Commit graph

3008 commits

Author SHA1 Message Date
Mime Čuvalo
dba6d4c414
chore: cleanup multiple uses of FileReader (#3110)
from
https://discord.com/channels/859816885297741824/1006133967642177556/1213038401465618433

### Change Type

- [x] `patch` — Bug fix
2024-03-12 09:10:18 +00:00
Steve Ruiz
60cc0dcce3
Menu updates / fix flip / add export / remove Shape menu (#3115)
This PR:
- adds the export all menu items to the main menu
- removes the export all menu items from the dotcom menus
- removes the shape menu and reverts several changes from
https://github.com/tldraw/tldraw/pull/2782. This was not properly
reviewed (I thought it was a PR about hiding / showing menu items).
- fixes a bug with exporting (exporting JSON was not working when the
user had no selected shapes)
- fixes a bug that would prevent "flip shapes" from appearing in the
menu
- prevents export / copy actions from running if there are no shapes on
the page
- allows export / copy actions to default to all shapes on the page if
no shapes are selected

These changes have not been released in the dotcom yet. There's will be
some thrash in the APIs.

# Menu philosophy

In the menu, the **edit** submenu relates to undo/redo, plus the user's
current selection.

Menu items that relate to specific to certain shapes are hidden when not
available.

Menu items that relate to all shapes are disabled when not available.

<img width="640" alt="image"
src="https://github.com/tldraw/tldraw/assets/23072548/e467e6bb-d958-4a9a-ac19-1dada52dcfa6">

### Change Type

- [x] `major` — Bug fix

### Test

- Select no shapes (arrange / flip should not be visible)
- Select one geo shape (arrange / flip should not be visible)
- Select two geo shapes (arrange / flip should be visible)
- Select one draw shape (arrange / flip should not be visible)

### Release Notes

- Revert some changes in the menu.
2024-03-11 18:31:28 +00:00
Dan Groshev
f1b4f807d8
Don't import package.json in scripts/refresh-assets.ts, just read it (#3116)
Per #3018, the `import` causes `scripts/refresh-assets.ts` to fail on
Windows. This PR applies @SomeHats's suggestions cleanly on top of the
current `main`. Thank you @cscxj for the original report!

Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package
2024-03-11 17:52:58 +00:00
Dan Groshev
19a1d01b8e
attempted fix of a flaky ClientWebSocketAdapter test (#3114)
### Change Type

- [x] `tests` — Changes to any test code only
2024-03-11 17:33:02 +00:00
Mime Čuvalo
5e54526776
docs: fix up github link (#3108) 2024-03-11 14:13:30 +00:00
David Sheldrick
47a85896e0
[dx] Allow vscode to search inside md files by default (#3105)
Before this PR all .md files were targeted by the `.ignore` file, which
has bitten me on a number of occasions since .md files often contain
valuable information (e.g. the vscode extensions docs). This PR
unignores .md files while still ignoring _generated_ .md files like our
changelogs, the api-report files, and the generated docs sections.

Additionally, the `yarn format` and `yarn lint` commands were configured
slightly differently, which was confusing, so I've unified those and
simplified the lint.ts script at the same time.

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version
2024-03-11 14:08:04 +00:00
Dan Groshev
e527d7d0d7
Debounce/aggregate tlsync messages (#3012)
There is very little point sending data messages more often than 60
times a second, so we buffer them before sending.

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package

### Test Plan

1. Smoke test (on a retro?)

- [x] End to end tests

---------

Co-authored-by: David Sheldrick <d.j.sheldrick@gmail.com>
2024-03-11 13:33:47 +00:00
Mitja Bezenšek
b5aff00c89
Performance improvements (#2977)
This PR does a few things to help with performance:
1. Instead of doing changes on raf we now do them 60 times per second.
This limits the number of updates on high refresh rate screens like the
iPad. With the current code this only applied to the history updates (so
when you subscribed to the updates), but the next point takes this a bit
futher.
2. We now trigger react updates 60 times per second. This is a change in
`useValue` and `useStateTracking` hooks.
3. We now throttle the inputs (like the `pointerMove`) in state nodes.
This means we batch multiple inputs and only apply them at most 60 times
per second.

We had to adjust our own tests to pass after this change so I marked
this as major as it might require the users of the library to do the
same.

Few observations:
- The browser calls the raf callbacks when it can. If it gets
overwhelmed it will call them further and further apart. As things call
down it will start calling them more frequently again. You can clearly
see this in the drawing example. When fps gets to a certain level we
start to get fewer updates, then fps can recover a bit. This makes the
experience quite janky. The updates can be kinda ok one second (dropping
frames, but consistently) and then they can completely stop and you have
to let go of the mouse to make them happen again. With the new logic it
seems everything is a lot more consistent.
- We might look into variable refresh rates to prevent this overtaxing
of the browser. Like when we see that the times between our updates are
getting higher we could make the updates less frequent. If we then see
that they are happening more often we could ramp them back up. I had an
[experiment for this
here](4834863966 (diff-318e71563d7c47173f89ec084ca44417cf70fc72faac85b96f48b856a8aec466L30-L35)).

Few tests below. Used 6x slowdown for these.

# Resizing

### Before


https://github.com/tldraw/tldraw/assets/2523721/798a033f-5dfa-419e-9a2d-fd8908272ba0

### After


https://github.com/tldraw/tldraw/assets/2523721/45870a0c-c310-4be0-b63c-6c92c20ca037

# Drawing 
Comparison is not 100% fair, we don't store the intermediate inputs
right now. That said, tick should still only produce once update so I do
think we can get a sense of the differences.

### Before


https://github.com/tldraw/tldraw/assets/2523721/2e8ac8c5-bbdf-484b-bb0c-70c967f4541c

### After


https://github.com/tldraw/tldraw/assets/2523721/8f54b7a8-9a0e-4a39-b168-482caceb0149


### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [x] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version


### Release Notes

- Improves the performance of rendering.

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-11 13:17:31 +00:00
dependabot[bot]
47420d7476
Bump the npm_and_yarn group across 3 directories with 3 updates (#3087)
Bumps the npm_and_yarn group with 3 updates in the / directory:
[next](https://github.com/vercel/next.js),
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and
[jose](https://github.com/panva/jose).
Bumps the npm_and_yarn group with 1 update in the /templates/nextjs
directory: [next](https://github.com/vercel/next.js).

Updates `next` from 14.0.4 to 14.1.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v14.1.2</h2>
<p><em>Note: this is a backport release for critical bug fixes -- this
does not include all pending features/changes on canary</em></p>
<h3>Core Changes</h3>
<ul>
<li>Fix sitemap generateSitemaps support for string id (<a
href="https://redirect.github.com/vercel/next.js/issues/61088">#61088</a>)</li>
<li>Fix: generateSitemaps in production giving 404 (<a
href="https://redirect.github.com/vercel/next.js/issues/62212">#62212</a>)</li>
<li>Fix redirect under suspense boundary with basePath (<a
href="https://redirect.github.com/vercel/next.js/issues/62597">#62597</a>)</li>
<li>Fix: Add stricter check for &quot;use server&quot; exports (<a
href="https://redirect.github.com/vercel/next.js/issues/62821">#62821</a>)</li>
<li>ensure server action errors notify rejection handlers (<a
href="https://redirect.github.com/vercel/next.js/issues/61588">#61588</a>)</li>
<li>make router restore action resilient to a missing tree (<a
href="https://redirect.github.com/vercel/next.js/issues/62098">#62098</a>)</li>
<li>build: remove sentry from the externals list <a
href="https://redirect.github.com/vercel/next.js/issues/61194">#61194</a></li>
<li>Reduce memory/cache overhead from over loader processing <a
href="https://redirect.github.com/vercel/next.js/issues/62005">#62005</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/huozhi"><code>@​huozhi</code></a>, <a
href="https://github.com/shuding"><code>@​shuding</code></a>, <a
href="https://github.com/Ethan-Arrowood"><code>@​Ethan-Arrowood</code></a>,
<a href="https://github.com/styfle"><code>@​styfle</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, <a
href="https://github.com/ztanner"><code>@​ztanner</code></a>, <a
href="https://github.com/balazsorban44"><code>@​balazsorban44</code></a>,
<a href="https://github.com/kdy1"><code>@​kdy1</code></a>, and <a
href="https://github.com/williamli"><code>@​williamli</code></a> for
helping!</p>
<h2>v14.1.2-canary.7</h2>
<h3>Core Changes</h3>
<ul>
<li>remove reducer unit tests: <a
href="https://redirect.github.com/vercel/next.js/issues/62766">#62766</a></li>
</ul>
<h3>Documentation Changes</h3>
<ul>
<li>Update sitemap.mdx: <a
href="https://redirect.github.com/vercel/next.js/issues/62809">#62809</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/ztanner"><code>@​ztanner</code></a> and <a
href="https://github.com/devr77"><code>@​devr77</code></a> for
helping!</p>
<h2>v14.1.2-canary.6</h2>
<h3>Core Changes</h3>
<ul>
<li>fix: Add stricter check for &quot;use server&quot; exports: <a
href="https://redirect.github.com/vercel/next.js/issues/62821">#62821</a></li>
<li>fix(next-core): throw on invalid metadata handler: <a
href="https://redirect.github.com/vercel/next.js/issues/62829">#62829</a></li>
<li>Revert &quot;Add experimental config for navigation raf test (<a
href="https://redirect.github.com/vercel/next.js/issues/62668">#62668</a>)&quot;:
<a
href="https://redirect.github.com/vercel/next.js/issues/62834">#62834</a></li>
<li>Revert &quot;refactor(analysis): rust based page-static-info,
deprecate js parse interface in next-swc&quot;: <a
href="https://redirect.github.com/vercel/next.js/issues/62838">#62838</a></li>
</ul>
<h3>Example Changes</h3>
<ul>
<li>Fix with-supertokens example: <a
href="https://redirect.github.com/vercel/next.js/issues/62817">#62817</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/shuding"><code>@​shuding</code></a>, <a
href="https://github.com/kwonoj"><code>@​kwonoj</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, and <a
href="https://github.com/timneutkens"><code>@​timneutkens</code></a> for
helping!</p>
<h2>v14.1.2-canary.5</h2>
<h3>Core Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fc38ee190c"><code>fc38ee1</code></a>
v14.1.3</li>
<li><a
href="85a5c4d1ee"><code>85a5c4d</code></a>
fix type</li>
<li><a
href="4b059bc042"><code>4b059bc</code></a>
Upgrade to latest <a
href="https://github.com/edge-runtime"><code>@​edge-runtime</code></a>
packages (<a
href="https://redirect.github.com/vercel/next.js/issues/62955">#62955</a>)</li>
<li><a
href="b10a6105a9"><code>b10a610</code></a>
Fix output: export with custom distDir (<a
href="https://redirect.github.com/vercel/next.js/issues/62064">#62064</a>)</li>
<li><a
href="960b738b8a"><code>960b738</code></a>
Migrate locale redirect handling to router-server (<a
href="https://redirect.github.com/vercel/next.js/issues/62606">#62606</a>)</li>
<li><a
href="2f210d448a"><code>2f210d4</code></a>
update release workflow</li>
<li><a
href="f564deef86"><code>f564dee</code></a>
v14.1.2</li>
<li><a
href="a85519e715"><code>a85519e</code></a>
Fix sitemap generateSitemaps support for string id (<a
href="https://redirect.github.com/vercel/next.js/issues/61088">#61088</a>)</li>
<li><a
href="0a2d7754ed"><code>0a2d775</code></a>
Fix: generateSitemaps in production giving 404 (<a
href="https://redirect.github.com/vercel/next.js/issues/62212">#62212</a>)</li>
<li><a
href="400b57cf22"><code>400b57c</code></a>
Fix redirect under suspense boundary with basePath (<a
href="https://redirect.github.com/vercel/next.js/issues/62597">#62597</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.0.4...v14.1.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `vite` from 5.1.4 to 5.1.5
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.1.5 (2024-03-04)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: <code>__vite__mapDeps</code> code injection (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15732">#15732</a>)
(<a href="https://github.com/vitejs/vite/commit/aff54e1">aff54e1</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15732">#15732</a></li>
<li>fix: analysing build chunk without dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15469">#15469</a>)
(<a href="https://github.com/vitejs/vite/commit/bd52283">bd52283</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15469">#15469</a></li>
<li>fix: import with query with imports field (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16085">#16085</a>)
(<a href="https://github.com/vitejs/vite/commit/ab823ab">ab823ab</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16085">#16085</a></li>
<li>fix: normalize literal-only entry pattern (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16010">#16010</a>)
(<a href="https://github.com/vitejs/vite/commit/1dccc37">1dccc37</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16010">#16010</a></li>
<li>fix: optimizeDeps.entries with literal-only pattern(s) (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15853">#15853</a>)
(<a href="https://github.com/vitejs/vite/commit/49300b3">49300b3</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15853">#15853</a></li>
<li>fix: output correct error for empty import specifier (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16055">#16055</a>)
(<a href="https://github.com/vitejs/vite/commit/a9112eb">a9112eb</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16055">#16055</a></li>
<li>fix: upgrade esbuild to 0.20.x (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16062">#16062</a>)
(<a href="https://github.com/vitejs/vite/commit/899d9b1">899d9b1</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16062">#16062</a></li>
<li>fix(runtime): runtime HMR affects only imported files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15898">#15898</a>)
(<a href="https://github.com/vitejs/vite/commit/57463fc">57463fc</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15898">#15898</a></li>
<li>fix(scanner): respect <code>experimentalDecorators: true</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15206">#15206</a>)
(<a href="https://github.com/vitejs/vite/commit/4144781">4144781</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15206">#15206</a></li>
<li>revert: &quot;fix: upgrade esbuild to 0.20.x&quot; (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16072">#16072</a>)
(<a href="https://github.com/vitejs/vite/commit/11cceea">11cceea</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16072">#16072</a></li>
<li>refactor: share code with vite runtime (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15907">#15907</a>)
(<a href="https://github.com/vitejs/vite/commit/b20d542">b20d542</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15907">#15907</a></li>
<li>refactor(runtime): use functions from <code>pathe</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16061">#16061</a>)
(<a href="https://github.com/vitejs/vite/commit/aac2ef7">aac2ef7</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16061">#16061</a></li>
<li>chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16028">#16028</a>)
(<a href="https://github.com/vitejs/vite/commit/7cfe80d">7cfe80d</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16028">#16028</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2af1ae807d"><code>2af1ae8</code></a>
release: v5.1.5</li>
<li><a
href="bd52283a70"><code>bd52283</code></a>
fix: analysing build chunk without dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15469">#15469</a>)</li>
<li><a
href="ab823ab618"><code>ab823ab</code></a>
fix: import with query with imports field (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16085">#16085</a>)</li>
<li><a
href="11cceeab39"><code>11cceea</code></a>
revert: &quot;fix: upgrade esbuild to 0.20.x&quot; (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16072">#16072</a>)</li>
<li><a
href="899d9b1d27"><code>899d9b1</code></a>
fix: upgrade esbuild to 0.20.x (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16062">#16062</a>)</li>
<li><a
href="aac2ef7752"><code>aac2ef7</code></a>
refactor(runtime): use functions from <code>pathe</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16061">#16061</a>)</li>
<li><a
href="a9112ebb21"><code>a9112eb</code></a>
fix: output correct error for empty import specifier (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16055">#16055</a>)</li>
<li><a
href="1dccc3713a"><code>1dccc37</code></a>
fix: normalize literal-only entry pattern (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16010">#16010</a>)</li>
<li><a
href="7cfe80d0df"><code>7cfe80d</code></a>
chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16028">#16028</a>)</li>
<li><a
href="b20d54257e"><code>b20d542</code></a>
refactor: share code with vite runtime (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15907">#15907</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v5.1.5/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `jose` from 4.15.4 to 4.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/panva/jose/releases">jose's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.5</h2>
<h3>Fixes</h3>
<ul>
<li>add a maxOutputLength option to zlib inflate (<a
href="1b91d88d2f">1b91d88</a>),
fixes <a
href="https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q">CVE-2024-28176</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/panva/jose/blob/v4.15.5/CHANGELOG.md">jose's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/panva/jose/compare/v4.15.4...v4.15.5">4.15.5</a>
(2024-03-07)</h2>
<h3>Fixes</h3>
<ul>
<li>add a maxOutputLength option to zlib inflate (<a
href="1b91d88d2f">1b91d88</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="765aafd226"><code>765aafd</code></a>
chore(release): 4.15.5</li>
<li><a
href="b36e45e008"><code>b36e45e</code></a>
test: add export check to x509 pem import tests</li>
<li><a
href="e839ecbd79"><code>e839ecb</code></a>
test: stop testing JWE RSA1_5 Algorithm</li>
<li><a
href="1b91d88d2f"><code>1b91d88</code></a>
fix: add a maxOutputLength option to zlib inflate</li>
<li><a
href="9ca2b2427d"><code>9ca2b24</code></a>
build: remove release action</li>
<li><a
href="f3035d8897"><code>f3035d8</code></a>
chore: cleanup after release</li>
<li>See full diff in <a
href="https://github.com/panva/jose/compare/v4.15.4...v4.15.5">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~panva">panva</a>, a new releaser for jose
since your current version.</p>
</details>
<br />

Updates `next` from 13.4.6 to 13.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v14.1.2</h2>
<p><em>Note: this is a backport release for critical bug fixes -- this
does not include all pending features/changes on canary</em></p>
<h3>Core Changes</h3>
<ul>
<li>Fix sitemap generateSitemaps support for string id (<a
href="https://redirect.github.com/vercel/next.js/issues/61088">#61088</a>)</li>
<li>Fix: generateSitemaps in production giving 404 (<a
href="https://redirect.github.com/vercel/next.js/issues/62212">#62212</a>)</li>
<li>Fix redirect under suspense boundary with basePath (<a
href="https://redirect.github.com/vercel/next.js/issues/62597">#62597</a>)</li>
<li>Fix: Add stricter check for &quot;use server&quot; exports (<a
href="https://redirect.github.com/vercel/next.js/issues/62821">#62821</a>)</li>
<li>ensure server action errors notify rejection handlers (<a
href="https://redirect.github.com/vercel/next.js/issues/61588">#61588</a>)</li>
<li>make router restore action resilient to a missing tree (<a
href="https://redirect.github.com/vercel/next.js/issues/62098">#62098</a>)</li>
<li>build: remove sentry from the externals list <a
href="https://redirect.github.com/vercel/next.js/issues/61194">#61194</a></li>
<li>Reduce memory/cache overhead from over loader processing <a
href="https://redirect.github.com/vercel/next.js/issues/62005">#62005</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/huozhi"><code>@​huozhi</code></a>, <a
href="https://github.com/shuding"><code>@​shuding</code></a>, <a
href="https://github.com/Ethan-Arrowood"><code>@​Ethan-Arrowood</code></a>,
<a href="https://github.com/styfle"><code>@​styfle</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, <a
href="https://github.com/ztanner"><code>@​ztanner</code></a>, <a
href="https://github.com/balazsorban44"><code>@​balazsorban44</code></a>,
<a href="https://github.com/kdy1"><code>@​kdy1</code></a>, and <a
href="https://github.com/williamli"><code>@​williamli</code></a> for
helping!</p>
<h2>v14.1.2-canary.7</h2>
<h3>Core Changes</h3>
<ul>
<li>remove reducer unit tests: <a
href="https://redirect.github.com/vercel/next.js/issues/62766">#62766</a></li>
</ul>
<h3>Documentation Changes</h3>
<ul>
<li>Update sitemap.mdx: <a
href="https://redirect.github.com/vercel/next.js/issues/62809">#62809</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/ztanner"><code>@​ztanner</code></a> and <a
href="https://github.com/devr77"><code>@​devr77</code></a> for
helping!</p>
<h2>v14.1.2-canary.6</h2>
<h3>Core Changes</h3>
<ul>
<li>fix: Add stricter check for &quot;use server&quot; exports: <a
href="https://redirect.github.com/vercel/next.js/issues/62821">#62821</a></li>
<li>fix(next-core): throw on invalid metadata handler: <a
href="https://redirect.github.com/vercel/next.js/issues/62829">#62829</a></li>
<li>Revert &quot;Add experimental config for navigation raf test (<a
href="https://redirect.github.com/vercel/next.js/issues/62668">#62668</a>)&quot;:
<a
href="https://redirect.github.com/vercel/next.js/issues/62834">#62834</a></li>
<li>Revert &quot;refactor(analysis): rust based page-static-info,
deprecate js parse interface in next-swc&quot;: <a
href="https://redirect.github.com/vercel/next.js/issues/62838">#62838</a></li>
</ul>
<h3>Example Changes</h3>
<ul>
<li>Fix with-supertokens example: <a
href="https://redirect.github.com/vercel/next.js/issues/62817">#62817</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/shuding"><code>@​shuding</code></a>, <a
href="https://github.com/kwonoj"><code>@​kwonoj</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, and <a
href="https://github.com/timneutkens"><code>@​timneutkens</code></a> for
helping!</p>
<h2>v14.1.2-canary.5</h2>
<h3>Core Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fc38ee190c"><code>fc38ee1</code></a>
v14.1.3</li>
<li><a
href="85a5c4d1ee"><code>85a5c4d</code></a>
fix type</li>
<li><a
href="4b059bc042"><code>4b059bc</code></a>
Upgrade to latest <a
href="https://github.com/edge-runtime"><code>@​edge-runtime</code></a>
packages (<a
href="https://redirect.github.com/vercel/next.js/issues/62955">#62955</a>)</li>
<li><a
href="b10a6105a9"><code>b10a610</code></a>
Fix output: export with custom distDir (<a
href="https://redirect.github.com/vercel/next.js/issues/62064">#62064</a>)</li>
<li><a
href="960b738b8a"><code>960b738</code></a>
Migrate locale redirect handling to router-server (<a
href="https://redirect.github.com/vercel/next.js/issues/62606">#62606</a>)</li>
<li><a
href="2f210d448a"><code>2f210d4</code></a>
update release workflow</li>
<li><a
href="f564deef86"><code>f564dee</code></a>
v14.1.2</li>
<li><a
href="a85519e715"><code>a85519e</code></a>
Fix sitemap generateSitemaps support for string id (<a
href="https://redirect.github.com/vercel/next.js/issues/61088">#61088</a>)</li>
<li><a
href="0a2d7754ed"><code>0a2d775</code></a>
Fix: generateSitemaps in production giving 404 (<a
href="https://redirect.github.com/vercel/next.js/issues/62212">#62212</a>)</li>
<li><a
href="400b57cf22"><code>400b57c</code></a>
Fix redirect under suspense boundary with basePath (<a
href="https://redirect.github.com/vercel/next.js/issues/62597">#62597</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.0.4...v14.1.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Mitja Bezenšek <mitja.bezensek@gmail.com>
2024-03-11 12:16:46 +00:00
David Sheldrick
464b1e9cab
[infra] Fix patch release script (#3095)
Need to make sure we have access to the `main` branch so we can
calculate how many commits the branch has diverged by.

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package[^2]
2024-03-11 09:42:28 +00:00
Steve Ruiz
a8b7d4e2d0
[fix] Rotated crop handle (#3093)
This PR fixes a bug where local rotation was used in cropping handles
rather than absolute rotation.
![Kapture 2024-03-10 at 18 21
51](https://github.com/tldraw/tldraw/assets/23072548/71ee5e46-59de-4c1d-8f54-27052677c0f7)



### Change Type

- [x] `patch` — Bug fix

### Test Plan

1. Crop an image
2. Place the image into a rotated parent
3. Crop the image
4. Rotate the image
5. Crop the image

The handles should be accurately rotated in all cases.

### Release Notes

- Fixed a bug that could cause rotated cropping images to have
incorrectly rotated handles.
2024-03-11 09:03:06 +00:00
Slowhand
abf69e7107
Fix typo in useValue comment (#3088)
Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [x] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Fix typo in useValue comment.
2024-03-10 19:45:37 +00:00
Steve Ruiz
a691c60315
Custom renderer example (#3091)
This PR adds a custom renderer example. Ever wanted to see how to use an
HTML canvas with tldraw? Here's how!

![Kapture 2024-03-09 at 22 35
09](https://github.com/tldraw/tldraw/assets/23072548/9e258a8f-f99f-419a-b92a-f58b1ce93973)

### Change Type

- [x] `documentation` — Changes to the documentation only[^2]
2024-03-09 21:40:50 +00:00
Taha
eb80cf787b
Shape with Migrations (#3078)
Adds an example of how to add migrations for a custom shape.

closes tld-2246
- [x] `documentation` — Changes to the documentation only[^2]
### Release Notes

- Adds a shape with migrations example

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-07 15:34:46 +00:00
Mitja Bezenšek
40c20e5585
Fix viewport params for pages. (#3079) 2024-03-07 15:50:25 +01:00
David Sheldrick
40aeebab46 simplify fnmatch pattern 2024-03-05 16:22:44 +00:00
David Sheldrick
9058a483be
[infra] Patch release scripting (#3072)
This PR adds tooling to enable a PR-based workflow for publishing
'patch' releases.

### How releases currently work

Quick recap of how the 'major' and 'minor' releases work:

- You trigger them manually in the github actions UI
- It only works on the `main` branch.
- You select a mode: `'major'`, `'minor'`, or `'override'` with a
specific version. The override option is mainly for transitioning in and
out of prerelease mode, but potentially also skipping unlucky numbers
like 13 if you're feeling superstitious 🧙🏼
- It bumps the version numbers in the `package.json` and `version.ts`
files.
- It compiles a changelog based on descriptions/titles from all the PRs
that have gone in to `main`.
- It tags the commit with the version number e.g. `v2.0.0` and pushes
all the changes made to `main` (i.e. changelogs, version bumps and the
tag)
- It creates a github release, e.g.
https://github.com/tldraw/tldraw/releases/tag/v2.0.0
- It deploys the packages to npm
- It tells huppy bot about the release (for now-defunct purposes, we can
remove that code later)
- It triggers the template repo update workflow

### Introducing: Release Branches

This PR adds one step into the above process: creating a 'release'
branch. e.g. if it publishes a new version tagged `v2.1.0` it will also
create a branch named `v2.1.x`.

These branches are protected in the following ways:
- Only huppy bot can create or delete them (ad-hoc admin overrides are,
of course, still doable should the need arise)
- Like `main` they can only be updated via pull request.

The process to create a patch release becomes simple:

1. Checkout the `v<major>.<minor>.x` branch you want to create a patch
release for. e.g.

       git fetch && git checkout v2.1.x

4. Branch off, e.g.

       git checkout -b david/my-patch-release

6. Cherry-pick any commits you need from `main` into your branch,
resolving any conflicts if they arise. **important**: don't do new work
here because it won't be merged back into `main` automatically. Fix the
thing in `main` first and then cherry-pick, unless you're in a big rush
or whatever. e.g.

       git cherry-pick abdeaf234 cde234d09 ab23af287
       
7. Push your new branch to github as normal and make a PR targeting the
`v<major>.<minor>.x` branch.

8. Merge it.

Congratulations, you just triggered a patch release build.

### What happens (differently) during a patch release build.

 A key thing to understand here is that **this script allows us to
deploy patch versions of _older_ major/minor releases**. This will
happen when we have customers pinned to older versions and they need a
quick bugfix but don't have time to upgrade to the latest due to some
breaking change. This will also happen if we ever adopt a kind of 'LTS'
release model.

With that said, here's how things go down differently:

- Firstly, the build happens automatically after the PR is merged, and
you don't select 'major' or 'minor' or anything, it just does its thing.
- It bumps the version numbers in the `package.json` files and the
`version.ts` files but these changes stay within the release branch,
they don't get propagated to `main` (nor should they).
- It compiles a changelog entry featuring just your one PR's
description/title, and also pushes this to the release branch (but not
`main`).
- It still tags the commit and creates a github release as normal.
- It still deploys the packages to npm (obvs). HOWEVER it only uses the
`latest` tag if this will indeed be the latest version of the public
packages. Otherwise, if we're patching an older release, it uses the
`revision` tag. Unfortunately it doesn't seem to be an option to deploy
with _no_ tag, but using `revision` still allows version strings like
`~2.0.0` to capture subsequent patch releases like `2.0.3`.
- Similarly it _only_ notifies huppy bot and _only_ triggers the
template repo update if the version being deployed is actually the
latest version.

I'm going to merge this now to test it out but I'd still appreciate
reviews.
2024-03-05 16:05:22 +00:00
Mitja Bezenšek
a07561e662
Add tests for Vec.Average (#3071)
Adds tests for the Vec.Average. [My previous
PR](https://github.com/tldraw/tldraw/pull/3065) added a check that
prevented returning vectors with NaNs, this adds a test for that.

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [x] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version
2024-03-05 14:14:08 +00:00
Caleb Eby
f033ff8508
Fix typo (#3069)
Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [x] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

Look at the revised documentation

### Release Notes

N/A
2024-03-05 10:10:33 +00:00
Taha
e543797b81
Add custom tool examples (#3064)
Two examples:

One in the UI section that shows how to add a tool to the toolbar along
with an icon

One in the shapes and tools section that shows a simple sticker tool
with no child states

I'll go over the copy again before it's merged, but don't want to spend
too long on it right now in case the feeling is that these should both
be a single example.

Next: The [minimal
example](https://tldraw.dev/examples/editor-api/only-editor) is
currently the best example we have of a tool with child states. I think
this should be adapted and copied/moved over to the custom shapes and
tools category.

closes tld-2266

- [x] `documentation` — Changes to the documentation only[^2]

### Release Notes

- Adds a simple custom tool example
2024-03-05 09:27:53 +00:00
Mitja Bezenšek
0813e54ca2
Fix validation errors for duplicateProps (#3065)
Should fix `At instance.duplicateProps.offset.x: Expected a number, got
NaN` validation errors.

Wasn't able to reproduce. We only assign the offset here, so
`Vec.Averge` is the most likely offender here and for that to happen I
guess `movingShapes` might not contain any shapes.

### Change Type

- [x] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-03-04 17:48:35 +00:00
alex
33d111f93e
Remove namespaced-tldraw/tldraw.css (#3068)
This is a generated file that shouldn't be checked in.

### Change Type
- [x] `internal` — Any other changes that don't affect the published
package[^2]
2024-03-04 17:13:12 +00:00
Dan Groshev
c3e8628680
Better websocket reconnection handling (#2960)
Right now it's fairly easy to encounter a situation when a tab coming
online wouldn't recognise that the connection can now be reestablished
for a while. This PR cleans up reconnection logic, reenables tests, and
makes sure we get online as robustly as possible.

### Change Type

- [x] `patch` — Bug fix

### Test Plan

1. Check that reconnection works as expected

- [x] End to end tests

---------

Co-authored-by: David Sheldrick <d.j.sheldrick@gmail.com>
2024-03-04 16:48:14 +00:00
Steve Ruiz
f0f133fdd2
Shorten url state (#3041)
This PR shortens the URL parameters for the dot com. Old formal still
works but this is shorter (it has bugged me for ages).

Before: 
tldraw.com/r/ok?viewport=0,0,1080,720&page=page:ashdsad_sadsadasd
After: 
tldraw.com/r/ok?v=0,0,1080,720&p=ashdsad_sadsadasd


### Change Type

- [x] `internal` 

### Test Plan

1. Try the old url parameter format.
2. Try the new one.

### Release Notes

- Shortens url parameters for dot com.
2024-03-04 16:21:59 +00:00
hirano
5e4bca9961
Fix an issue where the video size was not drawn correctly (#3047)
Fixed an issue where the video size was drawing larger than the shape
size.


After:
![スクリーンショット 2024-03-04 15 38
10](https://github.com/tldraw/tldraw/assets/20399854/5839f4a3-913b-4d3a-a816-003d58f89d50)

Before:
![スクリーンショット 2024-03-04 15 37
32](https://github.com/tldraw/tldraw/assets/20399854/188bd0cb-50aa-4ea9-a0a5-7748d747eae0)

### Change Type

- [x] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

no tests

### Release Notes

- Fix an issue where the video size was not drawn correctly.

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-04 16:21:41 +00:00
alex
ce782dc70b
Wrap local/session storage calls in try/catch (take 2) (#3066)
Steve tried this in #3043, but we reverted it in #3063. Steve's version
added `JSON.parse`/`JSON.stringify` to the helpers without checking for
where we were already `JSON.parse`ing (or not). In some places we just
store strings directly rather than wanting them jsonified, so in this
version we leave the jsonification to the callers - the helpers just do
the reading/writing and return the string values.

### Change Type

- [x] `patch` — Bug fix
2024-03-04 16:15:20 +00:00
alex
8adaaf8e22
Revert "Protect local storage calls (#3043)" (#3063)
This reverts commit 2f28d7c6f8.

### Change Type

- [x] `patch` — Bug fix
2024-03-04 15:48:31 +00:00
alex
15c760f7ea
children: any -> children: ReactNode (#3061)
We use `children: any` in a bunch of places, but the proper type for
these is `ReactNode`. This diff fixes those.

### Change Type

- [x] `patch` — Bug fix
2024-03-04 14:48:40 +00:00
Steve Ruiz
18a550ccdb
[fix] Input tags (#3038)
This PR fixes the input tags, which were set to `false` rather than
`off`, as they should be.

### Change Type

- [x] `patch` — Bug fix

### Test Plan

1. Test autocomplete
2. Test autocapitalize
3. Test autocorrect
4. Make sure that password managers don't show up


### Release Notes

- Fixed autocomplete, autocapitalize, and autocorrect tags on text
inputs.
2024-03-04 14:46:37 +00:00
Lu Wilson
03b9acf564
Lokalise: Translations update (#3049)
This pull request was initiated by Lokalise (user Lu) at 2024-03-04
10:42:19

## Release Notes

- Updated Hungarian translations.
2024-03-04 14:26:29 +00:00
Lu Wilson
5e390cf989
[terrible] Firefox: Allow scrolling on keyboard shortcuts dialog (#2974)
This PR lets firefox users scroll the keyboard shortcuts dialog
**horizontally**.
This isn't a real solution, just a plea for help for any ideas on how to
fix this in a better way.

Firefox users haven't been able to scroll the keyboard shortcuts dialog
for a long time.
The problem is that firefox handles overflowing column content
differently to other browsers. Most browsers overflow *downwards*, but
firefox overflows *sideways*, and there's no CSS property to control
that behaviour.
 
### Change Type

- [x] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Open the keyboard shortcuts dialog on firefox.
2. Try to scroll the dialog to see overflowing content. More visible on
smaller screens.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-04 14:26:01 +00:00
Steve Ruiz
08a2b59238
Fix cursor chat bubble position. (#3042)
This PR fixes the position of the cursor chat bubble when the canvas is
not positioned at the top left.

### Change Type

- [x] `internal`

### Test Plan

1. Using CSS, add a margin left to the tldraw component on a multiplayer
route.
2. Use cursor chat.

### Release Notes

- Fixed a bug where cursor chat bubble position could be wrong when a
sidebar was open.

---------

Co-authored-by: Lu Wilson <l2wilson94@gmail.com>
2024-03-04 14:12:21 +00:00
Lorenzo Lewis
3c95ec1013
Fix broken link for shape example (#3046)
Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [x] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Fix a link that was pointing to a 404 on GitHub
2024-03-04 13:43:51 +00:00
Steve Ruiz
2f28d7c6f8
Protect local storage calls (#3043)
This PR provides some safe wrappers for local storage calls. Local
storage is not available in all environments (for example, a React
Native web view). The PR also adds an eslint rule preventing direct
calls to local / session storage.

### Change Type

- [x] `patch` — Bug fix

### Release Notes

- Fixes a bug that could cause crashes in React Native webviews.
2024-03-04 13:37:09 +00:00
Mitja Bezenšek
3161e5cb4f
Remove dependabot config since it only controls version updates? (#3057)
My last PR added dependabot config. But it seems it only controls the
version updates, which we probably don't want for now. So I'm removing
this config for now. I guess security update frequency can't really be
configured since they are meant as urgent and should be merged asap?

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version
2024-03-04 13:19:51 +00:00
dependabot[bot]
c3f0fd5f1e
Bump the npm_and_yarn group group with 7 updates (#2982)
Bumps the npm_and_yarn group group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) |
`5.0.11` | `5.0.12` |
|
[wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)
| `3.16.0` | `3.19.0` |
| [semver](https://github.com/npm/node-semver) | `7.5.4` | `7.6.0` |
| [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.62` | `0.10.64`
|
| [ip](https://github.com/indutny/node-ip) | `1.1.8` | `1.1.9` |
|
[miniflare](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare)
| `3.20231030.0` | `3.20231030.3` |
| [undici](https://github.com/nodejs/undici) | `5.28.2` | `5.28.3` |

Updates `vite` from 5.0.11 to 5.0.12
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v5.0.12/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.0.12 (2024-01-19)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: await <code>configResolved</code> hooks of worker plugins (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15597">#15597</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15605">#15605</a>)
(<a href="https://github.com/vitejs/vite/commit/ef89f80">ef89f80</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15597">#15597</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/15605">#15605</a></li>
<li>fix: fs deny for case insensitive systems (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15653">#15653</a>)
(<a href="https://github.com/vitejs/vite/commit/91641c4">91641c4</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15653">#15653</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ee81e19676"><code>ee81e19</code></a>
release: v5.0.12</li>
<li><a
href="91641c4da0"><code>91641c4</code></a>
fix: fs deny for case insensitive systems (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15653">#15653</a>)</li>
<li><a
href="ef89f8092f"><code>ef89f80</code></a>
fix: await <code>configResolved</code> hooks of worker plugins (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15597">#15597</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15605">#15605</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v5.0.12/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `wrangler` from 3.16.0 to 3.19.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/workers-sdk/releases">wrangler's
releases</a>.</em></p>
<blockquote>
<h2>wrangler@3.19.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4547">#4547</a>
<a
href="86c81ff0d5"><code>86c81ff0</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: listen on IPv4 loopback only by default on Windows</p>
<p>Due to a <a
href="https://redirect.github.com/cloudflare/workerd/issues/1408">known
issue</a>, <code>workerd</code> will only listen on the IPv4 loopback
address <code>127.0.0.1</code> when it's asked to listen on
<code>localhost</code>. On Node.js &gt; 17, <code>localhost</code> will
resolve to the IPv6 loopback address, meaning requests to
<code>workerd</code> would fail. This change switches to using the IPv4
loopback address throughout Wrangler on Windows, while <a
href="https://redirect.github.com/cloudflare/workerd/issues/1408">workerd#1408</a>
gets fixed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4535">#4535</a>
<a
href="29df8e1754"><code>29df8e17</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
Reintroduces some internal refactorings of wrangler dev servers
(including <code>wrangler dev</code>, <code>wrangler dev
--remote</code>, and <code>unstable_dev()</code>).</p>
<p>These changes were released in 3.13.0 and reverted in 3.13.1 -- we
believe the changes are now more stable and ready for release again.</p>
<p>There are no changes required for developers to opt-in. Improvements
include:</p>
<ul>
<li>fewer 'address in use' errors upon reloads</li>
<li>upon config/source file changes, requests are buffered to guarantee
the response is from the new version of the Worker</li>
</ul>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4521">#4521</a>
<a
href="6c5bc704c5"><code>6c5bc704</code></a>
Thanks <a href="https://github.com/zebp"><code>@​zebp</code></a>! - fix:
init from dash specifying explicit usage model in wrangler.toml for
standard users</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4550">#4550</a>
<a
href="63708a94fb"><code>63708a94</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: validate <code>Host</code> and <code>Orgin</code> headers where
appropriate</p>
<p><code>Host</code> and <code>Origin</code> headers are now checked
when connecting to the inspector and Miniflare's magic proxy. If these
don't match what's expected, the request will fail.</p>
</li>
<li>
<p>Updated dependencies [<a
href="71fb0b86cf"><code>71fb0b86</code></a>,
<a
href="63708a94fb"><code>63708a94</code></a>]:</p>
<ul>
<li>miniflare@3.20231030.3</li>
</ul>
</li>
</ul>
<h2>wrangler@3.18.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4532">#4532</a>
<a
href="311ffbd506"><code>311ffbd5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: change <code>wrangler (pages) dev</code> to listen on
<code>localhost</code> by default</p>
<p>Previously, Wrangler listened on all interfaces (<code>*</code>) by
default. This change switches <code>wrangler (pages) dev</code> to just
listen on local interfaces. Whilst this is technically a breaking
change, we've decided the security benefits outweigh the potential
disruption caused. If you need to access your dev server from another
device on your network, you can use <code>wrangler (pages) dev --ip
*</code> to restore the previous behaviour.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="1b34878287"><code>1b348782</code></a>]:
<ul>
<li>miniflare@3.20231030.2</li>
</ul>
</li>
</ul>
<h2>wrangler@3.17.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4474">#4474</a>
<a
href="382ef8f580"><code>382ef8f5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: open browser to correct url pressing <code>b</code> in
<code>--remote</code> mode</p>
<p>This change ensures Wrangler doesn't try to open
<code>http://*</code> when <code>*</code> is used as the dev server's
hostname. Instead, Wrangler will now open
<code>http://127.0.0.1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4488">#4488</a>
<a
href="3bd5723852"><code>3bd57238</code></a>
Thanks <a
href="https://github.com/RamIdeas"><code>@​RamIdeas</code></a>! -
Changes the default directory for log files to workaround frameworks
that are watching the entire <code>.wrangler</code> directory in the
project root for changes</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/workers-sdk/blob/main/packages/wrangler/CHANGELOG.md">wrangler's
changelog</a>.</em></p>
<blockquote>
<h2>3.19.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4547">#4547</a>
<a
href="86c81ff0d5"><code>86c81ff0</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: listen on IPv4 loopback only by default on Windows</p>
<p>Due to a <a
href="https://redirect.github.com/cloudflare/workerd/issues/1408">known
issue</a>, <code>workerd</code> will only listen on the IPv4 loopback
address <code>127.0.0.1</code> when it's asked to listen on
<code>localhost</code>. On Node.js &gt; 17, <code>localhost</code> will
resolve to the IPv6 loopback address, meaning requests to
<code>workerd</code> would fail. This change switches to using the IPv4
loopback address throughout Wrangler on Windows, while <a
href="https://redirect.github.com/cloudflare/workerd/issues/1408">workerd#1408</a>
gets fixed.</p>
</li>
</ul>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4535">#4535</a>
<a
href="29df8e1754"><code>29df8e17</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
Reintroduces some internal refactorings of wrangler dev servers
(including <code>wrangler dev</code>, <code>wrangler dev
--remote</code>, and <code>unstable_dev()</code>).</p>
<p>These changes were released in 3.13.0 and reverted in 3.13.1 -- we
believe the changes are now more stable and ready for release again.</p>
<p>There are no changes required for developers to opt-in. Improvements
include:</p>
<ul>
<li>fewer 'address in use' errors upon reloads</li>
<li>upon config/source file changes, requests are buffered to guarantee
the response is from the new version of the Worker</li>
</ul>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4521">#4521</a>
<a
href="6c5bc704c5"><code>6c5bc704</code></a>
Thanks <a href="https://github.com/zebp"><code>@​zebp</code></a>! - fix:
init from dash specifying explicit usage model in wrangler.toml for
standard users</li>
</ul>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4550">#4550</a>
<a
href="63708a94fb"><code>63708a94</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: validate <code>Host</code> and <code>Orgin</code> headers where
appropriate</p>
<p><code>Host</code> and <code>Origin</code> headers are now checked
when connecting to the inspector and Miniflare's magic proxy. If these
don't match what's expected, the request will fail.</p>
</li>
<li>
<p>Updated dependencies [<a
href="71fb0b86cf"><code>71fb0b86</code></a>,
<a
href="63708a94fb"><code>63708a94</code></a>]:</p>
<ul>
<li>miniflare@3.20231030.3</li>
</ul>
</li>
</ul>
<h2>3.18.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4532">#4532</a>
<a
href="311ffbd506"><code>311ffbd5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: change <code>wrangler (pages) dev</code> to listen on
<code>localhost</code> by default</p>
<p>Previously, Wrangler listened on all interfaces (<code>*</code>) by
default. This change switches <code>wrangler (pages) dev</code> to just
listen on local interfaces. Whilst this is technically a breaking
change, we've decided the security benefits outweigh the potential
disruption caused. If you need to access your dev server from another
device on your network, you can use <code>wrangler (pages) dev --ip
*</code> to restore the previous behaviour.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="1b34878287"><code>1b348782</code></a>]:
<ul>
<li>miniflare@3.20231030.2</li>
</ul>
</li>
</ul>
<h2>3.17.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4474">#4474</a>
<a
href="382ef8f580"><code>382ef8f5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: open browser to correct url pressing <code>b</code> in
<code>--remote</code> mode</p>
<p>This change ensures Wrangler doesn't try to open
<code>http://*</code> when <code>*</code> is used as the dev server's
hostname. Instead, Wrangler will now open
<code>http://127.0.0.1</code>.</p>
</li>
</ul>
<ul>
<li><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4488">#4488</a>
<a
href="3bd5723852"><code>3bd57238</code></a>
Thanks <a
href="https://github.com/RamIdeas"><code>@​RamIdeas</code></a>! -
Changes the default directory for log files to workaround frameworks
that are watching the entire <code>.wrangler</code> directory in the
project root for changes</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e67ea176a"><code>5e67ea1</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4536">#4536</a>)</li>
<li><a
href="63708a94fb"><code>63708a9</code></a>
fix: validate <code>Host</code>/<code>Origin</code> headers in magic
proxy and `InspectorProxyWorke...</li>
<li><a
href="86c81ff0d5"><code>86c81ff</code></a>
fix: listen on IPv4 loopback only by default on Windows (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4547">#4547</a>)</li>
<li><a
href="6c5bc704c5"><code>6c5bc70</code></a>
fix: init from dash using explicit usage model for standard accounts (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4521">#4521</a>)</li>
<li><a
href="29df8e1754"><code>29df8e1</code></a>
Revert &quot;Revert &quot;startDevWorker - Milestone 1 (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4497">#4497</a>)&quot;
(<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4531">#4531</a>)&quot;
(<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4535">#4535</a>)</li>
<li><a
href="97727de053"><code>97727de</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4495">#4495</a>)</li>
<li><a
href="311ffbd506"><code>311ffbd</code></a>
[wrangler] fix: change <code>wrangler (pages) dev</code> to listen on
<code>localhost</code> by def...</li>
<li><a
href="310281a48a"><code>310281a</code></a>
Revert &quot;startDevWorker - Milestone 1 (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4497">#4497</a>)&quot;
(<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4531">#4531</a>)</li>
<li><a
href="01eda78025"><code>01eda78</code></a>
startDevWorker - Milestone 1 (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4497">#4497</a>)</li>
<li><a
href="961c8eaaf3"><code>961c8ea</code></a>
remove unused npx-import dependency (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4477">#4477</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/cloudflare/workers-sdk/commits/wrangler@3.19.0/packages/wrangler">compare
view</a></li>
</ul>
</details>
<br />

Updates `semver` from 7.5.4 to 7.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>v7.6.0</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0">7.6.0</a>
(2024-01-31)</h2>
<h3>Features</h3>
<ul>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/671">#671</a>
preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)
(<a href="https://github.com/madtisa"><code>@​madtisa</code></a>,
madtisa, <a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
bump <code>@​npmcli/template-oss</code> from 4.21.1 to 4.21.3 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="e521932f11"><code>e521932</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="8873991808"><code>8873991</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
bump <code>@​npmcli/template-oss</code> from 4.19.0 to 4.21.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/658">#658</a>
add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)
(<a
href="https://github.com/jethrodaniel"><code>@​jethrodaniel</code></a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/656">#656</a>
add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)
(<a href="https://github.com/zyxkad"><code>@​zyxkad</code></a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="7c34e1ac1b"><code>7c34e1a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
bump <code>@​npmcli/template-oss</code> from 4.18.1 to 4.19.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="123e0b0328"><code>123e0b0</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="737d5e1cf1"><code>737d5e1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
bump <code>@​npmcli/template-oss</code> from 4.18.0 to 4.18.1 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="cce61804ba"><code>cce6180</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b914a3d0d2"><code>b914a3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
bump <code>@​npmcli/template-oss</code> from 4.17.0 to 4.18.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md">semver's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0">7.6.0</a>
(2024-01-31)</h2>
<h3>Features</h3>
<ul>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/671">#671</a>
preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)
(<a href="https://github.com/madtisa"><code>@​madtisa</code></a>,
madtisa, <a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
bump <code>@​npmcli/template-oss</code> from 4.21.1 to 4.21.3 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="e521932f11"><code>e521932</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="8873991808"><code>8873991</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
bump <code>@​npmcli/template-oss</code> from 4.19.0 to 4.21.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/658">#658</a>
add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)
(<a
href="https://github.com/jethrodaniel"><code>@​jethrodaniel</code></a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/656">#656</a>
add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)
(<a href="https://github.com/zyxkad"><code>@​zyxkad</code></a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="7c34e1ac1b"><code>7c34e1a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
bump <code>@​npmcli/template-oss</code> from 4.18.1 to 4.19.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="123e0b0328"><code>123e0b0</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="737d5e1cf1"><code>737d5e1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
bump <code>@​npmcli/template-oss</code> from 4.18.0 to 4.18.1 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="cce61804ba"><code>cce6180</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b914a3d0d2"><code>b914a3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
bump <code>@​npmcli/template-oss</code> from 4.17.0 to 4.18.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="377f709718"><code>377f709</code></a>
chore: release 7.6.0 (<a
href="https://redirect.github.com/npm/node-semver/issues/661">#661</a>)</li>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
feat: preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)</li>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.21.1 to
4.21.3</li>
<li><a
href="e521932f11"><code>e521932</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="8873991808"><code>8873991</code></a>
chore: chore: chore: postinstall for dependabot template-oss PR</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.19.0 to
4.21.0</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
chore: add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
chore: add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li>Additional commits viewable in <a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `es5-ext` from 0.10.62 to 0.10.64
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/medikoo/es5-ext/releases">es5-ext's
releases</a>.</em></p>
<blockquote>
<h2>0.10.64 (2024-02-27)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Revert update to postinstall script meant to fix Powershell issue,
as it's a regression for some Linux terminals (<a
href="c2e2bb90c2">c2e2bb9</a>)</li>
</ul>
<hr />
<p><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.63...v0.10.64">Comparison
since last release</a></p>
<h2>0.10.63 (2024-02-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Do not rely on problematic regex (<a
href="3551cdd7b2">3551cdd</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li>
<li>Support ES2015+ function definitions in
<code>function#toStringTokens()</code> (<a
href="a52e957366">a52e957</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li>
<li>Ensure postinstall script does not crash on Windows, fixes <a
href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a>
(<a
href="bf8ed799d5">bf8ed79</a>)</li>
</ul>
<h3>Maintenance Improvements</h3>
<ul>
<li>Simplify the manifest message (<a
href="7855319f41">7855319</a>)</li>
</ul>
<hr />
<p><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">Comparison
since last release</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md">es5-ext's
changelog</a>.</em></p>
<blockquote>
<h3><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.63...v0.10.64">0.10.64</a>
(2024-02-27)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>Revert update to postinstall script meant to fix Powershell issue,
as it's a regression for some Linux terminals (<a
href="c2e2bb90c2">c2e2bb9</a>)</li>
</ul>
<h3><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">0.10.63</a>
(2024-02-23)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>Do not rely on problematic regex (<a
href="3551cdd7b2">3551cdd</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li>
<li>Support ES2015+ function definitions in
<code>function#toStringTokens()</code> (<a
href="a52e957366">a52e957</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li>
<li>Ensure postinstall script does not crash on Windows, fixes <a
href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a>
(<a
href="bf8ed799d5">bf8ed79</a>)</li>
</ul>
<h3>Maintenance Improvements</h3>
<ul>
<li>Simplify the manifest message (<a
href="7855319f41">7855319</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f76b03d8c4"><code>f76b03d</code></a>
chore: Release v0.10.64</li>
<li><a
href="2881acda50"><code>2881acd</code></a>
chore: Bump dependencies</li>
<li><a
href="c2e2bb90c2"><code>c2e2bb9</code></a>
fix: Revert update meant to fix Powershell issue, as it's a
regression</li>
<li><a
href="16f2b7253d"><code>16f2b72</code></a>
docs: Fix date in the changelog</li>
<li><a
href="de4e03c477"><code>de4e03c</code></a>
chore: Release v0.10.63</li>
<li><a
href="3fd53b755e"><code>3fd53b7</code></a>
chore: Upgrade<code> lint-staged</code> to v13</li>
<li><a
href="bf8ed799d5"><code>bf8ed79</code></a>
chore: Ensure postinstall script does not crash on Windows</li>
<li><a
href="2cbbb0717b"><code>2cbbb07</code></a>
chore: Bump dependencies</li>
<li><a
href="22d0416ea1"><code>22d0416</code></a>
chore: Bump LICENSE year</li>
<li><a
href="a52e957366"><code>a52e957</code></a>
fix: Support ES2015+ function definitions in
<code>function#toStringTokens()</code></li>
<li>Additional commits viewable in <a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.64">compare
view</a></li>
</ul>
</details>
<br />

Updates `ip` from 1.1.8 to 1.1.9
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1ecbf2fd8c"><code>1ecbf2f</code></a>
1.1.9</li>
<li><a
href="6a3ada9b47"><code>6a3ada9</code></a>
lib: fixed CVE-2023-42282 and added unit test</li>
<li>See full diff in <a
href="https://github.com/indutny/node-ip/compare/v1.1.8...v1.1.9">compare
view</a></li>
</ul>
</details>
<br />

Updates `miniflare` from 3.20231030.0 to 3.20231030.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/workers-sdk/releases">miniflare's
releases</a>.</em></p>
<blockquote>
<h2>miniflare@3.20231030.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4466">#4466</a>
<a
href="71fb0b86cf"><code>71fb0b86</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: ensure unused KV and Cache blobs cleaned up</p>
<p>When storing data in KV, Cache and R2, Miniflare uses both an SQL
database and separate blob store. When writing a key/value pair, a blob
is created for the new value and the old blob for the previous value (if
any) is deleted. A few months ago, we introduced a change that prevented
old blobs being deleted for KV and Cache. R2 was unaffected. This
shouldn't have caused any problems, but could lead to persistence
directories growing unnecessarily as they filled up with garbage blobs.
This change ensures garbage blobs are deleted.</p>
<p>Note existing garbage will not be cleaned up. If you'd like to do
this, download this Node script (<a
href="https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076">https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076</a>).
If you're using the default Wrangler persistence directory, run
<code>node gc.mjs kv .wrangler/state/v3/kv &lt;namespace_id_1&gt;
&lt;namespace_id_2&gt; ...</code> and <code>node gc.mjs cache
.wrangler/state/v3/cache default named:&lt;cache_name_1&gt;
named:&lt;cache_name_2&gt; ...</code> with each of your KV namespace IDs
(not binding names) and named caches.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4550">#4550</a>
<a
href="63708a94fb"><code>63708a94</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: validate <code>Host</code> and <code>Orgin</code> headers where
appropriate</p>
<p><code>Host</code> and <code>Origin</code> headers are now checked
when connecting to the inspector and Miniflare's magic proxy. If these
don't match what's expected, the request will fail.</p>
</li>
</ul>
<h2>miniflare@3.20231030.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4505">#4505</a>
<a
href="1b34878287"><code>1b348782</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: remove <code>__STATIC_CONTENT_MANIFEST</code> from module worker
<code>env</code></p>
<p>When using Workers Sites with a module worker, the asset manifest
must be imported from the <code>__STATIC_CONTENT_MANIFEST</code> virtual
module. Miniflare provided this module, but also erroneously added
<code>__STATIC_CONTENT_MANIFEST</code> to the <code>env</code> object
too. Whilst this didn't break anything locally, it could cause users to
develop Workers that ran locally, but not when deployed. This change
ensures <code>env</code> doesn't contain
<code>__STATIC_CONTENT_MANIFEST</code>.</p>
</li>
</ul>
<h2>miniflare@3.20231030.1</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4348">#4348</a>
<a
href="be2b9cf5a9"><code>be2b9cf5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
feat: add support for wrapped bindings</p>
<p>This change adds a new <code>wrappedBindings</code> worker option for
configuring
<code>workerd</code>'s <a
href="bfcef2d850/src/workerd/server/workerd.capnp (L469-L487)">wrapped
bindings</a>.
These allow custom bindings to be written as JavaScript functions
accepting an
<code>env</code> parameter of &quot;inner bindings&quot; and returning
the value to bind. For more
details, refer to the <a
href="https://github.com/cloudflare/workers-sdk/blob/main/packages/miniflare/README.md#core">API
docs</a>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4341">#4341</a>
<a
href="d990874338"><code>d9908743</code></a>
Thanks <a
href="https://github.com/RamIdeas"><code>@​RamIdeas</code></a>! - Added
a <code>handleRuntimeStdio</code> which enables wrangler (or any other
direct use of Miniflare) to handle the <code>stdout</code> and
<code>stderr</code> streams from the workerd child process. By default,
if this option is not provided, the previous behaviour is retained which
splits the streams into lines and calls
<code>console.log</code>/<code>console.error</code>.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/workers-sdk/blob/main/packages/miniflare/CHANGELOG.md">miniflare's
changelog</a>.</em></p>
<blockquote>
<h2>3.20231030.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4466">#4466</a>
<a
href="71fb0b86cf"><code>71fb0b86</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: ensure unused KV and Cache blobs cleaned up</p>
<p>When storing data in KV, Cache and R2, Miniflare uses both an SQL
database and separate blob store. When writing a key/value pair, a blob
is created for the new value and the old blob for the previous value (if
any) is deleted. A few months ago, we introduced a change that prevented
old blobs being deleted for KV and Cache. R2 was unaffected. This
shouldn't have caused any problems, but could lead to persistence
directories growing unnecessarily as they filled up with garbage blobs.
This change ensures garbage blobs are deleted.</p>
<p>Note existing garbage will not be cleaned up. If you'd like to do
this, download this Node script (<a
href="https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076">https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076</a>).
If you're using the default Wrangler persistence directory, run
<code>node gc.mjs kv .wrangler/state/v3/kv &lt;namespace_id_1&gt;
&lt;namespace_id_2&gt; ...</code> and <code>node gc.mjs cache
.wrangler/state/v3/cache default named:&lt;cache_name_1&gt;
named:&lt;cache_name_2&gt; ...</code> with each of your KV namespace IDs
(not binding names) and named caches.</p>
</li>
</ul>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4550">#4550</a>
<a
href="63708a94fb"><code>63708a94</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: validate <code>Host</code> and <code>Orgin</code> headers where
appropriate</p>
<p><code>Host</code> and <code>Origin</code> headers are now checked
when connecting to the inspector and Miniflare's magic proxy. If these
don't match what's expected, the request will fail.</p>
</li>
</ul>
<h2>3.20231030.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4505">#4505</a>
<a
href="1b34878287"><code>1b348782</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: remove <code>__STATIC_CONTENT_MANIFEST</code> from module worker
<code>env</code></p>
<p>When using Workers Sites with a module worker, the asset manifest
must be imported from the <code>__STATIC_CONTENT_MANIFEST</code> virtual
module. Miniflare provided this module, but also erroneously added
<code>__STATIC_CONTENT_MANIFEST</code> to the <code>env</code> object
too. Whilst this didn't break anything locally, it could cause users to
develop Workers that ran locally, but not when deployed. This change
ensures <code>env</code> doesn't contain
<code>__STATIC_CONTENT_MANIFEST</code>.</p>
</li>
</ul>
<h2>3.20231030.1</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4348">#4348</a>
<a
href="be2b9cf5a9"><code>be2b9cf5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
feat: add support for wrapped bindings</p>
<p>This change adds a new <code>wrappedBindings</code> worker option for
configuring
<code>workerd</code>'s <a
href="bfcef2d850/src/workerd/server/workerd.capnp (L469-L487)">wrapped
bindings</a>.
These allow custom bindings to be written as JavaScript functions
accepting an
<code>env</code> parameter of &quot;inner bindings&quot; and returning
the value to bind. For more
details, refer to the <a
href="https://github.com/cloudflare/workers-sdk/blob/main/packages/miniflare/README.md#core">API
docs</a>.</p>
</li>
</ul>
<ul>
<li><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4341">#4341</a>
<a
href="d990874338"><code>d9908743</code></a>
Thanks <a
href="https://github.com/RamIdeas"><code>@​RamIdeas</code></a>! - Added
a <code>handleRuntimeStdio</code> which enables wrangler (or any other
direct use of Miniflare) to handle the <code>stdout</code> and
<code>stderr</code> streams from the workerd child process. By default,
if this option is not provided, the previous behaviour is retained which
splits the streams into lines and calls
<code>console.log</code>/<code>console.error</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e67ea176a"><code>5e67ea1</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4536">#4536</a>)</li>
<li><a
href="63708a94fb"><code>63708a9</code></a>
fix: validate <code>Host</code>/<code>Origin</code> headers in magic
proxy and `InspectorProxyWorke...</li>
<li><a
href="71fb0b86cf"><code>71fb0b8</code></a>
fix: ensure unused KV and Cache blobs cleaned up (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4466">#4466</a>)</li>
<li><a
href="97727de053"><code>97727de</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4495">#4495</a>)</li>
<li><a
href="311ffbd506"><code>311ffbd</code></a>
[wrangler] fix: change <code>wrangler (pages) dev</code> to listen on
<code>localhost</code> by def...</li>
<li><a
href="1b34878287"><code>1b34878</code></a>
fix: remove <code>__STATIC_CONTENT_MANIFEST</code> from module worker
<code>env</code> (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4505">#4505</a>)</li>
<li><a
href="f728503bd3"><code>f728503</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4463">#4463</a>)</li>
<li><a
href="be2b9cf5a9"><code>be2b9cf</code></a>
feat: add support for wrapped bindings (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4348">#4348</a>)</li>
<li><a
href="d990874338"><code>d990874</code></a>
Intercept workerd logs + write all debug logs to a hidden file (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4341">#4341</a>)</li>
<li>See full diff in <a
href="https://github.com/cloudflare/workers-sdk/commits/miniflare@3.20231030.3/packages/miniflare">compare
view</a></li>
</ul>
</details>
<br />

Updates `undici` from 5.28.2 to 5.28.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v5.28.3</h2>
<h2>⚠️ Security Release ⚠️</h2>
<p>Fixes:</p>
<ul>
<li><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3">CVE-2024-24758
Proxy-Authorization header not cleared on cross-origin redirect in
fetch</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3">https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e71cb4c88f"><code>e71cb4c</code></a>
Bumped v5.28.3</li>
<li><a
href="20c65b89f4"><code>20c65b8</code></a>
Fix tests for Node.js v20.11.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/2618">#2618</a>)</li>
<li><a
href="8ec52cde66"><code>8ec52cd</code></a>
Fix tests for Node.js v21 (<a
href="https://redirect.github.com/nodejs/undici/issues/2609">#2609</a>)</li>
<li><a
href="d3aa574b12"><code>d3aa574</code></a>
Merge pull request from GHSA-3787-6prv-h9w3</li>
<li>See full diff in <a
href="https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mitja Bezenšek <mitja.bezensek@gmail.com>
2024-03-04 12:20:23 +00:00
Mitja Bezenšek
faebbe1ea6
Configure dependabot. (#2980)
Adds dependabot config. 

Seems like monthly is the least frequent update you can choose right now
(there are feature request for quarterly and for chron like syntax).

For now I used the daily interval though. I want to make sure it works,
will then switch to monthly. The main thing I'd like to see is that the
main `yarn.lock` file gets updated. That didn't happen in one of the
previous dependabot PRs (seems like [others faced the same
issue](https://github.com/dependabot/dependabot-core/issues/6346)). So 🤞
this solves it.

Also added a dedupe workflow, that should only run on dependabot
branches (prefixed with `depandabot/`). Otherwise we would need to
manually do it, as [seen on this
PR](https://github.com/tldraw/tldraw/pull/2982)
([failure](https://github.com/tldraw/tldraw/actions/runs/8070271847/job/22047204003)).

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version
2024-03-04 11:43:42 +00:00
David Sheldrick
9ae808c12c
[infra] fix canary dist tag (#3048)
Some of the tooling changes we made last week made it so that canary
releases were being published with the `latest` dist tag. This should
prevent that from happening, and I also fixed all the current packages
to set `latest` back to 2.0.0

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version
2024-03-04 09:39:19 +00:00
Taha
8658e20ab5
Custom shape examples (#2994)
This PR:
- adds a simple custom shape example
- adds an interactive shape example
- updates editable shape example

closes TLD-2118

- [x] `documentation` — Changes to the documentation only[^2]

### Release Notes

- adds a simple custom shape example
- adds an interactive shape example
- updates editable shape example

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-02 20:18:31 +00:00
Steve Ruiz
f819a57a05
Expose getStyleForNextShape (#3039)
This PR exposes a method for getting the style for the next shape.

### Change Type

- [x] `patch` — Bug fix

### Release Notes

- Expose the API for `Editor.getStyleForNextShape`, previously marked as
internal.
2024-03-02 20:16:55 +00:00
Steve Ruiz
1aef0e8f61
[fix] Missing element crash (rare) on video shapes. (#3037)
This PR adds a few guards against crashes when the video shape element
is not found.

### Change Type

- [x] `patch` — Bug fix

### Release Notes

- Fixed a rare crash with video shapes.
2024-03-02 19:38:21 +00:00
Steve Ruiz
52df06b014
A few more async routes (#3023)
This PR makes a few more of our routes async.

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package[^2]
2024-03-02 17:17:09 +00:00
Taha
66a8b0a4a6
Example of using tldraw styles (#3017)
Adds an example of how to use tldraw styles in a custom shape


- [x] `documentation` — Changes to the documentation only[^2]

### Release Notes

- shape with tldraw styles example

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-02 16:42:43 +00:00
Steve Ruiz
338501d656
[fix] Routes check on e2e tests (#3022)
This PR updates our end to end tests so that they check every route in
our examples to ensure that it loads (skipping any routes that don't
features a canvas).

### Change Type

- [x] `tests` — Changes to any test code only[^2]

### Test Plan

- [x] End to end tests
2024-03-02 16:42:07 +00:00
Steve Ruiz
4cc823e22e
Show a broken image for files without assets (#2990)
This PR shows a broken state for images or video shapes without assets.
It deletes assets when pasted content fails to generate a new asset for
the shape. It includes some mild refactoring to the image shape.
Previously, shapes that had no corresponding assets would be
transparent. This PR preserves the transparent state for shapes with
assets but without source data (ie loading assets).

After:
<img width="1062" alt="image"
src="https://github.com/tldraw/tldraw/assets/23072548/81ad6953-a45f-4cc2-9f39-559009621a82">
<img width="1158" alt="image"
src="https://github.com/tldraw/tldraw/assets/23072548/40d15158-d201-458f-b555-6f3d8708a283">

Before:
<img width="1178" alt="image"
src="https://github.com/tldraw/tldraw/assets/23072548/2bed5b3c-cf1f-48be-9c68-d15fdccb9c99">


### Change Type

- [x] `patch` — Bug fix

### Test Plan

1. Create an image / video
2. Delete its asset

### Release Notes

- Better handling of broken images / videos.
2024-03-01 18:16:27 +00:00
Steve Ruiz
4bd1a31721
Selection UI example (plus fixes to pageToScreen) (#3015)
This PR adds a custom selection UI example.

![Kapture 2024-03-01 at 14 02
25](https://github.com/tldraw/tldraw/assets/23072548/039cc6ab-17b9-4bc3-8c05-ad3ce788a5d3)

It also fixes a bug with pageToScreen and adds a
`getSelectionRotatedScreenBounds` method.

### Change Type

- [ ] `patch` — Bug fix
- [x] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version


### Release Notes

- Adds selection UI example.
- Adds `Editor.getSelectionRotatedScreenBounds` method
- Fixes a bug with `pageToScreen`.
2024-03-01 17:42:35 +00:00
David Sheldrick
1d5a9efa17
[bugfix] Avoid randomness at init time to allow running on cloudflare. (#3016)
Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

Follow up to #2987 

### Change Type

- [x] `patch` — Bug fix


### Release Notes

- Prevent using randomness API at init time, to allow importing the
tldraw package in a cloudflare worker.
2024-03-01 15:34:16 +00:00
huppy-bot[bot]
ba6cba64c6 Update CHANGELOG.md [skip ci] 2024-02-29 18:28:45 +00:00
Steve Ruiz
3b92faa5cf updatereadmes 2024-02-29 18:21:17 +00:00
Steve Ruiz
fe07e9842e
Update readmes / docs for 2.0 (#3011)
This PR updates the readmes for our 2.0 release.

### Change Type

- [x] `documentation` — Changes to the documentation only[^2]
2024-02-29 18:12:16 +00:00