checks. ### Role matrix | Role | GET | PUT | DELETE | |--------------|-----|-----|--------| | Owner | ✅ | ✅ | ✅ | | UserAdmin | ✅ | ✅ | ✅ | | OrgAdmin | ✅ | ❌ | ❌ | | OrgUserAdmin | ✅ | ❌ | ❌ | Internal discussion: https://codercom.slack.com/archives/C096PFVBZKN/p1779392747885359 ## Audit logs Audit logs will be addressed in a follow-up PR. |
||
|
Thomas Kosiewski
|
9448624d2d | feat(site): add Opus 4.8 known model (#25839) | ||
|
Cian Johnston
|
d0a51da0a9 |
feat: classify provider_disabled 503 as non-retryable (#25800)
Builds on top of https://github.com/coder/coder/pull/25794 Adds a new `provider_disabled` error classification in `chatd` with the corresponding plumbing to classify it as non-retryable. Also adds a story for how this particular error kind is displayed in the UI. |
||
|
Danielle Maywood
|
4144eb3c4f | fix(site/src/pages/AgentsPage): avoid stale live tail spacing (#25846) | ||
|
Sas Swart
|
a586b7e5e0 |
feat: add boundary_log rbac resource (#24810)
RFC: [Bridge ↔ Boundaries Correlation RFC](https://www.notion.so/coderhq/Gateway-and-Firewall-Correlation-RFC-31ad579be592803aa8b3d48348ccdde9) Register a dedicated `boundary_log` RBAC resource type with `create`, `read`, and `delete` actions, replacing the placeholder `rbac.ResourceAuditLog` and `rbac.ResourceSystem` references previously used in the dbauthz layer. Create is granted at user-level so workspace agents can only write logs owned by their workspace owner, preventing cross-workspace log fabrication. Delete is restricted to `DBPurge` only; no human role (including owner) can delete boundary logs. | Subject | Create (own) | Create (other) | Read (all) | Delete | |---|---|---|---|---| | Workspace agent | yes | no | no | no | | Owner (site admin) | yes (via member) | no | yes | no | | Auditor | no | no | yes | no | | DBPurge | no | no | no | yes | ### Changes - **RBAC policy & resource definition**: add `boundary_log` to `policy.go` and generate `ResourceBoundaryLog` object, scope constants, and codersdk/TypeScript types. - **dbauthz authorization**: replace all `ResourceAuditLog`/`ResourceSystem` placeholders with `ResourceBoundaryLog`. `InsertBoundaryLog` and `InsertBoundarySession` derive the workspace owner from the agent and authorize with `.WithOwner()` for user-scoped create. - **Role assignments:** - **Owner (site):** read only. Excluded from `allPermsExcept` wildcard; create is inherited from member at user-level. - **Member (user-level):** create. User-scoped so agents can only write logs they own. - **Auditor (site):** read. - `boundary_log` is excluded from org-admin, org-member, and org-service-account `allPermsExcept` calls for consistency with `ResourceBoundaryUsage`. - **System subjects:** - **DB Purge** (`SubjectTypeDBPurge`): delete. The only subject that can remove boundary logs. - **Workspace agent scope**: `ResourceBoundaryLog` with wildcard ID in the agent scope allow-list (necessary for creation since no pre-existing ID exists). User-level role scoping prevents deployment-wide access. - **DB migration** (`000510_boundary_log_scopes`): add `boundary_log:*`, `boundary_log:create`, `boundary_log:delete`, `boundary_log:read` enum values to `api_key_scope`. - **Test coverage**: `BoundaryLogCreate` (user-scoped, only matching owner succeeds), `BoundaryLogDelete` (all human roles denied), `BoundaryLogRead` (owner + auditor). dbauthz mock tests set up workspace agent lookups for owner derivation. - **Generated docs**: update OpenAPI specs, API reference docs, and frontend type definitions. --------- Co-authored-by: Muhammad Danish <mdanishkhdev@gmail.com> Co-authored-by: Coder Agents <coder-agents-review[bot]@users.noreply.github.com> |
||
|
Danielle Maywood
|
88060b846e | style(site): use lightbulb icon for thinking (#25844) | ||
|
Cian Johnston
|
78d556fffc |
feat(site/src/pages/AgentsPage): show error details for generic errors (#25803)
Error messages in agent chat now expose the actual error detail instead of hiding it entirely. Also captures API response detail for generic errors that previously dropped it. |
||
|
TJ
|
a801d996e7 |
fix(site): update models settings page description text (#25830)
Updates the description text on the Agent Settings > Models page (`/agents/settings/models`). **Before:** "Choose which models from your configured providers are available for users to select. You can set a default and adjust context limits." **After:** "Choose which models from your configured providers are available for Coder Agents. Set a default and adjust context limits." > Generated by Coder Agents on behalf of @tracyjohnsonux |
||
|
TJ
|
650069f949 |
feat: update search dialog with filter pills and default view (#25753)
Update the ChatSearchDialog with four interaction states: 1. **Default (empty)**: quick actions (New chat, Settings, Personal Skills, View usage) + recent chats list 2. **Focused**: filter-by dropdown overlay with clickable chips (Unread, Archived, PR status, Diff URL) 3. **Active search**: filter pills and/or freeform text with debounced live results showing "N results" count 4. **Parameterized filter**: incomplete pill (dashed border) for filters needing a value (e.g. `pr_status:`); Space or Enter commits the value into a solid pill Filter pills and freeform text are combinable. Backspace on empty text removes the last pill. The filter dropdown overlays content below and dismisses on blur or Escape. Changes: - `ChatSearchDialog.tsx`: manages structured filter state with separate `incompleteFilterKey` tracking, renders filter dropdown, passes recent chats and quick action callbacks - `ChatSearchInput.tsx`: renders completed filter pills (solid border, x dismiss) and incomplete pills (dashed border) inline with the text input - `ChatSearchResults.tsx`: default view shows quick actions + recent chats instead of the old help text; "No matching chats" is centered in the modal - `ChatsSidebar.tsx`: passes `recentChats`, `onNewChat`, `onOpenSettings` to the dialog <details> <summary>Implementation notes</summary> - No backend changes; reuses existing `chatSearch()` API and `normalizeChatSearchInput()` normalizer - Filter state uses a clean model: `filters` array for committed filters + `incompleteFilterKey` string for the parameterized filter being typed; `freeText` serves dual purpose (filter value when incomplete key is set, otherwise freeform search) - The filter dropdown is absolutely positioned (`top-full`) below the search input, dismisses via container `onBlur` with `contains(relatedTarget)` check - Quick action links (Personal Skills, View usage) use `Link` components that close the dialog on click > Generated with [Coder Agents](https://coder.com/agents) </details> |
||
|
TJ
|
d3bedb4a93 |
refactor(site): promote search to full-width sidebar nav item (#25595)
Move the chat search button from a subtle icon next to the filter in the
Chats header to a prominent full-width nav item below New Agent. The
search bar shows a magnifying glass icon and "Search" label by default,
with the keyboard shortcut badge (`⌘ K` / `Ctrl K`) and background
appearing on hover/focus.
Also pull the Chats header and filter row out of the scroll area so the
scrollbar only covers the chat list content, and align the logo row with
the nav item content inset.
> 🤖 Generated by Coder Agents on behalf of @tracyjohnsonux
|
||
|
Jon Ayers
|
c248dfb437 | fix: escape agent log HTML (#25808) | ||
|
Cian Johnston
|
7ea0eff94e |
fix: improve chat audit log descriptions and diff rendering (#25728)
Chat ACL audit diffs rendered as `[object Object]` because the diff viewer called `.toString()` on object values. Common chat operations (archive, share) showed generic "updated chat" descriptions instead of semantic ones. Add `chatAuditLogDescription` to derive semantic descriptions from the audit diff for successful chat writes: "archived/unarchived chat" for archive toggles, "updated sharing for chat" for ACL-only changes. Extract diff value formatting into `formatAuditDiffValue`, which renders object values as deterministic compact JSON with sorted keys, fixing the `[object Object]` rendering for chat ACLs and any other object-valued fields. The previous `determineIdPSyncMappingDiff` workaround for IdP sync mappings was removed because the generic formatting handles it. Closes CODAGT-513 > Generated by Coder Agents on behalf of @johnstcn |
||
|
TJ
|
ebf56ebd12 |
feat(site): desktop panel toolbar, zoom modes, and pop-out window (#25585)
Redesigns the agent desktop panel with a persistent toolbar, zoom modes, and a detachable pop-out window. ## Changes **Toolbar** (`DesktopToolbar`) - Persistent top bar with right-aligned controls: Take/Release control, Zoom toggle, Detach - All buttons use consistent `subtle` variant with icon + label - `h-8` height, `bg-surface-primary` background with bottom border **Zoom modes** - Defaults to fit-to-window (`scaleViewport = true`) so the full 1920x1080 desktop is visible - Toggle to native 100% resolution via toolbar button or keyboard shortcuts (`Ctrl+0` fit, `Ctrl+1` native) - noVNC background color overridden from hardcoded `rgb(40,40,40)` to `--surface-secondary` so letterbox margins match the app theme in light and dark mode **Pop-out window** - New route at `/agents/:agentId/desktop` for a dedicated desktop window - Opens via toolbar "Detach" button at 50% of screen size, centered - BroadcastChannel coordination: sidebar shows placeholder with "Bring back" button - Closing the pop-out window automatically restores the sidebar panel **Other** - `useDesktopConnection` hook accepts `scaleViewport` option, synced to the RFB instance via a secondary effect - `DesktopPanelContext` extended with `agent` and `workspace` fields - Replaces the previous hover-overlay take/release control UX with toolbar buttons > Generated by Coder Agents on behalf of @tracyjohnsonux |
||
|
Danielle Maywood
|
0d1340a430 | fix: collapse agent command output by default (#25748) | ||
|
Steven Masley
|
4591212482 |
feat: implement SCIM handler for SCIM 2.0 compliance (#25572)
Rewrites the SCIM 2.0 user provisioning handler to be RFC 7644 compliant. Verified against an external IdP Okta. Behavior is OPT IN |
||
|
Cian Johnston
|
6df1536256 |
fix: add missing_key error kind for missing chat api_key_id (#25783)
Refs CODAGT-486 - `codersdk/chats.go`: New `ChatErrorKindMissingKey` constant and `AllChatErrorKinds` entry - `coderd/x/chatd/chaterror/message.go`: `terminalMessage` and `retryMessage` cases - `coderd/x/chatd/model_routing_aibridge.go`: Pre-classify error with `WithClassification` - `coderd/x/chatd/model_routing_internal_test.go`: Classification assertion on production path (CRF-2) - `chatStatusHelpers.ts`: Frontend title "Chat interrupted" - `LiveStreamTail.stories.tsx`: Storybook story with `detail` assertion - `docs/ai-coder/ai-gateway/clients/coder-agents.md`: Troubleshooting entry - Tests: classification round-trip, terminal message, metrics kind enumeration > Generated with [Coder Agents](https://coder.com/agents) on behalf of @johnstcn |
||
|
Danielle Maywood
|
8600b59aae | fix(site): normalize thinking transcript row (#25749) | ||
|
TJ
|
cfa343e456 |
refactor(site): update BYOK link to use "View docs" on AI settings page (#25743)
Changes the "Manage deployment-wide BYOK" link on the AI Providers
settings page (`/ai/settings`) to "View docs", matching the pattern used
on the provisioner keys page (`/organizations/{org}/provisioner-keys`).
### Changes
- Swapped `Link` from `react-router` to `#/components/Link/Link` (uses
`href` instead of `to`)
- Removed `target="_blank"` and `rel="noreferrer"`: the link now
navigates in the same tab, matching the provisioner keys page convention
- Changed link text from "Manage deployment-wide BYOK" to "View docs"
> Generated by Coder Agents on behalf of @tracyjohnsonux
|
||
|
Sas Swart
|
3b8a9ff802 |
feat: add preset query parameter for workspace creation deeplinks (#24328)
Co-authored-by: Atif Ali <atif@coder.com> |