Commit graph

2673 commits

Author SHA1 Message Date
dependabot[bot]
c3f0fd5f1e
Bump the npm_and_yarn group group with 7 updates (#2982)
Bumps the npm_and_yarn group group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) |
`5.0.11` | `5.0.12` |
|
[wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)
| `3.16.0` | `3.19.0` |
| [semver](https://github.com/npm/node-semver) | `7.5.4` | `7.6.0` |
| [es5-ext](https://github.com/medikoo/es5-ext) | `0.10.62` | `0.10.64`
|
| [ip](https://github.com/indutny/node-ip) | `1.1.8` | `1.1.9` |
|
[miniflare](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare)
| `3.20231030.0` | `3.20231030.3` |
| [undici](https://github.com/nodejs/undici) | `5.28.2` | `5.28.3` |

Updates `vite` from 5.0.11 to 5.0.12
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v5.0.12/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.0.12 (2024-01-19)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix: await <code>configResolved</code> hooks of worker plugins (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15597">#15597</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15605">#15605</a>)
(<a href="https://github.com/vitejs/vite/commit/ef89f80">ef89f80</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15597">#15597</a>
<a
href="https://redirect.github.com/vitejs/vite/issues/15605">#15605</a></li>
<li>fix: fs deny for case insensitive systems (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15653">#15653</a>)
(<a href="https://github.com/vitejs/vite/commit/91641c4">91641c4</a>),
closes <a
href="https://redirect.github.com/vitejs/vite/issues/15653">#15653</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="ee81e19676"><code>ee81e19</code></a>
release: v5.0.12</li>
<li><a
href="91641c4da0"><code>91641c4</code></a>
fix: fs deny for case insensitive systems (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15653">#15653</a>)</li>
<li><a
href="ef89f8092f"><code>ef89f80</code></a>
fix: await <code>configResolved</code> hooks of worker plugins (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15597">#15597</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/15605">#15605</a>)</li>
<li>See full diff in <a
href="https://github.com/vitejs/vite/commits/v5.0.12/packages/vite">compare
view</a></li>
</ul>
</details>
<br />

Updates `wrangler` from 3.16.0 to 3.19.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/workers-sdk/releases">wrangler's
releases</a>.</em></p>
<blockquote>
<h2>wrangler@3.19.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4547">#4547</a>
<a
href="86c81ff0d5"><code>86c81ff0</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: listen on IPv4 loopback only by default on Windows</p>
<p>Due to a <a
href="https://redirect.github.com/cloudflare/workerd/issues/1408">known
issue</a>, <code>workerd</code> will only listen on the IPv4 loopback
address <code>127.0.0.1</code> when it's asked to listen on
<code>localhost</code>. On Node.js &gt; 17, <code>localhost</code> will
resolve to the IPv6 loopback address, meaning requests to
<code>workerd</code> would fail. This change switches to using the IPv4
loopback address throughout Wrangler on Windows, while <a
href="https://redirect.github.com/cloudflare/workerd/issues/1408">workerd#1408</a>
gets fixed.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4535">#4535</a>
<a
href="29df8e1754"><code>29df8e17</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
Reintroduces some internal refactorings of wrangler dev servers
(including <code>wrangler dev</code>, <code>wrangler dev
--remote</code>, and <code>unstable_dev()</code>).</p>
<p>These changes were released in 3.13.0 and reverted in 3.13.1 -- we
believe the changes are now more stable and ready for release again.</p>
<p>There are no changes required for developers to opt-in. Improvements
include:</p>
<ul>
<li>fewer 'address in use' errors upon reloads</li>
<li>upon config/source file changes, requests are buffered to guarantee
the response is from the new version of the Worker</li>
</ul>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4521">#4521</a>
<a
href="6c5bc704c5"><code>6c5bc704</code></a>
Thanks <a href="https://github.com/zebp"><code>@​zebp</code></a>! - fix:
init from dash specifying explicit usage model in wrangler.toml for
standard users</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4550">#4550</a>
<a
href="63708a94fb"><code>63708a94</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: validate <code>Host</code> and <code>Orgin</code> headers where
appropriate</p>
<p><code>Host</code> and <code>Origin</code> headers are now checked
when connecting to the inspector and Miniflare's magic proxy. If these
don't match what's expected, the request will fail.</p>
</li>
<li>
<p>Updated dependencies [<a
href="71fb0b86cf"><code>71fb0b86</code></a>,
<a
href="63708a94fb"><code>63708a94</code></a>]:</p>
<ul>
<li>miniflare@3.20231030.3</li>
</ul>
</li>
</ul>
<h2>wrangler@3.18.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4532">#4532</a>
<a
href="311ffbd506"><code>311ffbd5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: change <code>wrangler (pages) dev</code> to listen on
<code>localhost</code> by default</p>
<p>Previously, Wrangler listened on all interfaces (<code>*</code>) by
default. This change switches <code>wrangler (pages) dev</code> to just
listen on local interfaces. Whilst this is technically a breaking
change, we've decided the security benefits outweigh the potential
disruption caused. If you need to access your dev server from another
device on your network, you can use <code>wrangler (pages) dev --ip
*</code> to restore the previous behaviour.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="1b34878287"><code>1b348782</code></a>]:
<ul>
<li>miniflare@3.20231030.2</li>
</ul>
</li>
</ul>
<h2>wrangler@3.17.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4474">#4474</a>
<a
href="382ef8f580"><code>382ef8f5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: open browser to correct url pressing <code>b</code> in
<code>--remote</code> mode</p>
<p>This change ensures Wrangler doesn't try to open
<code>http://*</code> when <code>*</code> is used as the dev server's
hostname. Instead, Wrangler will now open
<code>http://127.0.0.1</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4488">#4488</a>
<a
href="3bd5723852"><code>3bd57238</code></a>
Thanks <a
href="https://github.com/RamIdeas"><code>@​RamIdeas</code></a>! -
Changes the default directory for log files to workaround frameworks
that are watching the entire <code>.wrangler</code> directory in the
project root for changes</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/workers-sdk/blob/main/packages/wrangler/CHANGELOG.md">wrangler's
changelog</a>.</em></p>
<blockquote>
<h2>3.19.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4547">#4547</a>
<a
href="86c81ff0d5"><code>86c81ff0</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: listen on IPv4 loopback only by default on Windows</p>
<p>Due to a <a
href="https://redirect.github.com/cloudflare/workerd/issues/1408">known
issue</a>, <code>workerd</code> will only listen on the IPv4 loopback
address <code>127.0.0.1</code> when it's asked to listen on
<code>localhost</code>. On Node.js &gt; 17, <code>localhost</code> will
resolve to the IPv6 loopback address, meaning requests to
<code>workerd</code> would fail. This change switches to using the IPv4
loopback address throughout Wrangler on Windows, while <a
href="https://redirect.github.com/cloudflare/workerd/issues/1408">workerd#1408</a>
gets fixed.</p>
</li>
</ul>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4535">#4535</a>
<a
href="29df8e1754"><code>29df8e17</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
Reintroduces some internal refactorings of wrangler dev servers
(including <code>wrangler dev</code>, <code>wrangler dev
--remote</code>, and <code>unstable_dev()</code>).</p>
<p>These changes were released in 3.13.0 and reverted in 3.13.1 -- we
believe the changes are now more stable and ready for release again.</p>
<p>There are no changes required for developers to opt-in. Improvements
include:</p>
<ul>
<li>fewer 'address in use' errors upon reloads</li>
<li>upon config/source file changes, requests are buffered to guarantee
the response is from the new version of the Worker</li>
</ul>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4521">#4521</a>
<a
href="6c5bc704c5"><code>6c5bc704</code></a>
Thanks <a href="https://github.com/zebp"><code>@​zebp</code></a>! - fix:
init from dash specifying explicit usage model in wrangler.toml for
standard users</li>
</ul>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4550">#4550</a>
<a
href="63708a94fb"><code>63708a94</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: validate <code>Host</code> and <code>Orgin</code> headers where
appropriate</p>
<p><code>Host</code> and <code>Origin</code> headers are now checked
when connecting to the inspector and Miniflare's magic proxy. If these
don't match what's expected, the request will fail.</p>
</li>
<li>
<p>Updated dependencies [<a
href="71fb0b86cf"><code>71fb0b86</code></a>,
<a
href="63708a94fb"><code>63708a94</code></a>]:</p>
<ul>
<li>miniflare@3.20231030.3</li>
</ul>
</li>
</ul>
<h2>3.18.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4532">#4532</a>
<a
href="311ffbd506"><code>311ffbd5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: change <code>wrangler (pages) dev</code> to listen on
<code>localhost</code> by default</p>
<p>Previously, Wrangler listened on all interfaces (<code>*</code>) by
default. This change switches <code>wrangler (pages) dev</code> to just
listen on local interfaces. Whilst this is technically a breaking
change, we've decided the security benefits outweigh the potential
disruption caused. If you need to access your dev server from another
device on your network, you can use <code>wrangler (pages) dev --ip
*</code> to restore the previous behaviour.</p>
</li>
</ul>
<h3>Patch Changes</h3>
<ul>
<li>Updated dependencies [<a
href="1b34878287"><code>1b348782</code></a>]:
<ul>
<li>miniflare@3.20231030.2</li>
</ul>
</li>
</ul>
<h2>3.17.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4474">#4474</a>
<a
href="382ef8f580"><code>382ef8f5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: open browser to correct url pressing <code>b</code> in
<code>--remote</code> mode</p>
<p>This change ensures Wrangler doesn't try to open
<code>http://*</code> when <code>*</code> is used as the dev server's
hostname. Instead, Wrangler will now open
<code>http://127.0.0.1</code>.</p>
</li>
</ul>
<ul>
<li><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4488">#4488</a>
<a
href="3bd5723852"><code>3bd57238</code></a>
Thanks <a
href="https://github.com/RamIdeas"><code>@​RamIdeas</code></a>! -
Changes the default directory for log files to workaround frameworks
that are watching the entire <code>.wrangler</code> directory in the
project root for changes</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e67ea176a"><code>5e67ea1</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4536">#4536</a>)</li>
<li><a
href="63708a94fb"><code>63708a9</code></a>
fix: validate <code>Host</code>/<code>Origin</code> headers in magic
proxy and `InspectorProxyWorke...</li>
<li><a
href="86c81ff0d5"><code>86c81ff</code></a>
fix: listen on IPv4 loopback only by default on Windows (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4547">#4547</a>)</li>
<li><a
href="6c5bc704c5"><code>6c5bc70</code></a>
fix: init from dash using explicit usage model for standard accounts (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4521">#4521</a>)</li>
<li><a
href="29df8e1754"><code>29df8e1</code></a>
Revert &quot;Revert &quot;startDevWorker - Milestone 1 (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4497">#4497</a>)&quot;
(<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4531">#4531</a>)&quot;
(<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4535">#4535</a>)</li>
<li><a
href="97727de053"><code>97727de</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4495">#4495</a>)</li>
<li><a
href="311ffbd506"><code>311ffbd</code></a>
[wrangler] fix: change <code>wrangler (pages) dev</code> to listen on
<code>localhost</code> by def...</li>
<li><a
href="310281a48a"><code>310281a</code></a>
Revert &quot;startDevWorker - Milestone 1 (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4497">#4497</a>)&quot;
(<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4531">#4531</a>)</li>
<li><a
href="01eda78025"><code>01eda78</code></a>
startDevWorker - Milestone 1 (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4497">#4497</a>)</li>
<li><a
href="961c8eaaf3"><code>961c8ea</code></a>
remove unused npx-import dependency (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler/issues/4477">#4477</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/cloudflare/workers-sdk/commits/wrangler@3.19.0/packages/wrangler">compare
view</a></li>
</ul>
</details>
<br />

Updates `semver` from 7.5.4 to 7.6.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/releases">semver's
releases</a>.</em></p>
<blockquote>
<h2>v7.6.0</h2>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0">7.6.0</a>
(2024-01-31)</h2>
<h3>Features</h3>
<ul>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/671">#671</a>
preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)
(<a href="https://github.com/madtisa"><code>@​madtisa</code></a>,
madtisa, <a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
bump <code>@​npmcli/template-oss</code> from 4.21.1 to 4.21.3 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="e521932f11"><code>e521932</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="8873991808"><code>8873991</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
bump <code>@​npmcli/template-oss</code> from 4.19.0 to 4.21.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/658">#658</a>
add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)
(<a
href="https://github.com/jethrodaniel"><code>@​jethrodaniel</code></a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/656">#656</a>
add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)
(<a href="https://github.com/zyxkad"><code>@​zyxkad</code></a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="7c34e1ac1b"><code>7c34e1a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
bump <code>@​npmcli/template-oss</code> from 4.18.1 to 4.19.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="123e0b0328"><code>123e0b0</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="737d5e1cf1"><code>737d5e1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
bump <code>@​npmcli/template-oss</code> from 4.18.0 to 4.18.1 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="cce61804ba"><code>cce6180</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b914a3d0d2"><code>b914a3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
bump <code>@​npmcli/template-oss</code> from 4.17.0 to 4.18.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/npm/node-semver/blob/main/CHANGELOG.md">semver's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0">7.6.0</a>
(2024-01-31)</h2>
<h3>Features</h3>
<ul>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/671">#671</a>
preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)
(<a href="https://github.com/madtisa"><code>@​madtisa</code></a>,
madtisa, <a
href="https://github.com/wraithgar"><code>@​wraithgar</code></a>)</li>
</ul>
<h3>Chores</h3>
<ul>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/667">#667</a>
bump <code>@​npmcli/template-oss</code> from 4.21.1 to 4.21.3 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="e521932f11"><code>e521932</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="8873991808"><code>8873991</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
chore: chore: postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/652">#652</a>
bump <code>@​npmcli/template-oss</code> from 4.19.0 to 4.21.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/658">#658</a>
add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)
(<a
href="https://github.com/jethrodaniel"><code>@​jethrodaniel</code></a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/656">#656</a>
add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)
(<a href="https://github.com/zyxkad"><code>@​zyxkad</code></a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="7c34e1ac1b"><code>7c34e1a</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/625">#625</a>
bump <code>@​npmcli/template-oss</code> from 4.18.1 to 4.19.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="123e0b0328"><code>123e0b0</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="737d5e1cf1"><code>737d5e1</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/622">#622</a>
bump <code>@​npmcli/template-oss</code> from 4.18.0 to 4.18.1 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
<li><a
href="cce61804ba"><code>cce6180</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
postinstall for dependabot template-oss PR (<a
href="https://github.com/lukekarrys"><code>@​lukekarrys</code></a>)</li>
<li><a
href="b914a3d0d2"><code>b914a3d</code></a>
<a href="https://redirect.github.com/npm/node-semver/pull/598">#598</a>
bump <code>@​npmcli/template-oss</code> from 4.17.0 to 4.18.0 (<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot])</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="377f709718"><code>377f709</code></a>
chore: release 7.6.0 (<a
href="https://redirect.github.com/npm/node-semver/issues/661">#661</a>)</li>
<li><a
href="a7ab13a462"><code>a7ab13a</code></a>
feat: preserve pre-release and build parts of a version on coerce (<a
href="https://redirect.github.com/npm/node-semver/issues/671">#671</a>)</li>
<li><a
href="816c7b2cbf"><code>816c7b2</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="0bd24d943c"><code>0bd24d9</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.21.1 to
4.21.3</li>
<li><a
href="e521932f11"><code>e521932</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li><a
href="8873991808"><code>8873991</code></a>
chore: chore: chore: postinstall for dependabot template-oss PR</li>
<li><a
href="f317dc8689"><code>f317dc8</code></a>
chore: bump <code>@​npmcli/template-oss</code> from 4.19.0 to
4.21.0</li>
<li><a
href="7303db1fe5"><code>7303db1</code></a>
chore: add clean() test for build metadata (<a
href="https://redirect.github.com/npm/node-semver/issues/658">#658</a>)</li>
<li><a
href="6240d75a7c"><code>6240d75</code></a>
chore: add missing quotes in README.md (<a
href="https://redirect.github.com/npm/node-semver/issues/656">#656</a>)</li>
<li><a
href="14d263faa1"><code>14d263f</code></a>
chore: postinstall for dependabot template-oss PR</li>
<li>Additional commits viewable in <a
href="https://github.com/npm/node-semver/compare/v7.5.4...v7.6.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `es5-ext` from 0.10.62 to 0.10.64
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/medikoo/es5-ext/releases">es5-ext's
releases</a>.</em></p>
<blockquote>
<h2>0.10.64 (2024-02-27)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Revert update to postinstall script meant to fix Powershell issue,
as it's a regression for some Linux terminals (<a
href="c2e2bb90c2">c2e2bb9</a>)</li>
</ul>
<hr />
<p><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.63...v0.10.64">Comparison
since last release</a></p>
<h2>0.10.63 (2024-02-23)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>Do not rely on problematic regex (<a
href="3551cdd7b2">3551cdd</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li>
<li>Support ES2015+ function definitions in
<code>function#toStringTokens()</code> (<a
href="a52e957366">a52e957</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li>
<li>Ensure postinstall script does not crash on Windows, fixes <a
href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a>
(<a
href="bf8ed799d5">bf8ed79</a>)</li>
</ul>
<h3>Maintenance Improvements</h3>
<ul>
<li>Simplify the manifest message (<a
href="7855319f41">7855319</a>)</li>
</ul>
<hr />
<p><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">Comparison
since last release</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/medikoo/es5-ext/blob/main/CHANGELOG.md">es5-ext's
changelog</a>.</em></p>
<blockquote>
<h3><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.63...v0.10.64">0.10.64</a>
(2024-02-27)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>Revert update to postinstall script meant to fix Powershell issue,
as it's a regression for some Linux terminals (<a
href="c2e2bb90c2">c2e2bb9</a>)</li>
</ul>
<h3><a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.63">0.10.63</a>
(2024-02-23)</h3>
<h3>Bug Fixes</h3>
<ul>
<li>Do not rely on problematic regex (<a
href="3551cdd7b2">3551cdd</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/201">#201</a></li>
<li>Support ES2015+ function definitions in
<code>function#toStringTokens()</code> (<a
href="a52e957366">a52e957</a>),
addresses <a
href="https://redirect.github.com/medikoo/es5-ext/issues/021">#021</a></li>
<li>Ensure postinstall script does not crash on Windows, fixes <a
href="https://redirect.github.com/medikoo/es5-ext/issues/181">#181</a>
(<a
href="bf8ed799d5">bf8ed79</a>)</li>
</ul>
<h3>Maintenance Improvements</h3>
<ul>
<li>Simplify the manifest message (<a
href="7855319f41">7855319</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f76b03d8c4"><code>f76b03d</code></a>
chore: Release v0.10.64</li>
<li><a
href="2881acda50"><code>2881acd</code></a>
chore: Bump dependencies</li>
<li><a
href="c2e2bb90c2"><code>c2e2bb9</code></a>
fix: Revert update meant to fix Powershell issue, as it's a
regression</li>
<li><a
href="16f2b7253d"><code>16f2b72</code></a>
docs: Fix date in the changelog</li>
<li><a
href="de4e03c477"><code>de4e03c</code></a>
chore: Release v0.10.63</li>
<li><a
href="3fd53b755e"><code>3fd53b7</code></a>
chore: Upgrade<code> lint-staged</code> to v13</li>
<li><a
href="bf8ed799d5"><code>bf8ed79</code></a>
chore: Ensure postinstall script does not crash on Windows</li>
<li><a
href="2cbbb0717b"><code>2cbbb07</code></a>
chore: Bump dependencies</li>
<li><a
href="22d0416ea1"><code>22d0416</code></a>
chore: Bump LICENSE year</li>
<li><a
href="a52e957366"><code>a52e957</code></a>
fix: Support ES2015+ function definitions in
<code>function#toStringTokens()</code></li>
<li>Additional commits viewable in <a
href="https://github.com/medikoo/es5-ext/compare/v0.10.62...v0.10.64">compare
view</a></li>
</ul>
</details>
<br />

Updates `ip` from 1.1.8 to 1.1.9
<details>
<summary>Commits</summary>
<ul>
<li><a
href="1ecbf2fd8c"><code>1ecbf2f</code></a>
1.1.9</li>
<li><a
href="6a3ada9b47"><code>6a3ada9</code></a>
lib: fixed CVE-2023-42282 and added unit test</li>
<li>See full diff in <a
href="https://github.com/indutny/node-ip/compare/v1.1.8...v1.1.9">compare
view</a></li>
</ul>
</details>
<br />

Updates `miniflare` from 3.20231030.0 to 3.20231030.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/workers-sdk/releases">miniflare's
releases</a>.</em></p>
<blockquote>
<h2>miniflare@3.20231030.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4466">#4466</a>
<a
href="71fb0b86cf"><code>71fb0b86</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: ensure unused KV and Cache blobs cleaned up</p>
<p>When storing data in KV, Cache and R2, Miniflare uses both an SQL
database and separate blob store. When writing a key/value pair, a blob
is created for the new value and the old blob for the previous value (if
any) is deleted. A few months ago, we introduced a change that prevented
old blobs being deleted for KV and Cache. R2 was unaffected. This
shouldn't have caused any problems, but could lead to persistence
directories growing unnecessarily as they filled up with garbage blobs.
This change ensures garbage blobs are deleted.</p>
<p>Note existing garbage will not be cleaned up. If you'd like to do
this, download this Node script (<a
href="https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076">https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076</a>).
If you're using the default Wrangler persistence directory, run
<code>node gc.mjs kv .wrangler/state/v3/kv &lt;namespace_id_1&gt;
&lt;namespace_id_2&gt; ...</code> and <code>node gc.mjs cache
.wrangler/state/v3/cache default named:&lt;cache_name_1&gt;
named:&lt;cache_name_2&gt; ...</code> with each of your KV namespace IDs
(not binding names) and named caches.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4550">#4550</a>
<a
href="63708a94fb"><code>63708a94</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: validate <code>Host</code> and <code>Orgin</code> headers where
appropriate</p>
<p><code>Host</code> and <code>Origin</code> headers are now checked
when connecting to the inspector and Miniflare's magic proxy. If these
don't match what's expected, the request will fail.</p>
</li>
</ul>
<h2>miniflare@3.20231030.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4505">#4505</a>
<a
href="1b34878287"><code>1b348782</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: remove <code>__STATIC_CONTENT_MANIFEST</code> from module worker
<code>env</code></p>
<p>When using Workers Sites with a module worker, the asset manifest
must be imported from the <code>__STATIC_CONTENT_MANIFEST</code> virtual
module. Miniflare provided this module, but also erroneously added
<code>__STATIC_CONTENT_MANIFEST</code> to the <code>env</code> object
too. Whilst this didn't break anything locally, it could cause users to
develop Workers that ran locally, but not when deployed. This change
ensures <code>env</code> doesn't contain
<code>__STATIC_CONTENT_MANIFEST</code>.</p>
</li>
</ul>
<h2>miniflare@3.20231030.1</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4348">#4348</a>
<a
href="be2b9cf5a9"><code>be2b9cf5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
feat: add support for wrapped bindings</p>
<p>This change adds a new <code>wrappedBindings</code> worker option for
configuring
<code>workerd</code>'s <a
href="bfcef2d850/src/workerd/server/workerd.capnp (L469-L487)">wrapped
bindings</a>.
These allow custom bindings to be written as JavaScript functions
accepting an
<code>env</code> parameter of &quot;inner bindings&quot; and returning
the value to bind. For more
details, refer to the <a
href="https://github.com/cloudflare/workers-sdk/blob/main/packages/miniflare/README.md#core">API
docs</a>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4341">#4341</a>
<a
href="d990874338"><code>d9908743</code></a>
Thanks <a
href="https://github.com/RamIdeas"><code>@​RamIdeas</code></a>! - Added
a <code>handleRuntimeStdio</code> which enables wrangler (or any other
direct use of Miniflare) to handle the <code>stdout</code> and
<code>stderr</code> streams from the workerd child process. By default,
if this option is not provided, the previous behaviour is retained which
splits the streams into lines and calls
<code>console.log</code>/<code>console.error</code>.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/cloudflare/workers-sdk/blob/main/packages/miniflare/CHANGELOG.md">miniflare's
changelog</a>.</em></p>
<blockquote>
<h2>3.20231030.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4466">#4466</a>
<a
href="71fb0b86cf"><code>71fb0b86</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: ensure unused KV and Cache blobs cleaned up</p>
<p>When storing data in KV, Cache and R2, Miniflare uses both an SQL
database and separate blob store. When writing a key/value pair, a blob
is created for the new value and the old blob for the previous value (if
any) is deleted. A few months ago, we introduced a change that prevented
old blobs being deleted for KV and Cache. R2 was unaffected. This
shouldn't have caused any problems, but could lead to persistence
directories growing unnecessarily as they filled up with garbage blobs.
This change ensures garbage blobs are deleted.</p>
<p>Note existing garbage will not be cleaned up. If you'd like to do
this, download this Node script (<a
href="https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076">https://gist.github.com/mrbbot/68787e19dcde511bd99aa94997b39076</a>).
If you're using the default Wrangler persistence directory, run
<code>node gc.mjs kv .wrangler/state/v3/kv &lt;namespace_id_1&gt;
&lt;namespace_id_2&gt; ...</code> and <code>node gc.mjs cache
.wrangler/state/v3/cache default named:&lt;cache_name_1&gt;
named:&lt;cache_name_2&gt; ...</code> with each of your KV namespace IDs
(not binding names) and named caches.</p>
</li>
</ul>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4550">#4550</a>
<a
href="63708a94fb"><code>63708a94</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: validate <code>Host</code> and <code>Orgin</code> headers where
appropriate</p>
<p><code>Host</code> and <code>Origin</code> headers are now checked
when connecting to the inspector and Miniflare's magic proxy. If these
don't match what's expected, the request will fail.</p>
</li>
</ul>
<h2>3.20231030.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4505">#4505</a>
<a
href="1b34878287"><code>1b348782</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
fix: remove <code>__STATIC_CONTENT_MANIFEST</code> from module worker
<code>env</code></p>
<p>When using Workers Sites with a module worker, the asset manifest
must be imported from the <code>__STATIC_CONTENT_MANIFEST</code> virtual
module. Miniflare provided this module, but also erroneously added
<code>__STATIC_CONTENT_MANIFEST</code> to the <code>env</code> object
too. Whilst this didn't break anything locally, it could cause users to
develop Workers that ran locally, but not when deployed. This change
ensures <code>env</code> doesn't contain
<code>__STATIC_CONTENT_MANIFEST</code>.</p>
</li>
</ul>
<h2>3.20231030.1</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4348">#4348</a>
<a
href="be2b9cf5a9"><code>be2b9cf5</code></a>
Thanks <a href="https://github.com/mrbbot"><code>@​mrbbot</code></a>! -
feat: add support for wrapped bindings</p>
<p>This change adds a new <code>wrappedBindings</code> worker option for
configuring
<code>workerd</code>'s <a
href="bfcef2d850/src/workerd/server/workerd.capnp (L469-L487)">wrapped
bindings</a>.
These allow custom bindings to be written as JavaScript functions
accepting an
<code>env</code> parameter of &quot;inner bindings&quot; and returning
the value to bind. For more
details, refer to the <a
href="https://github.com/cloudflare/workers-sdk/blob/main/packages/miniflare/README.md#core">API
docs</a>.</p>
</li>
</ul>
<ul>
<li><a
href="https://redirect.github.com/cloudflare/workers-sdk/pull/4341">#4341</a>
<a
href="d990874338"><code>d9908743</code></a>
Thanks <a
href="https://github.com/RamIdeas"><code>@​RamIdeas</code></a>! - Added
a <code>handleRuntimeStdio</code> which enables wrangler (or any other
direct use of Miniflare) to handle the <code>stdout</code> and
<code>stderr</code> streams from the workerd child process. By default,
if this option is not provided, the previous behaviour is retained which
splits the streams into lines and calls
<code>console.log</code>/<code>console.error</code>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="5e67ea176a"><code>5e67ea1</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4536">#4536</a>)</li>
<li><a
href="63708a94fb"><code>63708a9</code></a>
fix: validate <code>Host</code>/<code>Origin</code> headers in magic
proxy and `InspectorProxyWorke...</li>
<li><a
href="71fb0b86cf"><code>71fb0b8</code></a>
fix: ensure unused KV and Cache blobs cleaned up (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4466">#4466</a>)</li>
<li><a
href="97727de053"><code>97727de</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4495">#4495</a>)</li>
<li><a
href="311ffbd506"><code>311ffbd</code></a>
[wrangler] fix: change <code>wrangler (pages) dev</code> to listen on
<code>localhost</code> by def...</li>
<li><a
href="1b34878287"><code>1b34878</code></a>
fix: remove <code>__STATIC_CONTENT_MANIFEST</code> from module worker
<code>env</code> (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4505">#4505</a>)</li>
<li><a
href="f728503bd3"><code>f728503</code></a>
Version Packages (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4463">#4463</a>)</li>
<li><a
href="be2b9cf5a9"><code>be2b9cf</code></a>
feat: add support for wrapped bindings (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4348">#4348</a>)</li>
<li><a
href="d990874338"><code>d990874</code></a>
Intercept workerd logs + write all debug logs to a hidden file (<a
href="https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/miniflare/issues/4341">#4341</a>)</li>
<li>See full diff in <a
href="https://github.com/cloudflare/workers-sdk/commits/miniflare@3.20231030.3/packages/miniflare">compare
view</a></li>
</ul>
</details>
<br />

Updates `undici` from 5.28.2 to 5.28.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/nodejs/undici/releases">undici's
releases</a>.</em></p>
<blockquote>
<h2>v5.28.3</h2>
<h2>⚠️ Security Release ⚠️</h2>
<p>Fixes:</p>
<ul>
<li><a
href="https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3">CVE-2024-24758
Proxy-Authorization header not cleared on cross-origin redirect in
fetch</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3">https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e71cb4c88f"><code>e71cb4c</code></a>
Bumped v5.28.3</li>
<li><a
href="20c65b89f4"><code>20c65b8</code></a>
Fix tests for Node.js v20.11.0 (<a
href="https://redirect.github.com/nodejs/undici/issues/2618">#2618</a>)</li>
<li><a
href="8ec52cde66"><code>8ec52cd</code></a>
Fix tests for Node.js v21 (<a
href="https://redirect.github.com/nodejs/undici/issues/2609">#2609</a>)</li>
<li><a
href="d3aa574b12"><code>d3aa574</code></a>
Merge pull request from GHSA-3787-6prv-h9w3</li>
<li>See full diff in <a
href="https://github.com/nodejs/undici/compare/v5.28.2...v5.28.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/tldraw/tldraw/network/alerts).

</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mitja Bezenšek <mitja.bezensek@gmail.com>
2024-03-04 12:20:23 +00:00
Mitja Bezenšek
faebbe1ea6
Configure dependabot. (#2980)
Adds dependabot config. 

Seems like monthly is the least frequent update you can choose right now
(there are feature request for quarterly and for chron like syntax).

For now I used the daily interval though. I want to make sure it works,
will then switch to monthly. The main thing I'd like to see is that the
main `yarn.lock` file gets updated. That didn't happen in one of the
previous dependabot PRs (seems like [others faced the same
issue](https://github.com/dependabot/dependabot-core/issues/6346)). So 🤞
this solves it.

Also added a dedupe workflow, that should only run on dependabot
branches (prefixed with `depandabot/`). Otherwise we would need to
manually do it, as [seen on this
PR](https://github.com/tldraw/tldraw/pull/2982)
([failure](https://github.com/tldraw/tldraw/actions/runs/8070271847/job/22047204003)).

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version
2024-03-04 11:43:42 +00:00
David Sheldrick
9ae808c12c
[infra] fix canary dist tag (#3048)
Some of the tooling changes we made last week made it so that canary
releases were being published with the `latest` dist tag. This should
prevent that from happening, and I also fixed all the current packages
to set `latest` back to 2.0.0

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version
2024-03-04 09:39:19 +00:00
Taha
8658e20ab5
Custom shape examples (#2994)
This PR:
- adds a simple custom shape example
- adds an interactive shape example
- updates editable shape example

closes TLD-2118

- [x] `documentation` — Changes to the documentation only[^2]

### Release Notes

- adds a simple custom shape example
- adds an interactive shape example
- updates editable shape example

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-02 20:18:31 +00:00
Steve Ruiz
f819a57a05
Expose getStyleForNextShape (#3039)
This PR exposes a method for getting the style for the next shape.

### Change Type

- [x] `patch` — Bug fix

### Release Notes

- Expose the API for `Editor.getStyleForNextShape`, previously marked as
internal.
2024-03-02 20:16:55 +00:00
Steve Ruiz
1aef0e8f61
[fix] Missing element crash (rare) on video shapes. (#3037)
This PR adds a few guards against crashes when the video shape element
is not found.

### Change Type

- [x] `patch` — Bug fix

### Release Notes

- Fixed a rare crash with video shapes.
2024-03-02 19:38:21 +00:00
Steve Ruiz
52df06b014
A few more async routes (#3023)
This PR makes a few more of our routes async.

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package[^2]
2024-03-02 17:17:09 +00:00
Taha
66a8b0a4a6
Example of using tldraw styles (#3017)
Adds an example of how to use tldraw styles in a custom shape


- [x] `documentation` — Changes to the documentation only[^2]

### Release Notes

- shape with tldraw styles example

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-03-02 16:42:43 +00:00
Steve Ruiz
338501d656
[fix] Routes check on e2e tests (#3022)
This PR updates our end to end tests so that they check every route in
our examples to ensure that it loads (skipping any routes that don't
features a canvas).

### Change Type

- [x] `tests` — Changes to any test code only[^2]

### Test Plan

- [x] End to end tests
2024-03-02 16:42:07 +00:00
Steve Ruiz
4cc823e22e
Show a broken image for files without assets (#2990)
This PR shows a broken state for images or video shapes without assets.
It deletes assets when pasted content fails to generate a new asset for
the shape. It includes some mild refactoring to the image shape.
Previously, shapes that had no corresponding assets would be
transparent. This PR preserves the transparent state for shapes with
assets but without source data (ie loading assets).

After:
<img width="1062" alt="image"
src="https://github.com/tldraw/tldraw/assets/23072548/81ad6953-a45f-4cc2-9f39-559009621a82">
<img width="1158" alt="image"
src="https://github.com/tldraw/tldraw/assets/23072548/40d15158-d201-458f-b555-6f3d8708a283">

Before:
<img width="1178" alt="image"
src="https://github.com/tldraw/tldraw/assets/23072548/2bed5b3c-cf1f-48be-9c68-d15fdccb9c99">


### Change Type

- [x] `patch` — Bug fix

### Test Plan

1. Create an image / video
2. Delete its asset

### Release Notes

- Better handling of broken images / videos.
2024-03-01 18:16:27 +00:00
Steve Ruiz
4bd1a31721
Selection UI example (plus fixes to pageToScreen) (#3015)
This PR adds a custom selection UI example.

![Kapture 2024-03-01 at 14 02
25](https://github.com/tldraw/tldraw/assets/23072548/039cc6ab-17b9-4bc3-8c05-ad3ce788a5d3)

It also fixes a bug with pageToScreen and adds a
`getSelectionRotatedScreenBounds` method.

### Change Type

- [ ] `patch` — Bug fix
- [x] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version


### Release Notes

- Adds selection UI example.
- Adds `Editor.getSelectionRotatedScreenBounds` method
- Fixes a bug with `pageToScreen`.
2024-03-01 17:42:35 +00:00
David Sheldrick
1d5a9efa17
[bugfix] Avoid randomness at init time to allow running on cloudflare. (#3016)
Describe what your pull request does. If appropriate, add GIFs or images
showing the before and after.

Follow up to #2987 

### Change Type

- [x] `patch` — Bug fix


### Release Notes

- Prevent using randomness API at init time, to allow importing the
tldraw package in a cloudflare worker.
2024-03-01 15:34:16 +00:00
huppy-bot[bot]
ba6cba64c6 Update CHANGELOG.md [skip ci] 2024-02-29 18:28:45 +00:00
Steve Ruiz
3b92faa5cf updatereadmes 2024-02-29 18:21:17 +00:00
Steve Ruiz
fe07e9842e
Update readmes / docs for 2.0 (#3011)
This PR updates the readmes for our 2.0 release.

### Change Type

- [x] `documentation` — Changes to the documentation only[^2]
2024-02-29 18:12:16 +00:00
huppy-bot[bot]
ed1a031a69 Update CHANGELOG.md [skip ci] 2024-02-29 18:12:00 +00:00
David Sheldrick
df205706e6 allow changes 2024-02-29 18:09:30 +00:00
David Sheldrick
a25d58e9b6 fix refresh-assets cache inputs 2024-02-29 18:03:10 +00:00
huppy-bot[bot]
752c30ac62 Update CHANGELOG.md [skip ci] 2024-02-29 17:59:47 +00:00
David Sheldrick
7fdaa3b7ed use glob to pick up version files? 2024-02-29 17:55:36 +00:00
huppy-bot[bot]
76949b62bd Update CHANGELOG.md [skip ci] 2024-02-29 17:45:47 +00:00
David Sheldrick
ba26324058
Fix publish script one more time (#3010)
follow up to #3009 

the versions.ts files were not being updated since things had been added
and moved around

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-02-29 17:38:19 +00:00
huppy-bot[bot]
21cc1c1345 Update CHANGELOG.md [skip ci] 2024-02-29 17:18:43 +00:00
David Sheldrick
58feaf8eac
fix setAllVersions (#3009)
follow up to #3008 

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-02-29 17:12:40 +00:00
David Sheldrick
9d237eec73
Fix publishing scripts (#3008)
Follow up to #3006 

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-02-29 16:59:05 +00:00
huppy-bot[bot]
a429a44e69 Update CHANGELOG.md [skip ci] 2024-02-29 16:41:45 +00:00
Steve Ruiz
9a6f4e8c4b
[docs] design shuffle (#2951)
This PR incorporates design tweaks from #2922 without the home page or
content changes.

These are:
- Replacing all `hello@tldraw.com` with `sales@tldraw.com`
- Fix mailto links.
- Showing the first item in a section on direct routes to the section
- Splitting the article page for human-written content from article page
for generated content
- Splitting the layout for the landing page from the rest of the site
(temporarily identical to the regular content)
- Removing headings from left sidebar
- Restoring headings in right sidebar for human-written pages with > 1
heading link
- Styling block quote
- Adjusting section link appearance / layout in header / menu
- Changing the order of search results to preference docs over examples
- Updating copy on events
- Removing copy on user interface menus
- Adding hero as prop to all articles
- Updated icon
- Fixing a few broken links
- Replaces the sandpack code blocks with hljs code blocks, except in
examples.

### Change Type

- [x] `documentation` — Changes to the documentation only[^2]
2024-02-29 16:28:45 +00:00
David Sheldrick
3f5803729d
fix publishing scripts (#3006)
follow up to #2998 
### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-02-29 16:28:11 +00:00
alex
a0628f9cb2
tldraw_final_v6_final(old version).docx.pdf (#2998)
Rename `@tldraw/tldraw` to just `tldraw`! `@tldraw/tldraw` still exists
as an alias to `tldraw` for folks who are still using that.

### Test Plan

- [x] Unit Tests
- [ ] End to end tests

### Release Notes

- The `@tldraw/tldraw` package has been renamed to `tldraw`. You can
keep using the old version if you want though!
2024-02-29 16:06:19 +00:00
Steve Ruiz
ae531da193
Don't add editor / app to window. (#2995)
This PR removes code that would add a reference to the editor to the
window. This is a feature that we added very early on during testing,
but which we should have moved out of the library earlier. Adding it
here as one of our last PRs before release.

If you've relied on this, you'll need to update your use of the library
to do it manually:

```ts
<Tldraw onMount={(editor) => {
  ;(window as any).app = editor
  ;(window as any).editor = editor
}}/>
```

### Change Type

- [x] `major` — Breaking change

### Release Notes

- Remove `window.editor` and `window.app` references to editor.
2024-02-29 15:42:36 +00:00
Dan Groshev
86519d60cd
unbork "unbork publish-new" (#3003)
Bring back the template publishing stuff, now with a problem fixed
https://github.com/tldraw/tldraw/pull/2999

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package
2024-02-29 14:42:17 +00:00
David Sheldrick
5220f5c49d better name for publish-new 2024-02-29 14:10:28 +00:00
David Sheldrick
12935a5922 remove dry run early return 2024-02-29 14:09:42 +00:00
David Sheldrick
bd03f5b7dd better error message in publish-new.yml 2024-02-29 13:55:54 +00:00
David Sheldrick
e796119098 fix error logging in publish-now.yml 2024-02-29 13:49:30 +00:00
David Sheldrick
08c96b0df7 fix bash thing 2024-02-29 13:32:28 +00:00
Taha
5db4e9a491
Adding a single E2E test per menu (#2954)
A basic test for each of the menu areas

fixes TLD-2251

- [x] `tests` — Changes to any test code only[^2]

### Release Notes

- Add a brief release note for your PR here.

---------

Co-authored-by: Steve Ruiz <steveruizok@gmail.com>
2024-02-29 13:21:10 +00:00
David Sheldrick
c0d849e8b5
unbork publish-new (#2999)
@si14 this template publish thing was failing, i think you referenced
the workflow incorrectly, I'm just gonna comment out for now, take a
look when you have time

https://github.com/tldraw/tldraw/actions/runs/8096363547

### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-02-29 13:05:02 +00:00
Dan Groshev
849d8aca9b
remove yarn stuff from the templates and ignore it (#2997)
We accidentally checked in yarn cache in the template folders. We shall
not do that.

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package[^2]
2024-02-29 12:32:16 +00:00
David Sheldrick
6d4b46e6d6
Implement new package publish process (#2996)
Gonna merge in a sneaky dry run mode to test the args parsing etc
### Change Type

- [ ] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [x] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-02-29 12:21:11 +00:00
Mime Čuvalo
83423cd6d7
textfields: make them consistent (#2984)
as i look into textfields the places where we are using them are
out-of-sync at the moment. this brings them in line with each other for
further refactoring later.

### Change Type

- [x] `patch` — Bug fix
2024-02-29 12:15:57 +00:00
Steve Ruiz
4f07e696e8
[feature] wrap mode (#2938)
By default, tldraw's brushing mode will select when the box intersects
an shape's geometry. A user can hold Command / Ctrl to require that the
selection box fully contain a shape's bounds instead.

Some people really prefer the opposite. Three years! Three years I've
been saying "no no no".

This PR adds a user preference to flip the logic. When `isWrapMode` is
true, selection requires that the box completely contain a shape before
it's added to the list of selecting shapes; and ctrl flips back to
intersection instead.

### Change Type

- [x] `minor` — New feature

### Test Plan

1. Turn on wrap mode in the user preferences menu.
2. Select stuff.
3. Use the ctrl key to except the behavior back to intersection.

- [x] Unit Tests

### Release Notes

- Added `isWrapMode` to user preferences.
- Added Wrap Mode toggle to user preferences menu.
2024-02-29 11:45:02 +00:00
Mitja Bezenšek
adc53afbe3
Don't allow edge scrolling when camera is frozen. (#2992)
Don't allow edge scrolling when camera is frozen.

### Change Type

- [x] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Testing
It's a bit hard to test this, you actually need to change the code a
bit.
1. Add an `onMount` handler to the `Tldraw` component in `develop.tsx`
2. In the `onMount` handler add:
`editor.updateInstanceState({canMoveCamera: false})` to freeze the
camera.
3. Make sure edge scrolling is turned on in the preferences.
4. Use brush selections / resizing / translating close to the edges.
5. The camera should not move.

### Release Notes

- Don't allow edge scrolling when camera is frozen.
2024-02-29 11:27:16 +00:00
Dan Groshev
cc1e5196dd
Use github actions to mirror templates from monorepo to appropriate repos (#2781)
The idea here is to mirror project templates from our monorepo to the
corresponding "top level" repos in our organisation. The main benefits
are:

- being able to easily synchronise template versions to the last release
on release
- being able to test those templates together with the rest of the
project
- being able to deploy the unreleased version of the templates 

However, this PR will only do the synchronisation part. The main
roadblock for the latter at the moment is running `yarn install` on
packages in the current `main` that are still unreleased. There are ways
around that, but this PR is deliberately minimalistic to land it sooner.

### Change Type

- [x] `internal` — Any other changes that don't affect the published
package

---------

Co-authored-by: Taha <98838967+Taha-Hassan-Git@users.noreply.github.com>
2024-02-29 10:48:31 +00:00
David Sheldrick
a4033f7a61
Setup papercuts (#2987)
I'm bringing the sockets example up to date and ran into some issues
that were tricky to resolve in userland but trivial to resolve in
packageland.

Gonna collect them here.  

### Change Type

- [x] `patch` — Bug fix
- [ ] `minor` — New feature
- [ ] `major` — Breaking change
- [ ] `dependencies` — Changes to package dependencies[^1]
- [ ] `documentation` — Changes to the documentation only[^2]
- [ ] `tests` — Changes to any test code only[^2]
- [ ] `internal` — Any other changes that don't affect the published
package[^2]
- [ ] I don't know

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Add a step-by-step description of how to test your PR here.
2.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Add a brief release note for your PR here.
2024-02-29 10:40:28 +00:00
Lu Wilson
8df5a22ad9
Add external dialog example (#2887)
This PR adds an example that shows you how to make your dialogs pop
outside of the Tldraw component and go fullscreen.

Closes TLD-2191

### Change Type

- [x] `documentation` — Changes to the documentation only[^2]

[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Test Plan

1. Try out the "External dialog" example.
2. Open the keyboard shortcuts dialog (or any dialog).
3. The dialog should be centered in the browser window, not just the
tldraw component.

- [ ] Unit Tests
- [ ] End to end tests

### Release Notes

- Dev: Added an example for dialogs that go outside the component.
2024-02-29 09:44:19 +00:00
Mime Čuvalo
42865a5b70
husky: add +x chmod flag (#2986)
### Change Type

- [x] `patch` — Bug fix
2024-02-28 16:33:04 +00:00
Taha
a62932d4ed
fix document name overlapping people menu (#2970)
When the people menu grew too large it would [overlap the document
name](https://github.com/orgs/tldraw/projects/38/views/1?pane=issue&itemId=54609134)

This PR checks if the right layout panel has grown beyond the style
panel width (plus the width of the button) and includes the button width
in the calculation if so.



- [x] `patch` — Bug fix

### Release Notes

- Fix people menu overlapping with document name when it grew too large.
2024-02-28 16:27:56 +00:00
alex
9f82e27214
speech bubble handle -> tail (#2975)
Handle's days are numbered, and in the line shape we've moved away from
storing `TLHandle` directly. This diff updates the speech bubble shape
to rename the 'handle' prop to 'tail' and make it just be the
coordinates. The handle props are derived at runtime.

### Change Type

- [x] `documentation` — Changes to the documentation only[^2]
2024-02-28 11:32:42 +00:00
David Sheldrick
22af179983
Make exportToBlob public (#2983)
Solves #2939

Also converts to named arguments to make it easier to add arguments in
the future. We should be doing this everywhere from now on.

### Change Type


- [x] `minor` — New feature


[^1]: publishes a `patch` release, for devDependencies use `internal`
[^2]: will not publish a new version

### Release Notes

- Exposes the exportToBlob function for library users
2024-02-28 11:26:30 +00:00