Commit graph

303 commits

Author SHA1 Message Date
David Sheldrick
7ba4040e84
Split @tldraw/state into @tldraw/state and @tldraw/state-react (#4170)
The backend code uses `@tldraw/state`, which is fine, but the package
has a peer dependency on `react`, which is not fine to impose on backend
consumers. So let's split this up again.

### Change type

- [ ] `bugfix`
- [ ] `improvement`
- [ ] `feature`
- [x] `api`
- [x] `other`

### Test plan

1. Create a shape...
2.

- [ ] Unit tests
- [ ] End to end tests

### Release notes

- Fixed a bug with…
2024-07-15 11:18:59 +00:00
alex
64e1fac897
[5/5] Move bemo from dotcom to examples (#4135)
Move our bemo playground from dotcom to the examples app. In preparation
for more multiplayer examples, I built our a little bit of chrome around
example room IDs: if you create an example with `multiplayer: true`, the
examples app will render a little room ID picker above your example. The
room IDs are scoped to each example, and each deploy of the examples
app. By default people on the same example will be in the same room, but
the default ID changes every hour.

As I was doing this, I noticed you could get an ugly situation where the
docs site was in dark mode, tldraw was in dark mode, but the little bit
of examples chrome was in light mode. To fix this I through together an
extremely rough dark mode for the examples which switches on whenever
the tldraw instance inside is in dark mode.

### Change type

- [x] `other`

---------

Co-authored-by: David Sheldrick <d.j.sheldrick@gmail.com>
2024-07-12 10:36:31 +00:00
Mime Čuvalo
69a1c17b46
sdk: wires up tldraw to have licensing mechanisms (#4021)
For non-commercial usage of tldraw, this adds a watermark in the corner,
both for branding purposes and as an incentive for our enterprise
customers to purchase a license.

For commercial usage of tldraw, you add a license to the `<Tldraw
licenseKey={YOUR_LICENSE_KEY} />` component so that the watermark
doesn't show.

The license is a signed key that has various bits of information in it,
such as:
- license type
- hosts that the license is valid for
- whether it's an internal-only license
- expiry date

We check the license on load and show a watermark (or throw an error if
internal-only) if the license is not valid in a production environment.

This is a @MitjaBezensek, @Taha-Hassan-Git, @mimecuvalo joint
production! 🤜 🤛

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [x] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [x] `feature` — New feature
- [ ] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


### Test Plan

1. We will be dogfooding on staging.tldraw.com and tldraw.com itself
before releasing this.

### Release Notes

- SDK: wires up tldraw to have licensing mechanisms.

---------

Co-authored-by: Mitja Bezenšek <mitja.bezensek@gmail.com>
Co-authored-by: Taha <98838967+Taha-Hassan-Git@users.noreply.github.com>
Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-07-11 11:49:18 +00:00
alex
ce493dcfaf
[4/5] sync -> sync-core, sync-react -> sync (#4123)
Renames `@tldraw/sync` to `@tldraw/sync-core`, and `@tldraw/sync-react`
to `@tldraw/sync`. This also adds an export * from sync-core to sync.

- [x] `other`
2024-07-10 16:09:10 +00:00
alex
cbac3ad3d0
introduce images.tldraw.xyz image optimisation worker (#4069)
Fixes asset loading/processing on staging/previews by introducing a new
image processing worker. This worker acts as a proxy for our various
image hosts and resizes/optimizes/caches images on the fly. Like the old
bookmark worker, this one is deployed in an ad-hoc fashion as it works
across environments and we're not likely to change it often.

### Change type

- [x] `other`
2024-07-08 16:25:53 +00:00
David Sheldrick
c1fe8ec99a
put sync stuff in bemo worker (#4060)
this PR puts sync stuff in the bemo worker, and sets up a temporary
dev-only page in dotcom for testing bemo stuff


### Change type

- [ ] `bugfix`
- [ ] `improvement`
- [x] `feature`
- [ ] `api`
- [ ] `other`

### Test plan

1. Create a shape...
2.

- [ ] Unit tests
- [ ] End to end tests

### Release notes

- Fixed a bug with...
2024-07-03 14:10:54 +00:00
alex
8906bd8ffa
Demo server bookmark unfurl endpoint (#4062)
This adds the HTMLRewriter-based bookmark unfurler to the demo server.
It moves the unfurler into worker-shared, and adds some better shared
error handling across our workers.

I removed the fallback bookmark fetcher where we try and fetch websites
locally. This will almost never work, as it requires sites to set public
CORS.

### Change type
- [x] `other`
2024-07-03 10:48:34 +00:00
alex
dcfc6da604
Demo assets server (#4055)
Adds an assets server to the demo worker, and reworks the existing asset
server to use the same code. There are a few simplifications to the code
due to some DX improvements working with R2 and caches. I also removed
the `HEAD` request from the assets server: i took a look at our logs and
it's not actually used at all.

This also fixes an issue where users could overwrite the contents of the
asset uploads bucket.

### Change type

- [x] `other`
2024-07-02 13:08:50 +00:00
David Sheldrick
adb84d97e3
worker fixes (#4059)
Describe what your pull request does. If you can, add GIFs or images
showing the before and after of your change.

### Change type

- [x] `bugfix`
- [ ] `improvement`
- [ ] `feature`
- [ ] `api`
- [ ] `other`

### Test plan

1. Create a shape...
2.

- [ ] Unit tests
- [ ] End to end tests

### Release notes

- Fixed a bug with...

---------

Co-authored-by: alex <alex@dytry.ch>
2024-07-02 10:53:27 +00:00
alex
031547749f
add workers-shared package and source-maps for dotcom-worker sentry reports (#4052)
Share the new sentry stuff that plays nice with releases/sourcemaps with
dotcom-worker using a new `worker-shared` package.
2024-07-02 09:10:20 +00:00
David Sheldrick
ee6aa172b2
Unfurl bookmarks in worker (#4039)
This PR adds a `GET /api/unfurl?url=blahblah` endpoint to our worker.

I tried out the existing cheerio implementation but it added 300kb to
our worker bundle in the end, due to transitive dependencies.

So I implemented the same logic with cloudflare's sanctioned streaming
HTML parser `HTMLRewriter` and it seems to work fine.

I also made the vscode extension do its fetching locally (from the node
process so it's not bound by security policies), retaining the cheerio
version for that. At the same time I fixed a bug in the RPC layer that
was preventing unfurled metadata from loading correctly.

In a few months we can retire the bookmark-extractor app by just
deleting it in the vercel dashboard.

### Change Type


<!--  Please select a 'Type' label ️ -->

- [ ] `feature` — New feature
- [x] `improvement` — Product improvement
- [ ] `api` — API change
- [ ] `bugfix` — Bug fix
- [ ] `other` — Changes that don't affect SDK users, e.g. internal or
.com changes


### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Do link unfurling on the same subdomain as all our other api
endpoints.
2024-07-01 14:40:03 +00:00
alex
57fb7a0650
Initial bemo worker setup (#4017)
Sets up preview deploys etc. for bemo worker.

There's enough going on here that I wanted to make it its own PR. I'll
rework david's spike on top of it once it's landed.

### Change Type

- [x] `internal` — Does not affect user-facing stuff
- [x] `chore` — Updating dependencies, other boring stuff

---------

Co-authored-by: David Sheldrick <d.j.sheldrick@gmail.com>
2024-07-01 11:35:23 +00:00
David Sheldrick
ca5e268798
check worker bundle sizes (#4032)
This PR aims to make sure #4030 doesn't need to happen again. We check
that the worker file sizes stay within a given limit, and require people
to explicitly up this limit if they decide to add new deps that grow the
bundle size significantly.

### Change Type

<!--  Please select a 'Type' label ️ -->

- [ ] `feature` — New feature
- [ ] `improvement` — Product improvement
- [ ] `api` — API change
- [ ] `bugfix` — Bug fix
- [x] `other` — Changes that don't affect SDK users, e.g. internal or
.com changes


### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-06-27 13:48:17 +00:00
David Sheldrick
4a3d9d407d
[bemo bae] Spike on tlsync public API improvement (#4002)
This PR replaces the extendable TLServer class with an instantiatable
wrapper for the TLSyncRoom called TLSocketRoom.

The goal is to provide an API where you pretty much just

1. create a room from some (optional) snapshot
2. pass websockets into it when they connect

And then lifecycle stuff and persistence stuff is left to the consumer,
since that all seems to be much more context dependent.

One thing remaining here is to work on observability. We had a slightly
messy situation regarding logging and error handling and analytics and I
want to clean that all up.

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [x] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [ ] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [x] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


### Test Plan

1. Add a step-by-step description of how to test your PR here.
4.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-06-26 14:07:36 +00:00
dependabot[bot]
d75df039bd
build(deps): bump ws from 8.16.0 to 8.17.1 in the npm_and_yarn group across 1 directory (#3984)
Bumps the npm_and_yarn group with 1 update in the / directory:
[ws](https://github.com/websockets/ws).

Updates `ws` from 8.16.0 to 8.17.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/websockets/ws/releases">ws's
releases</a>.</em></p>
<blockquote>
<h2>8.17.1</h2>
<h1>Bug fixes</h1>
<ul>
<li>Fixed a DoS vulnerability (<a
href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>).</li>
</ul>
<p>A request with a number of headers exceeding
the[<code>server.maxHeadersCount</code>][]
threshold could be used to crash a ws server.</p>
<pre lang="js"><code>const http = require('http');
const WebSocket = require('ws');
<p>const wss = new WebSocket.Server({ port: 0 }, function () {
const chars =
&quot;!#$%&amp;'*+-.0123456789abcdefghijklmnopqrstuvwxyz^_`|~&quot;.split('');
const headers = {};
let count = 0;</p>
<p>for (let i = 0; i &lt; chars.length; i++) {
if (count === 2000) break;</p>
<pre><code>for (let j = 0; j &amp;lt; chars.length; j++) {
  const key = chars[i] + chars[j];
  headers[key] = 'x';

  if (++count === 2000) break;
}
</code></pre>
<p>}</p>
<p>headers.Connection = 'Upgrade';
headers.Upgrade = 'websocket';
headers['Sec-WebSocket-Key'] = 'dGhlIHNhbXBsZSBub25jZQ==';
headers['Sec-WebSocket-Version'] = '13';</p>
<p>const request = http.request({
headers: headers,
host: '127.0.0.1',
port: wss.address().port
});</p>
<p>request.end();
});
</code></pre></p>
<p>The vulnerability was reported by <a
href="https://github.com/rrlapointe">Ryan LaPointe</a> in <a
href="https://redirect.github.com/websockets/ws/issues/2230">websockets/ws#2230</a>.</p>
<p>In vulnerable versions of ws, the issue can be mitigated in the
following ways:</p>
<ol>
<li>Reduce the maximum allowed length of the request headers using the
[<code>--max-http-header-size=size</code>][] and/or the
[<code>maxHeaderSize</code>][] options so
that no more headers than the <code>server.maxHeadersCount</code> limit
can be sent.</li>
</ol>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3c56601092"><code>3c56601</code></a>
[dist] 8.17.1</li>
<li><a
href="e55e5106f1"><code>e55e510</code></a>
[security] Fix crash when the Upgrade header cannot be read (<a
href="https://redirect.github.com/websockets/ws/issues/2231">#2231</a>)</li>
<li><a
href="6a00029edd"><code>6a00029</code></a>
[test] Increase code coverage</li>
<li><a
href="ddfe4a804d"><code>ddfe4a8</code></a>
[perf] Reduce the amount of <code>crypto.randomFillSync()</code>
calls</li>
<li><a
href="b73b11828d"><code>b73b118</code></a>
[dist] 8.17.0</li>
<li><a
href="29694a5905"><code>29694a5</code></a>
[test] Use the <code>highWaterMark</code> variable</li>
<li><a
href="934c9d6b93"><code>934c9d6</code></a>
[ci] Test on node 22</li>
<li><a
href="1817bac06e"><code>1817bac</code></a>
[ci] Do not test on node 21</li>
<li><a
href="96c9b3dedd"><code>96c9b3d</code></a>
[major] Flip the default value of <code>allowSynchronousEvents</code>
(<a
href="https://redirect.github.com/websockets/ws/issues/2221">#2221</a>)</li>
<li><a
href="e5f32c7e1e"><code>e5f32c7</code></a>
[fix] Emit at most one event per event loop iteration (<a
href="https://redirect.github.com/websockets/ws/issues/2218">#2218</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/websockets/ws/compare/8.16.0...8.17.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ws&package-manager=npm_and_yarn&previous-version=8.16.0&new-version=8.17.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-20 13:05:55 +00:00
Mitja Bezenšek
1bcc16d15a
Move from unpkg to our own cdn. (#3923)
Switches from unpkg to our own cdn files.

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [x] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [x] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know

### Release Notes

- Start using our own cdn instead of unpkg.
2024-06-17 13:13:46 +00:00
Mime Čuvalo
735161c4a8
assets: store in indexedDB, not as base64 (#3836)
this is take #2 of this PR https://github.com/tldraw/tldraw/pull/3745

As I look at LOD holistically and whether we have multiple sources when
working locally, I learned that our system used base64 encoding of
assets directly. Issue https://github.com/tldraw/tldraw/issues/3728

<img width="1350" alt="assetstore"
src="https://github.com/tldraw/tldraw/assets/469604/e7b41e29-6656-4d9b-b462-72d43b98f3f7">


The motivations and benefits are:
- store size: not having a huge base64 blobs injected in room data
- perf on loading snapshot: this helps with loading the room data more
quickly
- multiple sources: furthermore, if we do decide to have multiple
sources locally (for each asset), then we won't get a multiplicative
effect of even larger JSON blobs that have lots of base64 data in them
- encoding/decoding perf: this also saves the (slow) step of having to
base64 encode/decode our assets, we can just strictly with work with
blobs.


Todo:
- [x] decodes video and images
- [x] make sure it syncs to other tabs
- [x] make sure it syncs to other multiplayer room
- [x] fix tests


### Change Type

<!--  Please select a 'Scope' label ️ -->

- [x] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [x] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


### Test Plan

1. Test the shit out of uploading/downloading video/image assets,
locally+multiplayer.

- [ ] Need to fix current tests and write new ones

### Release Notes

- Assets: store as reference to blob in indexedDB instead of storing
directly as base64 in the snapshot.
2024-06-14 10:23:52 +00:00
Mime Čuvalo
3adae06d9c
security: enforce use of our fetch function and its default referrerpolicy (#3884)
followup to https://github.com/tldraw/tldraw/pull/3881 to enforce this
in the codebase

Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [x] `sdk` — Changes the tldraw SDK
- [x] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [x] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know
2024-06-11 13:59:25 +00:00
dependabot[bot]
5de0229626
Bump the npm_and_yarn group across 3 directories with 4 updates (#3920)
Bumps the npm_and_yarn group with 2 updates in the / directory:
[tar](https://github.com/isaacs/node-tar) and
[braces](https://github.com/micromatch/braces).
Bumps the npm_and_yarn group with 1 update in the /templates/nextjs
directory: [braces](https://github.com/micromatch/braces).
Bumps the npm_and_yarn group with 3 updates in the /templates/vite
directory: [semver](https://github.com/npm/node-semver),
[braces](https://github.com/micromatch/braces) and
[debug](https://github.com/debug-js/debug).

Updates `tar` from 7.1.0 to 7.2.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>7.2</h2>
<ul>
<li>DRY the command definitions into a single <code>makeCommand</code>
method,
and update the type signatures to more appropriately infer the
return type from the options and arguments provided.</li>
</ul>
<h2>7.1</h2>
<ul>
<li>Update minipass to v7.1.0</li>
<li>Update the type definitions of <code>write()</code> and
<code>end()</code> methods on
<code>Unpack</code> and <code>Parser</code> classes to be compatible
with the
NodeJS.WritableStream type in the latest versions of
<code>@types/node</code>.</li>
</ul>
<h2>7.0</h2>
<ul>
<li>Rewrite in TypeScript, provide ESM and CommonJS hybrid
interface</li>
<li>Add tree-shake friendly exports, like
<code>import('tar/create')</code>
and <code>import('tar/read-entry')</code> to get individual functions or
classes.</li>
<li>Add <code>chmod</code> option that defaults to false, and deprecate
<code>noChmod</code>. That is, reverse the default option regarding
explicitly setting file system modes to match tar entry
settings.</li>
<li>Add <code>processUmask</code> option to avoid having to call
<code>process.umask()</code> when <code>chmod: true</code> (or
<code>noChmod: false</code>) is
set.</li>
</ul>
<h2>6.2</h2>
<ul>
<li>Add support for brotli compression</li>
<li>Add <code>maxDepth</code> option to prevent extraction into
excessively
deep folders.</li>
</ul>
<h2>6.1</h2>
<ul>
<li>remove dead link to benchmarks (<a
href="https://redirect.github.com/isaacs/node-tar/issues/313">#313</a>)
(<a href="https://github.com/yetzt"><code>@​yetzt</code></a>)</li>
<li>add examples/explanation of using tar.t (<a
href="https://github.com/isaacs"><code>@​isaacs</code></a>)</li>
<li>ensure close event is emited after stream has ended (<a
href="https://github.com/webark"><code>@​webark</code></a>)</li>
<li>replace deprecated String.prototype.substr() (<a
href="https://github.com/CommanderRoot"><code>@​CommanderRoot</code></a>,
<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h2>6.0</h2>
<ul>
<li>Drop support for node 6 and 8</li>
<li>fix symlinks and hardlinks on windows being packed with
<code>\</code>-style path targets</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ed17f588f2"><code>ed17f58</code></a>
7.2.0</li>
<li><a
href="83e97f62d8"><code>83e97f6</code></a>
changelog 7.2</li>
<li><a
href="3062616846"><code>3062616</code></a>
DRY all commands, correct overload signature types</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.1.0...v7.2.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `braces` from 3.0.2 to 3.0.3
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74b2db2938"><code>74b2db2</code></a>
3.0.3</li>
<li><a
href="88f1429a0f"><code>88f1429</code></a>
update eslint. lint, fix unit tests.</li>
<li><a
href="415d660c30"><code>415d660</code></a>
Snyk js braces 6838727 (<a
href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li>
<li><a
href="190510f79d"><code>190510f</code></a>
fix tests, skip 1 test in test/braces.expand</li>
<li><a
href="716eb9f12d"><code>716eb9f</code></a>
readme bump</li>
<li><a
href="a5851e57f4"><code>a5851e5</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/braces/issues/37">#37</a>
from coderaiser/fix/vulnerability</li>
<li><a
href="2092bd1fb1"><code>2092bd1</code></a>
feature: braces: add maxSymbols (<a
href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li>
<li><a
href="9f5b4cf473"><code>9f5b4cf</code></a>
fix: vulnerability (<a
href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li>
<li><a
href="98414f9f1f"><code>98414f9</code></a>
remove funding file</li>
<li><a
href="665ab5d561"><code>665ab5d</code></a>
update keepEscaping doc (<a
href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `braces` from 3.0.2 to 3.0.3
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74b2db2938"><code>74b2db2</code></a>
3.0.3</li>
<li><a
href="88f1429a0f"><code>88f1429</code></a>
update eslint. lint, fix unit tests.</li>
<li><a
href="415d660c30"><code>415d660</code></a>
Snyk js braces 6838727 (<a
href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li>
<li><a
href="190510f79d"><code>190510f</code></a>
fix tests, skip 1 test in test/braces.expand</li>
<li><a
href="716eb9f12d"><code>716eb9f</code></a>
readme bump</li>
<li><a
href="a5851e57f4"><code>a5851e5</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/braces/issues/37">#37</a>
from coderaiser/fix/vulnerability</li>
<li><a
href="2092bd1fb1"><code>2092bd1</code></a>
feature: braces: add maxSymbols (<a
href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li>
<li><a
href="9f5b4cf473"><code>9f5b4cf</code></a>
fix: vulnerability (<a
href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li>
<li><a
href="98414f9f1f"><code>98414f9</code></a>
remove funding file</li>
<li><a
href="665ab5d561"><code>665ab5d</code></a>
update keepEscaping doc (<a
href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `semver` from 7.6.1 to 7.6.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>v7.6.2</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2">7.6.2</a>
(2024-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="6466ba9b54"><code>6466ba9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/713">#713</a>
lru: use map.delete() directly (<a
href="https://redirect.github.com/npm/node-semver/issues/713">#713</a>)
(<a href="https://github.com/negezor"><code>@​negezor</code></a>, <a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md">semver's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2">7.6.2</a>
(2024-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="6466ba9b54"><code>6466ba9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/713">#713</a>
lru: use map.delete() directly (<a
href="https://redirect.github.com/npm/node-semver/issues/713">#713</a>)
(<a href="https://github.com/negezor"><code>@​negezor</code></a>, <a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eb1380b1ec"><code>eb1380b</code></a>
chore: release 7.6.2 (<a
href="https://redirect.github.com/npm/node-semver/issues/714">#714</a>)</li>
<li><a
href="6466ba9b54"><code>6466ba9</code></a>
fix(lru): use map.delete() directly (<a
href="https://redirect.github.com/npm/node-semver/issues/713">#713</a>)</li>
<li>See full diff in <a
href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `braces` from 3.0.2 to 3.0.3
<details>
<summary>Commits</summary>
<ul>
<li><a
href="74b2db2938"><code>74b2db2</code></a>
3.0.3</li>
<li><a
href="88f1429a0f"><code>88f1429</code></a>
update eslint. lint, fix unit tests.</li>
<li><a
href="415d660c30"><code>415d660</code></a>
Snyk js braces 6838727 (<a
href="https://redirect.github.com/micromatch/braces/issues/40">#40</a>)</li>
<li><a
href="190510f79d"><code>190510f</code></a>
fix tests, skip 1 test in test/braces.expand</li>
<li><a
href="716eb9f12d"><code>716eb9f</code></a>
readme bump</li>
<li><a
href="a5851e57f4"><code>a5851e5</code></a>
Merge pull request <a
href="https://redirect.github.com/micromatch/braces/issues/37">#37</a>
from coderaiser/fix/vulnerability</li>
<li><a
href="2092bd1fb1"><code>2092bd1</code></a>
feature: braces: add maxSymbols (<a
href="https://github.com/micromatch/braces/issues/">https://github.com/micromatch/braces/issues/</a>...</li>
<li><a
href="9f5b4cf473"><code>9f5b4cf</code></a>
fix: vulnerability (<a
href="https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727">https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727</a>)</li>
<li><a
href="98414f9f1f"><code>98414f9</code></a>
remove funding file</li>
<li><a
href="665ab5d561"><code>665ab5d</code></a>
update keepEscaping doc (<a
href="https://redirect.github.com/micromatch/braces/issues/27">#27</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/micromatch/braces/compare/3.0.2...3.0.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `debug` from 4.3.4 to 4.3.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/debug-js/debug/releases">debug's
releases</a>.</em></p>
<blockquote>
<h2>4.3.5</h2>
<h1>Patch</h1>
<ul>
<li>cac39b1c5b018b0fe93a53a05f084eee543d17f5 Fix/debug depth (<a
href="https://redirect.github.com/debug-js/debug/issues/926">#926</a>)</li>
</ul>
<p>Thank you <a
href="https://github.com/calvintwr"><code>@​calvintwr</code></a> for the
fix.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5464bdddbc"><code>5464bdd</code></a>
4.3.5</li>
<li><a
href="f244ada2e9"><code>f244ada</code></a>
update authorship contact info</li>
<li><a
href="cac39b1c5b"><code>cac39b1</code></a>
Fix/debug depth (<a
href="https://redirect.github.com/debug-js/debug/issues/926">#926</a>)</li>
<li><a
href="f66cb2d9f7"><code>f66cb2d</code></a>
remove .github folder (and the outdated issue templates)</li>
<li><a
href="d1616622e4"><code>d161662</code></a>
Update ISSUE_TEMPLATE.md</li>
<li><a
href="12c1ad04db"><code>12c1ad0</code></a>
Update ISSUE_TEMPLATE.md</li>
<li>See full diff in <a
href="https://github.com/debug-js/debug/compare/4.3.4...4.3.5">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-11 13:33:44 +00:00
Mime Čuvalo
ccb6b918c5
bookmark: fix up double request and rework extractor (#3856)
This code has started to bitrot a bit and this freshens it up a bit.
- there's a double request happening for every bookmark paste at the
moment, yikes! One request originates from the paste logic, and the
other originates from the `onBeforeCreate` in `BookmarkShapeUtil`. They
both see that an asset is missing and race to make the request at the
same time. It _seems_ like we don't need the `onBeforeCreate` anymore.
But, if I'm mistaken on some edge case here lemme know and we can
address this in a different way.
- the extractor is really crusty (the grabity code is from 5 yrs ago and
hasn't been updated) and we don't have control over it. i've worked on
unfurling stuff before with Paper and my other projects and this reworks
things to use Cheerio, which is a more robust library.
- this adds `favicon` to the response request which should usually
default to the apple-touch-icon. this helps with some better bookmark
displays (e.g. like Wikipedia if an image is empty)

In general, this'll start to make this more maintainable and improvable
on our end.

Double request:
<img width="1496" alt="Screenshot 2024-05-31 at 17 54 49"
src="https://github.com/tldraw/tldraw/assets/469604/22033170-caaa-4fd2-854f-f19b61611978">

Before:
<img width="355" alt="Screenshot 2024-05-31 at 17 55 02"
src="https://github.com/tldraw/tldraw/assets/469604/fd272669-ee52-4cc7-bed7-72a8ed8d53a0">

After:
<img width="351" alt="Screenshot 2024-05-31 at 17 55 44"
src="https://github.com/tldraw/tldraw/assets/469604/87d27342-0d49-4cfc-a811-356370562d19">


### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [x] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [x] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [x] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


### Test Plan

1. Test pasting links in, and pasting again.

### Release Notes

- Bookmarks: fix up double request and rework extractor code.

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-06-10 10:50:49 +00:00
CodeTorso
38c573aacc
Add editor notes to the docs (#3832)
People just don't know that they need to put the components using
useEditor inside the <tldraw> component as a children

Either it is defined somewhere else or not defined at all, so it will
really help those.

Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [X] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [X] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


### Test Plan [No need]

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes [No need]

- Add a brief release note for your PR here.

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-06-04 12:01:10 +00:00
alex
2b2778b4f9
Fix markdown list rendering on docs site (#3813)
We write our API docs in markdown embedded in tsdocs comments. vscode's
hover preview of these docs renders them as expected, but api-extract
treats whitespace as insignificant and strips out most newlines, which
breaks markdown lists. See https://github.com/microsoft/tsdoc/issues/178
for details.

This PR patches tsdoc's emitter so that it preserves newlines. That way,
we can write markdown lists and have them picked up as expected by the
docs site markdown parser. I don't expect this to introduce other issues
with previously ignored line breaks and markdown is only sensitive to
linebreaks in certain scenarios (like lists) anyway.

(Extracted from bindings docs - #3812)

Before:
<img width="740" alt="Screenshot 2024-05-22 at 15 00 43"
src="https://github.com/tldraw/tldraw/assets/1489520/846f88b1-9480-48a6-9795-6a9f27ca242a">

After:
<img width="708" alt="Screenshot 2024-05-22 at 14 51 28"
src="https://github.com/tldraw/tldraw/assets/1489520/80c54b8e-4f74-45e7-9cba-0287175e9f97">


### Change Type

- [x] `docs` — Changes to the documentation, examples, or templates.
- [x] `bugfix` — Bug fix
2024-05-23 13:00:22 +00:00
Mime Čuvalo
9ffd7f15ee
google meet: add hardware whiteboard integration (#3765)
pushing out my changes but this is a draft. we need to do look into this
more:
- [ ] we might need to reach out to Google support and request to be put
on their "start a whiteboard" whitelist/partner list? it's actually
pretty unclear how to get on that list. I don't see any permissions/API
scopes that is meant to enable that 🤔
- [ ] but maybe this is something that you @steveruizok as Google
Workspace admin see on your end? let's look together when you get back.

I initially tried doing a bundle (using esbuild (and i tried
parcel/rollup too)) but it didn't feel like the right path, and also it
didn't work when loading it in the Apps Scripts.
So then I went the route of just doing an iframe and I think that feels
much better. This means though that we do want our iframe protector to
let through this usecase. But also, we could maybe just redirect always
to a new room? I'm not sure yet.

The build script helps either build the prod or staging version
depending on what you want.

Once we do find that the staging version works, then we'll go through
the process of:
- [x] applied for https://developers.google.com/workspace/preview
(already did this to get access to new Google Meet APIs just in case)
- [x] added to google analytics (already done)
- [ ] turn off testing mode for oauth and submit for review
- [ ] continue publishing process to Create a store listing for our prod
app: https://developers.google.com/workspace/marketplace/how-to-publish

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [x] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [x] `feature` — New feature
- [ ] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


### Release Notes

- Google Meet: add hardware whiteboard integration
2024-05-20 14:52:05 +00:00
dependabot[bot]
3dcd2a851c
Bump the npm_and_yarn group across 2 directories with 4 updates (#3731)
Bumps the npm_and_yarn group with 3 updates in the / directory:
[next](https://github.com/vercel/next.js),
[semver](https://github.com/npm/node-semver) and
[zod](https://github.com/colinhacks/zod).
Bumps the npm_and_yarn group with 1 update in the /templates/nextjs
directory: [next](https://github.com/vercel/next.js).

Updates `next` from 14.1.3 to 14.2.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v14.2.3</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Fix: resolve mixed re-exports module as cjs (<a
href="https://redirect.github.com/vercel/next.js/issues/64681">#64681</a>)</li>
<li>fix: mixing namespace import and named import client components (<a
href="https://redirect.github.com/vercel/next.js/issues/64809">#64809</a>)</li>
<li>Fix mixed exports in server component with barrel optimization (<a
href="https://redirect.github.com/vercel/next.js/issues/64894">#64894</a>)</li>
<li>Fix next/image usage in mdx(<a
href="https://redirect.github.com/vercel/next.js/issues/64875">#64875</a>)</li>
<li>fix(fetch-cache): fix additional typo, add type &amp; data
validation (<a
href="https://redirect.github.com/vercel/next.js/issues/64799">#64799</a>)</li>
<li>prevent erroneous route interception during lazy fetch (<a
href="https://redirect.github.com/vercel/next.js/issues/64692">#64692</a>)</li>
<li>fix root page revalidation when redirecting in a server action (<a
href="https://redirect.github.com/vercel/next.js/issues/64730">#64730</a>)</li>
<li>fix: remove traceparent from cachekey should not remove traceparent
from original object (<a
href="https://redirect.github.com/vercel/next.js/issues/64727">#64727</a>)</li>
<li>Clean-up fetch metrics tracking (<a
href="https://redirect.github.com/vercel/next.js/issues/64746">#64746</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/huozhi"><code>@​huozhi</code></a>, <a
href="https://github.com/samcx"><code>@​samcx</code></a>, <a
href="https://github.com/ztanner"><code>@​ztanner</code></a>, <a
href="https://github.com/Jeffrey-Zutt"><code>@​Jeffrey-Zutt</code></a>,
and <a href="https://github.com/ijjk"><code>@​ijjk</code></a> for
helping!</p>
<h2>v14.2.2</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Fix Server Action error logs for unhandled POST requests (<a
href="https://redirect.github.com/vercel/next.js/issues/64315">#64315</a>)</li>
<li>Improve rendering performance (<a
href="https://redirect.github.com/vercel/next.js/issues/64408">#64408</a>)</li>
<li>Fix the method prop case in Server Actions transform (<a
href="https://redirect.github.com/vercel/next.js/issues/64398">#64398</a>)</li>
<li>fix(next-lint): update option --report-unused-disable-directives to
--report-unused-disable-directives-severity (<a
href="https://redirect.github.com/vercel/next.js/issues/64405">#64405</a>)</li>
<li>tweak test for Azure (<a
href="https://redirect.github.com/vercel/next.js/issues/64424">#64424</a>)</li>
<li>router restore should take priority over pending actions (<a
href="https://redirect.github.com/vercel/next.js/issues/64449">#64449</a>)</li>
<li>Fix client boundary inheritance for barrel optimization (<a
href="https://redirect.github.com/vercel/next.js/issues/64467">#64467</a>)</li>
<li>improve turborepo caching (<a
href="https://redirect.github.com/vercel/next.js/issues/64493">#64493</a>)</li>
<li>feat: strip traceparent header from cachekey (<a
href="https://redirect.github.com/vercel/next.js/issues/64499">#64499</a>)</li>
<li>Fix more Turbopack build tests</li>
<li>Update lockfile for compatibility with turbo (<a
href="https://redirect.github.com/vercel/next.js/issues/64360">#64360</a>)</li>
<li>Fix typo in dynamic-rendering.ts (<a
href="https://redirect.github.com/vercel/next.js/issues/64365">#64365</a>)</li>
<li>Fix DynamicServerError not being thrown in fetch (<a
href="https://redirect.github.com/vercel/next.js/issues/64511">#64511</a>)</li>
<li>fix(next): Metadata.openGraph values not resolving basic values when
type is set (<a
href="https://redirect.github.com/vercel/next.js/issues/63620">#63620</a>)</li>
<li>disable production chunking in dev (<a
href="https://redirect.github.com/vercel/next.js/issues/64488">#64488</a>)</li>
<li>Fix cjs client components tree-shaking (<a
href="https://redirect.github.com/vercel/next.js/issues/64558">#64558</a>)</li>
<li>fix refresh behavior for discarded actions (<a
href="https://redirect.github.com/vercel/next.js/issues/64532">#64532</a>)</li>
<li>fix: filter out middleware requests in logging (<a
href="https://redirect.github.com/vercel/next.js/issues/64549">#64549</a>)</li>
<li>Turbopack: Allow client components to be imported in app routes (<a
href="https://redirect.github.com/vercel/next.js/issues/64520">#64520</a>)</li>
<li>Fix ASL bundling for dynamic css (<a
href="https://redirect.github.com/vercel/next.js/issues/64451">#64451</a>)</li>
<li>add pathname normalizer for actions (<a
href="https://redirect.github.com/vercel/next.js/issues/64592">#64592</a>)</li>
<li>fix incorrect refresh request when basePath is set (<a
href="https://redirect.github.com/vercel/next.js/issues/64589">#64589</a>)</li>
<li>test: skip turbopack build test (<a
href="https://redirect.github.com/vercel/next.js/issues/64356">#64356</a>)</li>
<li>hotfix(turbopack): Update with patch for postcss.config.js path
resolution on Windows (<a
href="https://redirect.github.com/vercel/next.js/issues/64677">#64677</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2e7a96a1e8"><code>2e7a96a</code></a>
v14.2.3</li>
<li><a
href="a230be4867"><code>a230be4</code></a>
Clean-up fetch metrics tracking (<a
href="https://redirect.github.com/vercel/next.js/issues/64746">#64746</a>)</li>
<li><a
href="73c2d634b1"><code>73c2d63</code></a>
fix: remove traceparent from cachekey should not remove traceparent from
orig...</li>
<li><a
href="dd44191118"><code>dd44191</code></a>
fix root page revalidation when redirecting in a server action (<a
href="https://redirect.github.com/vercel/next.js/issues/64730">#64730</a>)</li>
<li><a
href="8b4c234740"><code>8b4c234</code></a>
prevent erroneous route interception during lazy fetch (<a
href="https://redirect.github.com/vercel/next.js/issues/64692">#64692</a>)</li>
<li><a
href="d6a7ca0e8d"><code>d6a7ca0</code></a>
fix(fetch-cache): fix additional typo, add type &amp; data validation
(<a
href="https://redirect.github.com/vercel/next.js/issues/64799">#64799</a>)</li>
<li><a
href="4a6b511ca0"><code>4a6b511</code></a>
Fix next/image usage in mdx (<a
href="https://redirect.github.com/vercel/next.js/issues/64875">#64875</a>)</li>
<li><a
href="04cc13c0a3"><code>04cc13c</code></a>
Fix mixed exports in server component with barrel optimization (<a
href="https://redirect.github.com/vercel/next.js/issues/64894">#64894</a>)</li>
<li><a
href="8d01d496fe"><code>8d01d49</code></a>
fix: mixing namespace import and named import client components (<a
href="https://redirect.github.com/vercel/next.js/issues/64809">#64809</a>)</li>
<li><a
href="de84e3ae70"><code>de84e3a</code></a>
Fix: resolve mixed re-exports module as cjs (<a
href="https://redirect.github.com/vercel/next.js/issues/64681">#64681</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.1.3...v14.2.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `semver` from 7.6.1 to 7.6.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>v7.6.2</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2">7.6.2</a>
(2024-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="6466ba9b54"><code>6466ba9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/713">#713</a>
lru: use map.delete() directly (<a
href="https://redirect.github.com/npm/node-semver/issues/713">#713</a>)
(<a href="https://github.com/negezor"><code>@​negezor</code></a>, <a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md">semver's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2">7.6.2</a>
(2024-05-09)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="6466ba9b54"><code>6466ba9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/713">#713</a>
lru: use map.delete() directly (<a
href="https://redirect.github.com/npm/node-semver/issues/713">#713</a>)
(<a href="https://github.com/negezor"><code>@​negezor</code></a>, <a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="eb1380b1ec"><code>eb1380b</code></a>
chore: release 7.6.2 (<a
href="https://redirect.github.com/npm/node-semver/issues/714">#714</a>)</li>
<li><a
href="6466ba9b54"><code>6466ba9</code></a>
fix(lru): use map.delete() directly (<a
href="https://redirect.github.com/npm/node-semver/issues/713">#713</a>)</li>
<li>See full diff in <a
href="https://github.com/npm/node-semver/compare/v7.6.1...v7.6.2">compare
view</a></li>
</ul>
</details>
<br />

Updates `zod` from 3.23.7 to 3.23.8
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/colinhacks/zod/releases">zod's
releases</a>.</em></p>
<blockquote>
<h2>v3.23.8</h2>
<h2>Commits:</h2>
<ul>
<li>0f4d403558ae0490c711e4c2bfcf6c200bd14e11 Add Bronze logos (<a
href="https://redirect.github.com/colinhacks/zod/issues/3470">#3470</a>)</li>
<li>19687315b5b24bbd1ff6c346bfc2975700221748 Tweak tiers (<a
href="https://redirect.github.com/colinhacks/zod/issues/3471">#3471</a>)</li>
<li>eda7df314399929f7ed737423868a5a0780cd944 Change RefinementCtx to
interface</li>
<li>ca42965df46b2f7e2747db29c40a26bcb32a51d5 v3.23.8</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ca42965df4"><code>ca42965</code></a>
v3.23.8</li>
<li><a
href="eda7df3143"><code>eda7df3</code></a>
Change RefinementCtx to interface</li>
<li><a
href="19687315b5"><code>1968731</code></a>
Tweak tiers (<a
href="https://redirect.github.com/colinhacks/zod/issues/3471">#3471</a>)</li>
<li><a
href="0f4d403558"><code>0f4d403</code></a>
Add Bronze logos (<a
href="https://redirect.github.com/colinhacks/zod/issues/3470">#3470</a>)</li>
<li>See full diff in <a
href="https://github.com/colinhacks/zod/compare/v3.23.7...v3.23.8">compare
view</a></li>
</ul>
</details>
<br />

Updates `next` from 13.5.0 to 14.1.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v14.2.3</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Fix: resolve mixed re-exports module as cjs (<a
href="https://redirect.github.com/vercel/next.js/issues/64681">#64681</a>)</li>
<li>fix: mixing namespace import and named import client components (<a
href="https://redirect.github.com/vercel/next.js/issues/64809">#64809</a>)</li>
<li>Fix mixed exports in server component with barrel optimization (<a
href="https://redirect.github.com/vercel/next.js/issues/64894">#64894</a>)</li>
<li>Fix next/image usage in mdx(<a
href="https://redirect.github.com/vercel/next.js/issues/64875">#64875</a>)</li>
<li>fix(fetch-cache): fix additional typo, add type &amp; data
validation (<a
href="https://redirect.github.com/vercel/next.js/issues/64799">#64799</a>)</li>
<li>prevent erroneous route interception during lazy fetch (<a
href="https://redirect.github.com/vercel/next.js/issues/64692">#64692</a>)</li>
<li>fix root page revalidation when redirecting in a server action (<a
href="https://redirect.github.com/vercel/next.js/issues/64730">#64730</a>)</li>
<li>fix: remove traceparent from cachekey should not remove traceparent
from original object (<a
href="https://redirect.github.com/vercel/next.js/issues/64727">#64727</a>)</li>
<li>Clean-up fetch metrics tracking (<a
href="https://redirect.github.com/vercel/next.js/issues/64746">#64746</a>)</li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/huozhi"><code>@​huozhi</code></a>, <a
href="https://github.com/samcx"><code>@​samcx</code></a>, <a
href="https://github.com/ztanner"><code>@​ztanner</code></a>, <a
href="https://github.com/Jeffrey-Zutt"><code>@​Jeffrey-Zutt</code></a>,
and <a href="https://github.com/ijjk"><code>@​ijjk</code></a> for
helping!</p>
<h2>v14.2.2</h2>
<blockquote>
<p>[!NOTE]<br />
This release is backporting bug fixes. It does <strong>not</strong>
include all pending features/changes on canary.</p>
</blockquote>
<h3>Core Changes</h3>
<ul>
<li>Fix Server Action error logs for unhandled POST requests (<a
href="https://redirect.github.com/vercel/next.js/issues/64315">#64315</a>)</li>
<li>Improve rendering performance (<a
href="https://redirect.github.com/vercel/next.js/issues/64408">#64408</a>)</li>
<li>Fix the method prop case in Server Actions transform (<a
href="https://redirect.github.com/vercel/next.js/issues/64398">#64398</a>)</li>
<li>fix(next-lint): update option --report-unused-disable-directives to
--report-unused-disable-directives-severity (<a
href="https://redirect.github.com/vercel/next.js/issues/64405">#64405</a>)</li>
<li>tweak test for Azure (<a
href="https://redirect.github.com/vercel/next.js/issues/64424">#64424</a>)</li>
<li>router restore should take priority over pending actions (<a
href="https://redirect.github.com/vercel/next.js/issues/64449">#64449</a>)</li>
<li>Fix client boundary inheritance for barrel optimization (<a
href="https://redirect.github.com/vercel/next.js/issues/64467">#64467</a>)</li>
<li>improve turborepo caching (<a
href="https://redirect.github.com/vercel/next.js/issues/64493">#64493</a>)</li>
<li>feat: strip traceparent header from cachekey (<a
href="https://redirect.github.com/vercel/next.js/issues/64499">#64499</a>)</li>
<li>Fix more Turbopack build tests</li>
<li>Update lockfile for compatibility with turbo (<a
href="https://redirect.github.com/vercel/next.js/issues/64360">#64360</a>)</li>
<li>Fix typo in dynamic-rendering.ts (<a
href="https://redirect.github.com/vercel/next.js/issues/64365">#64365</a>)</li>
<li>Fix DynamicServerError not being thrown in fetch (<a
href="https://redirect.github.com/vercel/next.js/issues/64511">#64511</a>)</li>
<li>fix(next): Metadata.openGraph values not resolving basic values when
type is set (<a
href="https://redirect.github.com/vercel/next.js/issues/63620">#63620</a>)</li>
<li>disable production chunking in dev (<a
href="https://redirect.github.com/vercel/next.js/issues/64488">#64488</a>)</li>
<li>Fix cjs client components tree-shaking (<a
href="https://redirect.github.com/vercel/next.js/issues/64558">#64558</a>)</li>
<li>fix refresh behavior for discarded actions (<a
href="https://redirect.github.com/vercel/next.js/issues/64532">#64532</a>)</li>
<li>fix: filter out middleware requests in logging (<a
href="https://redirect.github.com/vercel/next.js/issues/64549">#64549</a>)</li>
<li>Turbopack: Allow client components to be imported in app routes (<a
href="https://redirect.github.com/vercel/next.js/issues/64520">#64520</a>)</li>
<li>Fix ASL bundling for dynamic css (<a
href="https://redirect.github.com/vercel/next.js/issues/64451">#64451</a>)</li>
<li>add pathname normalizer for actions (<a
href="https://redirect.github.com/vercel/next.js/issues/64592">#64592</a>)</li>
<li>fix incorrect refresh request when basePath is set (<a
href="https://redirect.github.com/vercel/next.js/issues/64589">#64589</a>)</li>
<li>test: skip turbopack build test (<a
href="https://redirect.github.com/vercel/next.js/issues/64356">#64356</a>)</li>
<li>hotfix(turbopack): Update with patch for postcss.config.js path
resolution on Windows (<a
href="https://redirect.github.com/vercel/next.js/issues/64677">#64677</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2e7a96a1e8"><code>2e7a96a</code></a>
v14.2.3</li>
<li><a
href="a230be4867"><code>a230be4</code></a>
Clean-up fetch metrics tracking (<a
href="https://redirect.github.com/vercel/next.js/issues/64746">#64746</a>)</li>
<li><a
href="73c2d634b1"><code>73c2d63</code></a>
fix: remove traceparent from cachekey should not remove traceparent from
orig...</li>
<li><a
href="dd44191118"><code>dd44191</code></a>
fix root page revalidation when redirecting in a server action (<a
href="https://redirect.github.com/vercel/next.js/issues/64730">#64730</a>)</li>
<li><a
href="8b4c234740"><code>8b4c234</code></a>
prevent erroneous route interception during lazy fetch (<a
href="https://redirect.github.com/vercel/next.js/issues/64692">#64692</a>)</li>
<li><a
href="d6a7ca0e8d"><code>d6a7ca0</code></a>
fix(fetch-cache): fix additional typo, add type &amp; data validation
(<a
href="https://redirect.github.com/vercel/next.js/issues/64799">#64799</a>)</li>
<li><a
href="4a6b511ca0"><code>4a6b511</code></a>
Fix next/image usage in mdx (<a
href="https://redirect.github.com/vercel/next.js/issues/64875">#64875</a>)</li>
<li><a
href="04cc13c0a3"><code>04cc13c</code></a>
Fix mixed exports in server component with barrel optimization (<a
href="https://redirect.github.com/vercel/next.js/issues/64894">#64894</a>)</li>
<li><a
href="8d01d496fe"><code>8d01d49</code></a>
fix: mixing namespace import and named import client components (<a
href="https://redirect.github.com/vercel/next.js/issues/64809">#64809</a>)</li>
<li><a
href="de84e3ae70"><code>de84e3a</code></a>
Fix: resolve mixed re-exports module as cjs (<a
href="https://redirect.github.com/vercel/next.js/issues/64681">#64681</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.1.3...v14.2.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `postcss` from 8.4.14 to 8.4.31
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.4.31</h2>
<ul>
<li>Fixed <code>\r</code> parsing to fix CVE-2023-44270.</li>
</ul>
<h2>8.4.30</h2>
<ul>
<li>Improved source map performance (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
</ul>
<h2>8.4.29</h2>
<ul>
<li>Fixed <code>Node#source.offset</code> (by <a
href="https://github.com/idoros"><code>@​idoros</code></a>).</li>
<li>Fixed docs (by <a
href="https://github.com/coliff"><code>@​coliff</code></a>).</li>
</ul>
<h2>8.4.28</h2>
<ul>
<li>Fixed <code>Root.source.end</code> for better source map (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
<li>Fixed <code>Result.root</code> types when <code>process()</code> has
no parser.</li>
</ul>
<h2>8.4.27</h2>
<ul>
<li>Fixed <code>Container</code> clone methods types.</li>
</ul>
<h2>8.4.26</h2>
<ul>
<li>Fixed clone methods types.</li>
</ul>
<h2>8.4.25</h2>
<ul>
<li>Improve stringify performance (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
<li>Fixed docs (by <a
href="https://github.com/vikaskaliramna07"><code>@​vikaskaliramna07</code></a>).</li>
</ul>
<h2>8.4.24</h2>
<ul>
<li>Fixed <code>Plugin</code> types.</li>
</ul>
<h2>8.4.23</h2>
<ul>
<li>Fixed warnings in TypeDoc.</li>
</ul>
<h2>8.4.22</h2>
<ul>
<li>Fixed TypeScript support with <code>node16</code> (by <a
href="https://github.com/remcohaszing"><code>@​remcohaszing</code></a>).</li>
</ul>
<h2>8.4.21</h2>
<ul>
<li>Fixed <code>Input#error</code> types (by <a
href="https://github.com/hudochenkov"><code>@​hudochenkov</code></a>).</li>
</ul>
<h2>8.4.20</h2>
<ul>
<li>Fixed source map generation for childless at-rules like
<code>@layer</code>.</li>
</ul>
<h2>8.4.19</h2>
<ul>
<li>Fixed whitespace preserving after AST transformations (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
</ul>
<h2>8.4.18</h2>
<ul>
<li>Fixed an error on <code>absolute: true</code> with empty
<code>sourceContent</code> (by <a
href="https://github.com/KingSora"><code>@​KingSora</code></a>).</li>
</ul>
<h2>8.4.17</h2>
<ul>
<li>Fixed <code>Node.before()</code> unexpected behavior (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
<li>Added TOC to docs (by <a
href="https://github.com/muddv"><code>@​muddv</code></a>).</li>
</ul>
<h2>8.4.16</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.4.31</h2>
<ul>
<li>Fixed <code>\r</code> parsing to fix CVE-2023-44270.</li>
</ul>
<h2>8.4.30</h2>
<ul>
<li>Improved source map performance (by Romain Menke).</li>
</ul>
<h2>8.4.29</h2>
<ul>
<li>Fixed <code>Node#source.offset</code> (by Ido Rosenthal).</li>
<li>Fixed docs (by Christian Oliff).</li>
</ul>
<h2>8.4.28</h2>
<ul>
<li>Fixed <code>Root.source.end</code> for better source map (by Romain
Menke).</li>
<li>Fixed <code>Result.root</code> types when <code>process()</code> has
no parser.</li>
</ul>
<h2>8.4.27</h2>
<ul>
<li>Fixed <code>Container</code> clone methods types.</li>
</ul>
<h2>8.4.26</h2>
<ul>
<li>Fixed clone methods types.</li>
</ul>
<h2>8.4.25</h2>
<ul>
<li>Improve stringify performance (by Romain Menke).</li>
<li>Fixed docs (by <a
href="https://github.com/vikaskaliramna07"><code>@​vikaskaliramna07</code></a>).</li>
</ul>
<h2>8.4.24</h2>
<ul>
<li>Fixed <code>Plugin</code> types.</li>
</ul>
<h2>8.4.23</h2>
<ul>
<li>Fixed warnings in TypeDoc.</li>
</ul>
<h2>8.4.22</h2>
<ul>
<li>Fixed TypeScript support with <code>node16</code> (by Remco
Haszing).</li>
</ul>
<h2>8.4.21</h2>
<ul>
<li>Fixed <code>Input#error</code> types (by Aleks Hudochenkov).</li>
</ul>
<h2>8.4.20</h2>
<ul>
<li>Fixed source map generation for childless at-rules like
<code>@layer</code>.</li>
</ul>
<h2>8.4.19</h2>
<ul>
<li>Fixed whitespace preserving after AST transformations (by Romain
Menke).</li>
</ul>
<h2>8.4.18</h2>
<ul>
<li>Fixed an error on <code>absolute: true</code> with empty
<code>sourceContent</code> (by Rene Haas).</li>
</ul>
<h2>8.4.17</h2>
<ul>
<li>Fixed <code>Node.before()</code> unexpected behavior (by Romain
Menke).</li>
<li>Added TOC to docs (by Mikhail Dedov).</li>
</ul>
<h2>8.4.16</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="90208de880"><code>90208de</code></a>
Release 8.4.31 version</li>
<li><a
href="58cc860b4c"><code>58cc860</code></a>
Fix carrier return parsing</li>
<li><a
href="4fff8e4cdc"><code>4fff8e4</code></a>
Improve pnpm test output</li>
<li><a
href="cd43ed1232"><code>cd43ed1</code></a>
Update dependencies</li>
<li><a
href="caa916bdcb"><code>caa916b</code></a>
Update dependencies</li>
<li><a
href="8972f76923"><code>8972f76</code></a>
Typo</li>
<li><a
href="11a5286f78"><code>11a5286</code></a>
Typo</li>
<li><a
href="45c5501777"><code>45c5501</code></a>
Release 8.4.30 version</li>
<li><a
href="bc3c341f58"><code>bc3c341</code></a>
Update linter</li>
<li><a
href="b2be58a2eb"><code>b2be58a</code></a>
Merge pull request <a
href="https://redirect.github.com/postcss/postcss/issues/1881">#1881</a>
from romainmenke/improve-sourcemap-performance--phil...</li>
<li>Additional commits viewable in <a
href="https://github.com/postcss/postcss/compare/8.4.14...8.4.31">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mime Čuvalo <mimecuvalo@gmail.com>
2024-05-13 10:54:02 +00:00
dependabot[bot]
0a7816e34d
Bump the npm_and_yarn group across 2 directories with 4 updates (#3719)
Bumps the npm_and_yarn group with 3 updates in the / directory:
[pdfjs-dist](https://github.com/mozilla/pdfjs-dist),
[semver](https://github.com/npm/node-semver) and
[zod](https://github.com/colinhacks/zod).
Bumps the npm_and_yarn group with 2 updates in the /templates/vite
directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and
[semver](https://github.com/npm/node-semver).

Updates `pdfjs-dist` from 4.0.379 to 4.2.67
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/mozilla/pdfjs-dist/commits">compare
view</a></li>
</ul>
</details>
<br />

Updates `semver` from 7.6.0 to 7.6.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>v7.6.1</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1">7.6.1</a>
(2024-05-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="c570a348ff"><code>c570a34</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
linting: no-unused-vars (<a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
<li><a
href="ad8ff11dd2"><code>ad8ff11</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
use internal cache implementation (<a
href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
<li><a
href="ac9b35769a"><code>ac9b357</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/682">#682</a>
typo in compareBuild debug message (<a
href="https://redirect.github.com/npm/node-semver/issues/682">#682</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="988a8deb3e"><code>988a8de</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/709">#709</a>
uninstall <code>lru-cache</code> (<a
href="https://redirect.github.com/npm/node-semver/issues/709">#709</a>)</li>
<li><a
href="3fabe4dbfb"><code>3fabe4d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
remove lru-cache</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="dd09b60da1"><code>dd09b60</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/705">#705</a>
bump <code>@​npmcli/template-oss</code> to 4.22.0 (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="ec49cdcece"><code>ec49cdc</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/701">#701</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b236c3d2f3"><code>b236c3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/696">#696</a>
add benchmarks (<a
href="https://redirect.github.com/npm/node-semver/issues/696">#696</a>)
(<a href="https://github.com/H4ad"><code>@​H4ad</code></a>)</li>
<li><a
href="692451bd6f"><code>692451b</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/688">#688</a>
various improvements to README (<a
href="https://redirect.github.com/npm/node-semver/issues/688">#688</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
<li><a
href="5feeb7f4f6"><code>5feeb7f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/705">#705</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="074156f64f"><code>074156f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/701">#701</a>
bump <code>@​npmcli/template-oss</code> from 4.21.3 to 4.21.4 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md">semver's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1">7.6.1</a>
(2024-05-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="c570a348ff"><code>c570a34</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
linting: no-unused-vars (<a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
<li><a
href="ad8ff11dd2"><code>ad8ff11</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
use internal cache implementation (<a
href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
<li><a
href="ac9b35769a"><code>ac9b357</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/682">#682</a>
typo in compareBuild debug message (<a
href="https://redirect.github.com/npm/node-semver/issues/682">#682</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="988a8deb3e"><code>988a8de</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/709">#709</a>
uninstall <code>lru-cache</code> (<a
href="https://redirect.github.com/npm/node-semver/issues/709">#709</a>)</li>
<li><a
href="3fabe4dbfb"><code>3fabe4d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
remove lru-cache</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="dd09b60da1"><code>dd09b60</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/705">#705</a>
bump <code>@​npmcli/template-oss</code> to 4.22.0 (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="ec49cdcece"><code>ec49cdc</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/701">#701</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b236c3d2f3"><code>b236c3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/696">#696</a>
add benchmarks (<a
href="https://redirect.github.com/npm/node-semver/issues/696">#696</a>)
(<a href="https://github.com/H4ad"><code>@​H4ad</code></a>)</li>
<li><a
href="692451bd6f"><code>692451b</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/688">#688</a>
various improvements to README (<a
href="https://redirect.github.com/npm/node-semver/issues/688">#688</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
<li><a
href="5feeb7f4f6"><code>5feeb7f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/705">#705</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="074156f64f"><code>074156f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/701">#701</a>
bump <code>@​npmcli/template-oss</code> from 4.21.3 to 4.21.4 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d777418116"><code>d777418</code></a>
chore: release 7.6.1 (<a
href="https://redirect.github.com/npm/node-semver/issues/706">#706</a>)</li>
<li><a
href="988a8deb3e"><code>988a8de</code></a>
deps: uninstall <code>lru-cache</code> (<a
href="https://redirect.github.com/npm/node-semver/issues/709">#709</a>)</li>
<li><a
href="5feeb7f4f6"><code>5feeb7f</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="dd09b60da1"><code>dd09b60</code></a>
chore: bump <code>@​npmcli/template-oss</code> to 4.22.0</li>
<li><a
href="c570a348ff"><code>c570a34</code></a>
fix(linting): no-unused-vars</li>
<li><a
href="ad8ff11dd2"><code>ad8ff11</code></a>
fix: use internal cache implementation</li>
<li><a
href="3fabe4dbfb"><code>3fabe4d</code></a>
deps: remove lru-cache</li>
<li><a
href="ec49cdcece"><code>ec49cdc</code></a>
chore: chore: chore: postinstall for dependabot template-oss PR</li>
<li><a
href="074156f64f"><code>074156f</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.21.3 to
4.21.4</li>
<li><a
href="b236c3d2f3"><code>b236c3d</code></a>
chore: add benchmarks (<a
href="https://redirect.github.com/npm/node-semver/issues/696">#696</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `zod` from 3.23.6 to 3.23.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/colinhacks/zod/releases">zod's
releases</a>.</em></p>
<blockquote>
<h2>v3.23.7</h2>
<h2>Commits:</h2>
<ul>
<li>29d2ea2a15f0b1ac4b89138041f786a3dafc490b Add copper</li>
<li>d969423266fccee56ef769da6744cc8bacb04550 Fix <a
href="https://redirect.github.com/colinhacks/zod/issues/3437">#3437</a>:
extendShape erases JSDoc property documentation (<a
href="https://redirect.github.com/colinhacks/zod/issues/3463">#3463</a>)</li>
<li>2239ff3ccc9af4d28bee27bd6fb2a5632844480b Add social crow</li>
<li>f985b5b922cb357dbf4b25bb43814d19f838e046 3.23.7</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f985b5b922"><code>f985b5b</code></a>
3.23.7</li>
<li><a
href="2239ff3ccc"><code>2239ff3</code></a>
Add social crow</li>
<li><a
href="d969423266"><code>d969423</code></a>
Fix <a
href="https://redirect.github.com/colinhacks/zod/issues/3437">#3437</a>:
extendShape erases JSDoc property documentation (<a
href="https://redirect.github.com/colinhacks/zod/issues/3463">#3463</a>)</li>
<li><a
href="29d2ea2a15"><code>29d2ea2</code></a>
Add copper</li>
<li>See full diff in <a
href="https://github.com/colinhacks/zod/compare/v3.23.6...v3.23.7">compare
view</a></li>
</ul>
</details>
<br />

Updates `vite` from 4.5.3 to 5.2.11
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>create-vite@5.2.3</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.2.3/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.2.2</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.2.2/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.2.1</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.2.1/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.2.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.2.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.1.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.1.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.0.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.0.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.0.0-beta.1</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.0.0-beta.1/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.0.0-beta.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.0.0-beta.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.2.11 (2024-05-02)<!-- raw HTML omitted
--></h2>
<ul>
<li>feat: improve dynamic import variable failure error message (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16519">#16519</a>)
(<a href="https://github.com/vitejs/vite/commit/f8feeea">f8feeea</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16519">#16519</a></li>
<li>fix: dynamic-import-vars plugin normalize path issue (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16518">#16518</a>)
(<a href="https://github.com/vitejs/vite/commit/f71ba5b">f71ba5b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16518">#16518</a></li>
<li>fix: scripts and styles were missing from built HTML on Windows (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16421">#16421</a>)
(<a href="https://github.com/vitejs/vite/commit/0e93f58">0e93f58</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16421">#16421</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16488">#16488</a>)
(<a href="https://github.com/vitejs/vite/commit/2d50be2">2d50be2</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16488">#16488</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16549">#16549</a>)
(<a href="https://github.com/vitejs/vite/commit/2d6a13b">2d6a13b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16549">#16549</a></li>
<li>fix(dev): watch publicDir explicitly to include it outside the root
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16502">#16502</a>)
(<a href="https://github.com/vitejs/vite/commit/4d83eb5">4d83eb5</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16502">#16502</a></li>
<li>fix(preload): skip preload for non-static urls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16556">#16556</a>)
(<a href="https://github.com/vitejs/vite/commit/bb79c9b">bb79c9b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16556">#16556</a></li>
<li>fix(ssr): handle class declaration and expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16569">#16569</a>)
(<a href="https://github.com/vitejs/vite/commit/c071eb3">c071eb3</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16569">#16569</a></li>
<li>fix(ssr): handle function expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16563">#16563</a>)
(<a href="https://github.com/vitejs/vite/commit/02db947">02db947</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16563">#16563</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.10 (2024-04-20)<!-- raw HTML omitted
--></h2>
<ul>
<li>revert: perf: use workspace root for fs cache (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15712">#15712</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16476">#16476</a>)
(<a href="https://github.com/vitejs/vite/commit/77e7359">77e7359</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15712">#15712</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/16476">#16476</a></li>
<li>fix: add base to virtual html (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16442">#16442</a>)
(<a href="https://github.com/vitejs/vite/commit/721f94d">721f94d</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16442">#16442</a></li>
<li>fix: adjust esm syntax judgment logic (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16436">#16436</a>)
(<a href="https://github.com/vitejs/vite/commit/af72eab">af72eab</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16436">#16436</a></li>
<li>fix: don't add outDirs to watch.ignored if emptyOutDir is false (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16453">#16453</a>)
(<a href="https://github.com/vitejs/vite/commit/6a127d6">6a127d6</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16453">#16453</a></li>
<li>fix(cspNonce): don't overwrite existing nonce values (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16415">#16415</a>)
(<a href="https://github.com/vitejs/vite/commit/b872635">b872635</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16415">#16415</a></li>
<li>feat: show warning if root is in build.outDir (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16454">#16454</a>)
(<a href="https://github.com/vitejs/vite/commit/11444dc">11444dc</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16454">#16454</a></li>
<li>feat: write cspNonce to style tags (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16419">#16419</a>)
(<a href="https://github.com/vitejs/vite/commit/8e54bbd">8e54bbd</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16419">#16419</a></li>
<li>chore(deps): update dependency eslint-plugin-n to v17 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16381">#16381</a>)
(<a href="https://github.com/vitejs/vite/commit/6cccef7">6cccef7</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16381">#16381</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.9 (2024-04-15)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: <code>fsp.rm</code> removing files does not take effect (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16032">#16032</a>)
(<a href="https://github.com/vitejs/vite/commit/b05c405">b05c405</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16032">#16032</a></li>
<li>fix: fix accumulated stacks in error overlay (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16393">#16393</a>)
(<a href="https://github.com/vitejs/vite/commit/102c2fd">102c2fd</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16393">#16393</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16376">#16376</a>)
(<a href="https://github.com/vitejs/vite/commit/58a2938">58a2938</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16376">#16376</a></li>
<li>chore: update region comment (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16380">#16380</a>)
(<a href="https://github.com/vitejs/vite/commit/77562c3">77562c3</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16380">#16380</a></li>
<li>perf: reduce size of injected __vite__mapDeps code (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16184">#16184</a>)
(<a href="https://github.com/vitejs/vite/commit/c0ec6be">c0ec6be</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16184">#16184</a></li>
<li>perf(css): only replace empty chunk if imported (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16349">#16349</a>)
(<a href="https://github.com/vitejs/vite/commit/e2658ad">e2658ad</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16349">#16349</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.8 (2024-04-03)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: csp nonce injection when no closing tag (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16281">#16281</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16282">#16282</a>)
(<a href="https://github.com/vitejs/vite/commit/3c85c6b">3c85c6b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16281">#16281</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/16282">#16282</a></li>
<li>fix: do not access document in <code>/@vite/client</code> when not
defined (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16318">#16318</a>)
(<a href="https://github.com/vitejs/vite/commit/646319c">646319c</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16318">#16318</a></li>
<li>fix: fix sourcemap when using object as <code>define</code> value
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15805">#15805</a>)
(<a href="https://github.com/vitejs/vite/commit/445c4f2">445c4f2</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15805">#15805</a></li>
<li>fix(css): unknown file error happened with lightningcss (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16306">#16306</a>)
(<a href="https://github.com/vitejs/vite/commit/01af308">01af308</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16306">#16306</a></li>
<li>fix(hmr): multiple updates happened when invalidate is called while
multiple tabs open (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16307">#16307</a>)
(<a href="https://github.com/vitejs/vite/commit/21cc10b">21cc10b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16307">#16307</a></li>
<li>fix(scanner): duplicate modules for same id if glob is used in
html-like types (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16305">#16305</a>)
(<a href="https://github.com/vitejs/vite/commit/eca68fa">eca68fa</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16305">#16305</a></li>
<li>chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16325">#16325</a>)
(<a href="https://github.com/vitejs/vite/commit/a78e265">a78e265</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16325">#16325</a></li>
<li>refactor: use types from sass instead of <code>@​types/sass</code>
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16340">#16340</a>)
(<a href="https://github.com/vitejs/vite/commit/4581e83">4581e83</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16340">#16340</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2bc5d3de87"><code>2bc5d3d</code></a>
release: v5.2.11</li>
<li><a
href="f8feeea41c"><code>f8feeea</code></a>
feat: improve dynamic import variable failure error message (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16519">#16519</a>)</li>
<li><a
href="c071eb3822"><code>c071eb3</code></a>
fix(ssr): handle class declaration and expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16569">#16569</a>)</li>
<li><a
href="02db9479ac"><code>02db947</code></a>
fix(ssr): handle function expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16563">#16563</a>)</li>
<li><a
href="2d6a13b0aa"><code>2d6a13b</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16549">#16549</a>)</li>
<li><a
href="0e93f588b9"><code>0e93f58</code></a>
fix: scripts and styles were missing from built HTML on Windows (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16421">#16421</a>)</li>
<li><a
href="bb79c9b653"><code>bb79c9b</code></a>
fix(preload): skip preload for non-static urls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16556">#16556</a>)</li>
<li><a
href="f71ba5b94a"><code>f71ba5b</code></a>
fix: dynamic-import-vars plugin normalize path issue (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16518">#16518</a>)</li>
<li><a
href="2d50be2a54"><code>2d50be2</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16488">#16488</a>)</li>
<li><a
href="4d83eb58cd"><code>4d83eb5</code></a>
fix(dev): watch publicDir explicitly to include it outside the root (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16502">#16502</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v5.2.11/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `semver` from 7.6.0 to 7.6.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>v7.6.1</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1">7.6.1</a>
(2024-05-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="c570a348ff"><code>c570a34</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
linting: no-unused-vars (<a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
<li><a
href="ad8ff11dd2"><code>ad8ff11</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
use internal cache implementation (<a
href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
<li><a
href="ac9b35769a"><code>ac9b357</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/682">#682</a>
typo in compareBuild debug message (<a
href="https://redirect.github.com/npm/node-semver/issues/682">#682</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="988a8deb3e"><code>988a8de</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/709">#709</a>
uninstall <code>lru-cache</code> (<a
href="https://redirect.github.com/npm/node-semver/issues/709">#709</a>)</li>
<li><a
href="3fabe4dbfb"><code>3fabe4d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
remove lru-cache</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="dd09b60da1"><code>dd09b60</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/705">#705</a>
bump <code>@​npmcli/template-oss</code> to 4.22.0 (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="ec49cdcece"><code>ec49cdc</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/701">#701</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b236c3d2f3"><code>b236c3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/696">#696</a>
add benchmarks (<a
href="https://redirect.github.com/npm/node-semver/issues/696">#696</a>)
(<a href="https://github.com/H4ad"><code>@​H4ad</code></a>)</li>
<li><a
href="692451bd6f"><code>692451b</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/688">#688</a>
various improvements to README (<a
href="https://redirect.github.com/npm/node-semver/issues/688">#688</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
<li><a
href="5feeb7f4f6"><code>5feeb7f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/705">#705</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="074156f64f"><code>074156f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/701">#701</a>
bump <code>@​npmcli/template-oss</code> from 4.21.3 to 4.21.4 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md">semver's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1">7.6.1</a>
(2024-05-04)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="c570a348ff"><code>c570a34</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
linting: no-unused-vars (<a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
<li><a
href="ad8ff11dd2"><code>ad8ff11</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
use internal cache implementation (<a
href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
<li><a
href="ac9b35769a"><code>ac9b357</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/682">#682</a>
typo in compareBuild debug message (<a
href="https://redirect.github.com/npm/node-semver/issues/682">#682</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
</ul>
<h3>Dependencies</h3>
<ul>
<li><a
href="988a8deb3e"><code>988a8de</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/709">#709</a>
uninstall <code>lru-cache</code> (<a
href="https://redirect.github.com/npm/node-semver/issues/709">#709</a>)</li>
<li><a
href="3fabe4dbfb"><code>3fabe4d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/704">#704</a>
remove lru-cache</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="dd09b60da1"><code>dd09b60</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/705">#705</a>
bump <code>@​npmcli/template-oss</code> to 4.22.0 (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="ec49cdcece"><code>ec49cdc</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/701">#701</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b236c3d2f3"><code>b236c3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/696">#696</a>
add benchmarks (<a
href="https://redirect.github.com/npm/node-semver/issues/696">#696</a>)
(<a href="https://github.com/H4ad"><code>@​H4ad</code></a>)</li>
<li><a
href="692451bd6f"><code>692451b</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/688">#688</a>
various improvements to README (<a
href="https://redirect.github.com/npm/node-semver/issues/688">#688</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
<li><a
href="5feeb7f4f6"><code>5feeb7f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/705">#705</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="074156f64f"><code>074156f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/701">#701</a>
bump <code>@​npmcli/template-oss</code> from 4.21.3 to 4.21.4 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d777418116"><code>d777418</code></a>
chore: release 7.6.1 (<a
href="https://redirect.github.com/npm/node-semver/issues/706">#706</a>)</li>
<li><a
href="988a8deb3e"><code>988a8de</code></a>
deps: uninstall <code>lru-cache</code> (<a
href="https://redirect.github.com/npm/node-semver/issues/709">#709</a>)</li>
<li><a
href="5feeb7f4f6"><code>5feeb7f</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="dd09b60da1"><code>dd09b60</code></a>
chore: bump <code>@​npmcli/template-oss</code> to 4.22.0</li>
<li><a
href="c570a348ff"><code>c570a34</code></a>
fix(linting): no-unused-vars</li>
<li><a
href="ad8ff11dd2"><code>ad8ff11</code></a>
fix: use internal cache implementation</li>
<li><a
href="3fabe4dbfb"><code>3fabe4d</code></a>
deps: remove lru-cache</li>
<li><a
href="ec49cdcece"><code>ec49cdc</code></a>
chore: chore: chore: postinstall for dependabot template-oss PR</li>
<li><a
href="074156f64f"><code>074156f</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.21.3 to
4.21.4</li>
<li><a
href="b236c3d2f3"><code>b236c3d</code></a>
chore: add benchmarks (<a
href="https://redirect.github.com/npm/node-semver/issues/696">#696</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/npm/node-semver/compare/v7.6.0...v7.6.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-08 10:12:27 +00:00
dependabot[bot]
a2f4d35579
Bump the npm_and_yarn group across 2 directories with 6 updates (#3712)
Bumps the npm_and_yarn group with 3 updates in the / directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite),
[tar](https://github.com/isaacs/node-tar) and
[zod](https://github.com/colinhacks/zod).
Bumps the npm_and_yarn group with 4 updates in the /templates/vite
directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite),
[tar](https://github.com/isaacs/node-tar),
[semver](https://github.com/npm/node-semver) and
[word-wrap](https://github.com/jonschlinkert/word-wrap).

Updates `vite` from 5.2.9 to 5.2.11
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.2.11 (2024-05-02)<!-- raw HTML omitted
--></h2>
<ul>
<li>feat: improve dynamic import variable failure error message (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16519">#16519</a>)
(<a href="https://github.com/vitejs/vite/commit/f8feeea">f8feeea</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16519">#16519</a></li>
<li>fix: dynamic-import-vars plugin normalize path issue (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16518">#16518</a>)
(<a href="https://github.com/vitejs/vite/commit/f71ba5b">f71ba5b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16518">#16518</a></li>
<li>fix: scripts and styles were missing from built HTML on Windows (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16421">#16421</a>)
(<a href="https://github.com/vitejs/vite/commit/0e93f58">0e93f58</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16421">#16421</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16488">#16488</a>)
(<a href="https://github.com/vitejs/vite/commit/2d50be2">2d50be2</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16488">#16488</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16549">#16549</a>)
(<a href="https://github.com/vitejs/vite/commit/2d6a13b">2d6a13b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16549">#16549</a></li>
<li>fix(dev): watch publicDir explicitly to include it outside the root
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16502">#16502</a>)
(<a href="https://github.com/vitejs/vite/commit/4d83eb5">4d83eb5</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16502">#16502</a></li>
<li>fix(preload): skip preload for non-static urls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16556">#16556</a>)
(<a href="https://github.com/vitejs/vite/commit/bb79c9b">bb79c9b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16556">#16556</a></li>
<li>fix(ssr): handle class declaration and expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16569">#16569</a>)
(<a href="https://github.com/vitejs/vite/commit/c071eb3">c071eb3</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16569">#16569</a></li>
<li>fix(ssr): handle function expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16563">#16563</a>)
(<a href="https://github.com/vitejs/vite/commit/02db947">02db947</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16563">#16563</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.10 (2024-04-20)<!-- raw HTML omitted
--></h2>
<ul>
<li>revert: perf: use workspace root for fs cache (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15712">#15712</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16476">#16476</a>)
(<a href="https://github.com/vitejs/vite/commit/77e7359">77e7359</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15712">#15712</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/16476">#16476</a></li>
<li>fix: add base to virtual html (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16442">#16442</a>)
(<a href="https://github.com/vitejs/vite/commit/721f94d">721f94d</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16442">#16442</a></li>
<li>fix: adjust esm syntax judgment logic (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16436">#16436</a>)
(<a href="https://github.com/vitejs/vite/commit/af72eab">af72eab</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16436">#16436</a></li>
<li>fix: don't add outDirs to watch.ignored if emptyOutDir is false (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16453">#16453</a>)
(<a href="https://github.com/vitejs/vite/commit/6a127d6">6a127d6</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16453">#16453</a></li>
<li>fix(cspNonce): don't overwrite existing nonce values (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16415">#16415</a>)
(<a href="https://github.com/vitejs/vite/commit/b872635">b872635</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16415">#16415</a></li>
<li>feat: show warning if root is in build.outDir (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16454">#16454</a>)
(<a href="https://github.com/vitejs/vite/commit/11444dc">11444dc</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16454">#16454</a></li>
<li>feat: write cspNonce to style tags (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16419">#16419</a>)
(<a href="https://github.com/vitejs/vite/commit/8e54bbd">8e54bbd</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16419">#16419</a></li>
<li>chore(deps): update dependency eslint-plugin-n to v17 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16381">#16381</a>)
(<a href="https://github.com/vitejs/vite/commit/6cccef7">6cccef7</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16381">#16381</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2bc5d3de87"><code>2bc5d3d</code></a>
release: v5.2.11</li>
<li><a
href="f8feeea41c"><code>f8feeea</code></a>
feat: improve dynamic import variable failure error message (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16519">#16519</a>)</li>
<li><a
href="c071eb3822"><code>c071eb3</code></a>
fix(ssr): handle class declaration and expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16569">#16569</a>)</li>
<li><a
href="02db9479ac"><code>02db947</code></a>
fix(ssr): handle function expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16563">#16563</a>)</li>
<li><a
href="2d6a13b0aa"><code>2d6a13b</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16549">#16549</a>)</li>
<li><a
href="0e93f588b9"><code>0e93f58</code></a>
fix: scripts and styles were missing from built HTML on Windows (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16421">#16421</a>)</li>
<li><a
href="bb79c9b653"><code>bb79c9b</code></a>
fix(preload): skip preload for non-static urls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16556">#16556</a>)</li>
<li><a
href="f71ba5b94a"><code>f71ba5b</code></a>
fix: dynamic-import-vars plugin normalize path issue (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16518">#16518</a>)</li>
<li><a
href="2d50be2a54"><code>2d50be2</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16488">#16488</a>)</li>
<li><a
href="4d83eb58cd"><code>4d83eb5</code></a>
fix(dev): watch publicDir explicitly to include it outside the root (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16502">#16502</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v5.2.11/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `tar` from 7.0.1 to 7.1.0
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>7.1</h2>
<ul>
<li>Update minipass to v7.1.0</li>
<li>Update the type definitions of <code>write()</code> and
<code>end()</code> methods on
<code>Unpack</code> and <code>Parser</code> classes to be compatible
with the
NodeJS.WritableStream type in the latest versions of
<code>@types/node</code>.</li>
</ul>
<h2>7.0</h2>
<ul>
<li>Rewrite in TypeScript, provide ESM and CommonJS hybrid
interface</li>
<li>Add tree-shake friendly exports, like
<code>import('tar/create')</code>
and <code>import('tar/read-entry')</code> to get individual functions or
classes.</li>
<li>Add <code>chmod</code> option that defaults to false, and deprecate
<code>noChmod</code>. That is, reverse the default option regarding
explicitly setting file system modes to match tar entry
settings.</li>
<li>Add <code>processUmask</code> option to avoid having to call
<code>process.umask()</code> when <code>chmod: true</code> (or
<code>noChmod: false</code>) is
set.</li>
</ul>
<h2>6.2</h2>
<ul>
<li>Add support for brotli compression</li>
<li>Add <code>maxDepth</code> option to prevent extraction into
excessively
deep folders.</li>
</ul>
<h2>6.1</h2>
<ul>
<li>remove dead link to benchmarks (<a
href="https://redirect.github.com/isaacs/node-tar/issues/313">#313</a>)
(<a href="https://github.com/yetzt"><code>@​yetzt</code></a>)</li>
<li>add examples/explanation of using tar.t (<a
href="https://github.com/isaacs"><code>@​isaacs</code></a>)</li>
<li>ensure close event is emited after stream has ended (<a
href="https://github.com/webark"><code>@​webark</code></a>)</li>
<li>replace deprecated String.prototype.substr() (<a
href="https://github.com/CommanderRoot"><code>@​CommanderRoot</code></a>,
<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h2>6.0</h2>
<ul>
<li>Drop support for node 6 and 8</li>
<li>fix symlinks and hardlinks on windows being packed with
<code>\</code>-style path targets</li>
</ul>
<h2>5.0</h2>
<ul>
<li>Address unpack race conditions using path reservations</li>
<li>Change large-numbers errors from TypeError to Error</li>
<li>Add <code>TAR_*</code> error codes</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce612d0aa8"><code>ce612d0</code></a>
7.1.0</li>
<li><a
href="6b61030dac"><code>6b61030</code></a>
update types to comply with NodeJS.WritableStream</li>
<li><a
href="79a5c30d7b"><code>79a5c30</code></a>
update minipass</li>
<li><a
href="bead873b5c"><code>bead873</code></a>
remove more cruft, format codes</li>
<li><a
href="faf9359ca7"><code>faf9359</code></a>
remove temlate-oss stuff</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.0.1...v7.1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `zod` from 3.22.4 to 3.23.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/colinhacks/zod/releases">zod's
releases</a>.</em></p>
<blockquote>
<h2>v3.23.6</h2>
<h2>Commits:</h2>
<ul>
<li>bc0095aab9e7254deb18701adc63de128ca2c742 Test on latest node</li>
<li>6e5699a30373cc22879f2bcb6902fc138518c980 Lint on latest node</li>
<li>1f466d9d00f446d7bed1962990e7a1ce813ab0d4 describe how one can
protect from cyclical objects starting an infini… (<a
href="https://redirect.github.com/colinhacks/zod/issues/3447">#3447</a>)</li>
<li>3fed6f21e0ea7adc91aa0cc44f75bcf4e526d98e Add zod playground link (<a
href="https://redirect.github.com/colinhacks/zod/issues/3454">#3454</a>)</li>
<li>04e1f379f6989d23dd45660fcabc78f76d7834f8 Fixed freezing async
ZodReadonly results (<a
href="https://redirect.github.com/colinhacks/zod/issues/3457">#3457</a>)</li>
<li>b87e59d0e4bbb4403bf27243afdcda9fcdeec258 Update sponsor tiers (<a
href="https://redirect.github.com/colinhacks/zod/issues/3453">#3453</a>)</li>
<li>143886151bba3930bdcc10d34a1cff4bf9103ba8 Add copper tier (<a
href="https://redirect.github.com/colinhacks/zod/issues/3460">#3460</a>)</li>
<li>ce3711e1384952d255769b9495f9bfadfb327291 add VSCode dev container
support and documenation</li>
<li>93b480b12ec3466cbd3b4182f7ce292e5c61528c v3.23.6</li>
</ul>
<h2>v3.23.5</h2>
<h2>Commits:</h2>
<ul>
<li>110b8211f991b3e060ab2da4fec7b63d600439ad Update README_ZH.md (<a
href="https://redirect.github.com/colinhacks/zod/issues/3433">#3433</a>)</li>
<li>c1910bdfc98709b8f14231e2cefc5a3be401e3ee Made ZodEnum take readonly
string array (<a
href="https://redirect.github.com/colinhacks/zod/issues/3444">#3444</a>)</li>
<li>541a862e978f96eb391849a6bf16be84231aa1b3 3.23.5</li>
</ul>
<h2>v3.23.4</h2>
<h2>Commits:</h2>
<ul>
<li>157b18d742c86d85b26a8421af46ad6d6d6b6ea7 Add 3.23 announcement</li>
<li>aedf93f1435a29463d915c3be45b4dcbeefa8cc1 Revert change to default
Input</li>
<li>45107f7a7230fe48ee24dc37e621422c9dc64ec4 v3.23.4</li>
</ul>
<h2>v3.23.3</h2>
<h2>Commits:</h2>
<ul>
<li>103d2436f85872ca0e0e6247652989cc93d46a39 3.23.3</li>
</ul>
<h2>v3.23.2</h2>
<h2>Commits:</h2>
<ul>
<li>c340558d14f5222a2ca177e0591463c06cc5edc3 Update protocol</li>
<li>ef588d036f3e98b832796e9a681dbaf097631ea0 Fix t3env</li>
<li>9df70dd71195df951c43f180fbe5e64ea1f835df 3.23.2</li>
</ul>
<h2>v3.23.1</h2>
<p>This changes the default generics back to <code>any</code> to prevent
breakages with common packager like
<code>@hookform/resolvers</code>:</p>
<pre lang="diff"><code>- class ZodType&lt;Output = unknown, Def extends
ZodTypeDef = ZodTypeDef, Input = unknown&gt; {}
+ class ZodType&lt;Output = any, Def extends ZodTypeDef = ZodTypeDef,
Input = any&gt; {}
</code></pre>
<h2>Commits:</h2>
<ul>
<li>59f48723d36c423d9e10b3bd52325a7998314230 Change unknown -&gt; any
for ZodType defaults</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="93b480b12e"><code>93b480b</code></a>
v3.23.6</li>
<li><a
href="ce3711e138"><code>ce3711e</code></a>
add VSCode dev container support and documenation</li>
<li><a
href="143886151b"><code>1438861</code></a>
Add copper tier (<a
href="https://redirect.github.com/colinhacks/zod/issues/3460">#3460</a>)</li>
<li><a
href="b87e59d0e4"><code>b87e59d</code></a>
Update sponsor tiers (<a
href="https://redirect.github.com/colinhacks/zod/issues/3453">#3453</a>)</li>
<li><a
href="04e1f379f6"><code>04e1f37</code></a>
Fixed freezing async ZodReadonly results (<a
href="https://redirect.github.com/colinhacks/zod/issues/3457">#3457</a>)</li>
<li><a
href="3fed6f21e0"><code>3fed6f2</code></a>
Add zod playground link (<a
href="https://redirect.github.com/colinhacks/zod/issues/3454">#3454</a>)</li>
<li><a
href="1f466d9d00"><code>1f466d9</code></a>
describe how one can protect from cyclical objects starting an infini…
(<a
href="https://redirect.github.com/colinhacks/zod/issues/3447">#3447</a>)</li>
<li><a
href="6e5699a303"><code>6e5699a</code></a>
Lint on latest node</li>
<li><a
href="bc0095aab9"><code>bc0095a</code></a>
Test on latest node</li>
<li><a
href="541a862e97"><code>541a862</code></a>
3.23.5</li>
<li>Additional commits viewable in <a
href="https://github.com/colinhacks/zod/compare/v3.22.4...v3.23.6">compare
view</a></li>
</ul>
</details>
<br />

Updates `vite` from 4.3.9 to 4.5.3
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.2.11 (2024-05-02)<!-- raw HTML omitted
--></h2>
<ul>
<li>feat: improve dynamic import variable failure error message (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16519">#16519</a>)
(<a href="https://github.com/vitejs/vite/commit/f8feeea">f8feeea</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16519">#16519</a></li>
<li>fix: dynamic-import-vars plugin normalize path issue (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16518">#16518</a>)
(<a href="https://github.com/vitejs/vite/commit/f71ba5b">f71ba5b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16518">#16518</a></li>
<li>fix: scripts and styles were missing from built HTML on Windows (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16421">#16421</a>)
(<a href="https://github.com/vitejs/vite/commit/0e93f58">0e93f58</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16421">#16421</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16488">#16488</a>)
(<a href="https://github.com/vitejs/vite/commit/2d50be2">2d50be2</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16488">#16488</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16549">#16549</a>)
(<a href="https://github.com/vitejs/vite/commit/2d6a13b">2d6a13b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16549">#16549</a></li>
<li>fix(dev): watch publicDir explicitly to include it outside the root
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16502">#16502</a>)
(<a href="https://github.com/vitejs/vite/commit/4d83eb5">4d83eb5</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16502">#16502</a></li>
<li>fix(preload): skip preload for non-static urls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16556">#16556</a>)
(<a href="https://github.com/vitejs/vite/commit/bb79c9b">bb79c9b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16556">#16556</a></li>
<li>fix(ssr): handle class declaration and expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16569">#16569</a>)
(<a href="https://github.com/vitejs/vite/commit/c071eb3">c071eb3</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16569">#16569</a></li>
<li>fix(ssr): handle function expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16563">#16563</a>)
(<a href="https://github.com/vitejs/vite/commit/02db947">02db947</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16563">#16563</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.10 (2024-04-20)<!-- raw HTML omitted
--></h2>
<ul>
<li>revert: perf: use workspace root for fs cache (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15712">#15712</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16476">#16476</a>)
(<a href="https://github.com/vitejs/vite/commit/77e7359">77e7359</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15712">#15712</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/16476">#16476</a></li>
<li>fix: add base to virtual html (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16442">#16442</a>)
(<a href="https://github.com/vitejs/vite/commit/721f94d">721f94d</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16442">#16442</a></li>
<li>fix: adjust esm syntax judgment logic (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16436">#16436</a>)
(<a href="https://github.com/vitejs/vite/commit/af72eab">af72eab</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16436">#16436</a></li>
<li>fix: don't add outDirs to watch.ignored if emptyOutDir is false (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16453">#16453</a>)
(<a href="https://github.com/vitejs/vite/commit/6a127d6">6a127d6</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16453">#16453</a></li>
<li>fix(cspNonce): don't overwrite existing nonce values (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16415">#16415</a>)
(<a href="https://github.com/vitejs/vite/commit/b872635">b872635</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16415">#16415</a></li>
<li>feat: show warning if root is in build.outDir (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16454">#16454</a>)
(<a href="https://github.com/vitejs/vite/commit/11444dc">11444dc</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16454">#16454</a></li>
<li>feat: write cspNonce to style tags (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16419">#16419</a>)
(<a href="https://github.com/vitejs/vite/commit/8e54bbd">8e54bbd</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16419">#16419</a></li>
<li>chore(deps): update dependency eslint-plugin-n to v17 (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16381">#16381</a>)
(<a href="https://github.com/vitejs/vite/commit/6cccef7">6cccef7</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16381">#16381</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2bc5d3de87"><code>2bc5d3d</code></a>
release: v5.2.11</li>
<li><a
href="f8feeea41c"><code>f8feeea</code></a>
feat: improve dynamic import variable failure error message (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16519">#16519</a>)</li>
<li><a
href="c071eb3822"><code>c071eb3</code></a>
fix(ssr): handle class declaration and expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16569">#16569</a>)</li>
<li><a
href="02db9479ac"><code>02db947</code></a>
fix(ssr): handle function expression name scoping (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16563">#16563</a>)</li>
<li><a
href="2d6a13b0aa"><code>2d6a13b</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16549">#16549</a>)</li>
<li><a
href="0e93f588b9"><code>0e93f58</code></a>
fix: scripts and styles were missing from built HTML on Windows (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16421">#16421</a>)</li>
<li><a
href="bb79c9b653"><code>bb79c9b</code></a>
fix(preload): skip preload for non-static urls (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16556">#16556</a>)</li>
<li><a
href="f71ba5b94a"><code>f71ba5b</code></a>
fix: dynamic-import-vars plugin normalize path issue (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16518">#16518</a>)</li>
<li><a
href="2d50be2a54"><code>2d50be2</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16488">#16488</a>)</li>
<li><a
href="4d83eb58cd"><code>4d83eb5</code></a>
fix(dev): watch publicDir explicitly to include it outside the root (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16502">#16502</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v5.2.11/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `tar` from 6.2.0 to 6.2.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>7.1</h2>
<ul>
<li>Update minipass to v7.1.0</li>
<li>Update the type definitions of <code>write()</code> and
<code>end()</code> methods on
<code>Unpack</code> and <code>Parser</code> classes to be compatible
with the
NodeJS.WritableStream type in the latest versions of
<code>@types/node</code>.</li>
</ul>
<h2>7.0</h2>
<ul>
<li>Rewrite in TypeScript, provide ESM and CommonJS hybrid
interface</li>
<li>Add tree-shake friendly exports, like
<code>import('tar/create')</code>
and <code>import('tar/read-entry')</code> to get individual functions or
classes.</li>
<li>Add <code>chmod</code> option that defaults to false, and deprecate
<code>noChmod</code>. That is, reverse the default option regarding
explicitly setting file system modes to match tar entry
settings.</li>
<li>Add <code>processUmask</code> option to avoid having to call
<code>process.umask()</code> when <code>chmod: true</code> (or
<code>noChmod: false</code>) is
set.</li>
</ul>
<h2>6.2</h2>
<ul>
<li>Add support for brotli compression</li>
<li>Add <code>maxDepth</code> option to prevent extraction into
excessively
deep folders.</li>
</ul>
<h2>6.1</h2>
<ul>
<li>remove dead link to benchmarks (<a
href="https://redirect.github.com/isaacs/node-tar/issues/313">#313</a>)
(<a href="https://github.com/yetzt"><code>@​yetzt</code></a>)</li>
<li>add examples/explanation of using tar.t (<a
href="https://github.com/isaacs"><code>@​isaacs</code></a>)</li>
<li>ensure close event is emited after stream has ended (<a
href="https://github.com/webark"><code>@​webark</code></a>)</li>
<li>replace deprecated String.prototype.substr() (<a
href="https://github.com/CommanderRoot"><code>@​CommanderRoot</code></a>,
<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h2>6.0</h2>
<ul>
<li>Drop support for node 6 and 8</li>
<li>fix symlinks and hardlinks on windows being packed with
<code>\</code>-style path targets</li>
</ul>
<h2>5.0</h2>
<ul>
<li>Address unpack race conditions using path reservations</li>
<li>Change large-numbers errors from TypeError to Error</li>
<li>Add <code>TAR_*</code> error codes</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ce612d0aa8"><code>ce612d0</code></a>
7.1.0</li>
<li><a
href="6b61030dac"><code>6b61030</code></a>
update types to comply with NodeJS.WritableStream</li>
<li><a
href="79a5c30d7b"><code>79a5c30</code></a>
update minipass</li>
<li><a
href="bead873b5c"><code>bead873</code></a>
remove more cruft, format codes</li>
<li><a
href="faf9359ca7"><code>faf9359</code></a>
remove temlate-oss stuff</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v7.0.1...v7.1.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `semver` from 7.5.2 to 7.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>v7.6.0</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0">7.6.0</a>
(2024-01-31)</h2>
<h3>Features</h3>
<ul>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/671">#671</a>
preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)
(<a href="https://github.com/madtisa"><code>@​madtisa</code></a>,
madtisa, <a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
bump <code>@​npmcli/template-oss</code> from 4.21.1 to 4.21.3 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="e521932f11"><code>e521932</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="8873991808"><code>8873991</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
bump <code>@​npmcli/template-oss</code> from 4.19.0 to 4.21.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/658">#658</a>
add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)
(<a
href="https://github.com/jethrodaniel"><code>@​jethrodaniel</code></a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/656">#656</a>
add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)
(<a href="https://github.com/zyxkad"><code>@​zyxkad</code></a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="7c34e1ac1b"><code>7c34e1a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
bump <code>@​npmcli/template-oss</code> from 4.18.1 to 4.19.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="123e0b0328"><code>123e0b0</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="737d5e1cf1"><code>737d5e1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
bump <code>@​npmcli/template-oss</code> from 4.18.0 to 4.18.1 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="cce61804ba"><code>cce6180</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b914a3d0d2"><code>b914a3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
bump <code>@​npmcli/template-oss</code> from 4.17.0 to 4.18.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
<h2>v7.5.4</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.3...v7.5.4">7.5.4</a>
(2023-07-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="cc6fde2d34"><code>cc6fde2</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/588">#588</a>
trim each range set before parsing (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="99d8287516"><code>99d8287</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/583">#583</a>
correctly parse long build ids as valid (<a
href="https://redirect.github.com/npm/node-semver/issues/583">#583</a>)
(<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h2>v7.5.3</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.2...v7.5.3">7.5.3</a>
(2023-06-22)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="abdd93d554"><code>abdd93d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/571">#571</a>
set max lengths in regex for numeric and build identifiers (<a
href="https://redirect.github.com/npm/node-semver/issues/571">#571</a>)
(<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li><a
href="bf53dd8da1"><code>bf53dd8</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/569">#569</a>
add example for <code>&gt;</code> comparator (<a
href="https://redirect.github.com/npm/node-semver/issues/569">#569</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md">semver's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0">7.6.0</a>
(2024-01-31)</h2>
<h3>Features</h3>
<ul>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/671">#671</a>
preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)
(<a href="https://github.com/madtisa"><code>@​madtisa</code></a>,
madtisa, <a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
bump <code>@​npmcli/template-oss</code> from 4.21.1 to 4.21.3 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="e521932f11"><code>e521932</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="8873991808"><code>8873991</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
bump <code>@​npmcli/template-oss</code> from 4.19.0 to 4.21.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/658">#658</a>
add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)
(<a
href="https://github.com/jethrodaniel"><code>@​jethrodaniel</code></a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/656">#656</a>
add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)
(<a href="https://github.com/zyxkad"><code>@​zyxkad</code></a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="7c34e1ac1b"><code>7c34e1a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
bump <code>@​npmcli/template-oss</code> from 4.18.1 to 4.19.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="123e0b0328"><code>123e0b0</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="737d5e1cf1"><code>737d5e1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
bump <code>@​npmcli/template-oss</code> from 4.18.0 to 4.18.1 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="cce61804ba"><code>cce6180</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b914a3d0d2"><code>b914a3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
bump <code>@​npmcli/template-oss</code> from 4.17.0 to 4.18.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.3...v7.5.4">7.5.4</a>
(2023-07-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="cc6fde2d34"><code>cc6fde2</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/588">#588</a>
trim each range set before parsing (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="99d8287516"><code>99d8287</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/583">#583</a>
correctly parse long build ids as valid (<a
href="https://redirect.github.com/npm/node-semver/issues/583">#583</a>)
(<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.2...v7.5.3">7.5.3</a>
(2023-06-22)</h2>
<h3>Bug Fixes</h3>
<ul>
<li><a
href="abdd93d554"><code>abdd93d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/571">#571</a>
set max lengths in regex for numeric and build identifiers (<a
href="https://redirect.github.com/npm/node-semver/issues/571">#571</a>)
(<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h3>Documentation</h3>
<ul>
<li><a
href="bf53dd8da1"><code>bf53dd8</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/569">#569</a>
add example for <code>&gt;</code> comparator (<a
href="https://redirect.github.com/npm/node-semver/issues/569">#569</a>)
(<a href="https://github.com/mbtools"><code>@​mbtools</code></a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="377f709718"><code>377f709</code></a>
chore: release 7.6.0 (<a
href="https://redirect.github.com/npm/node-semver/issues/661">#661</a>)</li>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
feat: preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)</li>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.21.1 to
4.21.3</li>
<li><a
href="e521932f11"><code>e521932</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="8873991808"><code>8873991</code></a>
chore: chore: chore: postinstall for dependabot template-oss PR</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.19.0 to
4.21.0</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
chore: add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
chore: add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li>Additional commits viewable in <a
href="https://github.com/npm/node-semver/compare/v7.5.2...v7.6.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `postcss` from 8.4.24 to 8.4.38
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/releases">postcss's
releases</a>.</em></p>
<blockquote>
<h2>8.4.38</h2>
<ul>
<li>Fixed <code>endIndex: 0</code> in errors and warnings (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
</ul>
<h2>8.4.37</h2>
<ul>
<li>Fixed <code>original.column are not numbers</code> error in another
case.</li>
</ul>
<h2>8.4.36</h2>
<ul>
<li>Fixed <code>original.column are not numbers</code> error on broken
previous source map.</li>
</ul>
<h2>8.4.35</h2>
<ul>
<li>Avoid <code>!</code> in <code>node.parent.nodes</code> type.</li>
<li>Allow to pass <code>undefined</code> to node adding method to
simplify types.</li>
</ul>
<h2>8.4.34</h2>
<ul>
<li>Fixed <code>AtRule#nodes</code> type (by <a
href="https://github.com/tim-we"><code>@​tim-we</code></a>).</li>
<li>Cleaned up code (by <a
href="https://github.com/DrKiraDmitry"><code>@​DrKiraDmitry</code></a>).</li>
</ul>
<h2>8.4.33</h2>
<ul>
<li>Fixed <code>NoWorkResult</code> behavior difference with normal mode
(by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
<li>Fixed <code>NoWorkResult</code> usage conditions (by <a
href="https://github.com/ahmdammarr"><code>@​ahmdammarr</code></a>).</li>
</ul>
<h2>8.4.32</h2>
<ul>
<li>Fixed <code>postcss().process()</code> types (by <a
href="https://github.com/ferreira-tb"><code>@​ferreira-tb</code></a>).</li>
</ul>
<h2>8.4.31</h2>
<ul>
<li>Fixed <code>\r</code> parsing to fix CVE-2023-44270.</li>
</ul>
<h2>8.4.30</h2>
<ul>
<li>Improved source map performance (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
</ul>
<h2>8.4.29</h2>
<ul>
<li>Fixed <code>Node#source.offset</code> (by <a
href="https://github.com/idoros"><code>@​idoros</code></a>).</li>
<li>Fixed docs (by <a
href="https://github.com/coliff"><code>@​coliff</code></a>).</li>
</ul>
<h2>8.4.28</h2>
<ul>
<li>Fixed <code>Root.source.end</code> for better source map (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
<li>Fixed <code>Result.root</code> types when <code>process()</code> has
no parser.</li>
</ul>
<h2>8.4.27</h2>
<ul>
<li>Fixed <code>Container</code> clone methods types.</li>
</ul>
<h2>8.4.26</h2>
<ul>
<li>Fixed clone methods types.</li>
</ul>
<h2>8.4.25</h2>
<ul>
<li>Improve stringify performance (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
<li>Fixed docs (by <a
href="https://github.com/vikaskaliramna07"><code>@​vikaskaliramna07</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's
changelog</a>.</em></p>
<blockquote>
<h2>8.4.38</h2>
<ul>
<li>Fixed <code>endIndex: 0</code> in errors and warnings (by <a
href="https://github.com/romainmenke"><code>@​romainmenke</code></a>).</li>
</ul>
<h2>8.4.37</h2>
<ul>
<li>Fixed <code>original.column are not numbers</code> error in another
case.</li>
</ul>
<h2>8.4.36</h2>
<ul>
<li>Fixed <code>original.column are not numbers</code> error on broken
previous source map.</li>
</ul>
<h2>8.4.35</h2>
<ul>
<li>Avoid <code>!</code> in <code>node.parent.nodes</code> type.</li>
<li>Allow to pass <code>undefined</code> to node adding method to
simplify types.</li>
</ul>
<h2>8.4.34</h2>
<ul>
<li>Fixed <code>AtRule#nodes</code> type (by Tim Weißenfels).</li>
<li>Cleaned up code (by Dmitry Kirillov).</li>
</ul>
<h2>8.4.33</h2>
<ul>
<li>Fixed <code>NoWorkResult</code> behavior difference with normal mode
(by Romain Menke).</li>
<li>Fixed <code>NoWorkResult</code> usage conditions (by <a
href="https://github.com/ahmdammarr"><code>@​ahmdammarr</code></a>).</li>
</ul>
<h2>8.4.32</h2>
<ul>
<li>Fixed <code>postcss().process()</code> types (by Andrew
Ferreira).</li>
</ul>
<h2>8.4.31</h2>
<ul>
<li>Fixed <code>\r</code> parsing to fix CVE-2023-44270.</li>
</ul>
<h2>8.4.30</h2>
<ul>
<li>Improved source map performance (by Romain Menke).</li>
</ul>
<h2>8.4.29</h2>
<ul>
<li>Fixed <code>Node#source.offset</code> (by Ido Rosenthal).</li>
<li>Fixed docs (by Christian Oliff).</li>
</ul>
<h2>8.4.28</h2>
<ul>
<li>Fixed <code>Root.source.end</code> for better source map (by Romain
Menke).</li>
<li>Fixed <code>Result.root</code> types when <code>process()</code> has
no parser.</li>
</ul>
<h2>8.4.27</h2>
<ul>
<li>Fixed <code>Container</code> clone methods types.</li>
</ul>
<h2>8.4.26</h2>
<ul>
<li>Fixed clone methods types.</li>
</ul>
<h2>8.4.25</h2>
<ul>
<li>Improve stringify performance (by Romain Menke).</li>
<li>Fixed docs (by <a
href="https://github.com/vikaskaliramna07"><code>@​vikaskaliramna07</code></a>).</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a69d45ecae"><code>a69d45e</code></a>
Release 8.4.38 version</li>
<li><a
href="64e35d952c"><code>64e35d9</code></a>
Update dependencies</li>
<li><a
href="c1ad8fb402"><code>c1ad8fb</code></a>
Merge pull request <a
href="https://redirect.github.com/postcss/postcss/issues/1932">#1932</a>
from romainmenke/fix-warning-end-index--inventive-nu...</li>
<li><a
href="b45e7e9159"><code>b45e7e9</code></a>
fix endIndex</li>
<li><a
href="1bea2466db"><code>1bea246</code></a>
failing test: for endIndex 0 in rangeBy</li>
<li><a
href="0fd1d86f2d"><code>0fd1d86</code></a>
Add changelog auto release on Github</li>
<li><a
href="49c906ebc0"><code>49c906e</code></a>
Release 8.4.37 version</li>
<li><a
href="b5bd92ca41"><code>b5bd92c</code></a>
Fix another broken prev source map issue</li>
<li><a
href="28820396e1"><code>2882039</code></a>
Update dependencies</li>
<li><a
href="e5ad9394da"><code>e5ad939</code></a>
Release 8.4.36 version</li>
<li>Additional commits viewable in <a
href="https://github.com/postcss/postcss/compare/8.4.24...8.4.38">compare
view</a></li>
</ul>
</details>
<br />

Updates `word-wrap` from 1.2.3 to 1.2.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/jonschlinkert/word-wrap/releases">word-wrap's
releases</a>.</em></p>
<blockquote>
<h2>1.2.5</h2>
<p><strong>Changes</strong>:</p>
<p>Reverts default value for <code>options.indent</code> to two spaces
<code>' '</code>.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jonschlinkert/word-wrap/compare/1.2.4...1.2.5">https://github.com/jonschlinkert/word-wrap/compare/1.2.4...1.2.5</a></p>
<h2>1.2.4</h2>
<h2>What's Changed</h2>
<ul>
<li>Remove default indent by <a
href="https://github.com/mohd-akram"><code>@​mohd-akram</code></a> in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/24">jonschlinkert/word-wrap#24</a></li>
<li>🔒fix: CVE 2023 26115 (2) by <a
href="https://github.com/OlafConijn"><code>@​OlafConijn</code></a> in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/41">jonschlinkert/word-wrap#41</a></li>
<li>🔒 fix: CVE-2023-26115 by <a
href="https://github.com/aashutoshrathi"><code>@​aashutoshrathi</code></a>
in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/33">jonschlinkert/word-wrap#33</a></li>
<li>chore: publish workflow by <a
href="https://github.com/OlafConijn"><code>@​OlafConijn</code></a> in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/42">jonschlinkert/word-wrap#42</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/mohd-akram"><code>@​mohd-akram</code></a> made
their first contribution in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/24">jonschlinkert/word-wrap#24</a></li>
<li><a
href="https://github.com/OlafConijn"><code>@​OlafConijn</code></a> made
their first contribution in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/41">jonschlinkert/word-wrap#41</a></li>
<li><a
href="https://github.com/aashutoshrathi"><code>@​aashutoshrathi</code></a>
made their first contribution in <a
href="https://redirect.github.com/jonschlinkert/word-wrap/pull/33">jonschlinkert/word-wrap#33</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4">https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="207044ebda"><code>207044e</code></a>
1.2.5</li>
<li><a
href="9894315485"><code>9894315</code></a>
revert default indent</li>
<li><a
href="f64b188c72"><code>f64b188</code></a>
run verb to generate README</li>
<li><a
href="03ea08256b"><code>03ea082</code></a>
Merge pull request <a
href="https://redirect.github.com/jonschlinkert/word-wrap/issues/42">#42</a>
from jonschlinkert/chore/publish-workflow</li>
<li><a
href="420dce9a24"><code>420dce9</code></a>
Merge pull request <a
href="https://redirect.github.com/jonschlinkert/word-wrap/issues/41">#41</a>
from jonschlinkert/fix/CVE-2023-26115-2</li>
<li><a
href="bfa694edf5"><code>bfa694e</code></a>
Update .github/workflows/publish.yml</li>
<li><a
href="ace0b3c78f"><code>ace0b3c</code></a>
chore: bump version to 1.2.4</li>
<li><a
href="6fd7275946"><code>6fd7275</code></a>
chore: add publish workflow</li>
<li><a
href="30d6daf60f"><code>30d6daf</code></a>
chore: fix test</li>
<li><a
href="655929cabe"><code>655929c</code></a>
chore: remove package-lock</li>
<li>Additional commits viewable in <a
href="https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.5">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Mime Čuvalo <mimecuvalo@gmail.com>
2024-05-07 14:54:56 +00:00
Steve Ruiz
ebc892a1a6
Camera options followups (#3701)
This PR adds a slideshow example (similar to @TodePond's slides but more
on rails) as a way to put some pressure on camera controls.

Along the way, it fixes some issues I found with animations and the new
camera controls.

- forced changes will continue to force through animations
- animations no longer set unnecessary additional listeners
- animations end correctly
- updating camera options does not immediately update the camera (to
allow for animations, etc.)

It also changes the location of the "in front of the canvas" element so
that it is not hidden by the hit test blocking element.

### Change Type

- [x] `sdk` — Changes the tldraw SDK
- [x] `improvement` — Improving existing features
2024-05-07 10:06:35 +00:00
Mitja Bezenšek
15dd56a75e
Readonly / room creation omnibus (#3192)
Reworks how the readonly urls work. Till now we just used a simple
function that would scramble the slugs. Now we use a proper key value
mapping between regular and readonly slugs:

- We use two KV stores. One is for going from a slug to a readonly slug
and the other one for going the other way around. They are populated at
the same time.
- We separate preview KV stores (dev, preview, staging) from production
one. I've already created these on Cloudflare. [My understanding is
](https://developers.cloudflare.com/kv/reference/data-security/#encryption-at-rest)that
ids [can be
public](https://community.cloudflare.com/t/is-it-safe-to-keep-kv-ids-in-a-public-git-repo/517387/4)
since we can only access KV from our worker. Happy to move them to env
variables though.

- [x] Disable creating new rooms when tldraw is embedded inside iframes
on other websites (we check the referrer and if it's not the same as the
iframe's origin we don't allow it)
- [x] Fork a project when inside an iframe now opens the forked project
on tldraw.com and not inside iframe.
- [x] We allow embeding of iframes, but we now track the where they are
used via the referrer. We send this to Vercel analytics.
- [x] Improved UX of the share menu to make it less confusing. Toggle is
gone.
- [x]  `/new` and `/r` routes not redirect to `/`.
- [x] This introduces a new `/ro` route for readonly rooms. Legacy rooms
still live on `/v`.
- [x] Brought back `dotcom-shared` project to share code between BE and
FE. Mostly types.
- [x] Prevent creating of rooms by entering `/r/non-existing-slug`. 
- [x] Handle getting a readonly slug for old rooms. Added a comment
about it
[here](https://github.com/tldraw/tldraw/pull/3192/files#diff-c0954b3dc71bb7097c39656441175f3238ed60cf5cee64077c06e21da82182cbR17-R18).
- [x] We no longer expose editor on the window object for readonly
rooms. Prevents the users disabling readonly rooms manually.

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [x] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [x] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


### Test Plan
1. Make sure old readonly rooms still work.
2. Creating a readonly link from an existing room should still use `/v`
path.
3. Newly created rooms should use `/ro` path for readonly rooms. Make
sure these work as well.
4. `/r` room was disabled and redirects to `/`
5. `/new` should still work when not inside iframes.

- [x] Unit Tests
- [ ] End to end tests

### Release Notes


1. This adds new functionality for readonly rooms:
- We have a new route `/ro` for newly created readonly rooms. These
rooms no longer use the scrambling logic to create readonly slugs.
Instead we now use KV storage from cloudflare to track the mapping for
slugs -> readonly slug and readonly slug -> slug.
- The old route `/v` is preserved, so that the old room still work as
they did before.
- For old rooms we will keep on generating the old readonly slugs, but
for new rooms we'll start using the new logic.
2. We no longer prevent embedding of tldraw inside iframes. 
3. We do prevent generating new rooms from inside the iframes though.
`/r`, `/new`, `/r/non-existing-id` should not allow creation of new
rooms inside iframes. Only `/new` still works when not inside iframes.
4. Forking a project from inside an iframe now opens it on tldraw.com
5. Slight copy change on the sharing menu. We no longer have a toggle
between readonly and non-readonly links.
6. `editor` and `app` are no longer exposed on the window object for
readonly rooms. Prevents users from using the `updateInstanceState` to
escape readonly rooms.

---------

Co-authored-by: Mime Čuvalo <mimecuvalo@gmail.com>
2024-04-25 14:10:40 +00:00
Mitja Bezenšek
4245fd55b2
Fix deploy script (#3550)
Seems like `tar` is moving to `ts` in version 7 and this caused some
issues with imports.

Saw this issue on [readonly
PR](https://github.com/tldraw/tldraw/actions/runs/8783569356/job/24099998235?pr=3192#step:6:684),
looks like a result of a [dependabot
PR](https://github.com/tldraw/tldraw/pull/3505).

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [x] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [ ] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [x] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know
2024-04-22 15:33:25 +00:00
dependabot[bot]
4507ce6378
Bump the npm_and_yarn group across 1 directory with 2 updates (#3505)
Bumps the npm_and_yarn group with 2 updates in the / directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and
[tar](https://github.com/isaacs/node-tar).

Updates `vite` from 5.2.8 to 5.2.9
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.2.9 (2024-04-15)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: <code>fsp.rm</code> removing files does not take effect (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16032">#16032</a>)
(<a href="https://github.com/vitejs/vite/commit/b05c405">b05c405</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16032">#16032</a></li>
<li>fix: fix accumulated stacks in error overlay (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16393">#16393</a>)
(<a href="https://github.com/vitejs/vite/commit/102c2fd">102c2fd</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16393">#16393</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16376">#16376</a>)
(<a href="https://github.com/vitejs/vite/commit/58a2938">58a2938</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16376">#16376</a></li>
<li>chore: update region comment (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16380">#16380</a>)
(<a href="https://github.com/vitejs/vite/commit/77562c3">77562c3</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16380">#16380</a></li>
<li>perf: reduce size of injected __vite__mapDeps code (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16184">#16184</a>)
(<a href="https://github.com/vitejs/vite/commit/c0ec6be">c0ec6be</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16184">#16184</a></li>
<li>perf(css): only replace empty chunk if imported (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16349">#16349</a>)
(<a href="https://github.com/vitejs/vite/commit/e2658ad">e2658ad</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16349">#16349</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a77707d69c"><code>a77707d</code></a>
release: v5.2.9</li>
<li><a
href="102c2fd5ad"><code>102c2fd</code></a>
fix: fix accumulated stacks in error overlay (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16393">#16393</a>)</li>
<li><a
href="58a2938a97"><code>58a2938</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16376">#16376</a>)</li>
<li><a
href="77562c3ff2"><code>77562c3</code></a>
chore: update region comment (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16380">#16380</a>)</li>
<li><a
href="b05c405f68"><code>b05c405</code></a>
fix: <code>fsp.rm</code> removing files does not take effect (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16032">#16032</a>)</li>
<li><a
href="e2658ad6fe"><code>e2658ad</code></a>
perf(css): only replace empty chunk if imported (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16349">#16349</a>)</li>
<li><a
href="c0ec6bea69"><code>c0ec6be</code></a>
perf: reduce size of injected __vite__mapDeps code (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16184">#16184</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v5.2.9/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `tar` from 6.2.1 to 7.0.1
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md">tar's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>7.0</h2>
<ul>
<li>Rewrite in TypeScript, provide ESM and CommonJS hybrid
interface</li>
<li>Add tree-shake friendly exports, like
<code>import('tar/create')</code>
and <code>import('tar/read-entry')</code> to get individual functions or
classes.</li>
<li>Add <code>chmod</code> option that defaults to false, and deprecate
<code>noChmod</code>. That is, reverse the default option regarding
explicitly setting file system modes to match tar entry
settings.</li>
<li>Add <code>processUmask</code> option to avoid having to call
<code>process.umask()</code> when <code>chmod: true</code> (or
<code>noChmod: false</code>) is
set.</li>
</ul>
<h2>6.2</h2>
<ul>
<li>Add support for brotli compression</li>
<li>Add <code>maxDepth</code> option to prevent extraction into
excessively
deep folders.</li>
</ul>
<h2>6.1</h2>
<ul>
<li>remove dead link to benchmarks (<a
href="https://redirect.github.com/isaacs/node-tar/issues/313">#313</a>)
(<a href="https://github.com/yetzt"><code>@​yetzt</code></a>)</li>
<li>add examples/explanation of using tar.t (<a
href="https://github.com/isaacs"><code>@​isaacs</code></a>)</li>
<li>ensure close event is emited after stream has ended (<a
href="https://github.com/webark"><code>@​webark</code></a>)</li>
<li>replace deprecated String.prototype.substr() (<a
href="https://github.com/CommanderRoot"><code>@​CommanderRoot</code></a>,
<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
</ul>
<h2>6.0</h2>
<ul>
<li>Drop support for node 6 and 8</li>
<li>fix symlinks and hardlinks on windows being packed with
<code>\</code>-style path targets</li>
</ul>
<h2>5.0</h2>
<ul>
<li>Address unpack race conditions using path reservations</li>
<li>Change large-numbers errors from TypeError to Error</li>
<li>Add <code>TAR_*</code> error codes</li>
<li>Raise <code>TAR_BAD_ARCHIVE</code> warning/error when there are no
valid
entries found in an archive</li>
<li>do not treat ignored entries as an invalid archive</li>
<li>drop support for node v4</li>
<li>unpack: conditionally use a file mapping to write files on
Windows</li>
<li>Set more portable 'mode' value in portable mode</li>
<li>Set <code>portable</code> gzip option in portable mode</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="d99fce38eb"><code>d99fce3</code></a>
7.0.1</li>
<li><a
href="af043922c0"><code>af04392</code></a>
Do not apply linkpath,global from global pax header</li>
<li><a
href="b0fbdea463"><code>b0fbdea</code></a>
7.0.0</li>
<li><a
href="957da7506c"><code>957da75</code></a>
remove old lib folder</li>
<li><a
href="9a260c2dba"><code>9a260c2</code></a>
test verifying <a
href="https://redirect.github.com/isaacs/node-tar/issues/398">#398</a>
is fixed</li>
<li><a
href="2d89a4edc3"><code>2d89a4e</code></a>
Properly handle long linkpath in PaxHeader</li>
<li><a
href="314ec7e642"><code>314ec7e</code></a>
list: close file even if no error thrown</li>
<li><a
href="b3afdbb264"><code>b3afdbb</code></a>
unpack test: use modern tap features</li>
<li><a
href="2330416081"><code>2330416</code></a>
test: code style, prefer () to _ for empty fns</li>
<li><a
href="ae9ce7ec2a"><code>ae9ce7e</code></a>
test: fix normalize-unicode coverage on linux</li>
<li>Additional commits viewable in <a
href="https://github.com/isaacs/node-tar/compare/v6.2.1...v7.0.1">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mime Čuvalo <mimecuvalo@gmail.com>
Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-04-21 12:39:38 +00:00
Mitja Bezenšek
88ee4e9993
Revert "RBush again? (#3439)" (#3481)
This reverts commit 45dffd1af6.

Revert rbush. There's issues with shapes that have computed bounds
(arrows, groups).

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [x] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [x] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [ ] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


- Add a brief release note for your PR here.
2024-04-16 10:56:35 +00:00
Mitja Bezenšek
45dffd1af6
RBush again? (#3439)
Adds RBush to handle spatial querying. We use it for:
- Culling. Helps a lot with panning as we don't have to compute the
culled shapes from scratch. Instead we just query rbush again. It makes
culling quite granular: spatial index updates when shapes change
(additions, removals, changes to bounds), visible shapes depends on
that, but also updates when the viewport page bound change, culled
shapes then depend on that but also change with selections changes. The
api stayed the same, which is great since the fuzz tests can stay as
they are.
- Brushing 
- Erasing
- Scribble brushing
- Getting shapes at point (for example, when updating the hover id)

This improves performance of all of those operations. I might have
missed some places where this might also be useful.

### Erasing before (Test on my old ipad)


https://github.com/tldraw/tldraw/assets/2523721/edb9c004-a44a-4779-b2d0-98617b057314

### Erasing after


https://github.com/tldraw/tldraw/assets/2523721/8f8367fd-fa8e-4963-ba13-720c5f0c2da5

### Creating an arrow before


https://github.com/tldraw/tldraw/assets/2523721/4068f8b7-f7b8-4826-83f2-083b1f3783bc

### After (much better, but still bad)


https://github.com/tldraw/tldraw/assets/2523721/11af6be6-01d8-4740-bf15-896e2dd31dd6



### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [x] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [x] `improvement` — Improving existing features
- [ ] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-04-15 16:28:18 +00:00
David Sheldrick
4f70a4f4e8
New migrations again (#3220)
Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

### Change Type

- [x] `sdk` — Changes the tldraw SDK
- [x] `galaxy brain` — Architectural changes



### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

#### BREAKING CHANGES

- The `Migrations` type is now called `LegacyMigrations`.
- The serialized schema format (e.g. returned by
`StoreSchema.serialize()` and `Store.getSnapshot()`) has changed. You
don't need to do anything about it unless you were reading data directly
from the schema for some reason. In which case it'd be best to avoid
that in the future! We have no plans to change the schema format again
(this time was traumatic enough) but you never know.
- `compareRecordVersions` and the `RecordVersion` type have both
disappeared. There is no replacement. These were public by mistake
anyway, so hopefully nobody had been using it.
- `compareSchemas` is a bit less useful now. Our migrations system has
become a little fuzzy to allow for simpler UX when adding/removing
custom extensions and 3rd party dependencies, and as a result we can no
longer compare serialized schemas in any rigorous manner. You can rely
on this function to return `0` if the schemas are the same. Otherwise it
will return `-1` if the schema on the right _seems_ to be newer than the
schema on the left, but it cannot guarantee that in situations where
migration sequences have been removed over time (e.g. if you remove one
of the builtin tldraw shapes).

Generally speaking, the best way to check schema compatibility now is to
call `store.schema.getMigrationsSince(persistedSchema)`. This will throw
an error if there is no upgrade path from the `persistedSchema` to the
current version.

- `defineMigrations` has been deprecated and will be removed in a future
release. For upgrade instructions see
https://tldraw.dev/docs/persistence#Updating-legacy-shape-migrations-defineMigrations

- `migrate` has been removed. Nobody should have been using this but if
you were you'll need to find an alternative. For migrating tldraw data,
you should stick to using `schema.migrateStoreSnapshot` and, if you are
building a nuanced sync engine that supports some amount of backwards
compatibility, also feel free to use `schema.migratePersistedRecord`.
- the `Migration` type has changed. If you need the old one for some
reason it has been renamed to `LegacyMigration`. It will be removed in a
future release.
- the `Migrations` type has been renamed to `LegacyMigrations` and will
be removed in a future release.
- the `SerializedSchema` type has been augmented. If you need the old
version specifically you can use `SerializedSchemaV1`

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-04-15 12:53:42 +00:00
dependabot[bot]
8c02dab5fb
Bump the npm_and_yarn group across 1 directory with 2 updates (#3443)
Bumps the npm_and_yarn group with 2 updates in the / directory:
[tar](https://github.com/isaacs/node-tar) and
[undici](https://github.com/nodejs/undici).

Updates `tar` from 6.2.0 to 6.2.1
<details>
<summary>Commits</summary>
<ul>
<li><a
href="bef7b1e4ff"><code>bef7b1e</code></a>
6.2.1</li>
<li><a
href="fe8cd57da5"><code>fe8cd57</code></a>
prevent extraction in excessively deep subfolders</li>
<li><a
href="fe7ebfdced"><code>fe7ebfd</code></a>
remove security.md</li>
<li>See full diff in <a
href="https://github.com/isaacs/node-tar/compare/v6.2.0...v6.2.1">compare
view</a></li>
</ul>
</details>
<br />

Updates `undici` from 5.28.3 to 5.28.4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v5.28.4</h2>
<h2>⚠️ Security Release ⚠️</h2>
<ul>
<li>Fixes <a
href="https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7">https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7</a>
CVE-2024-30260</li>
<li>Fixes <a
href="https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672">https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672</a>
CVE-2024-30261</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4">https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fb98306907"><code>fb98306</code></a>
Bumped v5.28.4</li>
<li><a
href="2b39440bd9"><code>2b39440</code></a>
Merge pull request from GHSA-9qxr-qj54-h672</li>
<li><a
href="64e3402da4"><code>64e3402</code></a>
Merge pull request from GHSA-m4v8-wqvr-p9f7</li>
<li><a
href="723c4e7280"><code>723c4e7</code></a>
Revert &quot;build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 (<a
href="https://redirect.github.com/nodejs/undici/issues/2389">#2389</a>)&quot;</li>
<li><a
href="0e9d54b2c2"><code>0e9d54b</code></a>
skip failing test due to Node.js changes</li>
<li>See full diff in <a
href="https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-15 11:37:33 +00:00
dependabot[bot]
0161ec796e
Bump the npm_and_yarn group across 1 directory with 1 update (#3348)
Bumps the npm_and_yarn group with 1 update in the / directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).

Updates `vite` from 5.2.7 to 5.2.8
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.2.8 (2024-04-03)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: csp nonce injection when no closing tag (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16281">#16281</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16282">#16282</a>)
(<a href="https://github.com/vitejs/vite/commit/3c85c6b">3c85c6b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16281">#16281</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/16282">#16282</a></li>
<li>fix: do not access document in <code>/@vite/client</code> when not
defined (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16318">#16318</a>)
(<a href="https://github.com/vitejs/vite/commit/646319c">646319c</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16318">#16318</a></li>
<li>fix: fix sourcemap when using object as <code>define</code> value
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15805">#15805</a>)
(<a href="https://github.com/vitejs/vite/commit/445c4f2">445c4f2</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15805">#15805</a></li>
<li>fix(css): unknown file error happened with lightningcss (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16306">#16306</a>)
(<a href="https://github.com/vitejs/vite/commit/01af308">01af308</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16306">#16306</a></li>
<li>fix(hmr): multiple updates happened when invalidate is called while
multiple tabs open (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16307">#16307</a>)
(<a href="https://github.com/vitejs/vite/commit/21cc10b">21cc10b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16307">#16307</a></li>
<li>fix(scanner): duplicate modules for same id if glob is used in
html-like types (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16305">#16305</a>)
(<a href="https://github.com/vitejs/vite/commit/eca68fa">eca68fa</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16305">#16305</a></li>
<li>chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16325">#16325</a>)
(<a href="https://github.com/vitejs/vite/commit/a78e265">a78e265</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16325">#16325</a></li>
<li>refactor: use types from sass instead of <code>@​types/sass</code>
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16340">#16340</a>)
(<a href="https://github.com/vitejs/vite/commit/4581e83">4581e83</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16340">#16340</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8b8d4024fb"><code>8b8d402</code></a>
release: v5.2.8</li>
<li><a
href="646319cc84"><code>646319c</code></a>
fix: do not access document in <code>/@vite/client</code> when not
defined (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16318">#16318</a>)</li>
<li><a
href="445c4f2158"><code>445c4f2</code></a>
fix: fix sourcemap when using object as <code>define</code> value (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15805">#15805</a>)</li>
<li><a
href="a78e265822"><code>a78e265</code></a>
chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16325">#16325</a>)</li>
<li><a
href="4581e8371d"><code>4581e83</code></a>
refactor: use types from sass instead of <code>@​types/sass</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16340">#16340</a>)</li>
<li><a
href="3c85c6b52e"><code>3c85c6b</code></a>
fix: csp nonce injection when no closing tag (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16281">#16281</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16282">#16282</a>)</li>
<li><a
href="21cc10bfda"><code>21cc10b</code></a>
fix(hmr): multiple updates happened when invalidate is called while
multiple ...</li>
<li><a
href="01af308dfd"><code>01af308</code></a>
fix(css): unknown file error happened with lightningcss (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16306">#16306</a>)</li>
<li><a
href="eca68fa942"><code>eca68fa</code></a>
fix(scanner): duplicate modules for same id if glob is used in html-like
type...</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v5.2.8/packages/vite">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=vite&package-manager=npm_and_yarn&previous-version=5.2.7&new-version=5.2.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-04 07:34:07 +00:00
David Sheldrick
5557f6be5b
Revert "squish sync data events before sending them out" (#3331)
Reverts tldraw/tldraw#3118
2024-04-03 10:31:28 +01:00
Dan Groshev
b42a222c88
squish sync data events before sending them out (#3118)
Recently (https://github.com/tldraw/tldraw/pull/3012), we started
aggregating data messages before sending them out. However, local
testing shows that we generate *many* redundant messages (see the test
file for an example of a real buffer captured during local testing with
just two users). This PR adds a function to squish those updates
together, reducing the amount of data we need to transfer and load on
the client that won't need to process those redundant messages.

The function is checked with [fast-check](https://fast-check.dev/), a JS
property test framework, to make sure that squished deltas result in
exactly the same state as the original ones.

### Change Type

- [x] `minor` — New feature

### Test Plan

1. Needs a group smoke test

- [x] End to end tests
2024-04-02 08:57:58 +00:00
Steve Ruiz
3df866a86f
[internal] Add license report scripts (#2751)
This PR adds scripts that allow us to generate reports on our
dependencies.

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package[^2]
2024-04-01 13:36:40 +00:00
dependabot[bot]
1db0c271a6
Bump the npm_and_yarn group across 1 directory with 2 updates (#3304)
Bumps the npm_and_yarn group with 2 updates in the / directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and
[express](https://github.com/expressjs/express).

Updates `vite` from 5.1.6 to 5.2.7
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>create-vite@5.2.3</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.2.3/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.2.2</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.2.2/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.2.1</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.2.1/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
<h2>create-vite@5.2.0</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/create-vite@5.2.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.2.7 (2024-03-29)<!-- raw HTML omitted
--></h2>
<ul>
<li>chore: deprecate splitVendorChunkPlugin (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16274">#16274</a>)
(<a href="https://github.com/vitejs/vite/commit/45a06da">45a06da</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16274">#16274</a></li>
<li>fix: skip injecting <code>__vite__mapDeps</code> when it's not used
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16271">#16271</a>)
(<a href="https://github.com/vitejs/vite/commit/890538a">890538a</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16271">#16271</a></li>
<li>fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16258">#16258</a>)
(<a href="https://github.com/vitejs/vite/commit/7caef42">7caef42</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16258">#16258</a></li>
<li>fix(hmr): don't mutate module graph when collecting modules (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16302">#16302</a>)
(<a href="https://github.com/vitejs/vite/commit/dfffea1">dfffea1</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16302">#16302</a></li>
<li>fix(hmr): trigger hmr for missing file import errored module after
file creation (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16303">#16303</a>)
(<a href="https://github.com/vitejs/vite/commit/ffedc06">ffedc06</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16303">#16303</a></li>
<li>fix(sourcemap): don't warn even if the sourcesContent is an empty
string (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16273">#16273</a>)
(<a href="https://github.com/vitejs/vite/commit/24e376a">24e376a</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16273">#16273</a></li>
<li>feat(hmr): reload when HTML file is created/deleted (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16288">#16288</a>)
(<a href="https://github.com/vitejs/vite/commit/1f53796">1f53796</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16288">#16288</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.6 (2024-03-24)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: <code>fs.deny</code> with globs with directories (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16250">#16250</a>)
(<a href="https://github.com/vitejs/vite/commit/ba5269c">ba5269c</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16250">#16250</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.5 (2024-03-24)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: avoid SSR requests in waitForRequestIdle (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16246">#16246</a>)
(<a href="https://github.com/vitejs/vite/commit/7093f77">7093f77</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16246">#16246</a></li>
<li>docs: clarify enforce vs hook.order (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16226">#16226</a>)
(<a href="https://github.com/vitejs/vite/commit/3a73e48">3a73e48</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16226">#16226</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.4 (2024-03-23)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: dont resolve imports with malformed URI (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16244">#16244</a>)
(<a href="https://github.com/vitejs/vite/commit/fbf69d5">fbf69d5</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16244">#16244</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.3 (2024-03-22)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: handle warmup request error correctly (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16223">#16223</a>)
(<a href="https://github.com/vitejs/vite/commit/d7c5256">d7c5256</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16223">#16223</a></li>
<li>fix: skip encode if is data uri (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16233">#16233</a>)
(<a href="https://github.com/vitejs/vite/commit/8617e76">8617e76</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16233">#16233</a></li>
<li>fix(optimizer): fix <code>optimizeDeps.include</code> glob syntax
for <code>./*</code> exports (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16230">#16230</a>)
(<a href="https://github.com/vitejs/vite/commit/f184c80">f184c80</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16230">#16230</a></li>
<li>fix(runtime): fix sourcemap with <code>prepareStackTrace</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16220">#16220</a>)
(<a href="https://github.com/vitejs/vite/commit/dad7f4f">dad7f4f</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16220">#16220</a></li>
<li>chore: <code>utf8</code> replaced with <code>utf-8</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16232">#16232</a>)
(<a href="https://github.com/vitejs/vite/commit/9800c73">9800c73</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16232">#16232</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.2 (2024-03-20)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix(importAnalysis): skip encode in ssr (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16213">#16213</a>)
(<a href="https://github.com/vitejs/vite/commit/e4d2d60">e4d2d60</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16213">#16213</a></li>
</ul>
<h2><!-- raw HTML omitted -->5.2.1 (2024-03-20)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: encode path uri only (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16212">#16212</a>)
(<a href="https://github.com/vitejs/vite/commit/0b2e40b">0b2e40b</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16212">#16212</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ad246da989"><code>ad246da</code></a>
release: v5.2.7</li>
<li><a
href="45a06daac8"><code>45a06da</code></a>
chore: deprecate splitVendorChunkPlugin (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16274">#16274</a>)</li>
<li><a
href="ffedc06cab"><code>ffedc06</code></a>
fix(hmr): trigger hmr for missing file import errored module after file
creat...</li>
<li><a
href="dfffea1f43"><code>dfffea1</code></a>
fix(hmr): don't mutate module graph when collecting modules (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16302">#16302</a>)</li>
<li><a
href="1f5379601e"><code>1f53796</code></a>
feat(hmr): reload when HTML file is created/deleted (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16288">#16288</a>)</li>
<li><a
href="24e376ad86"><code>24e376a</code></a>
fix(sourcemap): don't warn even if the sourcesContent is an empty string
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16">#16</a>...</li>
<li><a
href="7caef4216e"><code>7caef42</code></a>
fix(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16258">#16258</a>)</li>
<li><a
href="890538a694"><code>890538a</code></a>
fix: skip injecting <code>__vite__mapDeps</code> when it's not used (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16271">#16271</a>)</li>
<li><a
href="7369016d8a"><code>7369016</code></a>
release: v5.2.6</li>
<li><a
href="ba5269cca8"><code>ba5269c</code></a>
fix: <code>fs.deny</code> with globs with directories (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16250">#16250</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v5.2.7/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `express` from 4.18.2 to 4.19.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/releases">express's
releases</a>.</em></p>
<blockquote>
<h2>4.19.2</h2>
<h2>What's Changed</h2>
<ul>
<li><a
href="0b746953c4">Improved
fix for open redirect allow list bypass</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.19.1...4.19.2">https://github.com/expressjs/express/compare/4.19.1...4.19.2</a></p>
<h2>4.19.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix ci after location patch by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5552">expressjs/express#5552</a></li>
<li>fixed un-edited version in history.md for 4.19.0 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5556">expressjs/express#5556</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.19.0...4.19.1">https://github.com/expressjs/express/compare/4.19.0...4.19.1</a></p>
<h2>4.19.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix typo in release date by <a
href="https://github.com/UlisesGascon"><code>@​UlisesGascon</code></a>
in <a
href="https://redirect.github.com/expressjs/express/pull/5527">expressjs/express#5527</a></li>
<li>docs: nominating <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> to be
project captian by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5511">expressjs/express#5511</a></li>
<li>docs: loosen TC activity rules by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5510">expressjs/express#5510</a></li>
<li>Add note on how to update docs for new release by <a
href="https://github.com/crandmck"><code>@​crandmck</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5541">expressjs/express#5541</a></li>
<li><a
href="660ccf5fa3">Prevent
open redirect allow list bypass due to encodeurl</a></li>
<li>Release 4.19.0 by <a
href="https://github.com/wesleytodd"><code>@​wesleytodd</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5551">expressjs/express#5551</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/crandmck"><code>@​crandmck</code></a>
made their first contribution in <a
href="https://redirect.github.com/expressjs/express/pull/5541">expressjs/express#5541</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/expressjs/express/compare/4.18.3...4.19.0">https://github.com/expressjs/express/compare/4.18.3...4.19.0</a></p>
<h2>4.18.3</h2>
<h2>Main Changes</h2>
<ul>
<li>Fix routing requests without method</li>
<li>deps: body-parser@1.20.2
<ul>
<li>Fix strict json error message on Node.js 19+</li>
<li>deps: content-type@~1.0.5</li>
<li>deps: raw-body@2.5.2</li>
</ul>
</li>
</ul>
<h2>Other Changes</h2>
<ul>
<li>Use https: protocol instead of deprecated git: protocol by <a
href="https://github.com/vcsjones"><code>@​vcsjones</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5032">expressjs/express#5032</a></li>
<li>build: Node.js@16.18 and Node.js@18.12 by <a
href="https://github.com/abenhamdine"><code>@​abenhamdine</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5034">expressjs/express#5034</a></li>
<li>ci: update actions/checkout to v3 by <a
href="https://github.com/armujahid"><code>@​armujahid</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5027">expressjs/express#5027</a></li>
<li>test: remove unused function arguments in params by <a
href="https://github.com/raksbisht"><code>@​raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5124">expressjs/express#5124</a></li>
<li>Remove unused originalIndex from acceptParams by <a
href="https://github.com/raksbisht"><code>@​raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5119">expressjs/express#5119</a></li>
<li>Fixed typos by <a
href="https://github.com/raksbisht"><code>@​raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5117">expressjs/express#5117</a></li>
<li>examples: remove unused params by <a
href="https://github.com/raksbisht"><code>@​raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5113">expressjs/express#5113</a></li>
<li>fix: parameter str is not described in JSDoc by <a
href="https://github.com/raksbisht"><code>@​raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5130">expressjs/express#5130</a></li>
<li>fix: typos in History.md by <a
href="https://github.com/raksbisht"><code>@​raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5131">expressjs/express#5131</a></li>
<li>build : add Node.js@19.7 by <a
href="https://github.com/abenhamdine"><code>@​abenhamdine</code></a> in
<a
href="https://redirect.github.com/expressjs/express/pull/5028">expressjs/express#5028</a></li>
<li>test: remove unused function arguments in params by <a
href="https://github.com/raksbisht"><code>@​raksbisht</code></a> in <a
href="https://redirect.github.com/expressjs/express/pull/5137">expressjs/express#5137</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/expressjs/express/blob/master/History.md">express's
changelog</a>.</em></p>
<blockquote>
<h1>4.19.2 / 2024-03-25</h1>
<ul>
<li>Improved fix for open redirect allow list bypass</li>
</ul>
<h1>4.19.1 / 2024-03-20</h1>
<ul>
<li>Allow passing non-strings to res.location with new encoding handling
checks</li>
</ul>
<h1>4.19.0 / 2024-03-20</h1>
<ul>
<li>Prevent open redirect allow list bypass due to encodeurl</li>
<li>deps: cookie@0.6.0</li>
</ul>
<h1>4.18.3 / 2024-02-29</h1>
<ul>
<li>Fix routing requests without method</li>
<li>deps: body-parser@1.20.2
<ul>
<li>Fix strict json error message on Node.js 19+</li>
<li>deps: content-type@~1.0.5</li>
<li>deps: raw-body@2.5.2</li>
</ul>
</li>
<li>deps: cookie@0.6.0
<ul>
<li>Add <code>partitioned</code> option</li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="04bc62787b"><code>04bc627</code></a>
4.19.2</li>
<li><a
href="da4d763ff6"><code>da4d763</code></a>
Improved fix for open redirect allow list bypass</li>
<li><a
href="4f0f6cc67d"><code>4f0f6cc</code></a>
4.19.1</li>
<li><a
href="a003cfab03"><code>a003cfa</code></a>
Allow passing non-strings to res.location with new encoding handling
checks f...</li>
<li><a
href="a1fa90fcea"><code>a1fa90f</code></a>
fixed un-edited version in history.md for 4.19.0</li>
<li><a
href="11f2b1db22"><code>11f2b1d</code></a>
build: fix build due to inconsistent supertest behavior in older
versions</li>
<li><a
href="084e36506a"><code>084e365</code></a>
4.19.0</li>
<li><a
href="0867302ddb"><code>0867302</code></a>
Prevent open redirect allow list bypass due to encodeurl</li>
<li><a
href="567c9c665d"><code>567c9c6</code></a>
Add note on how to update docs for new release (<a
href="https://redirect.github.com/expressjs/express/issues/5541">#5541</a>)</li>
<li><a
href="69a4cf2819"><code>69a4cf2</code></a>
deps: cookie@0.6.0</li>
<li>Additional commits viewable in <a
href="https://github.com/expressjs/express/compare/4.18.2...4.19.2">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~wesleytodd">wesleytodd</a>, a new releaser
for express since your current version.</p>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Mitja Bezenšek <mitja.bezensek@gmail.com>
2024-03-29 16:23:34 +00:00
Steve Ruiz
1fe74ecaa4
[chore] Bump browser-fs-access. (#3277)
This PR bumps browser-fs-access to the latest version.

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [x] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [ ] `improvement` — Improving existing features
- [x] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know
2024-03-29 10:56:30 +00:00
Mitja Bezenšek
cd02d03d06
Revert perf changes (#3217)
Step 1 of the master plan 😂 

![CleanShot 2024-03-19 at 16 05
08](https://github.com/tldraw/tldraw/assets/2523721/7d2afed9-7b69-4fdb-8b9f-54a48c61258f)

This:
- Reverts #3186 
- Reverts #3160 (there were some conflicting changes so it's not a
straight revert)
- Reverts most of #2977 


### Change Type

<!--  Please select a 'Scope' label ️ -->

- [ ] `sdk` — Changes the tldraw SDK
- [ ] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [x] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [ ] `improvement` — Improving existing features
- [x] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know
2024-03-21 10:05:44 +00:00
alex
4c5c3daa51
PDF editor example (#3159)
This diff adds a PDF editor example. It's pretty similar to the image
annotator, but is a better way to demo longer axis-locked scrolling.
There are some pretty big drawbacks to it at the moment (see the TODO
list on `PdfEditor.tsx`)

I'm going to land as-is for now, and we can iterate on it in the future.

### Change Type
- [x] `docs` — Changes to the documentation, examples, or templates.
- [x] `feature` — New feature
2024-03-19 11:55:21 +00:00
Dan Groshev
d7b80baa31
use native structuredClone on node, cloudflare workers, and in tests (#3166)
Currently, we only use native `structuredClone` in the browser, falling
back to `JSON.parse(JSON.stringify(...))` elsewhere, despite Node
supporting `structuredClone` [since
v17](https://developer.mozilla.org/en-US/docs/Web/API/structuredClone)
and Cloudflare Workers supporting it [since
2022](https://blog.cloudflare.com/standards-compliant-workers-api/).
This PR adjusts our shim to use the native `structuredClone` on all
platforms, if available.

Additionally, `jsdom` doesn't implement `structuredClone`, a bug [open
since 2022](https://github.com/jsdom/jsdom/issues/3363). This PR patches
`jsdom` environment in all packages/apps that use it for tests.

Also includes a driveby removal of `deepCopy`, a function that is
strictly inferior to `structuredClone`.

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [x] `sdk` — Changes the tldraw SDK
- [x] `dotcom` — Changes the tldraw.com web app
- [ ] `docs` — Changes to the documentation, examples, or templates.
- [ ] `vs code` — Changes to the vscode plugin
- [ ] `internal` — Does not affect user-facing stuff

<!--  Please select a 'Type' label ️ -->

- [ ] `bugfix` — Bug fix
- [ ] `feature` — New feature
- [x] `improvement` — Improving existing features
- [x] `chore` — Updating dependencies, other boring stuff
- [ ] `galaxy brain` — Architectural changes
- [ ] `tests` — Changes to any test code
- [ ] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
- [ ] `dunno` — I don't know


### Test Plan

1. A smoke test would be enough

- [ ] Unit Tests
- [x] End to end tests
2024-03-18 17:16:09 +00:00
dependabot[bot]
afd024f898
Bump the npm_and_yarn group across 1 directory with 2 updates (#3165)
Bumps the npm_and_yarn group with 2 updates in the / directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and
[follow-redirects](https://github.com/follow-redirects/follow-redirects).

Updates `vite` from 5.1.5 to 5.1.6
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.1.6 (2024-03-11)<!-- raw HTML omitted
--></h2>
<ul>
<li>chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16131">#16131</a>)
(<a href="https://github.com/vitejs/vite/commit/a862ecb">a862ecb</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16131">#16131</a></li>
<li>fix: check for publicDir before checking if it is a parent directory
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16046">#16046</a>)
(<a href="https://github.com/vitejs/vite/commit/b6fb323">b6fb323</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16046">#16046</a></li>
<li>fix: escape single quote when relative base is used (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16060">#16060</a>)
(<a href="https://github.com/vitejs/vite/commit/8f74ce4">8f74ce4</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16060">#16060</a></li>
<li>fix: handle function property extension in namespace import (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16113">#16113</a>)
(<a href="https://github.com/vitejs/vite/commit/f699194">f699194</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16113">#16113</a></li>
<li>fix: server middleware mode resolve (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16122">#16122</a>)
(<a href="https://github.com/vitejs/vite/commit/8403546">8403546</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16122">#16122</a></li>
<li>fix(esbuild): update tsconfck to fix bug that could cause a deadlock
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16124">#16124</a>)
(<a href="https://github.com/vitejs/vite/commit/fd9de04">fd9de04</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16124">#16124</a></li>
<li>fix(worker): hide &quot;The emitted file overwrites&quot; warning if
the content is same (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16094">#16094</a>)
(<a href="https://github.com/vitejs/vite/commit/60dfa9e">60dfa9e</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16094">#16094</a></li>
<li>fix(worker): throw error when circular worker import is detected and
support self referencing worker (<a
href="https://github.com/vitejs/vite/commit/eef9da1">eef9da1</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16103">#16103</a></li>
<li>style(utils): remove null check (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16112">#16112</a>)
(<a href="https://github.com/vitejs/vite/commit/0d2df52">0d2df52</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16112">#16112</a></li>
<li>refactor(runtime): share more code between runtime and main bundle
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16063">#16063</a>)
(<a href="https://github.com/vitejs/vite/commit/93be84e">93be84e</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16063">#16063</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="6f7466e621"><code>6f7466e</code></a>
release: v5.1.6</li>
<li><a
href="a862ecb941"><code>a862ecb</code></a>
chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16131">#16131</a>)</li>
<li><a
href="840354601a"><code>8403546</code></a>
fix: server middleware mode resolve (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16122">#16122</a>)</li>
<li><a
href="b6fb3235c3"><code>b6fb323</code></a>
fix: check for publicDir before checking if it is a parent directory (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16046">#16046</a>)</li>
<li><a
href="fd9de0473e"><code>fd9de04</code></a>
fix(esbuild): update tsconfck to fix bug that could cause a deadlock (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16124">#16124</a>)</li>
<li><a
href="f6991948f5"><code>f699194</code></a>
fix: handle function property extension in namespace import (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16113">#16113</a>)</li>
<li><a
href="0d2df52716"><code>0d2df52</code></a>
style(utils): remove null check (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16112">#16112</a>)</li>
<li><a
href="eef9da13d0"><code>eef9da1</code></a>
fix(worker): throw error when circular worker import is detected and
support ...</li>
<li><a
href="60dfa9e15c"><code>60dfa9e</code></a>
fix(worker): hide &quot;The emitted file overwrites&quot; warning if the
content is sam...</li>
<li><a
href="93be84eccd"><code>93be84e</code></a>
refactor(runtime): share more code between runtime and main bundle (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16063">#16063</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v5.1.6/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `follow-redirects` from 1.15.5 to 1.15.6
<details>
<summary>Commits</summary>
<ul>
<li><a
href="35a517c586"><code>35a517c</code></a>
Release version 1.15.6 of the npm package.</li>
<li><a
href="c4f847f851"><code>c4f847f</code></a>
Drop Proxy-Authorization across hosts.</li>
<li><a
href="8526b4a1b2"><code>8526b4a</code></a>
Use GitHub for disclosure.</li>
<li>See full diff in <a
href="https://github.com/follow-redirects/follow-redirects/compare/v1.15.5...v1.15.6">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-17 13:28:02 +00:00
David Sheldrick
8e23a253fc
[perf] Reinstate render throttling (#3160)
Follow up to #3129 

### Change Type

<!--  Please select a 'Scope' label ️ -->

- [x] `sdk` — Changes the tldraw SDK

- [x] `improvement` — Improving existing features



### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-03-15 16:18:23 +00:00
David Sheldrick
44a3ea7363
[docs] Sync docs deploy with npm deploy (#3153)
This PR makes it so that our docs deployment process is tied to, and
mirrors, the npm deployment process.

From here on:

- Commits to main get deployed to staging.tldraw.dev
- Commits to a special protected branch called `docs-production` get
deployed to www.tldraw.dev
- Whenever we create a new npm 'latest' release we reset the HEAD of
docs-production to point to the tagged commit for that release.
- If we make a docs change that we want to appear on tldraw.dev ASAP
without waiting for the next npm release, we'll have to follow the same
process as for creating a patch release i.e merge a cherry-pick PR
targeting the latest release branch e.g. `v2.0.x`. This will not cause
another npm patch release unless the cherry-picked changes touch source
files, e.g. updating TSDoc comments.


### Change Type


- [x] `docs` — Changes to the documentation, examples, or templates.
- [x] `tools` — Changes to infrastructure, CI, internal scripts,
debugging tools, etc.
2024-03-14 14:43:32 +00:00
David Sheldrick
b9547c2e6b
[DX] PR labels revamp (#3112)
This PR switches up how PR labels are validated to allow for more
freeform label tweaking in the future. Basically **huppy will now only
check that your PR is labelled, it doesn't care how it's labelled**. I
also updated the PR template with a new labelling scheme that we can
tweak over time.

So before Huppy bot had to know about the specific set of allowed
labels, and now as long as the label exists you're allowed to add it.

So to add a new label to the PR template, just create the label and then
add an option for it in the .md file.

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know
2024-03-12 14:53:57 +00:00
Mitja Bezenšek
26e1e98366
Revert throttling of useValue and useStateTracking. (#3129)
Reverts the changes to the `state` package that were made in #2977.
Should fix the issue with shape jittering discovered during QA.


### Change Type

- [x] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Create some shapes (draw shapes work well).
2. Open the same room in a second browser.
3. Resize shapes (using option / alt makes it more obvious).
4. The shapes should not jitter in any of the screens.
2024-03-12 13:57:53 +00:00
Mitja Bezenšek
b5aff00c89
Performance improvements (#2977)
This PR does a few things to help with performance:
1. Instead of doing changes on raf we now do them 60 times per second.
This limits the number of updates on high refresh rate screens like the
iPad. With the current code this only applied to the history updates (so
when you subscribed to the updates), but the next point takes this a bit
futher.
2. We now trigger react updates 60 times per second. This is a change in
`useValue` and `useStateTracking` hooks.
3. We now throttle the inputs (like the `pointerMove`) in state nodes.
This means we batch multiple inputs and only apply them at most 60 times
per second.

We had to adjust our own tests to pass after this change so I marked
this as major as it might require the users of the library to do the
same.

Few observations:
- The browser calls the raf callbacks when it can. If it gets
overwhelmed it will call them further and further apart. As things call
down it will start calling them more frequently again. You can clearly
see this in the drawing example. When fps gets to a certain level we
start to get fewer updates, then fps can recover a bit. This makes the
experience quite janky. The updates can be kinda ok one second (dropping
frames, but consistently) and then they can completely stop and you have
to let go of the mouse to make them happen again. With the new logic it
seems everything is a lot more consistent.
- We might look into variable refresh rates to prevent this overtaxing
of the browser. Like when we see that the times between our updates are
getting higher we could make the updates less frequent. If we then see
that they are happening more often we could ramp them back up. I had an
[experiment for this
here](4834863966 (diff-318e71563d7c47173f89ec084ca44417cf70fc72faac85b96f48b856a8aec466L30-L35)).

Few tests below. Used 6x slowdown for these.

# Resizing

### Before


https://github.com/tldraw/tldraw/assets/2523721/798a033f-5dfa-419e-9a2d-fd8908272ba0

### After


https://github.com/tldraw/tldraw/assets/2523721/45870a0c-c310-4be0-b63c-6c92c20ca037

# Drawing 
Comparison is not 100% fair, we don't store the intermediate inputs
right now. That said, tick should still only produce once update so I do
think we can get a sense of the differences.

### Before


https://github.com/tldraw/tldraw/assets/2523721/2e8ac8c5-bbdf-484b-bb0c-70c967f4541c

### After


https://github.com/tldraw/tldraw/assets/2523721/8f54b7a8-9a0e-4a39-b168-482caceb0149


### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [x] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version


### Release Notes

- Improves the performance of rendering.

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-11 13:17:31 +00:00
dependabot[bot]
47420d7476
Bump the npm_and_yarn group across 3 directories with 3 updates (#3087)
Bumps the npm_and_yarn group with 3 updates in the / directory:
[next](https://github.com/vercel/next.js),
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) and
[jose](https://github.com/panva/jose).
Bumps the npm_and_yarn group with 1 update in the /templates/nextjs
directory: [next](https://github.com/vercel/next.js).

Updates `next` from 14.0.4 to 14.1.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v14.1.2</h2>
<p><em>Note: this is a backport release for critical bug fixes -- this
does not include all pending features/changes on canary</em></p>
<h3>Core Changes</h3>
<ul>
<li>Fix sitemap generateSitemaps support for string id (<a
href="https://redirect.github.com/vercel/next.js/issues/61088">#61088</a>)</li>
<li>Fix: generateSitemaps in production giving 404 (<a
href="https://redirect.github.com/vercel/next.js/issues/62212">#62212</a>)</li>
<li>Fix redirect under suspense boundary with basePath (<a
href="https://redirect.github.com/vercel/next.js/issues/62597">#62597</a>)</li>
<li>Fix: Add stricter check for &quot;use server&quot; exports (<a
href="https://redirect.github.com/vercel/next.js/issues/62821">#62821</a>)</li>
<li>ensure server action errors notify rejection handlers (<a
href="https://redirect.github.com/vercel/next.js/issues/61588">#61588</a>)</li>
<li>make router restore action resilient to a missing tree (<a
href="https://redirect.github.com/vercel/next.js/issues/62098">#62098</a>)</li>
<li>build: remove sentry from the externals list <a
href="https://redirect.github.com/vercel/next.js/issues/61194">#61194</a></li>
<li>Reduce memory/cache overhead from over loader processing <a
href="https://redirect.github.com/vercel/next.js/issues/62005">#62005</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/huozhi"><code>@​huozhi</code></a>, <a
href="https://github.com/shuding"><code>@​shuding</code></a>, <a
href="https://github.com/Ethan-Arrowood"><code>@​Ethan-Arrowood</code></a>,
<a href="https://github.com/styfle"><code>@​styfle</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, <a
href="https://github.com/ztanner"><code>@​ztanner</code></a>, <a
href="https://github.com/balazsorban44"><code>@​balazsorban44</code></a>,
<a href="https://github.com/kdy1"><code>@​kdy1</code></a>, and <a
href="https://github.com/williamli"><code>@​williamli</code></a> for
helping!</p>
<h2>v14.1.2-canary.7</h2>
<h3>Core Changes</h3>
<ul>
<li>remove reducer unit tests: <a
href="https://redirect.github.com/vercel/next.js/issues/62766">#62766</a></li>
</ul>
<h3>Documentation Changes</h3>
<ul>
<li>Update sitemap.mdx: <a
href="https://redirect.github.com/vercel/next.js/issues/62809">#62809</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/ztanner"><code>@​ztanner</code></a> and <a
href="https://github.com/devr77"><code>@​devr77</code></a> for
helping!</p>
<h2>v14.1.2-canary.6</h2>
<h3>Core Changes</h3>
<ul>
<li>fix: Add stricter check for &quot;use server&quot; exports: <a
href="https://redirect.github.com/vercel/next.js/issues/62821">#62821</a></li>
<li>fix(next-core): throw on invalid metadata handler: <a
href="https://redirect.github.com/vercel/next.js/issues/62829">#62829</a></li>
<li>Revert &quot;Add experimental config for navigation raf test (<a
href="https://redirect.github.com/vercel/next.js/issues/62668">#62668</a>)&quot;:
<a
href="https://redirect.github.com/vercel/next.js/issues/62834">#62834</a></li>
<li>Revert &quot;refactor(analysis): rust based page-static-info,
deprecate js parse interface in next-swc&quot;: <a
href="https://redirect.github.com/vercel/next.js/issues/62838">#62838</a></li>
</ul>
<h3>Example Changes</h3>
<ul>
<li>Fix with-supertokens example: <a
href="https://redirect.github.com/vercel/next.js/issues/62817">#62817</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/shuding"><code>@​shuding</code></a>, <a
href="https://github.com/kwonoj"><code>@​kwonoj</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, and <a
href="https://github.com/timneutkens"><code>@​timneutkens</code></a> for
helping!</p>
<h2>v14.1.2-canary.5</h2>
<h3>Core Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fc38ee190c"><code>fc38ee1</code></a>
v14.1.3</li>
<li><a
href="85a5c4d1ee"><code>85a5c4d</code></a>
fix type</li>
<li><a
href="4b059bc042"><code>4b059bc</code></a>
Upgrade to latest <a
href="https://github.com/edge-runtime"><code>@​edge-runtime</code></a>
packages (<a
href="https://redirect.github.com/vercel/next.js/issues/62955">#62955</a>)</li>
<li><a
href="b10a6105a9"><code>b10a610</code></a>
Fix output: export with custom distDir (<a
href="https://redirect.github.com/vercel/next.js/issues/62064">#62064</a>)</li>
<li><a
href="960b738b8a"><code>960b738</code></a>
Migrate locale redirect handling to router-server (<a
href="https://redirect.github.com/vercel/next.js/issues/62606">#62606</a>)</li>
<li><a
href="2f210d448a"><code>2f210d4</code></a>
update release workflow</li>
<li><a
href="f564deef86"><code>f564dee</code></a>
v14.1.2</li>
<li><a
href="a85519e715"><code>a85519e</code></a>
Fix sitemap generateSitemaps support for string id (<a
href="https://redirect.github.com/vercel/next.js/issues/61088">#61088</a>)</li>
<li><a
href="0a2d7754ed"><code>0a2d775</code></a>
Fix: generateSitemaps in production giving 404 (<a
href="https://redirect.github.com/vercel/next.js/issues/62212">#62212</a>)</li>
<li><a
href="400b57cf22"><code>400b57c</code></a>
Fix redirect under suspense boundary with basePath (<a
href="https://redirect.github.com/vercel/next.js/issues/62597">#62597</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.0.4...v14.1.3">compare
view</a></li>
</ul>
</details>
<br />

Updates `vite` from 5.1.4 to 5.1.5
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.1.5 (2024-03-04)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: <code>__vite__mapDeps</code> code injection (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15732">#15732</a>)
(<a href="https://github.com/vitejs/vite/commit/aff54e1">aff54e1</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15732">#15732</a></li>
<li>fix: analysing build chunk without dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15469">#15469</a>)
(<a href="https://github.com/vitejs/vite/commit/bd52283">bd52283</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15469">#15469</a></li>
<li>fix: import with query with imports field (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16085">#16085</a>)
(<a href="https://github.com/vitejs/vite/commit/ab823ab">ab823ab</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16085">#16085</a></li>
<li>fix: normalize literal-only entry pattern (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16010">#16010</a>)
(<a href="https://github.com/vitejs/vite/commit/1dccc37">1dccc37</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16010">#16010</a></li>
<li>fix: optimizeDeps.entries with literal-only pattern(s) (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15853">#15853</a>)
(<a href="https://github.com/vitejs/vite/commit/49300b3">49300b3</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15853">#15853</a></li>
<li>fix: output correct error for empty import specifier (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16055">#16055</a>)
(<a href="https://github.com/vitejs/vite/commit/a9112eb">a9112eb</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16055">#16055</a></li>
<li>fix: upgrade esbuild to 0.20.x (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16062">#16062</a>)
(<a href="https://github.com/vitejs/vite/commit/899d9b1">899d9b1</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16062">#16062</a></li>
<li>fix(runtime): runtime HMR affects only imported files (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15898">#15898</a>)
(<a href="https://github.com/vitejs/vite/commit/57463fc">57463fc</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15898">#15898</a></li>
<li>fix(scanner): respect <code>experimentalDecorators: true</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15206">#15206</a>)
(<a href="https://github.com/vitejs/vite/commit/4144781">4144781</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15206">#15206</a></li>
<li>revert: &quot;fix: upgrade esbuild to 0.20.x&quot; (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16072">#16072</a>)
(<a href="https://github.com/vitejs/vite/commit/11cceea">11cceea</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16072">#16072</a></li>
<li>refactor: share code with vite runtime (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15907">#15907</a>)
(<a href="https://github.com/vitejs/vite/commit/b20d542">b20d542</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15907">#15907</a></li>
<li>refactor(runtime): use functions from <code>pathe</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16061">#16061</a>)
(<a href="https://github.com/vitejs/vite/commit/aac2ef7">aac2ef7</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16061">#16061</a></li>
<li>chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16028">#16028</a>)
(<a href="https://github.com/vitejs/vite/commit/7cfe80d">7cfe80d</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/16028">#16028</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2af1ae807d"><code>2af1ae8</code></a>
release: v5.1.5</li>
<li><a
href="bd52283a70"><code>bd52283</code></a>
fix: analysing build chunk without dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15469">#15469</a>)</li>
<li><a
href="ab823ab618"><code>ab823ab</code></a>
fix: import with query with imports field (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16085">#16085</a>)</li>
<li><a
href="11cceeab39"><code>11cceea</code></a>
revert: &quot;fix: upgrade esbuild to 0.20.x&quot; (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16072">#16072</a>)</li>
<li><a
href="899d9b1d27"><code>899d9b1</code></a>
fix: upgrade esbuild to 0.20.x (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16062">#16062</a>)</li>
<li><a
href="aac2ef7752"><code>aac2ef7</code></a>
refactor(runtime): use functions from <code>pathe</code> (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16061">#16061</a>)</li>
<li><a
href="a9112ebb21"><code>a9112eb</code></a>
fix: output correct error for empty import specifier (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16055">#16055</a>)</li>
<li><a
href="1dccc3713a"><code>1dccc37</code></a>
fix: normalize literal-only entry pattern (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16010">#16010</a>)</li>
<li><a
href="7cfe80d0df"><code>7cfe80d</code></a>
chore(deps): update all non-major dependencies (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/16028">#16028</a>)</li>
<li><a
href="b20d54257e"><code>b20d542</code></a>
refactor: share code with vite runtime (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15907">#15907</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vitejs/vite/commits/v5.1.5/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `jose` from 4.15.4 to 4.15.5
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/panva/jose/releases">jose's
releases</a>.</em></p>
<blockquote>
<h2>v4.15.5</h2>
<h3>Fixes</h3>
<ul>
<li>add a maxOutputLength option to zlib inflate (<a
href="1b91d88d2f">1b91d88</a>),
fixes <a
href="https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q">CVE-2024-28176</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/panva/jose/blob/v4.15.5/CHANGELOG.md">jose's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/panva/jose/compare/v4.15.4...v4.15.5">4.15.5</a>
(2024-03-07)</h2>
<h3>Fixes</h3>
<ul>
<li>add a maxOutputLength option to zlib inflate (<a
href="1b91d88d2f">1b91d88</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="765aafd226"><code>765aafd</code></a>
chore(release): 4.15.5</li>
<li><a
href="b36e45e008"><code>b36e45e</code></a>
test: add export check to x509 pem import tests</li>
<li><a
href="e839ecbd79"><code>e839ecb</code></a>
test: stop testing JWE RSA1_5 Algorithm</li>
<li><a
href="1b91d88d2f"><code>1b91d88</code></a>
fix: add a maxOutputLength option to zlib inflate</li>
<li><a
href="9ca2b2427d"><code>9ca2b24</code></a>
build: remove release action</li>
<li><a
href="f3035d8897"><code>f3035d8</code></a>
chore: cleanup after release</li>
<li>See full diff in <a
href="https://github.com/panva/jose/compare/v4.15.4...v4.15.5">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by <a
href="https://www.npmjs.com/~panva">panva</a>, a new releaser for jose
since your current version.</p>
</details>
<br />

Updates `next` from 13.4.6 to 13.5.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vercel/next.js/releases">next's
releases</a>.</em></p>
<blockquote>
<h2>v14.1.2</h2>
<p><em>Note: this is a backport release for critical bug fixes -- this
does not include all pending features/changes on canary</em></p>
<h3>Core Changes</h3>
<ul>
<li>Fix sitemap generateSitemaps support for string id (<a
href="https://redirect.github.com/vercel/next.js/issues/61088">#61088</a>)</li>
<li>Fix: generateSitemaps in production giving 404 (<a
href="https://redirect.github.com/vercel/next.js/issues/62212">#62212</a>)</li>
<li>Fix redirect under suspense boundary with basePath (<a
href="https://redirect.github.com/vercel/next.js/issues/62597">#62597</a>)</li>
<li>Fix: Add stricter check for &quot;use server&quot; exports (<a
href="https://redirect.github.com/vercel/next.js/issues/62821">#62821</a>)</li>
<li>ensure server action errors notify rejection handlers (<a
href="https://redirect.github.com/vercel/next.js/issues/61588">#61588</a>)</li>
<li>make router restore action resilient to a missing tree (<a
href="https://redirect.github.com/vercel/next.js/issues/62098">#62098</a>)</li>
<li>build: remove sentry from the externals list <a
href="https://redirect.github.com/vercel/next.js/issues/61194">#61194</a></li>
<li>Reduce memory/cache overhead from over loader processing <a
href="https://redirect.github.com/vercel/next.js/issues/62005">#62005</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/huozhi"><code>@​huozhi</code></a>, <a
href="https://github.com/shuding"><code>@​shuding</code></a>, <a
href="https://github.com/Ethan-Arrowood"><code>@​Ethan-Arrowood</code></a>,
<a href="https://github.com/styfle"><code>@​styfle</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, <a
href="https://github.com/ztanner"><code>@​ztanner</code></a>, <a
href="https://github.com/balazsorban44"><code>@​balazsorban44</code></a>,
<a href="https://github.com/kdy1"><code>@​kdy1</code></a>, and <a
href="https://github.com/williamli"><code>@​williamli</code></a> for
helping!</p>
<h2>v14.1.2-canary.7</h2>
<h3>Core Changes</h3>
<ul>
<li>remove reducer unit tests: <a
href="https://redirect.github.com/vercel/next.js/issues/62766">#62766</a></li>
</ul>
<h3>Documentation Changes</h3>
<ul>
<li>Update sitemap.mdx: <a
href="https://redirect.github.com/vercel/next.js/issues/62809">#62809</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/ztanner"><code>@​ztanner</code></a> and <a
href="https://github.com/devr77"><code>@​devr77</code></a> for
helping!</p>
<h2>v14.1.2-canary.6</h2>
<h3>Core Changes</h3>
<ul>
<li>fix: Add stricter check for &quot;use server&quot; exports: <a
href="https://redirect.github.com/vercel/next.js/issues/62821">#62821</a></li>
<li>fix(next-core): throw on invalid metadata handler: <a
href="https://redirect.github.com/vercel/next.js/issues/62829">#62829</a></li>
<li>Revert &quot;Add experimental config for navigation raf test (<a
href="https://redirect.github.com/vercel/next.js/issues/62668">#62668</a>)&quot;:
<a
href="https://redirect.github.com/vercel/next.js/issues/62834">#62834</a></li>
<li>Revert &quot;refactor(analysis): rust based page-static-info,
deprecate js parse interface in next-swc&quot;: <a
href="https://redirect.github.com/vercel/next.js/issues/62838">#62838</a></li>
</ul>
<h3>Example Changes</h3>
<ul>
<li>Fix with-supertokens example: <a
href="https://redirect.github.com/vercel/next.js/issues/62817">#62817</a></li>
</ul>
<h3>Credits</h3>
<p>Huge thanks to <a
href="https://github.com/shuding"><code>@​shuding</code></a>, <a
href="https://github.com/kwonoj"><code>@​kwonoj</code></a>, <a
href="https://github.com/ijjk"><code>@​ijjk</code></a>, and <a
href="https://github.com/timneutkens"><code>@​timneutkens</code></a> for
helping!</p>
<h2>v14.1.2-canary.5</h2>
<h3>Core Changes</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="fc38ee190c"><code>fc38ee1</code></a>
v14.1.3</li>
<li><a
href="85a5c4d1ee"><code>85a5c4d</code></a>
fix type</li>
<li><a
href="4b059bc042"><code>4b059bc</code></a>
Upgrade to latest <a
href="https://github.com/edge-runtime"><code>@​edge-runtime</code></a>
packages (<a
href="https://redirect.github.com/vercel/next.js/issues/62955">#62955</a>)</li>
<li><a
href="b10a6105a9"><code>b10a610</code></a>
Fix output: export with custom distDir (<a
href="https://redirect.github.com/vercel/next.js/issues/62064">#62064</a>)</li>
<li><a
href="960b738b8a"><code>960b738</code></a>
Migrate locale redirect handling to router-server (<a
href="https://redirect.github.com/vercel/next.js/issues/62606">#62606</a>)</li>
<li><a
href="2f210d448a"><code>2f210d4</code></a>
update release workflow</li>
<li><a
href="f564deef86"><code>f564dee</code></a>
v14.1.2</li>
<li><a
href="a85519e715"><code>a85519e</code></a>
Fix sitemap generateSitemaps support for string id (<a
href="https://redirect.github.com/vercel/next.js/issues/61088">#61088</a>)</li>
<li><a
href="0a2d7754ed"><code>0a2d775</code></a>
Fix: generateSitemaps in production giving 404 (<a
href="https://redirect.github.com/vercel/next.js/issues/62212">#62212</a>)</li>
<li><a
href="400b57cf22"><code>400b57c</code></a>
Fix redirect under suspense boundary with basePath (<a
href="https://redirect.github.com/vercel/next.js/issues/62597">#62597</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/vercel/next.js/compare/v14.0.4...v14.1.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Mitja Bezenšek <mitja.bezensek@gmail.com>
2024-03-11 12:16:46 +00:00