mirror of
https://github.com/evroon/bracket.git
synced 2026-06-11 02:04:33 -04:00
6b4fbb0fbebf148ea96ffcfabebfe275c9815d5c
1343 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
6b4fbb0fbe |
Bump node from 25-alpine to 26-alpine (#1699)
Bumps node from 25-alpine to 26-alpine. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
1e1e1788e6 |
Bump uvicorn from 0.44.0 to 0.46.0 in /backend (#1698)
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.44.0 to 0.46.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/releases">uvicorn's releases</a>.</em></p> <blockquote> <h2>Version 0.46.0</h2> <h2>What's Changed</h2> <ul> <li>Support <code>ws_max_size</code> in <code>wsproto</code> implementation by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2915">Kludex/uvicorn#2915</a></li> <li>Support <code>ws_ping_interval</code> and <code>ws_ping_timeout</code> in <code>wsproto</code> implementation by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2916">Kludex/uvicorn#2916</a></li> <li>Use <code>bytearray</code> for incoming WebSocket message buffer in websockets-sansio by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2917">Kludex/uvicorn#2917</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0">https://github.com/Kludex/uvicorn/compare/0.45.0...0.46.0</a></p> <h2>Version 0.45.0</h2> <h2>What's Changed</h2> <ul> <li>Preserve forwarded client ports in proxy headers middleware by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2903">Kludex/uvicorn#2903</a></li> <li>Accept <code>os.PathLike</code> for <code>log_config</code> by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2905">Kludex/uvicorn#2905</a></li> <li>Accept <code>log_level</code> strings case-insensitively by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2907">Kludex/uvicorn#2907</a></li> <li>Raise helpful <code>ImportError</code> when PyYAML is missing for YAML log config by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2906">Kludex/uvicorn#2906</a></li> <li>Revert empty context for ASGI runs by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2911">Kludex/uvicorn#2911</a></li> <li>Add <code>--reset-contextvars</code> flag to isolate ASGI request context by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2912">Kludex/uvicorn#2912</a></li> <li>Revert "Emit <code>http.disconnect</code> on server shutdown for streaming responses" (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2829">#2829</a>) by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2913">Kludex/uvicorn#2913</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Krishnachaitanyakc"><code>@Krishnachaitanyakc</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2870">Kludex/uvicorn#2870</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0">https://github.com/Kludex/uvicorn/compare/0.44.0...0.45.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md">uvicorn's changelog</a>.</em></p> <blockquote> <h2>0.46.0 (April 23, 2026)</h2> <h3>Added</h3> <ul> <li>Support <code>ws_max_size</code> in <code>wsproto</code> implementation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2915">#2915</a>)</li> <li>Support <code>ws_ping_interval</code> and <code>ws_ping_timeout</code> in <code>wsproto</code> implementation (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2916">#2916</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Use <code>bytearray</code> for incoming WebSocket message buffer in <code>websockets-sansio</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2917">#2917</a>)</li> </ul> <h2>0.45.0 (April 21, 2026)</h2> <h3>Added</h3> <ul> <li>Add <code>--reset-contextvars</code> flag to isolate ASGI request context (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2912">#2912</a>)</li> <li>Accept <code>os.PathLike</code> for <code>log_config</code> (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2905">#2905</a>)</li> <li>Accept <code>log_level</code> strings case-insensitively (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2907">#2907</a>)</li> </ul> <h3>Changed</h3> <ul> <li>Revert "Emit <code>http.disconnect</code> on server shutdown for streaming responses" (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2913">#2913</a>)</li> <li>Revert "Explicitly start ASGI run with empty context" (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2911">#2911</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Preserve forwarded client ports in proxy headers middleware (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2903">#2903</a>)</li> <li>Raise helpful <code>ImportError</code> when PyYAML is missing for YAML log config (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2906">#2906</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
38efd1e2b9 |
Bump pydantic-settings from 2.13.0 to 2.14.0 in /backend (#1697)
Bumps [pydantic-settings](https://github.com/pydantic/pydantic-settings) from 2.13.0 to 2.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic-settings/releases">pydantic-settings's releases</a>.</em></p> <blockquote> <h2>v2.14.0</h2> <h2>What's Changed</h2> <ul> <li>Fix parsing env vars into Optional Strict types by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/792">pydantic/pydantic-settings#792</a></li> <li>Fix RecursionError with mutually recursive models in CLI by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/794">pydantic/pydantic-settings#794</a></li> <li>Fix env_file from model_config ignored in CliApp.run() (<a href="https://redirect.github.com/pydantic/pydantic-settings/issues/795">#795</a>) by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/796">pydantic/pydantic-settings#796</a></li> <li>Update dependencies by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/798">pydantic/pydantic-settings#798</a></li> <li>Add Dependabot configuration by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/801">pydantic/pydantic-settings#801</a></li> <li>Bump samuelcolvin/check-python-version from 4.1 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/802">pydantic/pydantic-settings#802</a></li> <li>Bump actions/upload-artifact from 4 to 7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/803">pydantic/pydantic-settings#803</a></li> <li>Bump actions/checkout from 4 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/804">pydantic/pydantic-settings#804</a></li> <li>Bump astral-sh/setup-uv from 5 to 7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/805">pydantic/pydantic-settings#805</a></li> <li>Bump actions/setup-python from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/806">pydantic/pydantic-settings#806</a></li> <li>Ignore chardet and group GitHub Actions in Dependabot by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/808">pydantic/pydantic-settings#808</a></li> <li>Bump actions/download-artifact from 4 to 8 in the github-actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/809">pydantic/pydantic-settings#809</a></li> <li>Bump the python-packages group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/810">pydantic/pydantic-settings#810</a></li> <li>Support reading .env files from FIFOs (e.g. 1Password Environments) by <a href="https://github.com/JacobHayes"><code>@JacobHayes</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/776">pydantic/pydantic-settings#776</a></li> <li>Fix AliasChoices ignored when changing provider priority by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/813">pydantic/pydantic-settings#813</a></li> <li>fix: resolve KeyError in run_subcommand for underscore field names by <a href="https://github.com/bradykieffer"><code>@bradykieffer</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/799">pydantic/pydantic-settings#799</a></li> <li>Bump the python-packages group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/814">pydantic/pydantic-settings#814</a></li> <li>Fix <code>Literal[numeric Enum]</code> coercion for CLI and env vars by <a href="https://github.com/m9810223"><code>@m9810223</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/811">pydantic/pydantic-settings#811</a></li> <li>Fix nested discriminated unions not discovered by env/CLI providers by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/816">pydantic/pydantic-settings#816</a></li> <li>Bump the python-packages group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/820">pydantic/pydantic-settings#820</a></li> <li>CLI ensure env nested max split internally. by <a href="https://github.com/kschwab"><code>@kschwab</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/821">pydantic/pydantic-settings#821</a></li> <li>Bump the python-packages group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/824">pydantic/pydantic-settings#824</a></li> <li>Migrate <code>boto3-stubs</code> to <code>types-boto3</code> by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/831">pydantic/pydantic-settings#831</a></li> <li>Fix CLI not recognizing field name with validate_by_name and AliasChoices by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/826">pydantic/pydantic-settings#826</a></li> <li>Allow customisation of the dotevn setting source to filter variables by <a href="https://github.com/CaselIT"><code>@CaselIT</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/832">pydantic/pydantic-settings#832</a></li> <li>Bump the python-packages group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/833">pydantic/pydantic-settings#833</a></li> <li>Introduce yamlfmt by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/836">pydantic/pydantic-settings#836</a></li> <li>Bump boto3 from 1.42.82 to 1.42.83 in the python-packages group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/837">pydantic/pydantic-settings#837</a></li> <li>Introduce zizmor by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/838">pydantic/pydantic-settings#838</a></li> <li>Fix CliPositionalArg[list[CustomType]] crash for custom types by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/839">pydantic/pydantic-settings#839</a></li> <li>Add note about Mypy plugin for <code>BaseSettings.__init__()</code> by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/842">pydantic/pydantic-settings#842</a></li> <li>Fix <code>cli_ignore_unknown_args=True</code> not working on subcommands by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/844">pydantic/pydantic-settings#844</a></li> <li>Bump the python-packages group with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/847">pydantic/pydantic-settings#847</a></li> <li>Fix CLI descriptions lost under <code>python -OO</code> by falling back to <code>json_schema_extra</code> by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/843">pydantic/pydantic-settings#843</a></li> <li>Prepare release 2.14.0 by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/848">pydantic/pydantic-settings#848</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] made their first contribution in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/802">pydantic/pydantic-settings#802</a></li> <li><a href="https://github.com/JacobHayes"><code>@JacobHayes</code></a> made their first contribution in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/776">pydantic/pydantic-settings#776</a></li> <li><a href="https://github.com/bradykieffer"><code>@bradykieffer</code></a> made their first contribution in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/799">pydantic/pydantic-settings#799</a></li> <li><a href="https://github.com/CaselIT"><code>@CaselIT</code></a> made their first contribution in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/832">pydantic/pydantic-settings#832</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic-settings/compare/v2.13.1...v2.14.0">https://github.com/pydantic/pydantic-settings/compare/v2.13.1...v2.14.0</a></p> <h2>v2.13.1</h2> <h2>What's Changed</h2> <ul> <li>Fix regression for bool fields since 2.13.0 by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/784">pydantic/pydantic-settings#784</a></li> <li>Fix RecursionError with self-referential models in CliApp by <a href="https://github.com/hramezani"><code>@hramezani</code></a> in <a href="https://redirect.github.com/pydantic/pydantic-settings/pull/783">pydantic/pydantic-settings#783</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
4fb0d150f5 |
Bump pyrefly from 0.61.1 to 0.62.0 in /backend (#1696)
Bumps [pyrefly](https://github.com/facebook/pyrefly) from 0.61.1 to 0.62.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/pyrefly/releases">pyrefly's releases</a>.</em></p> <blockquote> <h2>Pyrefly v0.62.0</h2> <p><strong>Status : BETA</strong> <em>Release date: April 20, 2026</em></p> <p>Pyrefly v0.62.0 bundles <strong>87 commits</strong> from <strong>23 contributors</strong>.</p> <hr /> <h2>✨ New & Improved</h2> <table> <thead> <tr> <th>Area</th> <th>What's new</th> </tr> </thead> <tbody> <tr> <td><strong>Type Checking</strong></td> <td>- <code>TypeVarTuple</code> inference has been changed to be consistent with <code>TypeVar</code>, per a recent change to the typing spec. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Errors logged during speculative union checks and overload calls are now reverted, eliminating a source of confusing false positives. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Union-typed decorators that return fully unknown types (either <code>Unknown</code> or callables with all-unknown signatures) preserve the original function signature instead of replacing it with <code>Unknown</code>, reducing false positives by ~23% on TensorFlow.</td> </tr> <tr> <td><strong>Language Server</strong></td> <td>- Semantic tokens and completions work for <code>inmemory://</code> documents on Windows. <!-- raw HTML omitted --><!-- raw HTML omitted -->- LSP server crashes from out-of-range line numbers in client requests are prevented by clamping positions to the buffer's valid range.</td> </tr> <tr> <td><strong>Error Reporting</strong></td> <td>- Error kinds can now have sub-kinds that can be disabled using their shared prefix. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Invariance checks for mutable attributes (corresponding to mypy's <code>mutable-override</code> opt-in behavior) have been moved to a new <code>bad-override-mutable-attribute</code> error code that is a sub-kind of <code>bad-override</code>. <!-- raw HTML omitted --><!-- raw HTML omitted -->- The <code>bad-param-name-override</code> error has been renamed to <code>bad-override-param-name</code> and made a sub-kind of <code>bad-override</code>. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Sub-configs that define <code>[errors]</code> inherit the root config's error severity overrides for any codes they don't explicitly set.</td> </tr> <tr> <td><strong>Configuration</strong></td> <td>- When migrating from mypy via <code>pyrefly init</code>, <code>bad-override-mutable-attribute</code> is disabled by default to match mypy's behavior. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Project excludes (e.g., <code>project-excludes = ["**/*.ipynb"]</code>) no longer block discovery of <code>.py</code> files when the default <code>project-includes</code> contains both <code>**/*.py*</code> and <code>**/*.ipynb</code>.</td> </tr> </tbody> </table> <hr /> <h2>🐛 bug fixes</h2> <p>We closed 12 bug issues this release 👏</p> <ul> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3118">#3118</a>: Fixed incorrect stub package recommendations for typeshed third-party libraries. Pyrefly now suggests the correct package name (e.g., <code>types-python-dateutil</code> for the <code>dateutil</code> module, not <code>types-dateutil</code>) by extracting the module→package mapping from the bundled typeshed archive, preventing potential typosquatting.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3081">#3081</a>: Fixed NewType wrappers with NoneType bases being incorrectly rejected or treated inconsistently. <code>NewType("NewNoneType", NoneType)</code> is now accepted as a valid nominal type declaration, and plain <code>None</code> is correctly rejected where <code>NewNoneType</code> is required.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3052">#3052</a>: Fixed false positive <code>unexpected-keyword</code> errors for named parameters before <code>*args: P.args</code>. Functions like <code>call_with_retry(f, max_attempts=10, *args: P.args, **kwargs: P.kwargs)</code> now correctly allow <code>max_attempts</code> to be passed as a keyword argument, matching mypy and pyright behavior.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3110">#3110</a>: Fixed LSP server crashes when the client sends a position with a line number beyond the end of the buffer (e.g., after a <code>DidChangeTextDocument</code> race where the file was truncated). Out-of-range positions now map to EOF instead of panicking.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2912">#2912</a>: Fixed false positive <code>bad-argument-type</code> for <code>list(null_values.items())</code> when the return type hint is a union like <code>Sequence[str] | list[tuple[str, str]]</code>. Pyrefly now tries constructing the class with each union member independently and unions the results, ensuring the inferred type is assignable to the hint.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2644">#2644</a>: Fixed false positive <code>bad-argument-type</code> when calling a method with <code>AnyStr</code>. Placeholder variables used during overload resolution are now saved and restored around overload calls, preventing <code>AnyStr</code> from being incorrectly specialized to <code>str</code> and polluting subsequent checks.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2872">#2872</a>: Fixed false positive <code>invalid-type-var</code> for generic functions captured as closure default arguments. The <code>Visit</code> implementation for <code>DefaultValue</code> now calls <code>visit</code> instead of <code>recurse</code>, ensuring type-level visitors see the <code>Type</code> node stored in the default value.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3159">#3159</a>: Fixed incorrect type inference for <code>.value</code> on enum members with non-data-type mixins. Mixins that don't define <code>__new__</code> (e.g., <code>class Meta: pass</code>) are no longer treated as data type mixins, so <code>Foo.bar.value</code> correctly returns <code>Literal[1]</code> instead of <code>Meta</code>.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3161">#3161</a>: Fixed false positive <code>bad-argument-type</code> for overloaded functions with vararg unpacking (e.g., <code>*args: *tuple[int, str]</code>). Type check errors for unpacked varargs are now sent to <code>call_errors</code> instead of <code>arg_errors</code>, so they don't cause the overload to be incorrectly rejected.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3047">#3047</a>: Fixed false positive <code>bad-specialization</code> when matching a type variable against a union like <code>N | Iterable[N]</code>. Pyrefly now uses snapshot-based rollback when trying each union member, ensuring specialization errors from one branch don't leak into the final result if another branch succeeds without errors.</li> <li>And more! <a href="https://redirect.github.com/facebook/pyrefly/issues/3122">#3122</a>, <a href="https://redirect.github.com/facebook/pyrefly/issues/3080">#3080</a>, <a href="https://redirect.github.com/facebook/pyrefly/issues/3074">#3074</a></li> </ul> <p>Thank-you to all our contributors who found these bugs and reported them! Did you know this is one of the most helpful contributions you can make to an open-source project? If you find any bugs in Pyrefly we want to know about them! Please open a bug report issue <a href="https://github.com/facebook/pyrefly/issues">here</a></p> <hr /> <h2>📦 Upgrade</h2> <pre lang="bash"><code>pip install --upgrade pyrefly==0.62.0 </code></pre> <h3>How to safely upgrade your codebase</h3> <p>Upgrading the version of Pyrefly you're using or a third-party library you depend on can reveal new type errors in your code. Fixing them all at once is often unrealistic. We've written scripts to help you temporarily silence them. After upgrading, follow these steps:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a6eba4cbe4 |
Bump idna from 3.11 to 3.15 in /backend (#1692)
Bumps [idna](https://github.com/kjd/idna) from 3.11 to 3.15. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/kjd/idna/blob/master/HISTORY.md">idna's changelog</a>.</em></p> <blockquote> <h2>3.15 (2026-05-12)</h2> <ul> <li>Enforce DNS-length cap on individual labels early in <code>check_label</code>, short-circuiting contextual-rule processing for oversized input while staying compatible with UTS 46 usage.</li> <li>Tidy core helpers: hoist bidi category sets to module-level frozensets (avoiding per-codepoint list construction), simplify length checks, and reuse the shared <code>_unicode_dots_re</code> from <code>idna.core</code> in the codec module.</li> <li>Use <code>raise ... from err</code> for proper exception chaining and switch internal string formatting to f-strings.</li> <li>Allow <code>flit_core</code> 4.x in the build backend.</li> <li>Expand the ruff lint set (flake8-bugbear, flake8-simplify, pyupgrade, perflint) and apply the surfaced fixes; pin lint CI to Python 3.14.</li> <li>Add Dependabot configuration for GitHub Actions.</li> <li>Convert README and HISTORY from reStructuredText to Markdown.</li> <li>Reference CVE-2026-45409 for the 3.14 advisory in place of the initial GHSA identifier.</li> </ul> <p>Thanks to Felix Yan, Stan Ulbrych, and metsw24-max for contributions to this release.</p> <h2>3.14 (2026-05-10)</h2> <ul> <li>Removed opportunity to process long inputs into quadratic time by rejecting oversize inputs up-front. Closes a bypass of the CVE-2024-3651 mitigation. [CVE-2026-45409]</li> </ul> <p>Thanks to Stan Ulbrych for reporting the issue.</p> <h2>3.13 (2026-04-22)</h2> <ul> <li>Correct classification error for codepoint U+A7F1</li> </ul> <h2>3.12 (2026-04-21)</h2> <ul> <li>Update to Unicode 17.0.0.</li> <li>Issue a deprecation warning for the transitional argument.</li> <li>Added lazy-loading to provide some performance improvements.</li> <li>Removed vestiges of code related to Python 2 support, including segmentation of data structures specific to Jython.</li> </ul> <p>Thanks to Rodrigo Nogueira for contributions to this release.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a4ebc13c6b |
Bump pydantic from 2.12.4 to 2.13.2 in /backend (#1691)
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.12.4 to 2.13.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/releases">pydantic's releases</a>.</em></p> <blockquote> <h2>v2.13.2 2026-04-17</h2> <h2>v2.13.2 (2026-04-17)</h2> <h3>What's Changed</h3> <h4>Fixes</h4> <ul> <li>Fix <code>ValidationInfo.field_name</code> missing with <code>model_validate_json()</code> by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13084">#13084</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2">https://github.com/pydantic/pydantic/compare/v2.13.1...v2.13.2</a></p> <h2>v2.13.1 2026-04-15</h2> <h2>v2.13.1 (2026-04-15)</h2> <h3>What's Changed</h3> <h4>Fixes</h4> <ul> <li>Fix <code>ValidationInfo.data</code> missing with <code>model_validate_json()</code> by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13079">#13079</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1">https://github.com/pydantic/pydantic/compare/v2.13.0...v2.13.1</a></p> <h2>v2.13.0 2026-04-13</h2> <h2>v2.13.0 (2026-04-13)</h2> <p>The highlights of the v2.13 release are available in the <a href="https://pydantic.dev/articles/pydantic-v2-13-release">blog post</a>. Several minor changes (considered non-breaking changes according to our <a href="https://pydantic.dev/docs/validation/2.13/get-started/version-policy/#pydantic-v2">versioning policy</a>) are also included in this release. Make sure to look into them before upgrading.</p> <p>This release contains the updated <code>pydantic.v1</code> namespace, matching version 1.10.26 which includes support for Python 3.14.</p> <h3>What's Changed</h3> <p>See the beta releases for all changes sinces 2.12.</p> <h4>Packaging</h4> <ul> <li>Add zizmor for GitHub Actions workflow linting by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13039">#13039</a></li> <li>Update jiter to v0.14.0 to fix a segmentation fault on musl Linux by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13064">#13064</a></li> </ul> <h4>New Features</h4> <ul> <li>Allow default factories of private attributes to take validated model data by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13013">#13013</a></li> </ul> <h4>Changes</h4> <ul> <li>Warn when serializing fixed length tuples with too few items by <a href="https://github.com/arvindsaripalli"><code>@arvindsaripalli</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13016">#13016</a></li> </ul> <h4>Fixes</h4> <ul> <li>Change type of <code>Any</code> when synthesizing <code>_build_sources</code> for <code>BaseSettings.__init__()</code> signature in the mypy plugin by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13049">#13049</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pydantic/pydantic/blob/main/HISTORY.md">pydantic's changelog</a>.</em></p> <blockquote> <h2>v2.13.2 (2026-04-17)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.2">GitHub release</a></p> <h3>What's Changed</h3> <h4>Fixes</h4> <ul> <li>Fix <code>ValidationInfo.field_name</code> missing with <code>model_validate_json()</code> by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13084">#13084</a></li> </ul> <h2>v2.13.1 (2026-04-15)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.1">GitHub release</a></p> <h3>What's Changed</h3> <h4>Fixes</h4> <ul> <li>Fix <code>ValidationInfo.data</code> missing with <code>model_validate_json()</code> by <a href="https://github.com/davidhewitt"><code>@davidhewitt</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13079">#13079</a></li> </ul> <h2>v2.13.0 (2026-04-13)</h2> <p><a href="https://github.com/pydantic/pydantic/releases/tag/v2.13.0">GitHub release</a></p> <p>The highlights of the v2.13 release are available in the <a href="https://pydantic.dev/articles/pydantic-v2-13-release">blog post</a>. Several minor changes (considered non-breaking changes according to our <a href="https://pydantic.dev/docs/validation/2.13/get-started/version-policy/#pydantic-v2">versioning policy</a>) are also included in this release. Make sure to look into them before upgrading.</p> <p>This release contains the updated <code>pydantic.v1</code> namespace, matching version 1.10.26 which includes support for Python 3.14.</p> <h3>What's Changed</h3> <p>See the beta releases for all changes sinces 2.12.</p> <h4>New Features</h4> <ul> <li>Allow default factories of private attributes to take validated model data by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13013">#13013</a></li> </ul> <h4>Changes</h4> <ul> <li>Warn when serializing fixed length tuples with too few items by <a href="https://github.com/arvindsaripalli"><code>@arvindsaripalli</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13016">#13016</a></li> </ul> <h4>Fixes</h4> <ul> <li>Change type of <code>Any</code> when synthesizing <code>_build_sources</code> for <code>BaseSettings.__init__()</code> signature in the mypy plugin by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13049">#13049</a></li> <li>Fix model equality when using runtime <code>extra</code> configuration by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13062">#13062</a></li> </ul> <h4>Packaging</h4> <ul> <li>Add zizmor for GitHub Actions workflow linting by <a href="https://github.com/Viicos"><code>@Viicos</code></a> in <a href="https://redirect.github.com/pydantic/pydantic/pull/13039">#13039</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
c5be5378bf |
Bump pyrefly from 0.60.0 to 0.61.1 in /backend (#1690)
Bumps [pyrefly](https://github.com/facebook/pyrefly) from 0.60.0 to 0.61.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/pyrefly/releases">pyrefly's releases</a>.</em></p> <blockquote> <h2>Pyrefly v0.61.1</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/facebook/pyrefly/compare/0.61.0...0.61.1">https://github.com/facebook/pyrefly/compare/0.61.0...0.61.1</a></p> <h2>Pyrefly v0.61.0</h2> <p><strong>Status : BETA</strong> <em>Release date: April 13, 2026</em></p> <p>Pyrefly v0.61.0 bundles <strong>85 commits</strong> from <strong>21 contributors</strong>.</p> <hr /> <h2>✨ New & Improved</h2> <table> <thead> <tr> <th>Area</th> <th>What's new</th> </tr> </thead> <tbody> <tr> <td><strong>Type Checking</strong></td> <td>- Division, floor division, and modulo operations with a literal zero divisor (e.g., <code>x / 0</code>, <code>y // 0</code>, <code>z % 0</code>) are flagged as errors, catching runtime <code>ZeroDivisionError</code> before execution. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Multiple inheritance with conflicting <code>__slots__</code> definitions is detected and reported as an error, matching CPython's runtime behavior and preventing layout conflicts. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Protocol members assigned a value without an explicit type annotation (e.g., <code>x = None</code> in a <code>Protocol</code> class body) are flagged as errors, ensuring protocol members have declared types as required by the typing specification.</td> </tr> <tr> <td><strong>Language Server</strong></td> <td>- Variables used exclusively within f-string format specifiers (e.g., <code>f"{key:<{max_len}}"</code>) are correctly recognized as used, eliminating false positive unused-variable warnings. <!-- raw HTML omitted --><!-- raw HTML omitted -->- The VS Code extension explicitly declares workspace trust capabilities, requiring trusted workspaces to run and allowing machine-overridable scope for <code>lspPath</code> and <code>lspArguments</code> settings for improved security.</td> </tr> <tr> <td><strong>Coverage Reporting</strong></td> <td>- The <code>pyrefly report</code> command now excludes some dunder methods and typing-only constructs from coverage metrics. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Per-module JSON output includes entity counts (n_functions, n_methods, n_function_params, n_method_params, n_classes, n_attrs, n_properties, n_type_ignores) for downstream consumers. <!-- raw HTML omitted --><!-- raw HTML omitted -->- A new <code>--module <name></code> CLI flag allows overriding the module name in JSON output, supporting callers that need canonical package names instead of filesystem-derived names.</td> </tr> <tr> <td><strong>Pydantic</strong></td> <td>- Pydantic lax conversion special-cases regex patterns, fixing false positives when passing compiled patterns to Pydantic models.</td> </tr> <tr> <td><strong>Performance</strong></td> <td>- Fixed a bug in overload evaluation that caused exponential memory consumption and indefinite hangs on code with many overloaded calls.</td> </tr> </tbody> </table> <hr /> <h2>🐛 bug fixes</h2> <p>We closed <strong>9</strong> bug issues this release 👏</p> <ul> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3031">#3031</a>: Fixed a crash in mypy_primer caused by a variable leak in <code>LitEnum</code> — types are now deep-forced before storage to prevent leaking vars into the solver.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2915">#2915</a>: Division, floor division, and modulo by literal <code>0</code> are now flagged as errors, catching <code>ZeroDivisionError</code> at static analysis time instead of runtime.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3009">#3009</a>: Fixed false positive unused-variable warnings for variables used exclusively within f-string format specifiers (e.g., <code>f"{key:<{max_len}}"</code>). The AST visitor now correctly descends into <code>format_spec</code> nodes.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2799">#2799</a>: Fixed false positive <code>[missing-attribute]</code> errors for <code>dict.setdefault(key, []).append(val)</code> on unannotated dicts. Overload resolution now creates fresh partial variables for each overload, preventing incorrect pinning.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2991">#2991</a>: Fixed Pydantic lax-mode rewriting <code>re.Pattern[str]</code> to <code>Pattern[LaxStr]</code> and rejecting <code>re.Pattern[str]</code>. Regex patterns now expand to <code>re.Pattern[T] | T</code> instead of recursively widening the inner type.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2916">#2916</a>: Fixed runtime <code>TypeError</code> from multiple inheritance with conflicting <code>__slots__</code> (same slot names). Pyrefly now detects and reports this layout conflict during class metadata computation.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2917">#2917</a>: Fixed runtime <code>TypeError</code> from multiple inheritance with conflicting <code>__slots__</code> (different slot names). Pyrefly now detects non-empty <code>__slots__</code> in multiple bases and reports the conflict.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3064">#3064</a>: Fixed false positive when using <code>issubclass()</code> after <code>isinstance()</code> narrowing with custom metaclasses (e.g., Django's <code>ModelBase</code>). Metaclass instances are now correctly accepted as valid class objects.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/3030">#3030</a>: Fixed false positive <code>LiteralString</code> type error in <code>map(str.strip, ...)</code>. Overloads with narrower <code>self</code>-type annotations are now filtered out during unbound method resolution.</li> </ul> <p>Thank-you to all our contributors who found these bugs and reported them! Did you know this is one of the most helpful contributions you can make to an open-source project? If you find any bugs in Pyrefly we want to know about them! Please open a bug report issue <a href="https://github.com/facebook/pyrefly/issues">here</a></p> <hr /> <h2>📦 Upgrade</h2> <pre lang="bash"><code>pip install --upgrade pyrefly==0.61.0 </code></pre> <h3>How to safely upgrade your codebase</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
2146f245a0 |
Bump sentry-sdk from 2.57.0 to 2.58.0 in /backend (#1689)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.57.0 to 2.58.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's releases</a>.</em></p> <blockquote> <h2>2.58.0</h2> <h3>New Features ✨</h3> <ul> <li>(ai) Redact base64 data URLs in image_url content blocks by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5953">#5953</a></li> <li>(integrations) Instrument pyreqwest tracing by <a href="https://github.com/servusdei2018"><code>@servusdei2018</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5682">#5682</a></li> <li>(litellm) Add async callbacks by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5969">#5969</a></li> </ul> <h3>Bug Fixes 🐛</h3> <h4>Anthropic</h4> <ul> <li>Capture exceptions for <code>stream()</code> calls by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5950">#5950</a></li> <li>Stop setting transaction status when child span fails by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5717">#5717</a></li> <li>Only finish relevant spans in .create() patches by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5716">#5716</a></li> </ul> <h4>Pydantic Ai</h4> <ul> <li>Adapt import for new library versions by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5984">#5984</a></li> <li>Use first-class hooks when available by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5947">#5947</a></li> </ul> <h4>Other</h4> <ul> <li>(huggingface_hub) Stop setting transaction status when a child span fails by <a href="https://github.com/Zenithatic"><code>@Zenithatic</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5952">#5952</a></li> <li>(litellm) Avoid double span exits when streaming by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5933">#5933</a></li> <li>(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by <a href="https://github.com/sl0thentr0py"><code>@sl0thentr0py</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5963">#5963</a></li> </ul> <h3>Internal Changes 🔧</h3> <h4>Litellm</h4> <ul> <li>Replace mocks with <code>httpx</code> types in rate-limit test by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5975">#5975</a></li> <li>Replace mocks with <code>httpx</code> types in embedding tests by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5970">#5970</a></li> <li>Replace mocks with <code>httpx</code> types in nonstreaming <code>completion()</code> tests by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5937">#5937</a></li> <li>Remove dead attributes by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5985">#5985</a></li> </ul> <h4>Other</h4> <ul> <li>(ai) Remove <code>gen_ai.tool.type</code> span attribute by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5964">#5964</a></li> <li>(anthropic) Separate sync and async .create() patches by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5715">#5715</a></li> <li>(openai) Split token counting by API for easier deprecation by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5930">#5930</a></li> <li>(openai-agents) Remove error attributes by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5986">#5986</a></li> <li>(opentelemetry) Ignore mypy error by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5927">#5927</a></li> <li>🤖 Update test matrix with new releases (04/13) by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5983">#5983</a></li> <li>Fix license metadata in setup.py by <a href="https://github.com/sl0thentr0py"><code>@sl0thentr0py</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5934">#5934</a></li> <li>Update validate-pr workflow by <a href="https://github.com/stephanie-anderson"><code>@stephanie-anderson</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5931">#5931</a></li> </ul> <h3>Other</h3> <ul> <li>Handle <code>None</code> span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5967">#5967</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's changelog</a>.</em></p> <blockquote> <h2>2.58.0</h2> <h3>New Features ✨</h3> <ul> <li>(ai) Redact base64 data URLs in image_url content blocks by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5953">#5953</a></li> <li>(integrations) Instrument pyreqwest tracing by <a href="https://github.com/servusdei2018"><code>@servusdei2018</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5682">#5682</a></li> <li>(litellm) Add async callbacks by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5969">#5969</a></li> </ul> <h3>Bug Fixes 🐛</h3> <h4>Anthropic</h4> <ul> <li>Capture exceptions for <code>stream()</code> calls by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5950">#5950</a></li> <li>Stop setting transaction status when child span fails by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5717">#5717</a></li> <li>Only finish relevant spans in .create() patches by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5716">#5716</a></li> </ul> <h4>Pydantic Ai</h4> <ul> <li>Adapt import for new library versions by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5984">#5984</a></li> <li>Use first-class hooks when available by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5947">#5947</a></li> </ul> <h4>Other</h4> <ul> <li>(huggingface_hub) Stop setting transaction status when a child span fails by <a href="https://github.com/Zenithatic"><code>@Zenithatic</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5952">#5952</a></li> <li>(litellm) Avoid double span exits when streaming by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5933">#5933</a></li> <li>(wsgi) Respect HTTP_X_FORWARDED_PROTO in request.url construction by <a href="https://github.com/sl0thentr0py"><code>@sl0thentr0py</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5963">#5963</a></li> </ul> <h3>Internal Changes 🔧</h3> <h4>Litellm</h4> <ul> <li>Replace mocks with <code>httpx</code> types in rate-limit test by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5975">#5975</a></li> <li>Replace mocks with <code>httpx</code> types in embedding tests by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5970">#5970</a></li> <li>Replace mocks with <code>httpx</code> types in nonstreaming <code>completion()</code> tests by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5937">#5937</a></li> <li>Remove dead attributes by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5985">#5985</a></li> </ul> <h4>Other</h4> <ul> <li>(ai) Remove <code>gen_ai.tool.type</code> span attribute by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5964">#5964</a></li> <li>(anthropic) Separate sync and async .create() patches by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5715">#5715</a></li> <li>(openai) Split token counting by API for easier deprecation by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5930">#5930</a></li> <li>(openai-agents) Remove error attributes by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5986">#5986</a></li> <li>(opentelemetry) Ignore mypy error by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5927">#5927</a></li> <li>🤖 Update test matrix with new releases (04/13) by <a href="https://github.com/github-actions"><code>@github-actions</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5983">#5983</a></li> <li>Fix license metadata in setup.py by <a href="https://github.com/sl0thentr0py"><code>@sl0thentr0py</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5934">#5934</a></li> <li>Update validate-pr workflow by <a href="https://github.com/stephanie-anderson"><code>@stephanie-anderson</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5931">#5931</a></li> </ul> <h3>Other</h3> <ul> <li>Handle <code>None</code> span context in the span processor and pin tokenizers version for anthropic tests on Python 3.8 by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5967">#5967</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
48551b09f7 |
Bump fastapi from 0.135.3 to 0.136.0 in /backend (#1688)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.135.3 to 0.136.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastapi/fastapi/releases">fastapi's releases</a>.</em></p> <blockquote> <h2>0.136.0</h2> <h3>Upgrades</h3> <ul> <li>⬆️ Support free-threaded Python 3.14t. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15149">#15149</a> by <a href="https://github.com/svlandeg"><code>@svlandeg</code></a>.</li> </ul> <h2>0.135.4</h2> <h3>Refactors</h3> <ul> <li>🔥 Remove April Fool's <code>@app.vibe()</code> 🤪. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15363">#15363</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>⬆ Bump cryptography from 46.0.5 to 46.0.7. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15314">#15314</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>⬆ Bump strawberry-graphql from 0.307.1 to 0.312.3. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15309">#15309</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>🔨 Add pre-commit hook to ensure latest release header has date. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15293">#15293</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
e6abd7d282 |
Bump urllib3 from 2.6.3 to 2.7.0 in /backend (#1681)
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.3 to 2.7.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/releases">urllib3's releases</a>.</em></p> <blockquote> <h2>2.7.0</h2> <h2>🚀 urllib3 is fundraising for HTTP/2 support</h2> <p><a href="https://sethmlarson.dev/urllib3-is-fundraising-for-http2-support">urllib3 is raising ~$40,000 USD</a> to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects <a href="https://opencollective.com/urllib3">please consider contributing financially</a> to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.</p> <p>Thank you for your support.</p> <h2>Security</h2> <p>Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.</p> <ul> <li> <p>Decompression-bomb safeguards of the streaming API were bypassed:</p> <ol> <li>When <code>HTTPResponse.drain_conn()</code> was called after the response had been read and decompressed partially. (Reported by <a href="https://github.com/Cycloctane"><code>@Cycloctane</code></a>)</li> <li>During the second <code>HTTPResponse.read(amt=N)</code> or <code>HTTPResponse.stream(amt=N)</code> call when the response was decompressed using the official <a href="https://pypi.org/project/brotli/">Brotli</a> library. (Reported by <a href="https://github.com/kimkou2024"><code>@kimkou2024</code></a>)</li> </ol> <p>See GHSA-mf9v-mfxr-j63j for details.</p> </li> <li> <p>HTTP pools created using <code>ProxyManager.connection_from_url</code> did not strip sensitive headers specified in <code>Retry.remove_headers_on_redirect</code> when redirecting to a different host. (GHSA-qccp-gfcp-xxvc reported by <a href="https://github.com/christos-spearbit"><code>@christos-spearbit</code></a>)</p> </li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Used <code>FutureWarning</code> instead of <code>DeprecationWarning</code> for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3763">urllib3/urllib3#3763</a>)</li> <li>Removed support for end-of-life Python 3.9. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3720">urllib3/urllib3#3720</a>)</li> <li>Removed support for end-of-life PyPy3.10. (<a href="https://redirect.github.com/urllib3/urllib3/issues/4979">urllib3/urllib3#4979</a>)</li> <li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3777">urllib3/urllib3#3777</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was ignoring decompressed data buffered from previous partial reads. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3636">urllib3/urllib3#3636</a>)</li> <li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only part of the response after a partial read when <code>cache_content=True</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/4967">urllib3/urllib3#4967</a>)</li> <li>Fixed <code>HTTPResponse.stream()</code> and <code>HTTPResponse.read_chunked()</code> to handle <code>amt=0</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3793">urllib3/urllib3#3793</a>)</li> <li>Updated <code>_TYPE_BODY</code> type alias to include missing <code>Iterable[str]</code>, matching the documented and runtime behavior of chunked request bodies. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3798">urllib3/urllib3#3798</a>)</li> <li>Fixed <code>LocationParseError</code> when paths resembling schemeless URIs were passed to <code>HTTPConnectionPool.urlopen()</code>. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3352">urllib3/urllib3#3352</a>)</li> <li>Fixed <code>BaseHTTPResponse.readinto()</code> type annotation to accept <code>memoryview</code> in addition to <code>bytearray</code>, matching the <code>io.RawIOBase.readinto</code> contract and enabling use with <code>io.BufferedReader</code> without type errors. (<a href="https://redirect.github.com/urllib3/urllib3/issues/3764">urllib3/urllib3#3764</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/urllib3/urllib3/blob/main/CHANGES.rst">urllib3's changelog</a>.</em></p> <blockquote> <h1>2.7.0 (2026-05-07)</h1> <h2>Security</h2> <p>Addressed high-severity security issues. Impact was limited to specific use cases detailed in the accompanying advisories; overall user exposure was estimated to be marginal.</p> <ul> <li> <p>Decompression-bomb safeguards of the streaming API were bypassed:</p> <ol> <li>When <code>HTTPResponse.drain_conn()</code> was called after the response had been read and decompressed partially.</li> <li>During the second <code>HTTPResponse.read(amt=N)</code> or <code>HTTPResponse.stream(amt=N)</code> call when the response was decompressed using the official <code>Brotli <https://pypi.org/project/brotli/></code>__ library.</li> </ol> <p>See <code>GHSA-mf9v-mfxr-j63j <https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j></code>__ for details.</p> </li> <li> <p>HTTP pools created using <code>ProxyManager.connection_from_url</code> did not strip sensitive headers specified in <code>Retry.remove_headers_on_redirect</code> when redirecting to a different host. (<code>GHSA-qccp-gfcp-xxvc <https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc></code>__)</p> </li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Used <code>FutureWarning</code> instead of <code>DeprecationWarning</code> for better visibility of existing deprecation notices. Rescheduled the removal of deprecated features to version 3.0. (<code>[#3763](https://github.com/urllib3/urllib3/issues/3763) <https://github.com/urllib3/urllib3/issues/3763></code>__)</li> <li>Removed support for end-of-life Python 3.9. (<code>[#3720](https://github.com/urllib3/urllib3/issues/3720) <https://github.com/urllib3/urllib3/issues/3720></code>__)</li> <li>Removed support for end-of-life PyPy3.10. (<code>[#4979](https://github.com/urllib3/urllib3/issues/4979) <https://github.com/urllib3/urllib3/issues/4979></code>__)</li> <li>Bumped the minimum supported pyOpenSSL version to 19.0.0. (<code>[#3777](https://github.com/urllib3/urllib3/issues/3777) <https://github.com/urllib3/urllib3/issues/3777></code>__)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Fixed a bug where <code>HTTPResponse.read(amt=None)</code> was ignoring decompressed data buffered from previous partial reads. (<code>[#3636](https://github.com/urllib3/urllib3/issues/3636) <https://github.com/urllib3/urllib3/issues/3636></code>__)</li> <li>Fixed a bug where <code>HTTPResponse.read()</code> could cache only part of the response after a partial read when <code>cache_content=True</code>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
7a1c2b0c4e |
Bump python-multipart from 0.0.26 to 0.0.27 in /backend (#1680)
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.26 to 0.0.27. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/releases">python-multipart's releases</a>.</em></p> <blockquote> <h2>0.0.27</h2> <h2>What's Changed</h2> <ul> <li>Pass parse offsets via constructors by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/268">Kludex/python-multipart#268</a></li> <li>Add multipart header limits by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/267">Kludex/python-multipart#267</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27">https://github.com/Kludex/python-multipart/compare/0.0.26...0.0.27</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/blob/main/CHANGELOG.md">python-multipart's changelog</a>.</em></p> <blockquote> <h2>0.0.27 (2026-04-27)</h2> <ul> <li>Add multipart header limits <a href="https://redirect.github.com/Kludex/python-multipart/pull/267">#267</a>.</li> <li>Pass parse offsets via constructors <a href="https://redirect.github.com/Kludex/python-multipart/pull/268">#268</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0f626c344b |
Bump mako from 1.3.11 to 1.3.12 in /backend (#1679)
Bumps [mako](https://github.com/sqlalchemy/mako) from 1.3.11 to 1.3.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sqlalchemy/mako/releases">mako's releases</a>.</em></p> <blockquote> <h1>1.3.12</h1> <p>Released: Tue Apr 28 2026</p> <h2>bug</h2> <ul> <li> <p><strong>[bug] [template]</strong> Fixed issue in <code>TemplateLookup</code> where a URI with backslash path separators (e.g. <code>\..\secret.txt</code>) could bypass the directory traversal check on Windows, allowing reads of arbitrary files outside of the template directory. Backslash characters in URIs are now normalized to forward slashes before path resolution.</p> <p>References: <a href="https://redirect.github.com/sqlalchemy/mako/issues/435">#435</a></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sqlalchemy/mako/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/evroon/bracket/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
06da3d3598 |
Bump axios from 1.15.0 to 1.15.2 in /frontend (#1678)
Bumps [axios](https://github.com/axios/axios) from 1.15.0 to 1.15.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.15.2</h2> <p>This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in <code>allowedSocketPaths</code> allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Prototype Pollution Hardening (HTTP Adapter):</strong> Hardened the Node HTTP adapter and <code>resolveConfig</code>/<code>mergeConfig</code>/validator paths to read only own properties and use null-prototype config objects, preventing polluted <code>auth</code>, <code>baseURL</code>, <code>socketPath</code>, <code>beforeRedirect</code>, and <code>insecureHTTPParser</code> from influencing requests. (<strong><a href="https://redirect.github.com/axios/axios/issues/10779">#10779</a></strong>)</li> <li><strong>SSRF via <code>socketPath</code>:</strong> Rejects non-string <code>socketPath</code> values and adds an opt-in <code>allowedSocketPaths</code> config option to restrict permitted Unix domain socket paths, returning <code>AxiosError</code> <code>ERR_BAD_OPTION_VALUE</code> on mismatch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10777">#10777</a></strong>)</li> <li><strong>Supply-chain Hardening:</strong> Added <code>.npmrc</code> with <code>ignore-scripts=true</code>, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded <code>SECURITY.md</code>/<code>THREATMODEL.md</code> with provenance verification (<code>npm audit signatures</code>), 60-day resolution policy, and maintainer incident-response runbook. (<strong><a href="https://redirect.github.com/axios/axios/issues/10776">#10776</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong><code>allowedSocketPaths</code> Config Option:</strong> New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (<strong><a href="https://redirect.github.com/axios/axios/issues/10777">#10777</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Keep-alive Socket Memory Leak:</strong> Installs a single per-socket <code>error</code> listener tracking the active request via <code>kAxiosSocketListener</code>/<code>kAxiosCurrentReq</code>, eliminating per-request listener accumulation, <code>MaxListenersExceededWarning</code>, and linear heap growth under concurrent or long-running keep-alive workloads (fixes <a href="https://redirect.github.com/axios/axios/issues/10780">#10780</a>). (<strong><a href="https://redirect.github.com/axios/axios/issues/10788">#10788</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Changelog:</strong> Updated <code>CHANGELOG.md</code> with v1.15.1 release notes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10781">#10781</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.15.1...v1.15.2">Full Changelog</a></p> <h2>v1.15.1</h2> <p>This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Header Injection Hardening:</strong> Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (<strong><a href="https://redirect.github.com/axios/axios/issues/10749">#10749</a></strong>)</li> <li><strong>CRLF Stripping in Multipart Headers:</strong> Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (<strong><a href="https://redirect.github.com/axios/axios/issues/10758">#10758</a></strong>)</li> <li><strong>Prototype Pollution / Auth Bypass:</strong> Replaced unsafe <code>in</code> checks with <code>hasOwnProperty</code> to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (<strong><a href="https://redirect.github.com/axios/axios/issues/10761">#10761</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10760">#10760</a></strong>)</li> <li><strong><code>withXSRFToken</code> Truthy Bypass:</strong> Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (<strong><a href="https://redirect.github.com/axios/axios/issues/10762">#10762</a></strong>)</li> <li><strong><code>maxBodyLength</code> With Zero Redirects:</strong> Enforces <code>maxBodyLength</code> even when <code>maxRedirects</code> is set to <code>0</code>, closing a bypass path for oversized request bodies. (<strong><a href="https://redirect.github.com/axios/axios/issues/10753">#10753</a></strong>)</li> <li><strong>Streamed Response <code>maxContentLength</code> Bypass:</strong> Applies <code>maxContentLength</code> to streamed responses that previously bypassed the cap. (<strong><a href="https://redirect.github.com/axios/axios/issues/10754">#10754</a></strong>)</li> <li><strong>Follow-up CVE Completion:</strong> Completes an earlier incomplete CVE fix to fully close the regression window. (<strong><a href="https://redirect.github.com/axios/axios/issues/10755">#10755</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>AI-Based Docs Translations:</strong> Initial scaffold for AI-assisted translations of the documentation site. (<strong><a href="https://redirect.github.com/axios/axios/issues/10705">#10705</a></strong>)</li> <li><strong><code>Location</code> Request Header Type:</strong> Adds <code>Location</code> to <code>CommonRequestHeadersList</code> for accurate typing of redirect-aware requests. (<strong><a href="https://redirect.github.com/axios/axios/issues/7528">#7528</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>FormData Handling:</strong> Removes <code>Content-Type</code> when no boundary is present on <code>FormData</code> fetch requests, supports multi-select fields, cancels <code>request.body</code> instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (<strong><a href="https://redirect.github.com/axios/axios/issues/7314">#7314</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10676">#10676</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10702">#10702</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10726">#10726</a></strong>)</li> <li><strong>HTTP Adapter:</strong> Handles socket-only request errors without leaking keep-alive listeners. (<strong><a href="https://redirect.github.com/axios/axios/issues/10576">#10576</a></strong>)</li> <li><strong>Progress Events:</strong> Clamps <code>loaded</code> to <code>total</code> for computable upload/download progress events. (<strong><a href="https://redirect.github.com/axios/axios/issues/7458">#7458</a></strong>)</li> <li><strong>Types:</strong> Aligns <code>runWhen</code> type with the runtime behaviour in <code>InterceptorManager</code> and makes response header keys case-insensitive. (<strong><a href="https://redirect.github.com/axios/axios/issues/7529">#7529</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10677">#10677</a></strong>)</li> <li><strong><code>buildFullPath</code>:</strong> Uses strict equality in the base/relative URL check. (<strong><a href="https://redirect.github.com/axios/axios/issues/7252">#7252</a></strong>)</li> <li><strong><code>AxiosURLSearchParams</code> Regex:</strong> Improves the regex used for param serialisation to avoid edge-case mismatches. (<strong><a href="https://redirect.github.com/axios/axios/issues/10736">#10736</a></strong>)</li> <li><strong>Resilient Value Parsing:</strong> Parses out header/config values instead of throwing on malformed input. (<strong><a href="https://redirect.github.com/axios/axios/issues/10687">#10687</a></strong>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h2>v1.15.2 - April 21, 2026</h2> <p>This release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in <code>allowedSocketPaths</code> allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.</p> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Prototype Pollution Hardening (HTTP Adapter):</strong> Hardened the Node HTTP adapter and <code>resolveConfig</code>/<code>mergeConfig</code>/validator paths to read only own properties and use null-prototype config objects, preventing polluted <code>auth</code>, <code>baseURL</code>, <code>socketPath</code>, <code>beforeRedirect</code>, and <code>insecureHTTPParser</code> from influencing requests. (<strong><a href="https://redirect.github.com/axios/axios/issues/10779">#10779</a></strong>)</li> <li><strong>SSRF via <code>socketPath</code>:</strong> Rejects non-string <code>socketPath</code> values and adds an opt-in <code>allowedSocketPaths</code> config option to restrict permitted Unix domain socket paths, returning <code>AxiosError</code> <code>ERR_BAD_OPTION_VALUE</code> on mismatch. (<strong><a href="https://redirect.github.com/axios/axios/issues/10777">#10777</a></strong>)</li> <li><strong>Supply-chain Hardening:</strong> Added <code>.npmrc</code> with <code>ignore-scripts=true</code>, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded <code>SECURITY.md</code>/<code>THREATMODEL.md</code> with provenance verification (<code>npm audit signatures</code>), 60-day resolution policy, and maintainer incident-response runbook. (<strong><a href="https://redirect.github.com/axios/axios/issues/10776">#10776</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong><code>allowedSocketPaths</code> Config Option:</strong> New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (<strong><a href="https://redirect.github.com/axios/axios/issues/10777">#10777</a></strong>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Keep-alive Socket Memory Leak:</strong> Installs a single per-socket <code>error</code> listener tracking the active request via <code>kAxiosSocketListener</code>/<code>kAxiosCurrentReq</code>, eliminating per-request listener accumulation, <code>MaxListenersExceededWarning</code>, and linear heap growth under concurrent or long-running keep-alive workloads (fixes <a href="https://redirect.github.com/axios/axios/issues/10780">#10780</a>). (<strong><a href="https://redirect.github.com/axios/axios/issues/10788">#10788</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Changelog:</strong> Updated <code>CHANGELOG.md</code> with v1.15.1 release notes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10781">#10781</a></strong>)</li> </ul> <p><a href="https://github.com/axios/axios/compare/v1.15.1...v1.15.2">Full Changelog</a></p> <hr /> <h2>v1.15.1 - April 19, 2026</h2> <p>This release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.</p> <h2>🔒 Security Fixes</h2> <ul> <li> <p><strong>Header Injection Hardening:</strong> Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (<strong><a href="https://redirect.github.com/axios/axios/issues/10749">#10749</a></strong>)</p> </li> <li> <p><strong>CRLF Stripping in Multipart Headers:</strong> Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (<strong><a href="https://redirect.github.com/axios/axios/issues/10758">#10758</a></strong>)</p> </li> <li> <p><strong>Prototype Pollution / Auth Bypass:</strong> Replaced unsafe <code>in</code> checks with <code>hasOwnProperty</code> to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (<strong><a href="https://redirect.github.com/axios/axios/issues/10761">#10761</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10760">#10760</a></strong>)</p> </li> <li> <p><strong><code>withXSRFToken</code> Truthy Bypass:</strong> Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (<strong><a href="https://redirect.github.com/axios/axios/issues/10762">#10762</a></strong>)</p> </li> <li> <p><strong><code>maxBodyLength</code> With Zero Redirects:</strong> Enforces <code>maxBodyLength</code> even when <code>maxRedirects</code> is set to <code>0</code>, closing a bypass path for oversized request bodies. (<strong><a href="https://redirect.github.com/axios/axios/issues/10753">#10753</a></strong>)</p> </li> <li> <p><strong>Streamed Response <code>maxContentLength</code> Bypass:</strong> Applies <code>maxContentLength</code> to streamed responses that previously bypassed the cap. (<strong><a href="https://redirect.github.com/axios/axios/issues/10754">#10754</a></strong>)</p> </li> <li> <p><strong>Follow-up CVE Completion:</strong> Completes an earlier incomplete CVE fix to fully close the regression window. (<strong><a href="https://redirect.github.com/axios/axios/issues/10755">#10755</a></strong>)</p> </li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>AI-Based Docs Translations:</strong> Initial scaffold for AI-assisted translations of the documentation site. (<strong><a href="https://redirect.github.com/axios/axios/issues/10705">#10705</a></strong>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3a59b5e4bb |
Bump @typescript-eslint/eslint-plugin from 8.57.0 to 8.58.0 in /frontend (#1677)
Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 8.57.0 to 8.58.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">@typescript-eslint/eslint-plugin's releases</a>.</em></p> <blockquote> <h2>v8.58.0</h2> <h2>8.58.0 (2026-03-30)</h2> <h3>🚀 Features</h3> <ul> <li>support TypeScript 6 (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12124">#12124</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> crash in <code>no-unnecessary-type-arguments</code> (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12163">#12163</a>)</li> <li><strong>eslint-plugin:</strong> [no-extraneous-class] handle index signatures (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12142">#12142</a>)</li> <li><strong>eslint-plugin:</strong> [prefer-regexp-exec] avoid fixing unknown RegExp flags (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12161">#12161</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>ej shafran <a href="https://github.com/ej-shafran"><code>@ej-shafran</code></a></li> <li>Evyatar Daud <a href="https://github.com/StyleShit"><code>@StyleShit</code></a></li> <li>GG ZIBLAKING</li> <li>milkboy2564 <a href="https://github.com/SeolJaeHyeok"><code>@SeolJaeHyeok</code></a></li> <li>teee32 <a href="https://github.com/teee32"><code>@teee32</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>v8.57.2</h2> <h2>8.57.2 (2026-03-23)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [prefer-optional-chain] remove dangling closing parenthesis (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11865">#11865</a>)</li> <li><strong>eslint-plugin:</strong> [array-type] ignore Array and ReadonlyArray without type arguments (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11971">#11971</a>)</li> <li><strong>eslint-plugin:</strong> [no-restricted-types] flag banned generics in extends or implements (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12120">#12120</a>)</li> <li><strong>eslint-plugin:</strong> [no-unsafe-return] false positive on unwrapping generic (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12125">#12125</a>)</li> <li><strong>eslint-plugin:</strong> [no-unsafe-return] false positive on unwrapping generic (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12125">#12125</a>)</li> <li><strong>eslint-plugin:</strong> [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12127">#12127</a>)</li> <li><strong>eslint-plugin:</strong> [prefer-readonly-parameter-types] preserve type alias infomation (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11954">#11954</a>)</li> <li><strong>typescript-estree:</strong> skip createIsolatedProgram fallback for projectService (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12066">#12066</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12065">#12065</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> <li>Konv Suu</li> <li>mdm317</li> <li>Newton Yuan <a href="https://github.com/NewtonYuan"><code>@NewtonYuan</code></a></li> <li>RyoheiYamamoto</li> <li>SungHyun627 <a href="https://github.com/SungHyun627"><code>@SungHyun627</code></a></li> <li>Tamashoo <a href="https://github.com/Tamashoo"><code>@Tamashoo</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.57.2">GitHub Releases</a> for more information.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md">@typescript-eslint/eslint-plugin's changelog</a>.</em></p> <blockquote> <h2>8.58.0 (2026-03-30)</h2> <h3>🚀 Features</h3> <ul> <li>support TypeScript 6 (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12124">#12124</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [prefer-regexp-exec] avoid fixing unknown RegExp flags (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12161">#12161</a>)</li> <li><strong>eslint-plugin:</strong> [no-extraneous-class] handle index signatures (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12142">#12142</a>)</li> <li><strong>eslint-plugin:</strong> crash in <code>no-unnecessary-type-arguments</code> (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12163">#12163</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>ej shafran <a href="https://github.com/ej-shafran"><code>@ej-shafran</code></a></li> <li>Evyatar Daud <a href="https://github.com/StyleShit"><code>@StyleShit</code></a></li> <li>GG ZIBLAKING</li> <li>milkboy2564 <a href="https://github.com/SeolJaeHyeok"><code>@SeolJaeHyeok</code></a></li> <li>teee32 <a href="https://github.com/teee32"><code>@teee32</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>8.57.2 (2026-03-23)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [prefer-readonly-parameter-types] preserve type alias infomation (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11954">#11954</a>)</li> <li><strong>eslint-plugin:</strong> [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12127">#12127</a>)</li> <li><strong>eslint-plugin:</strong> [no-unsafe-return] false positive on unwrapping generic (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12125">#12125</a>)</li> <li><strong>eslint-plugin:</strong> [no-restricted-types] flag banned generics in extends or implements (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12120">#12120</a>)</li> <li><strong>eslint-plugin:</strong> [array-type] ignore Array and ReadonlyArray without type arguments (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11971">#11971</a>)</li> <li><strong>eslint-plugin:</strong> [prefer-optional-chain] remove dangling closing parenthesis (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11865">#11865</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> <li>Konv Suu</li> <li>mdm317</li> <li>Newton Yuan <a href="https://github.com/NewtonYuan"><code>@NewtonYuan</code></a></li> <li>SungHyun627 <a href="https://github.com/SungHyun627"><code>@SungHyun627</code></a></li> <li>Tamashoo <a href="https://github.com/Tamashoo"><code>@Tamashoo</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.57.2">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>8.57.1 (2026-03-16)</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
110833b014 |
Bump starlette from 0.52.1 to 1.0.0 in /backend (#1675)
Bumps [starlette](https://github.com/Kludex/starlette) from 0.52.1 to 1.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/releases">starlette's releases</a>.</em></p> <blockquote> <h2>Version 1.0.0</h2> <p>Starlette 1.0 is here! 🎉</p> <p>After nearly eight years since its creation, Starlette has reached its first stable release.</p> <p>A special thank you to <a href="https://github.com/lovelydinosaur"><code>@lovelydinosaur</code></a>, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏</p> <p>Thank you to <a href="https://github.com/adriangb"><code>@adriangb</code></a>, <a href="https://github.com/graingert"><code>@graingert</code></a>, <a href="https://github.com/agronholm"><code>@agronholm</code></a>, <a href="https://github.com/florimondmanca"><code>@florimondmanca</code></a>, <a href="https://github.com/aminalaee"><code>@aminalaee</code></a>, <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/alex-oleshkevich"><code>@alex-oleshkevich</code></a>, <a href="https://github.com/abersheeran"><code>@abersheeran</code></a>, and <a href="https://github.com/uSpike"><code>@uSpike</code></a> for helping make Starlette what it is today. And to all my sponsors - especially <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/huggingface"><code>@huggingface</code></a>, and <a href="https://github.com/elevenlabs"><code>@elevenlabs</code></a> - thank you for your support!</p> <p>Thank you to all <a href="https://github.com/encode/starlette/graphs/contributors">290+ contributors</a> who have shaped Starlette over the years! ❤️</p> <p>Read more on the <a href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">blog post</a>.</p> <p>Check out the full release notes at <a href="https://www.starlette.io/release-notes/#100-march-22-2026">https://www.starlette.io/release-notes/#100-march-22-2026</a></p> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/encode/starlette/compare/1.0.0rc1...1.0.0">https://github.com/encode/starlette/compare/1.0.0rc1...1.0.0</a></p> <h2>Version 1.0.0rc1</h2> <p>We're ready! 🚀</p> <p>The first release candidate for Starlette 1.0 is here! After years on ZeroVer, we're finally making the jump.</p> <p>This release removes all deprecated features marked for 1.0.0, along with some last-minute bug fixes.</p> <p>A special thank you to <a href="https://github.com/lovelydinosaur"><code>@lovelydinosaur</code></a>, the creator of Starlette, Uvicorn, HTTPX and MkDocs, whose work helped to lay the foundation for the modern async Python ecosystem. 🙏</p> <p>Thank you to <a href="https://github.com/adriangb"><code>@adriangb</code></a>, <a href="https://github.com/graingert"><code>@graingert</code></a>, <a href="https://github.com/agronholm"><code>@agronholm</code></a>, <a href="https://github.com/florimondmanca"><code>@florimondmanca</code></a>, <a href="https://github.com/aminalaee"><code>@aminalaee</code></a>, <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/alex-oleshkevich"><code>@alex-oleshkevich</code></a>, and <a href="https://github.com/abersheeran"><code>@abersheeran</code></a> for helping make Starlette what it is today. And to all my sponsors - especially <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/huggingface"><code>@huggingface</code></a>, and <a href="https://github.com/elevenlabs"><code>@elevenlabs</code></a> - thank you for your support!</p> <p>Thank you to all <a href="https://github.com/encode/starlette/graphs/contributors">290+ contributors</a> who have shaped Starlette over the years!</p> <p>Check out the full release notes at <a href="https://www.starlette.io/release-notes/#100rc1-february-23-2026">https://www.starlette.io/release-notes/#100rc1-february-23-2026</a></p> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1">https://github.com/Kludex/starlette/compare/0.52.1...1.0.0rc1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/blob/main/docs/release-notes.md">starlette's changelog</a>.</em></p> <blockquote> <h2>1.0.0 (March 22, 2026)</h2> <p>Starlette 1.0 is here!</p> <p>After nearly eight years since its creation, Starlette has reached its first stable release. Thank you to everyone who tested the release candidate and reported issues.</p> <p>You can read more on the <a href="https://marcelotryle.com/blog/2026/03/22/starlette-10-is-here/">blog post</a>.</p> <h4>Added</h4> <ul> <li>Track session access and modification in <code>SessionMiddleware</code> <a href="https://redirect.github.com/encode/starlette/pull/3166">#3166</a>.</li> </ul> <h4>Fixed</h4> <ul> <li>Handle websocket denial responses in <code>StreamingResponse</code> and <code>FileResponse</code> <a href="https://redirect.github.com/encode/starlette/pull/3189">#3189</a>.</li> <li>Use <code>bytearray</code> for field accumulation in <code>FormParser</code> <a href="https://redirect.github.com/encode/starlette/pull/3179">#3179</a>.</li> <li>Move <code>parser.finalize()</code> inside try/except in <code>MultiPartParser.parse()</code> <a href="https://redirect.github.com/encode/starlette/pull/3153">#3153</a>.</li> </ul> <h2>1.0.0rc1 (February 23, 2026)</h2> <p>We're ready! I'm thrilled to announce the first release candidate for Starlette 1.0.</p> <p>Starlette was created in June 2018 by Tom Christie, and has been on ZeroVer for years. Today, it's downloaded almost <a href="https://pypistats.org/packages/starlette">10 million times a day</a>, serves as the foundation for FastAPI, and has inspired many other frameworks. In the age of AI, Starlette continues to play an important role as a dependency of the Python MCP SDK.</p> <p>This release focuses on removing deprecated features that were marked for removal in 1.0.0, along with some last minute bug fixes. It's a release candidate, so we can gather feedback from the community before the final 1.0.0 release soon.</p> <p>A huge thank you to all the contributors who have helped make Starlette what it is today. In particular, I'd like to recognize:</p> <ul> <li><a href="https://github.com/lovelydinosaur">Kim Christie</a> - The original creator of Starlette, Uvicorn, and MkDocs, and the current maintainer of HTTPX. Kim's work helped lay the foundation for the modern async Python ecosystem.</li> <li><a href="https://github.com/adriangb">Adrian Garcia Badaracco</a> - One of the smartest people I know, whom I have the pleasure of working with at Pydantic.</li> <li><a href="https://github.com/graingert">Thomas Grainger</a> - My async teacher, always ready to help with questions.</li> <li><a href="https://github.com/agronholm">Alex Grönholm</a> - Another async mentor, always prompt to help with questions.</li> <li><a href="https://github.com/florimondmanca">Florimond Manca</a> - Always present in the early days of both Starlette and Uvicorn, and helped a lot in the ecosystem.</li> <li><a href="https://github.com/aminalaee">Amin Alaee</a> - Contributed a lot with file-related PRs.</li> <li><a href="https://github.com/tiangolo">Sebastián Ramírez</a> - Maintains FastAPI upstream, and always in contact to help with upstream issues.</li> <li><a href="https://github.com/alex-oleshkevich">Alex Oleshkevich</a> - Helped a lot on templates and many discussions.</li> <li><a href="https://github.com/abersheeran">abersheeran</a> - My go-to person when I need help on many subjects.</li> </ul> <p>I'd also like to thank my sponsors for their support. A special thanks to <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>, <a href="https://github.com/huggingface"><code>@huggingface</code></a>, and <a href="https://github.com/elevenlabs"><code>@elevenlabs</code></a> for their generous sponsorship, and to all my other sponsors:</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
17f0b797af |
Bump react-i18next from 16.6.2 to 17.0.1 in /frontend (#1674)
Bumps [react-i18next](https://github.com/i18next/react-i18next) from 16.6.2 to 17.0.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/i18next/react-i18next/blob/master/CHANGELOG.md">react-i18next's changelog</a>.</em></p> <blockquote> <h2>17.0.1</h2> <ul> <li>chore: bump minimum i18next peer dependency to <code>>= 26.0.1</code> <em>(forgot to do it in last version)</em></li> <li>fix: migrate test setup from removed legacy <code>interpolation.format</code> to <code>i18n.services.formatter.add()</code> (i18next v26)</li> </ul> <h2>17.0.0</h2> <h3>Potentially breaking changes</h3> <ul> <li>fix: <code>transKeepBasicHtmlNodesFor</code> now correctly preserves HTML tag names when children contain interpolations or mixed content <a href="https://redirect.github.com/i18next/i18next-cli/issues/230">230</a> <ul> <li>Previously, <code><strong>{{name}}</strong></code> was incorrectly serialized as <code><1>{{name}}</1></code> — the tag name was only preserved for plain string children</li> <li>This bug existed since the feature was introduced and affects auto-generated keys (when no explicit <code>i18nKey</code> is provided)</li> <li>If you rely on auto-generated Trans keys containing indexed tags for kept HTML elements with interpolation children, you will need to update your translation files</li> </ul> </li> </ul> <h3>Other changes</h3> <ul> <li>updated dev dependencies (vitest, rollup plugins, happy-dom, typescript, etc.)</li> </ul> <h3>16.6.6</h3> <ul> <li>fix(peer-deps): bump i18next peer dependency to <code>>= 25.10.9</code> to match required type exports (<code>ConstrainTarget</code>, <code>ApplyTarget</code>, <code>GetSource</code>) used by <code>TransSelector</code> <a href="https://redirect.github.com/i18next/react-i18next/issues/1911">1911</a></li> </ul> <h3>16.6.5</h3> <ul> <li>fix(types): selector keyPrefix overload in <code>useTranslation</code> no longer matches when <code>keyPrefix</code> is absent, fixing <code>defaultNS: false</code> with explicit <code>ns</code> option <a href="https://redirect.github.com/i18next/i18next/issues/2412">2412</a></li> </ul> <h3>16.6.4</h3> <ul> <li>allow TypeScript 6 as peer dependency <a href="https://redirect.github.com/i18next/react-i18next/issues/1910">1910</a></li> </ul> <h3>16.6.3</h3> <ul> <li>fix(types): merge <code>TransSelector</code> overloads into a single signature so <code>typeof Trans</code> remains extendable <a href="https://redirect.github.com/i18next/react-i18next/issues/1909">1909</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b6591d7a92 |
Bump @tabler/icons-react from 3.40.0 to 3.41.0 in /frontend (#1673)
Bumps [@tabler/icons-react](https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react) from 3.40.0 to 3.41.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tabler/tabler-icons/releases"><code>@tabler/icons-react</code>'s releases</a>.</em></p> <blockquote> <h2>Release 3.41.0</h2> <!-- raw HTML omitted --> <h3>18 new icons:</h3> <ul> <li><code>outline/brand-jira</code></li> <li><code>outline/car-off-road</code></li> <li><code>outline/car-suspension</code></li> <li><code>outline/credit-card-hand</code></li> <li><code>outline/device-3d-camera</code></li> <li><code>outline/device-3d-lens</code></li> <li><code>outline/device-screen</code></li> <li><code>outline/iceberg</code></li> <li><code>outline/jetski</code></li> <li><code>outline/olympic-torch</code></li> <li><code>outline/parking-meter</code></li> <li><code>outline/pillow</code></li> <li><code>outline/pipeline</code></li> <li><code>outline/quote-open</code></li> <li><code>outline/scan-letter-a</code></li> <li><code>outline/scan-letter-t</code></li> <li><code>outline/segway</code></li> <li><code>outline/x-mark</code></li> </ul> <h3>New features</h3> <ul> <li><strong>Angular support</strong>: new <code>@tabler/icons-angular</code> package with components, build pipeline, unit tests, and <code>test/test-angular</code> sample app (<a href="https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react/issues/1091">#1091</a>).</li> <li><strong>SVG validation</strong>: validation for <code><g></code> elements; broader SVG icon validation improvements (<a href="https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react/issues/1487">#1487</a>); more consistent SVG path syntax (<a href="https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react/issues/1488">#1488</a>).</li> <li><strong><code>icons-react</code></strong>: JSDoc with icon previews in generated output (<a href="https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react/issues/1472">#1472</a>).</li> <li><strong><code>icons-react-native</code></strong>: <code>react-native-svg</code> added as a <strong>peer dependency</strong> (<a href="https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react/issues/1475">#1475</a>).</li> <li><strong><code>icons-solidjs</code></strong>: SSR support via <code>rollup-preset-solid</code> and JSX/TSX component refactor (<a href="https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react/issues/1493">#1493</a>).</li> </ul> <h3>Fixed icons</h3> <ul> <li><strong><code>outline/brand-kbin</code></strong> and <strong><code>outline/volume-4</code></strong>: adjusted for compatibility with <code>buildJsIcons</code> (<a href="https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react/issues/1469">#1469</a>).</li> <li><strong><code>outline/number-35-small</code></strong> through <strong><code>outline/number-50-small</code></strong>: updated Unicode values (<a href="https://github.com/tabler/tabler-icons/tree/HEAD/packages/icons-react/issues/1494">#1494</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a158f25616 |
Bump postcss from 8.5.0 to 8.5.10 in /frontend (#1672)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.0 to 8.5.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> <h2>8.5.6</h2> <ul> <li>Fixed <code>ContainerWithChildren</code> type discriminating (by <a href="https://github.com/Goodwine"><code>@Goodwine</code></a>).</li> </ul> <h2>8.5.5</h2> <ul> <li>Fixed <code>package.json</code>→<code>exports</code> compatibility with some tools (by <a href="https://github.com/JounQin"><code>@JounQin</code></a>).</li> </ul> <h2>8.5.4</h2> <ul> <li>Fixed Parcel compatibility issue (by <a href="https://github.com/git-sumitchaudhary"><code>@git-sumitchaudhary</code></a>).</li> </ul> <h2>8.5.3</h2> <ul> <li>Added more details to <code>Unknown word</code> error (by <a href="https://github.com/hiepxanh"><code>@hiepxanh</code></a>).</li> <li>Fixed types (by <a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> <li>Fixed docs (by <a href="https://github.com/catnipan"><code>@catnipan</code></a>).</li> </ul> <h2>8.5.2</h2> <ul> <li>Fixed end position of rules with semicolon (by <a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> </ul> <h2>8.5.1</h2> <ul> <li>Fixed backwards compatibility for complex cases (by <a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> <h2>8.5.6</h2> <ul> <li>Fixed <code>ContainerWithChildren</code> type discriminating (by <a href="https://github.com/Goodwine"><code>@Goodwine</code></a>).</li> </ul> <h2>8.5.5</h2> <ul> <li>Fixed <code>package.json</code>→<code>exports</code> compatibility with some tools (by <a href="https://github.com/JounQin"><code>@JounQin</code></a>).</li> </ul> <h2>8.5.4</h2> <ul> <li>Fixed Parcel compatibility issue (by <a href="https://github.com/git-sumitchaudhary"><code>@git-sumitchaudhary</code></a>).</li> </ul> <h2>8.5.3</h2> <ul> <li>Added more details to <code>Unknown word</code> error (by <a href="https://github.com/hiepxanh"><code>@hiepxanh</code></a>).</li> <li>Fixed types (by <a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> <li>Fixed docs (by <a href="https://github.com/catnipan"><code>@catnipan</code></a>).</li> </ul> <h2>8.5.2</h2> <ul> <li>Fixed end position of rules with semicolon (by <a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> </ul> <h2>8.5.1</h2> <ul> <li>Fixed backwards compatibility for complex cases (by <a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> </ul> <h2>8.5 “Duke Alloces”</h2> <ul> <li>Added <code>Input#document</code> for sources like CSS-in-JS or HTML (by <a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> </ul> <h2>8.4.49</h2> <ul> <li>Fixed custom syntax without <code>source.offset</code> (by <a href="https://github.com/romainmenke"><code>@romainmenke</code></a>).</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
dae5d1d023 |
Bump postcss from 8.5.6 to 8.5.10 in /docs (#1671)
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.5.10</h2> <ul> <li>Fixed XSS via unescaped <code></style></code> in non-bundler cases (by <a href="https://github.com/TharVid"><code>@TharVid</code></a>).</li> </ul> <h2>8.5.9</h2> <ul> <li>Speed up source map encoding paring in case of the error.</li> </ul> <h2>8.5.8</h2> <ul> <li>Fixed <code>Processor#version</code>.</li> </ul> <h2>8.5.7</h2> <ul> <li>Improved source map annotation cleaning performance (by CodeAnt AI).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
6cb1ffffb3 |
Bump i18next-http-backend from 3.0.2 to 3.0.5 in /frontend (#1669)
Bumps [i18next-http-backend](https://github.com/i18next/i18next-http-backend) from 3.0.2 to 3.0.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/i18next/i18next-http-backend/blob/master/CHANGELOG.md">i18next-http-backend's changelog</a>.</em></p> <blockquote> <h3>3.0.5</h3> <p>Security release — all issues found via an internal audit. See published advisory <a href="https://github.com/i18next/i18next-http-backend/security/advisories/GHSA-q89c-q3h5-w34g">GHSA-q89c-q3h5-w34g</a>.</p> <ul> <li>security: refuse to build request URLs when <code>lng</code> or <code>ns</code> values contain path-traversal, URL-structure (<code>?</code>, <code>#</code>, <code>%</code>, <code>@</code>, whitespace), path separators, control characters, prototype keys, or exceed 128 chars. Prevents path traversal / SSRF / URL injection via attacker-controlled language-code values. <code>isSafeUrlSegment</code> is permissive for legitimate i18next language codes (any BCP-47-like shape, underscores, hyphens, dots, <code>+</code>-joined multi-language requests) (<a href="https://github.com/i18next/i18next-http-backend/security/advisories/GHSA-q89c-q3h5-w34g">GHSA-q89c-q3h5-w34g</a>)</li> <li>security: per-instance <code>omitFetchOptions</code> — the fetch-options-stripping fallback is now scoped to a single backend instance via <code>options._omitFetchOptions</code> instead of a module-level boolean. One instance hitting a "not implemented" fetch error no longer permanently strips <code>requestOptions</code> (including <code>credentials</code>, <code>mode</code>, <code>cache</code>) from every other backend instance in the same process</li> <li>security: strip CR/LF/NUL and other C0/C1 control characters from <code>lng</code>/<code>ns</code> / URL values before they appear in error-callback strings (CWE-117 log forging)</li> <li>security: redact <code>user:password</code> credentials from URLs before including them in error-callback strings — prevents leaking basic-auth credentials embedded in <code>loadPath</code> / <code>addPath</code></li> <li>security: iterate own enumerable keys only (<code>Object.keys</code> + prototype-key guard) in <code>addQueryString</code> and in the <code>customHeaders</code> loop in XHR mode — prevents prototype-pollution amplification into the URL and request headers</li> <li>chore: ignore <code>.env*</code> and <code>*.pem</code>/<code>*.key</code> files in <code>.gitignore</code></li> </ul> <h3>3.0.4</h3> <ul> <li>use own interpolation function for loadPath and addPath instead of relying on i18next's interpolator <a href="https://redirect.github.com/i18next/i18next/issues/2420">i18next#2420</a> — this means only <code>{{lng}}</code> and <code>{{ns}}</code> placeholders are supported; custom interpolation prefix/suffix from i18next config no longer applies to backend paths</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
454bdf4538 |
Bump python-dotenv from 1.2.1 to 1.2.2 in /backend (#1668)
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/theskumar/python-dotenv/releases">python-dotenv's releases</a>.</em></p> <blockquote> <h2>v1.2.2</h2> <h3>Added</h3> <ul> <li>Support for Python 3.14, including the free-threaded (3.14t) build. (#)</li> </ul> <h3>Changed</h3> <ul> <li>The <code>dotenv run</code> command now forwards flags directly to the specified command by <a href="https://github.com/bbc2"><code>@bbc2</code></a> in <a href="https://redirect.github.com/theskumar/python-dotenv/pull/607">theskumar/python-dotenv#607</a></li> <li>Improved documentation clarity regarding override behavior and the reference page.</li> <li>Updated PyPy support to version 3.11.</li> <li>Documentation for FIFO file support.</li> <li>Support for Python 3.9.</li> </ul> <h3>Fixed</h3> <ul> <li>Improved <code>set_key</code> and <code>unset_key</code> behavior when interacting with symlinks by <a href="https://github.com/bbc2"><code>@bbc2</code></a> in <a href=" |
||
|
dependabot[bot]
|
81d43f3079 |
Bump actions/setup-node from 6 to 6.3.0 (#1667)
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6 to 6.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases">actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.3.0</h2> <h2>What's Changed</h2> <h3>Enhancements:</h3> <ul> <li>Support parsing <code>devEngines</code> field by <a href="https://github.com/susnux"><code>@susnux</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1283">actions/setup-node#1283</a></li> </ul> <blockquote> <p>When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.</p> </blockquote> <h3>Dependency updates:</h3> <ul> <li>Fix npm audit issues by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1491">actions/setup-node#1491</a></li> <li>Replace uuid with crypto.randomUUID() by <a href="https://github.com/trivikr"><code>@trivikr</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1378">actions/setup-node#1378</a></li> <li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1498">actions/setup-node#1498</a></li> </ul> <h3>Bug fixes:</h3> <ul> <li>Remove hardcoded bearer for mirror-url <a href="https://github.com/marco-ippolito"><code>@marco-ippolito</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1467">actions/setup-node#1467</a></li> <li>Scope test lockfiles by package manager and update cache tests by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1495">actions/setup-node#1495</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/susnux"><code>@susnux</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1283">actions/setup-node#1283</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.3.0">https://github.com/actions/setup-node/compare/v6...v6.3.0</a></p> <h2>v6.2.0</h2> <h2>What's Changed</h2> <h3>Documentation</h3> <ul> <li>Documentation update related to absence of Lockfile by <a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1454">actions/setup-node#1454</a></li> <li>Correct mirror option typos by <a href="https://github.com/MikeMcC399"><code>@MikeMcC399</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1442">actions/setup-node#1442</a></li> <li>Readme update on checkout version v6 by <a href="https://github.com/deining"><code>@deining</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1446">actions/setup-node#1446</a></li> <li>Readme typo fixes <a href="https://github.com/munyari"><code>@munyari</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1226">actions/setup-node#1226</a></li> <li>Advanced document update on checkout version v6 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1468">actions/setup-node#1468</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@actions/cache</code> to v5.0.1 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1449">actions/setup-node#1449</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/mahabaleshwars"><code>@mahabaleshwars</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1454">actions/setup-node#1454</a></li> <li><a href="https://github.com/MikeMcC399"><code>@MikeMcC399</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1442">actions/setup-node#1442</a></li> <li><a href="https://github.com/deining"><code>@deining</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1446">actions/setup-node#1446</a></li> <li><a href="https://github.com/munyari"><code>@munyari</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1226">actions/setup-node#1226</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v6...v6.2.0">https://github.com/actions/setup-node/compare/v6...v6.2.0</a></p> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancement:</h3> <ul> <li>Remove always-auth configuration handling by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1436">actions/setup-node#1436</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@actions/cache</code> from 4.0.3 to 4.1.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1384">actions/setup-node#1384</a></li> <li>Upgrade actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1439">actions/setup-node#1439</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
github-actions[bot]
|
366c4c438b |
Update contributors in readme (#1666)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
3b61f5c979 |
Bump mako from 1.3.10 to 1.3.11 in /backend (#1665)
Bumps [mako](https://github.com/sqlalchemy/mako) from 1.3.10 to 1.3.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sqlalchemy/mako/releases">mako's releases</a>.</em></p> <blockquote> <h1>1.3.11</h1> <p>Released: Tue Apr 14 2026</p> <h2>bug</h2> <ul> <li> <p><strong>[bug] [template]</strong> Fixed issue in <code>TemplateLookup</code> where a URI with a double-slash prefix (e.g. <code>//../../</code>) could bypass the directory traversal check in <code>Template</code>, allowing reads of arbitrary files outside of the template directory. The issue was caused by an inconsistency in how leading slashes were stripped between <code>TemplateLookup.get_template()</code> and <code>Template</code> initialization.</p> <p>References: <a href="https://redirect.github.com/sqlalchemy/mako/issues/434">#434</a></p> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/sqlalchemy/mako/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/evroon/bracket/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Erik Vroon
|
aa5ff361a7 | Update deps (#1663) | ||
|
Byte
|
1843347dca |
Fix provided port in docs (#1652)
The port in the docker compose seems to be 8400, however the docs say it's 3000. Users may not know why they are seeing Connection refused issues |
||
|
dependabot[bot]
|
c4b05352a3 |
Bump python-multipart from 0.0.22 to 0.0.26 in /backend (#1662)
Bumps [python-multipart](https://github.com/Kludex/python-multipart) from 0.0.22 to 0.0.26. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/releases">python-multipart's releases</a>.</em></p> <blockquote> <h2>Version 0.0.26</h2> <h2>What's Changed</h2> <ul> <li>Skip preamble before first multipart boundary by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/262">Kludex/python-multipart#262</a></li> <li>Silently discard epilogue data after the closing boundary by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/259">Kludex/python-multipart#259</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26">https://github.com/Kludex/python-multipart/compare/0.0.25...0.0.26</a></p> <h2>Version 0.0.25</h2> <h2>What's Changed</h2> <ul> <li>Apply Apache-2.0 properly by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/247">Kludex/python-multipart#247</a></li> <li>Handle multipart headers case-insensitively by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/252">Kludex/python-multipart#252</a></li> <li>Emit <code>field_end</code> for trailing bare field names on finalize by <a href="https://github.com/bysiber"><code>@bysiber</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/230">Kludex/python-multipart#230</a></li> <li>Add <code>UPLOAD_DELETE_TMP</code> to <code>FormParser</code> config by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/254">Kludex/python-multipart#254</a></li> <li>Remove custom FormParser classes by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/257">Kludex/python-multipart#257</a></li> <li>Handle CTE values case-insensitively by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/258">Kludex/python-multipart#258</a></li> <li>Add MIME content type info to File by <a href="https://github.com/jhnstrk"><code>@jhnstrk</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/143">Kludex/python-multipart#143</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25">https://github.com/Kludex/python-multipart/compare/0.0.24...0.0.25</a></p> <h2>Version 0.0.24</h2> <h2>What's Changed</h2> <ul> <li>Validate <code>chunk_size</code> in <code>parse_form()</code> by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/244">Kludex/python-multipart#244</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24">https://github.com/Kludex/python-multipart/compare/0.0.23...0.0.24</a></p> <h2>Version 0.0.23</h2> <h2>What's Changed</h2> <ul> <li>Remove unused <code>trust_x_headers</code> parameter and <code>X-File-Name</code> fallback by <a href="https://github.com/jhnstrk"><code>@jhnstrk</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/196">Kludex/python-multipart#196</a></li> <li>Return processed length from <code>QuerystringParser._internal_write</code> by <a href="https://github.com/bysiber"><code>@bysiber</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/229">Kludex/python-multipart#229</a></li> <li>Cleanup metadata dunders from <code>__init__.py</code> by <a href="https://github.com/Chesars"><code>@Chesars</code></a> in <a href="https://redirect.github.com/Kludex/python-multipart/pull/227">Kludex/python-multipart#227</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Chesars"><code>@Chesars</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/python-multipart/pull/227">Kludex/python-multipart#227</a></li> <li><a href="https://github.com/bysiber"><code>@bysiber</code></a> made their first contribution in <a href="https://redirect.github.com/Kludex/python-multipart/pull/229">Kludex/python-multipart#229</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23">https://github.com/Kludex/python-multipart/compare/0.0.22...0.0.23</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/python-multipart/blob/master/CHANGELOG.md">python-multipart's changelog</a>.</em></p> <blockquote> <h2>0.0.26 (2026-04-10)</h2> <ul> <li>Skip preamble before the first multipart boundary more efficiently <a href="https://redirect.github.com/Kludex/python-multipart/pull/262">#262</a>.</li> <li>Silently discard epilogue data after the closing multipart boundary <a href="https://redirect.github.com/Kludex/python-multipart/pull/259">#259</a>.</li> </ul> <h2>0.0.25 (2026-04-10)</h2> <ul> <li>Add MIME content type info to <code>File</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/143">#143</a>.</li> <li>Handle CTE values case-insensitively <a href="https://redirect.github.com/Kludex/python-multipart/pull/258">#258</a>.</li> <li>Remove custom <code>FormParser</code> classes <a href="https://redirect.github.com/Kludex/python-multipart/pull/257">#257</a>.</li> <li>Add <code>UPLOAD_DELETE_TMP</code> to <code>FormParser</code> config <a href="https://redirect.github.com/Kludex/python-multipart/pull/254">#254</a>.</li> <li>Emit <code>field_end</code> for trailing bare field names on finalize <a href="https://redirect.github.com/Kludex/python-multipart/pull/230">#230</a>.</li> <li>Handle multipart headers case-insensitively <a href="https://redirect.github.com/Kludex/python-multipart/pull/252">#252</a>.</li> <li>Apply Apache-2.0 properly <a href="https://redirect.github.com/Kludex/python-multipart/pull/247">#247</a>.</li> </ul> <h2>0.0.24 (2026-04-05)</h2> <ul> <li>Validate <code>chunk_size</code> in <code>parse_form()</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/244">#244</a>.</li> </ul> <h2>0.0.23 (2026-04-05)</h2> <ul> <li>Remove unused <code>trust_x_headers</code> parameter and <code>X-File-Name</code> fallback <a href="https://redirect.github.com/Kludex/python-multipart/pull/196">#196</a>.</li> <li>Return processed length from <code>QuerystringParser._internal_write</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/229">#229</a>.</li> <li>Cleanup metadata dunders from <code>__init__.py</code> <a href="https://redirect.github.com/Kludex/python-multipart/pull/227">#227</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Copilot
|
1044914a48 |
fix: enforce dashboard_public check for unauthenticated API access (GHSA-9mjc-6fp2-hm9v) (#1660)
## Summary
Fixes the missing `dashboard_public` check security vulnerability
(GHSA-9mjc-6fp2-hm9v).
### Root cause
The `user_authenticated_or_public_dashboard` dependency in `auth.py`
only verified that the tournament existed in the database, but never
checked whether `dashboard_public = True`. This allowed unauthenticated
users to access sensitive tournament data on the following endpoints
even when the tournament was not publicly shared:
- `GET /tournaments/{tournament_id}` (partially protected by an explicit
post-dependency check)
- `GET /tournaments/{tournament_id}/courts`
- `GET /tournaments/{tournament_id}/teams`
- `GET /tournaments/{tournament_id}/rankings`
- `GET /tournaments/{tournament_id}/stages`
### Changes
- **`backend/bracket/routes/auth.py`**: Added `not
tournaments_fetched[0].dashboard_public` to the check in
`user_authenticated_or_public_dashboard`. Unauthenticated requests to a
tournament with `dashboard_public=False` now receive a 401 response.
- **`backend/bracket/routes/tournaments.py`**: Removed the now-redundant
explicit `dashboard_public` check in `get_tournament` (the dependency
handles it now).
- **`backend/tests/integration_tests/api/tournaments_test.py`**: Added
`test_non_public_tournament_endpoints_blocked_for_unauthenticated_users`
to assert that all affected endpoints return 401 for unauthenticated
requests when `dashboard_public=False`.
Note: `user_authenticated_or_public_dashboard_by_endpoint_name` (used
for the `GET /tournaments?endpoint_name=` route) was not affected — it
delegates to `sql_get_tournament_by_endpoint_name` which already
includes `AND dashboard_public IS TRUE` in its SQL query.
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: evroon <11857441+evroon@users.noreply.github.com>
|
||
|
dependabot[bot]
|
561467a342 |
Bump pytest from 9.0.1 to 9.0.3 in /backend (#1659)
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.1 to 9.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pytest-dev/pytest/releases">pytest's releases</a>.</em></p> <blockquote> <h2>9.0.3</h2> <h1>pytest 9.0.3 (2026-04-07)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12444">#12444</a>: Fixed <code>pytest.approx</code> which now correctly takes into account <code>~collections.abc.Mapping</code> keys order to compare them.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13634">#13634</a>: Blocking a <code>conftest.py</code> file using the <code>-p no:</code> option is now explicitly disallowed.</p> <p>Previously this resulted in an internal assertion failure during plugin loading.</p> <p>Pytest now raises a clear <code>UsageError</code> explaining that conftest files are not plugins and cannot be disabled via <code>-p</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13734">#13734</a>: Fixed crash when a test raises an exceptiongroup with <code>__tracebackhide__ = True</code>.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14195">#14195</a>: Fixed an issue where non-string messages passed to <!-- raw HTML omitted -->unittest.TestCase.subTest()<!-- raw HTML omitted --> were not printed.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/14343">#14343</a>: Fixed use of insecure temporary directory (CVE-2025-71176).</p> </li> </ul> <h2>Improved documentation</h2> <ul> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13388">#13388</a>: Clarified documentation for <code>-p</code> vs <code>PYTEST_PLUGINS</code> plugin loading and fixed an incorrect <code>-p</code> example.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/13731">#13731</a>: Clarified that capture fixtures (e.g. <code>capsys</code> and <code>capfd</code>) take precedence over the <code>-s</code> / <code>--capture=no</code> command-line options in <code>Accessing captured output from a test function <accessing-captured-output></code>.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14088">#14088</a>: Clarified that the default <code>pytest_collection</code> hook sets <code>session.items</code> before it calls <code>pytest_collection_finish</code>, not after.</li> <li><a href="https://redirect.github.com/pytest-dev/pytest/issues/14255">#14255</a>: TOML integer log levels must be quoted: Updating reference documentation.</li> </ul> <h2>Contributor-facing changes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/12689">#12689</a>: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible <a href="https://app.codecov.io/gh/pytest-dev/pytest/tests">on the web interface</a>.</p> <p>-- by <code>aleguy02</code></p> </li> </ul> <h2>9.0.2</h2> <h1>pytest 9.0.2 (2025-12-06)</h1> <h2>Bug fixes</h2> <ul> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13896">#13896</a>: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.</p> <p>You may enable it again by passing <code>-p terminalprogress</code>. We may enable it by default again once compatibility improves in the future.</p> <p>Additionally, when the environment variable <code>TERM</code> is <code>dumb</code>, the escape codes are no longer emitted, even if the plugin is enabled.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13904">#13904</a>: Fixed the TOML type of the <code>tmp_path_retention_count</code> settings in the API reference from number to string.</p> </li> <li> <p><a href="https://redirect.github.com/pytest-dev/pytest/issues/13946">#13946</a>: The private <code>config.inicfg</code> attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
737ba642f3 |
Bump @vitejs/plugin-react from 5.2.0 to 6.0.1 in /frontend (#1658)
Bumps [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) from 5.2.0 to 6.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/releases"><code>@vitejs/plugin-react</code>'s releases</a>.</em></p> <blockquote> <h2>plugin-react@6.0.1</h2> <h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3> <p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to include <code>^0.2.0</code>.</p> <h2>plugin-react@6.0.0</h2> <h3>Remove Babel Related Features (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3> <p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.</p> <p>If you are using Babel, you can use <code>@rolldown/plugin-babel</code> together with this plugin:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' import react from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li> <pre><code>react({ </code></pre> </li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code> }, </code></pre> </li> <li> <pre><code>}), </code></pre> </li> </ul> <ul> <li> <pre><code>react(), </code></pre> </li> <li> <pre><code>babel({ </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code>}), </code></pre> ] }) </code></pre></li> </ul> <p>For React compiler users, you can use <code>reactCompilerPreset</code> for easier setup with preconfigured filter to improve build performance:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' -import react from '@vitejs/plugin-react' +import react, { reactCompilerPreset } from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li>react({</li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['babel-plugin-react-compiler'], </code></pre> </li> <li> <pre><code> }, </code></pre> </li> <li>}),</li> </ul> <ul> <li>react(),</li> <li>babel({</li> <li> <pre><code> presets: [reactCompilerPreset()] </code></pre> </li> </ul> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md"><code>@vitejs/plugin-react</code>'s changelog</a>.</em></p> <blockquote> <h2>6.0.1 (2026-03-13)</h2> <h3>Expand <code>@rolldown/plugin-babel</code> peer dep range (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1146">#1146</a>)</h3> <p>Expanded <code>@rolldown/plugin-babel</code> peer dep range to include <code>^0.2.0</code>.</p> <h2>6.0.0 (2026-03-12)</h2> <h2>6.0.0-beta.0 (2026-03-03)</h2> <h3>Remove Babel Related Features (<a href="https://redirect.github.com/vitejs/vite-plugin-react/pull/1123">#1123</a>)</h3> <p>Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.</p> <p>If you are using Babel, you can use <code>@rolldown/plugin-babel</code> together with this plugin:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' import react from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li> <pre><code>react({ </code></pre> </li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code> }, </code></pre> </li> <li> <pre><code>}), </code></pre> </li> </ul> <ul> <li> <pre><code>react(), </code></pre> </li> <li> <pre><code>babel({ </code></pre> </li> <li> <pre><code> plugins: ['@babel/plugin-proposal-throw-expressions'], </code></pre> </li> <li> <pre><code>}), </code></pre> ] }) </code></pre></li> </ul> <p>For React compiler users, you can use <code>reactCompilerPreset</code> for easier setup with preconfigured filter to improve build performance:</p> <pre lang="diff"><code> import { defineConfig } from 'vite' -import react from '@vitejs/plugin-react' +import react, { reactCompilerPreset } from '@vitejs/plugin-react' +import babel from '@rolldown/plugin-babel' <p>export default defineConfig({ plugins: [</p> <ul> <li>react({</li> <li> <pre><code> babel: { </code></pre> </li> <li> <pre><code> plugins: ['babel-plugin-react-compiler'], </code></pre> </li> <li> <pre><code> }, </code></pre> </li> </ul> <p></tr></table> </code></pre></p> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
16af31c7b9 |
Bump starlette from 0.49.1 to 0.52.1 in /backend (#1657)
Bumps [starlette](https://github.com/Kludex/starlette) from 0.49.1 to 0.52.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/releases">starlette's releases</a>.</em></p> <blockquote> <h2>Version 0.52.1</h2> <h2>What's Changed</h2> <ul> <li>Only use <code>typing_extensions</code> in older Python versions by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/starlette/pull/3109">Kludex/starlette#3109</a></li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.52.0...0.52.1">https://github.com/Kludex/starlette/compare/0.52.0...0.52.1</a></p> <h2>Version 0.52.0</h2> <p>In this release, <code>State</code> can be accessed using dictionary-style syntax for improved type safety (<a href="https://redirect.github.com/Kludex/starlette/pull/3036">#3036</a>).</p> <pre lang="python"><code>from collections.abc import AsyncIterator from contextlib import asynccontextmanager from typing import TypedDict <p>import httpx</p> <p>from starlette.applications import Starlette from starlette.requests import Request</p> <p>class State(TypedDict): http_client: httpx.AsyncClient</p> <p><a href="https://github.com/asynccontextmanager"><code>@asynccontextmanager</code></a> async def lifespan(app: Starlette) -> AsyncIterator[State]: async with httpx.AsyncClient() as client: yield {"http_client": client}</p> <p>async def homepage(request: Request[State]): client = request.state["http_client"] # If you run the below line with mypy or pyright, it will reveal the correct type. reveal_type(client) # Revealed type is 'httpx.AsyncClient' </code></pre></p> <p>See <a href="https://github.com/Kludex/starlette/blob/HEAD/lifespan.md#accessing-state">Accessing State</a> for more details.</p> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/starlette/compare/0.51.0...0.52.0">https://github.com/Kludex/starlette/compare/0.51.0...0.52.0</a></p> <h2>Version 0.51.0</h2> <h2>Added</h2> <ul> <li>Add <code>allow_private_network</code> in <code>CORSMiddleware</code> <a href="https://redirect.github.com/Kludex/starlette/pull/3065">#3065</a>.</li> </ul> <h2>Changed</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/starlette/blob/main/docs/release-notes.md">starlette's changelog</a>.</em></p> <blockquote> <h2>0.52.1 (January 18, 2026)</h2> <h4>Fixed</h4> <ul> <li>Only use <code>typing_extensions</code> in older Python versions <a href="https://redirect.github.com/Kludex/starlette/pull/3109">#3109</a>.</li> </ul> <h2>0.52.0 (January 18, 2026)</h2> <p>In this release, <code>State</code> can be accessed using dictionary-style syntax for improved type safety (<a href="https://redirect.github.com/Kludex/starlette/pull/3036">#3036</a>).</p> <pre lang="python"><code>from collections.abc import AsyncIterator from contextlib import asynccontextmanager from typing import TypedDict <p>import httpx</p> <p>from starlette.applications import Starlette from starlette.requests import Request</p> <p>class State(TypedDict): http_client: httpx.AsyncClient</p> <p><a href="https://github.com/asynccontextmanager"><code>@asynccontextmanager</code></a> async def lifespan(app: Starlette) -> AsyncIterator[State]: async with httpx.AsyncClient() as client: yield {"http_client": client}</p> <p>async def homepage(request: Request[State]): client = request.state["http_client"] # If you run the below line with mypy or pyright, it will reveal the correct type. reveal_type(client) # Revealed type is 'httpx.AsyncClient' </code></pre></p> <p>See <a href="https://github.com/Kludex/starlette/blob/main/docs/lifespan.md#accessing-state">Accessing State</a> for more details.</p> <h2>0.51.0 (January 10, 2026)</h2> <h4>Added</h4> <ul> <li>Add <code>allow_private_network</code> in <code>CORSMiddleware</code> <a href="https://redirect.github.com/Kludex/starlette/pull/3065">#3065</a>.</li> </ul> <h4>Changed</h4> <ul> <li>Increase warning stacklevel on <code>DeprecationWarning</code> for wsgi module <a href="https://redirect.github.com/Kludex/starlette/pull/3082">#3082</a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Copilot
|
10db82f397 |
Add 1-month cooldown to all Dependabot update configurations (#1656)
Dependabot was configured to create PRs immediately after new versions
were published. Adding a 30-day cooldown across all ecosystems reduces
churn from short-lived or unstable releases.
## Changes
- Added `cooldown: default-days: 30` to all five package ecosystems in
`.github/dependabot.yml`:
- `uv` (backend)
- `npm` (frontend, docs)
- `github-actions`
- `docker`
- `docker-compose`
```yaml
- package-ecosystem: "uv"
directory: "/backend"
schedule:
interval: "weekly"
cooldown:
default-days: 30
```
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: evroon <11857441+evroon@users.noreply.github.com>
|
||
|
dependabot[bot]
|
0d8ee4adf9 |
Bump pyrefly from 0.58.0 to 0.60.0 in /backend (#1647)
Bumps [pyrefly](https://github.com/facebook/pyrefly) from 0.58.0 to 0.60.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/facebook/pyrefly/releases">pyrefly's releases</a>.</em></p> <blockquote> <h2>Pyrefly v0.60.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/facebook/pyrefly/compare/0.59.1...0.60.0">https://github.com/facebook/pyrefly/compare/0.59.1...0.60.0</a></p> <h2>Pyrefly v0.59.1</h2> <p>Fixed a performance regression in 0.59.0.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/facebook/pyrefly/compare/0.59.0...0.59.1">https://github.com/facebook/pyrefly/compare/0.59.0...0.59.1</a></p> <h2>Pyrefly v0.59.0</h2> <p><strong>Status : Beta</strong><br /> <em><strong>Release date:</strong> March 30, 2026</em></p> <p>Pyrefly v0.59.0 bundles <strong>153 commits</strong> from <strong>20 contributors</strong>.</p> <hr /> <h2>✨ New & Improved</h2> <table> <thead> <tr> <th align="left">Area</th> <th align="left">What’s new</th> </tr> </thead> <tbody> <tr> <td align="left"><strong>Type Checking</strong></td> <td align="left">- You can now use <code>while...else</code> statements with returns in the <code>else</code> clause without triggering a false positive <code>missing-explicit-return</code> error. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Pyrefly now correctly handles type inference for nested empty dictionaries when constructing TypedDict instances, avoiding <code>implicit-any</code> errors. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Error messages now highlight related code with inline labels; for example, an unsupported * operation will show the types of both operands directly in the source snippet</td> </tr> <tr> <td align="left"><strong>Language Server</strong></td> <td align="left">- LSP hover information for classes now displays constructor signature and docstring. <!-- raw HTML omitted --><!-- raw HTML omitted -->- Support additional LSP functionality for notebooks, including find-references and rename.</td> </tr> <tr> <td align="left"><strong>Performance</strong></td> <td align="left">- Faster typechecking in large pythonc codebases, up to 2x faster on recent benchmarks on real world projects <!-- raw HTML omitted --><!-- raw HTML omitted -->- Reduced CPU usage through smarter caching of module resolution results <!-- raw HTML omitted --><!-- raw HTML omitted -->- Improved performance of the LSP server by reducing redundant workspace diagnostic publishes.</td> </tr> </tbody> </table> <hr /> <h2>🐛 bug fixes</h2> <p>We closed 16 bug issues this release 👏</p> <ul> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2026">#2026</a>: Fixed an issue where recursive bounded generics were incorrectly reported as <code>object</code>, ensuring accurate type checking.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2812">#2812</a>: Resolved a false positive <code>invalid-type-var</code> error when persisting the <code>get</code> method of a fully-annotated <code>dict</code>.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2804">#2804</a>: Fixed an <code>implicit-any</code> false positive that occurred with TypedDict items, improving code readability.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2868">#2868</a>: Pyrefly now correctly recognizes <code>while...else</code> statements with returns in the <code>else</code> clause as exhaustive.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2814">#2814</a>: Enhanced hover information for <code>datetime.datetime</code> imports to display constructor signatures and docstrings.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2896">#2896</a>: Fixed a <code>bad-argument-type</code> error that occurred when using double-underscore arguments.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2893">#2893</a>: Pyrefly now correctly handles dict Literal key types as subtypes of str key types.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2865">#2865</a>: Resolved an issue where tuple subclasses with overridden <code>__getitem__</code> were not recognized.</li> <li><a href="https://redirect.github.com/facebook/pyrefly/issues/2871">#2871</a>: Fixed a false positive error when using <code>isinstance</code> with <code>type | X</code>.</li> <li>And more! <a href="https://redirect.github.com/facebook/pyrefly/issues/2444">#2444</a>, <a href="https://redirect.github.com/facebook/pyrefly/issues/1270">#1270</a>, <a href="https://redirect.github.com/facebook/pyrefly/issues/2900">#2900</a>, <a href="https://redirect.github.com/facebook/pyrefly/issues/2862">#2862</a>, <a href="https://redirect.github.com/facebook/pyrefly/issues/2853">#2853</a></li> </ul> <p>Thank-you to all our contributors who found these bugs and reported them! Did you know this is one of the most helpful contributions you can make to an open-source project? If you find any bugs in Pyrefly we want to know about them! Please open a bug report issue <a href="https://github.com/facebook/pyrefly/issues">here</a></p> <hr /> <h2>📦 Upgrade</h2> <pre lang="shell"><code>pip install --upgrade pyrefly==0.59.0 </code></pre> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
5ee9fcbacf |
Bump fastapi from 0.128.0 to 0.135.3 in /backend (#1650)
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.128.0 to 0.135.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastapi/fastapi/releases">fastapi's releases</a>.</em></p> <blockquote> <h2>0.135.3</h2> <h3>Features</h3> <ul> <li>✨ Add support for <code>@app.vibe()</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15280">#15280</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>. <ul> <li>New docs: <a href="https://fastapi.tiangolo.com/advanced/vibe/">Vibe Coding</a>.</li> </ul> </li> </ul> <h3>Docs</h3> <ul> <li>✏️ Fix typo for <code>client_secret</code> in OAuth2 form docstrings. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14946">#14946</a> by <a href="https://github.com/bysiber"><code>@bysiber</code></a>.</li> </ul> <h3>Internal</h3> <ul> <li>👥 Update FastAPI People - Experts. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15279">#15279</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>⬆ Bump orjson from 3.11.7 to 3.11.8. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15276">#15276</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>⬆ Bump ruff from 0.15.0 to 0.15.8. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15277">#15277</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>👥 Update FastAPI GitHub topic repositories. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15274">#15274</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>⬆ Bump fastmcp from 2.14.5 to 3.2.0. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15267">#15267</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>👥 Update FastAPI People - Contributors and Translators. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15270">#15270</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>⬆ Bump requests from 2.32.5 to 2.33.0. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15228">#15228</a> by <a href="https://github.com/apps/dependabot"><code>@dependabot[bot]</code></a>.</li> <li>👷 Add ty check to <code>lint.sh</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15136">#15136</a> by <a href="https://github.com/svlandeg"><code>@svlandeg</code></a>.</li> </ul> <h2>0.135.2</h2> <h3>Upgrades</h3> <ul> <li>⬆️ Increase lower bound to <code>pydantic >=2.9.0.</code> and fix the test suite. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15139">#15139</a> by <a href="https://github.com/svlandeg"><code>@svlandeg</code></a>.</li> </ul> <h3>Docs</h3> <ul> <li>📝 Add missing last release notes dates. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15202">#15202</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Update docs for contributors and team members regarding translation PRs. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15200">#15200</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>💄 Fix code blocks in reference docs overflowing table width. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15094">#15094</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>📝 Fix duplicated words in docstrings. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15116">#15116</a> by <a href="https://github.com/AhsanSheraz"><code>@AhsanSheraz</code></a>.</li> <li>📝 Add docs for <code>pyproject.toml</code> with <code>entrypoint</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15075">#15075</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Update links in docs to no longer use the classes external-link and internal-link. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15061">#15061</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🔨 Add JS and CSS handling for automatic <code>target=_blank</code> for links in docs. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15063">#15063</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>💄 Update styles for internal and external links in new tab. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15058">#15058</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>📝 Add documentation for the FastAPI VS Code extension. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15008">#15008</a> by <a href="https://github.com/savannahostrowski"><code>@savannahostrowski</code></a>.</li> <li>📝 Fix doctrings for <code>max_digits</code> and <code>decimal_places</code>. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/14944">#14944</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> <li>📝 Add dates to release notes. PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15001">#15001</a> by <a href="https://github.com/YuriiMotov"><code>@YuriiMotov</code></a>.</li> </ul> <h3>Translations</h3> <ul> <li>🌐 Update translations for zh (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15177">#15177</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for zh-hant (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15178">#15178</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for zh-hant (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15176">#15176</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for zh (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15175">#15175</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for ja (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15171">#15171</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for ko (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15170">#15170</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for tr (update-outdated). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15172">#15172</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> <li>🌐 Update translations for ko (add-missing). PR <a href="https://redirect.github.com/fastapi/fastapi/pull/15168">#15168</a> by <a href="https://github.com/tiangolo"><code>@tiangolo</code></a>.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3754040f22 |
Bump vite from 7.3.2 to 8.0.5 in /frontend (#1641)
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.2 to 8.0.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/releases">vite's releases</a>.</em></p> <blockquote> <h2>v8.0.5</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.5/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.4</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.4/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.0.3</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.0.3/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.3</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.3/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.0.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.0.2/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.2</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.2/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.0.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.0.1/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.1/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>plugin-legacy@8.0.1</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/plugin-legacy@8.0.1/packages/plugin-legacy/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>create-vite@8.0.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/create-vite@8.0.0/packages/create-vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>plugin-legacy@8.0.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/plugin-legacy@8.0.0/packages/plugin-legacy/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.0</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.0/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.0-beta.18</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.0-beta.18/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.0-beta.17</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.0-beta.17/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.0-beta.16</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.0-beta.16/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.0-beta.15</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.0-beta.15/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <h2>v8.0.0-beta.14</h2> <p>Please refer to <a href="https://github.com/vitejs/vite/blob/v8.0.0-beta.14/packages/vite/CHANGELOG.md">CHANGELOG.md</a> for details.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md">vite's changelog</a>.</em></p> <blockquote> <h2><!-- raw HTML omitted --><a href="https://github.com/vitejs/vite/compare/v8.0.4...v8.0.5">8.0.5</a> (2026-04-06)<!-- raw HTML omitted --></h2> <h3>Bug Fixes</h3> <ul> <li>apply server.fs check to env transport (<a href="https://redirect.github.com/vitejs/vite/issues/22159">#22159</a>) (<a href=" |
||
|
github-actions[bot]
|
92d0648e53 |
Update contributors in readme (#1653)
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
9299e9c3b7 |
Bump docker/login-action from 3 to 4 (#1595)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/929">docker/login-action#929</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/927">docker/login-action#927</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/919">docker/login-action#919</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> from 3.890.0 to 3.1000.0 in <a href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a> <a href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> from 3.890.0 to 3.1000.0 in <a href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a> <a href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.63.0 to 0.77.0 in <a href="https://redirect.github.com/docker/login-action/pull/910">docker/login-action#910</a> <a href="https://redirect.github.com/docker/login-action/pull/928">docker/login-action#928</a></li> <li>Bump <code>@isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 in <a href="https://redirect.github.com/docker/login-action/pull/921">docker/login-action#921</a></li> <li>Bump js-yaml from 4.1.0 to 4.1.1 in <a href="https://redirect.github.com/docker/login-action/pull/901">docker/login-action#901</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.7.0...v4.0.0">https://github.com/docker/login-action/compare/v3.7.0...v4.0.0</a></p> <h2>v3.7.0</h2> <ul> <li>Add <code>scope</code> input to set scopes for the authentication token by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/912">docker/login-action#912</a></li> <li>Add support for AWS European Sovereign Cloud ECR by <a href="https://github.com/dphi"><code>@dphi</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/914">docker/login-action#914</a></li> <li>Ensure passwords are redacted with <code>registry-auth</code> input by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/911">docker/login-action#911</a></li> <li>build(deps): bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/login-action/pull/915">docker/login-action#915</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.6.0...v3.7.0">https://github.com/docker/login-action/compare/v3.6.0...v3.7.0</a></p> <h2>v3.6.0</h2> <ul> <li>Add <code>registry-auth</code> input for raw authentication to registries by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/887">docker/login-action#887</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.890.0 in <a href="https://redirect.github.com/docker/login-action/pull/882">docker/login-action#882</a> <a href="https://redirect.github.com/docker/login-action/pull/890">docker/login-action#890</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.63.0 in <a href="https://redirect.github.com/docker/login-action/pull/883">docker/login-action#883</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/login-action/pull/880">docker/login-action#880</a></li> <li>Bump undici from 5.28.4 to 5.29.0 in <a href="https://redirect.github.com/docker/login-action/pull/879">docker/login-action#879</a></li> <li>Bump tmp from 0.2.3 to 0.2.4 in <a href="https://redirect.github.com/docker/login-action/pull/881">docker/login-action#881</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.5.0...v3.6.0">https://github.com/docker/login-action/compare/v3.5.0...v3.6.0</a></p> <h2>v3.5.0</h2> <ul> <li>Support dual-stack endpoints for AWS ECR by <a href="https://github.com/Spacefish"><code>@Spacefish</code></a> <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/874">docker/login-action#874</a> <a href="https://redirect.github.com/docker/login-action/pull/876">docker/login-action#876</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.859.0 in <a href="https://redirect.github.com/docker/login-action/pull/860">docker/login-action#860</a> <a href="https://redirect.github.com/docker/login-action/pull/878">docker/login-action#878</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.57.0 to 0.62.1 in <a href="https://redirect.github.com/docker/login-action/pull/870">docker/login-action#870</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/login-action/pull/875">docker/login-action#875</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.4.0...v3.5.0">https://github.com/docker/login-action/compare/v3.4.0...v3.5.0</a></p> <h2>v3.4.0</h2> <ul> <li>Bump <code>@actions/core</code> from 1.10.1 to 1.11.1 in <a href="https://redirect.github.com/docker/login-action/pull/791">docker/login-action#791</a></li> <li>Bump <code>@aws-sdk/client-ecr</code> to 3.766.0 in <a href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a> <a href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li> <li>Bump <code>@aws-sdk/client-ecr-public</code> to 3.758.0 in <a href="https://redirect.github.com/docker/login-action/pull/789">docker/login-action#789</a> <a href="https://redirect.github.com/docker/login-action/pull/856">docker/login-action#856</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.35.0 to 0.57.0 in <a href="https://redirect.github.com/docker/login-action/pull/801">docker/login-action#801</a> <a href="https://redirect.github.com/docker/login-action/pull/806">docker/login-action#806</a> <a href="https://redirect.github.com/docker/login-action/pull/858">docker/login-action#858</a></li> <li>Bump cross-spawn from 7.0.3 to 7.0.6 in <a href="https://redirect.github.com/docker/login-action/pull/814">docker/login-action#814</a></li> <li>Bump https-proxy-agent from 7.0.5 to 7.0.6 in <a href="https://redirect.github.com/docker/login-action/pull/823">docker/login-action#823</a></li> <li>Bump path-to-regexp from 6.2.2 to 6.3.0 in <a href="https://redirect.github.com/docker/login-action/pull/777">docker/login-action#777</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v3.3.0...v3.4.0">https://github.com/docker/login-action/compare/v3.3.0...v3.4.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
11db33e70e |
Bump docker/metadata-action from 5 to 6 (#1596)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/metadata-action/releases">docker/metadata-action's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <ul> <li>Node 24 as default runtime (requires <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions Runner v2.327.1</a> or later) by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/605">docker/metadata-action#605</a></li> <li>List inputs now preserve <code>#</code> inside values while still supporting full-line <code>#</code> comments by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/607">docker/metadata-action#607</a></li> <li>Switch to ESM and update config/test wiring by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/602">docker/metadata-action#602</a></li> <li>Bump lodash from 4.17.21 to 4.17.23 in <a href="https://redirect.github.com/docker/metadata-action/pull/588">docker/metadata-action#588</a></li> <li>Bump <code>@actions/core</code> from 1.11.1 to 3.0.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/599">docker/metadata-action#599</a></li> <li>Bump <code>@actions/github</code> from 6.0.1 to 9.0.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/597">docker/metadata-action#597</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.68.0 to 0.79.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/604">docker/metadata-action#604</a></li> <li>Bump <code>@isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/600">docker/metadata-action#600</a></li> <li>Bump semver from 7.7.3 to 7.7.4 in <a href="https://redirect.github.com/docker/metadata-action/pull/603">docker/metadata-action#603</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.10.0...v6.0.0">https://github.com/docker/metadata-action/compare/v5.10.0...v6.0.0</a></p> <h2>v5.10.0</h2> <ul> <li>Bump <code>@docker/actions-toolkit</code> from 0.66.0 to 0.68.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/559">docker/metadata-action#559</a> <a href="https://redirect.github.com/docker/metadata-action/pull/569">docker/metadata-action#569</a></li> <li>Bump js-yaml from 3.14.1 to 3.14.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/564">docker/metadata-action#564</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0">https://github.com/docker/metadata-action/compare/v5.9.0...v5.10.0</a></p> <h2>v5.9.0</h2> <ul> <li>Add <code>tag-names</code> output to return tag names without image base name by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/553">docker/metadata-action#553</a></li> <li>Bump <code>@babel/runtime-corejs3</code> from 7.14.7 to 7.28.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/539">docker/metadata-action#539</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.62.1 to 0.66.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/555">docker/metadata-action#555</a></li> <li>Bump brace-expansion from 1.1.11 to 1.1.12 in <a href="https://redirect.github.com/docker/metadata-action/pull/540">docker/metadata-action#540</a></li> <li>Bump csv-parse from 5.6.0 to 6.1.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/532">docker/metadata-action#532</a></li> <li>Bump semver from 7.7.2 to 7.7.3 in in <a href="https://redirect.github.com/docker/metadata-action/pull/554">docker/metadata-action#554</a></li> <li>Bump tmp from 0.2.3 to 0.2.5 in <a href="https://redirect.github.com/docker/metadata-action/pull/541">docker/metadata-action#541</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0">https://github.com/docker/metadata-action/compare/v5.8.0...v5.9.0</a></p> <h2>v5.8.0</h2> <ul> <li>New <code>is_not_default_branch</code> global expression by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/535">docker/metadata-action#535</a></li> <li>Allow to match part of the git tag or value for semver/pep440 types by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/536">docker/metadata-action#536</a> <a href="https://redirect.github.com/docker/metadata-action/pull/537">docker/metadata-action#537</a></li> <li>Bump <code>@actions/github</code> from 6.0.0 to 6.0.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/523">docker/metadata-action#523</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.56.0 to 0.62.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/526">docker/metadata-action#526</a></li> <li>Bump form-data from 2.5.1 to 2.5.5 in <a href="https://redirect.github.com/docker/metadata-action/pull/533">docker/metadata-action#533</a></li> <li>Bump moment-timezone from 0.5.47 to 0.6.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/525">docker/metadata-action#525</a></li> <li>Bump semver from 7.7.1 to 7.7.2 in <a href="https://redirect.github.com/docker/metadata-action/pull/524">docker/metadata-action#524</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.7.0...v5.8.0">https://github.com/docker/metadata-action/compare/v5.7.0...v5.8.0</a></p> <h2>v5.7.0</h2> <ul> <li>Global expressions support for labels and annotations by <a href="https://github.com/crazy-max"><code>@crazy-max</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/489">docker/metadata-action#489</a></li> <li>Support disabling outputs as environment variables by <a href="https://github.com/omus"><code>@omus</code></a> in <a href="https://redirect.github.com/docker/metadata-action/pull/497">docker/metadata-action#497</a></li> <li>Bump <code>@docker/actions-toolkit</code> from 0.44.0 to 0.56.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/507">docker/metadata-action#507</a> <a href="https://redirect.github.com/docker/metadata-action/pull/509">docker/metadata-action#509</a></li> <li>Bump csv-parse from 5.5.6 to 5.6.0 in <a href="https://redirect.github.com/docker/metadata-action/pull/482">docker/metadata-action#482</a></li> <li>Bump moment-timezone from 0.5.46 to 0.5.47 in <a href="https://redirect.github.com/docker/metadata-action/pull/501">docker/metadata-action#501</a></li> <li>Bump semver from 7.6.3 to 7.7.1 in <a href="https://redirect.github.com/docker/metadata-action/pull/504">docker/metadata-action#504</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/metadata-action/compare/v5.6.1...v5.7.0">https://github.com/docker/metadata-action/compare/v5.6.1...v5.7.0</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
cbee85a53d |
Bump axios from 1.14.0 to 1.15.0 in /frontend (#1655)
Bumps [axios](https://github.com/axios/axios) from 1.14.0 to 1.15.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.15.0</h2> <p>This release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.</p> <h2>⚠️ Important Changes</h2> <ul> <li><strong>Deprecation:</strong> <code>url.parse()</code> usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (<strong><a href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li> </ul> <h2>🔒 Security Fixes</h2> <ul> <li><strong>Proxy Handling:</strong> Fixed a <code>no_proxy</code> hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (<strong><a href="https://redirect.github.com/axios/axios/issues/10661">#10661</a></strong>)</li> <li><strong>Header Injection:</strong> Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (<strong><a href="https://redirect.github.com/axios/axios/issues/10660">#10660</a></strong>)</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>Runtime Support:</strong> Added compatibility checks and documentation for Deno and Bun environments. (<strong><a href="https://redirect.github.com/axios/axios/issues/10652">#10652</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10653">#10653</a></strong>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>CI Security:</strong> Hardened workflow permissions to least privilege, added the <code>zizmor</code> security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (<strong><a href="https://redirect.github.com/axios/axios/issues/10618">#10618</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10619">#10619</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10627">#10627</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10637">#10637</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10666">#10666</a></strong>)</li> <li><strong>Dependencies:</strong> Bumped <code>serialize-javascript</code>, <code>handlebars</code>, <code>picomatch</code>, <code>vite</code>, and <code>denoland/setup-deno</code> to latest versions. Added a 7-day Dependabot cooldown period. (<strong><a href="https://redirect.github.com/axios/axios/issues/10574">#10574</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10572">#10572</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10568">#10568</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10663">#10663</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10664">#10664</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10665">#10665</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10669">#10669</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10670">#10670</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10616">#10616</a></strong>)</li> <li><strong>Documentation:</strong> Unified docs, improved <code>beforeRedirect</code> credential leakage example, clarified <code>withCredentials</code>/<code>withXSRFToken</code> behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (<strong><a href="https://redirect.github.com/axios/axios/issues/10649">#10649</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7452">#7452</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/7471">#7471</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10654">#10654</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10644">#10644</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li> <li><strong>Housekeeping:</strong> Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (<strong><a href="https://redirect.github.com/axios/axios/issues/10584">#10584</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10650">#10650</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10582">#10582</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10640">#10640</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10659">#10659</a></strong>, <strong><a href="https://redirect.github.com/axios/axios/issues/10668">#10668</a></strong>)</li> <li><strong>Tests:</strong> Added regression coverage for urlencoded <code>Content-Type</code> casing. (<strong><a href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve Axios:</p> <ul> <li><strong><a href="https://github.com/raashish1601"><code>@raashish1601</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10573">#10573</a></strong>)</li> <li><strong><a href="https://github.com/Kilros0817"><code>@Kilros0817</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10625">#10625</a></strong>)</li> <li><strong><a href="https://github.com/ashstrc"><code>@ashstrc</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10624">#10624</a></strong>)</li> <li><strong><a href="https://github.com/Abhi3975"><code>@Abhi3975</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/10589">#10589</a></strong>)</li> <li><strong><a href="https://github.com/theamodhshetty"><code>@theamodhshetty</code></a></strong> (<strong><a href="https://redirect.github.com/axios/axios/issues/7452">#7452</a></strong>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/blob/v1.x/CHANGELOG.md">axios's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2><a href="https://github.com/axios/axios/compare/v1.13.2...v1.13.3">1.13.3</a> (2026-01-20)</h2> <h3>Bug Fixes</h3> <ul> <li><strong>http2:</strong> Use port 443 for HTTPS connections by default. (<a href="https://redirect.github.com/axios/axios/issues/7256">#7256</a>) (<a href=" |
||
|
dependabot[bot]
|
31669606db |
Bump next from 16.2.1 to 16.2.3 in /docs (#1654)
Bumps [next](https://github.com/vercel/next.js) from 16.2.1 to 16.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/vercel/next.js/releases">next's releases</a>.</em></p> <blockquote> <h2>v16.2.3</h2> <blockquote> <p>[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see <a href="https://vercel.com/changelog/summary-of-cve-2026-23869">https://vercel.com/changelog/summary-of-cve-2026-23869</a>. The release does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>Ensure app-page reports stale ISR revalidation errors via onRequestError (<a href="https://redirect.github.com/vercel/next.js/issues/92282">#92282</a>)</li> <li>Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (<a href="https://redirect.github.com/vercel/next.js/issues/91981">#91981</a> through <a href="https://redirect.github.com/vercel/next.js/issues/92273">#92273</a>)</li> <li>Deduplicate output assets and detect content conflicts on emit (<a href="https://redirect.github.com/vercel/next.js/issues/92292">#92292</a>)</li> <li>Fix styled-jsx race condition: styles lost due to concurrent rendering (<a href="https://redirect.github.com/vercel/next.js/issues/92459">#92459</a>)</li> <li>turbo-tasks-backend: stability fixes for task cancellation and error handling (<a href="https://redirect.github.com/vercel/next.js/issues/92254">#92254</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a href="https://github.com/sokra"><code>@sokra</code></a>, <a href="https://github.com/wbinnssmith"><code>@wbinnssmith</code></a>, <a href="https://github.com/eps1lon"><code>@eps1lon</code></a> and <a href="https://github.com/ztanner"><code>@ztanner</code></a> for helping!</p> <h2>v16.2.2</h2> <blockquote> <p>[!NOTE] This release is backporting bug fixes. It does <strong>not</strong> include all pending features/changes on canary.</p> </blockquote> <h3>Core Changes</h3> <ul> <li>backport: Move expanded adapters docs to API reference (<a href="https://redirect.github.com/vercel/next.js/issues/92115">#92115</a>) (<a href="https://redirect.github.com/vercel/next.js/issues/92129">#92129</a>)</li> <li>Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (<a href="https://redirect.github.com/vercel/next.js/issues/92130">#92130</a>)</li> <li>[create-next-app] Skip interactive prompts when CLI flags are provided (<a href="https://redirect.github.com/vercel/next.js/issues/91840">#91840</a>)</li> <li>next.config.js: Accept an option for serverFastRefresh (<a href="https://redirect.github.com/vercel/next.js/issues/91968">#91968</a>)</li> <li>Turbopack: enable server HMR for app route handlers (<a href="https://redirect.github.com/vercel/next.js/issues/91466">#91466</a>)</li> <li>Turbopack: exclude metadata routes from server HMR (<a href="https://redirect.github.com/vercel/next.js/issues/92034">#92034</a>)</li> <li>Fix CI for glibc linux builds</li> <li>Backport: disable bmi2 in qfilter <a href="https://redirect.github.com/vercel/next.js/issues/92177">#92177</a></li> <li>[backport] Fix CSS HMR on Safari (<a href="https://redirect.github.com/vercel/next.js/issues/92174">#92174</a>)</li> </ul> <h3>Credits</h3> <p>Huge thanks to <a href="https://github.com/nextjs-bot"><code>@nextjs-bot</code></a>, <a href="https://github.com/icyJoseph"><code>@icyJoseph</code></a>, <a href="https://github.com/ijjk"><code>@ijjk</code></a>, <a href="https://github.com/gaojude"><code>@gaojude</code></a>, <a href="https://github.com/wbinnssmith"><code>@wbinnssmith</code></a>, <a href="https://github.com/lukesandberg"><code>@lukesandberg</code></a>, and <a href="https://github.com/bgw"><code>@bgw</code></a> for helping!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Byte
|
d5ea177e8f |
Mounting to /var/lib/postgres/data is no longer allowed after Postgres 18 (#1651)
I got an error when running bracket through the provided compose because mounting directly to the postgres data directory is not allowed after version 18 |
||
|
dependabot[bot]
|
c3329869fb |
Bump sentry-sdk from 2.56.0 to 2.57.0 in /backend (#1649)
Bumps [sentry-sdk](https://github.com/getsentry/sentry-python) from 2.56.0 to 2.57.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/releases">sentry-sdk's releases</a>.</em></p> <blockquote> <h2>2.57.0</h2> <h3>New Features ✨</h3> <h4>Langchain</h4> <ul> <li>Set <code>gen_ai.operation.name</code> and <code>gen_ai.pipeline.name</code> on LLM spans by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5849">#5849</a></li> <li>Broaden AI provider detection beyond OpenAI and Anthropic by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5707">#5707</a></li> <li>Update LLM span operation to <code>gen_ai.generate_text</code> by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5796">#5796</a></li> </ul> <h4>Other</h4> <ul> <li> <p>Add experimental async transport by <a href="https://github.com/BYK"><code>@BYK</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5646">#5646</a></p> <p>See <a href="https://github.com/getsentry/sentry-python/discussions/5919">https://github.com/getsentry/sentry-python/discussions/5919</a> for details.</p> </li> </ul> <h3>Bug Fixes 🐛</h3> <h4>Openai</h4> <ul> <li>Only wrap types with <code>_iterator</code> for streamed responses by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5917">#5917</a></li> <li>Always set <code>gen_ai.response.streaming</code> for Responses by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5697">#5697</a></li> <li>Simplify Responses input handling by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5695">#5695</a></li> <li>Use <code>max_output_tokens</code> for Responses API by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5693">#5693</a></li> <li>Always set <code>gen_ai.response.streaming</code> for Completions by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5692">#5692</a></li> <li>Simplify Completions input handling by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5690">#5690</a></li> <li>Simplify embeddings input handling by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5688">#5688</a></li> </ul> <h4>Other</h4> <ul> <li>(google-genai) Guard response extraction by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5869">#5869</a></li> <li>Add cycle detection to exceptions_from_error by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5880">#5880</a></li> </ul> <h3>Internal Changes 🔧</h3> <h4>Ai</h4> <ul> <li>Remove unused GEN_AI_PIPELINE operation constant by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5886">#5886</a></li> <li>Rename generate_text to text_completion by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5885">#5885</a></li> </ul> <h4>Langchain</h4> <ul> <li>Add text completion test by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5740">#5740</a></li> <li>Add tool execution test by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5739">#5739</a></li> <li>Add basic agent test with Responses call by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5726">#5726</a></li> <li>Replace mocks with <code>httpx</code> types by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5724">#5724</a></li> <li>Consolidate span origin assertion by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5723">#5723</a></li> <li>Consolidate available tools assertion by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5721">#5721</a></li> </ul> <h4>Openai</h4> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md">sentry-sdk's changelog</a>.</em></p> <blockquote> <h2>2.57.0</h2> <h3>New Features ✨</h3> <h4>Langchain</h4> <ul> <li>Set <code>gen_ai.operation.name</code> and <code>gen_ai.pipeline.name</code> on LLM spans by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5849">#5849</a></li> <li>Broaden AI provider detection beyond OpenAI and Anthropic by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5707">#5707</a></li> <li>Update LLM span operation to <code>gen_ai.generate_text</code> by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5796">#5796</a></li> </ul> <h4>Other</h4> <ul> <li> <p>Add experimental async transport by <a href="https://github.com/BYK"><code>@BYK</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5646">#5646</a></p> <p>See <a href="https://github.com/getsentry/sentry-python/discussions/5919">https://github.com/getsentry/sentry-python/discussions/5919</a> for details.</p> </li> </ul> <h3>Bug Fixes 🐛</h3> <h4>Openai</h4> <ul> <li>Only wrap types with <code>_iterator</code> for streamed responses by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5917">#5917</a></li> <li>Always set <code>gen_ai.response.streaming</code> for Responses by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5697">#5697</a></li> <li>Simplify Responses input handling by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5695">#5695</a></li> <li>Use <code>max_output_tokens</code> for Responses API by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5693">#5693</a></li> <li>Always set <code>gen_ai.response.streaming</code> for Completions by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5692">#5692</a></li> <li>Simplify Completions input handling by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5690">#5690</a></li> <li>Simplify embeddings input handling by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5688">#5688</a></li> </ul> <h4>Other</h4> <ul> <li>(google-genai) Guard response extraction by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5869">#5869</a></li> <li>Add cycle detection to exceptions_from_error by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5880">#5880</a></li> </ul> <h3>Internal Changes 🔧</h3> <h4>Ai</h4> <ul> <li>Remove unused GEN_AI_PIPELINE operation constant by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5886">#5886</a></li> <li>Rename generate_text to text_completion by <a href="https://github.com/ericapisani"><code>@ericapisani</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5885">#5885</a></li> </ul> <h4>Langchain</h4> <ul> <li>Add text completion test by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5740">#5740</a></li> <li>Add tool execution test by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5739">#5739</a></li> <li>Add basic agent test with Responses call by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5726">#5726</a></li> <li>Replace mocks with <code>httpx</code> types by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5724">#5724</a></li> <li>Consolidate span origin assertion by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5723">#5723</a></li> <li>Consolidate available tools assertion by <a href="https://github.com/alexander-alderman-webb"><code>@alexander-alderman-webb</code></a> in <a href="https://redirect.github.com/getsentry/sentry-python/pull/5721">#5721</a></li> </ul> <h4>Openai</h4> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
ef1693d389 |
Bump mypy from 1.19.0 to 1.20.0 in /backend (#1648)
Bumps [mypy](https://github.com/python/mypy) from 1.19.0 to 1.20.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/mypy/blob/master/CHANGELOG.md">mypy's changelog</a>.</em></p> <blockquote> <h1>Mypy Release Notes</h1> <h2>Next Release</h2> <h2>Mypy 1.20</h2> <p>We’ve just uploaded mypy 1.20.0 to the Python Package Index (<a href="https://pypi.org/project/mypy/">PyPI</a>). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:</p> <pre><code>python3 -m pip install -U mypy </code></pre> <p>You can read the full documentation for this release on <a href="http://mypy.readthedocs.io">Read the Docs</a>.</p> <h3>Planned Changes to Defaults and Flags in Mypy 2.0</h3> <p>As a reminder, we are planning to enable <code>--local-partial-types</code> by default in mypy 2.0, which will likely be the next feature release. This will often require at least minor code changes. This option is implicitly enabled by mypy daemon, so this makes the behavior of daemon and non-daemon modes consistent.</p> <p>Note that this release improves the compatibility of <code>--local-partial-types</code> significantly to make the switch easier (see below for more).</p> <p>This can also be configured in a mypy configuration file (use <code>False</code> to disable):</p> <pre><code>local_partial_types = True </code></pre> <p>For more information, refer to the <a href="https://mypy.readthedocs.io/en/stable/command_line.html#cmdoption-mypy-local-partial-types">documentation</a>.</p> <p>We will also enable <code>--strict-bytes</code> by default in mypy 2.0. This usually requires at most minor code changes to adopt. For more information, refer to the <a href="https://mypy.readthedocs.io/en/stable/command_line.html#cmdoption-mypy-strict-bytes">documentation</a>.</p> <p>Finally, <code>--allow-redefinition-new</code> will be renamed to <code>--allow-redefinition</code>. If you want to continue using the older <code>--allow-redefinition</code> semantics which are less flexible (e.g. limited support for conditional redefinitions), you can switch to <code>--allow-redefinition-old</code>, which is currently supported as an alias to the legacy <code>--allow-redefinition</code> behavior. To use <code>--allow-redefinition</code> in the upcoming mypy 2.0, you can't use <code>--no-local-partial-types</code>. For more information, refer to the <a href="https://mypy.readthedocs.io/en/stable/command_line.html#cmdoption-mypy-allow-redefinition-new">documentation</a>.</p> <h3>Better Type Narrowing</h3> <p>Mypy's implementation of narrowing has been substantially reworked. Mypy will now narrow more aggressively, more consistently, and more correctly. In particular, you are likely to notice new narrowing behavior in equality expressions (<code>==</code>), containment expressions (<code>in</code>),</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
b95f381f0d |
Bump uvicorn from 0.42.0 to 0.44.0 in /backend (#1646)
Bumps [uvicorn](https://github.com/Kludex/uvicorn) from 0.42.0 to 0.44.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/releases">uvicorn's releases</a>.</em></p> <blockquote> <h2>Version 0.44.0</h2> <h2>What's Changed</h2> <ul> <li>Implement websocket keepalive pings for websockets-sansio by <a href="https://github.com/Kludex"><code>@Kludex</code></a> in <a href="https://redirect.github.com/Kludex/uvicorn/pull/2888">Kludex/uvicorn#2888</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0">https://github.com/Kludex/uvicorn/compare/0.43.0...0.44.0</a></p> <h2>Version 0.43.0</h2> <h2>Changed</h2> <ul> <li>Emit <code>http.disconnect</code> ASGI <code>receive()</code> event on server shutting down for streaming responses (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2829">#2829</a>)</li> <li>Use native <code>context</code> parameter for <code>create_task</code> on Python 3.11+ (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2859">#2859</a>)</li> <li>Drop cast in ASGI types (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2875">#2875</a>)</li> </ul> <hr /> <p><strong>Full Changelog</strong>: <a href="https://github.com/Kludex/uvicorn/compare/0.42.0...0.43.0">https://github.com/Kludex/uvicorn/compare/0.42.0...0.43.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md">uvicorn's changelog</a>.</em></p> <blockquote> <h2>0.44.0 (April 6, 2026)</h2> <h3>Added</h3> <ul> <li>Implement websocket keepalive pings for websockets-sansio (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2888">#2888</a>)</li> </ul> <h2>0.43.0 (April 3, 2026)</h2> <p>You can quit Uvicorn now. We heard you, <a href="https://github.com/pamelafox"><code>@pamelafox</code></a> - all 47 of your Ctrl+C's (thanks for flagging it, and thanks to <a href="https://github.com/tiangolo"><code>@tiangolo</code></a> for the fix 🙏). <a href="https://x.com/pamelafox/status/2039097686155227623">See the tweet</a>.</p> <h3>Changed</h3> <ul> <li>Emit <code>http.disconnect</code> ASGI <code>receive()</code> event on server shutting down for streaming responses (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2829">#2829</a>)</li> <li>Use native <code>context</code> parameter for <code>create_task</code> on Python 3.11+ (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2859">#2859</a>)</li> <li>Drop cast in ASGI types (<a href="https://redirect.github.com/Kludex/uvicorn/issues/2875">#2875</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
9654bfdaa8 |
Bump react-router from 7.13.0 to 7.14.0 in /frontend (#1645)
Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 7.13.0 to 7.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/releases">react-router's releases</a>.</em></p> <blockquote> <h2>v7.14.0</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7140</a></p> <h2>v7.13.2</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7132</a></p> <h2>v7.13.1</h2> <p>See the changelog for release notes: <a href="https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131">https://github.com/remix-run/react-router/blob/main/CHANGELOG.md#v7131</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md">react-router's changelog</a>.</em></p> <blockquote> <h2>7.14.0</h2> <h3>Patch Changes</h3> <ul> <li> <p>UNSTABLE RSC FRAMEWORK MODE BREAKING CHANGE - Existing route module exports remain unchanged from stable v7 non-RSC mode, but new exports are added for RSC mode. If you want to use RSC features, you will need to update your route modules to export the new annotations. (<a href="https://redirect.github.com/remix-run/react-router/pull/14901">#14901</a>)</p> <p>If you are using RSC framework mode currently, you will need to update your route modules to the new conventions. The following route module components have their own mutually exclusive server component counterparts:</p> <table> <thead> <tr> <th>Server Component Export</th> <th>Client Component</th> </tr> </thead> <tbody> <tr> <td><code>ServerComponent</code></td> <td><code>default</code></td> </tr> <tr> <td><code>ServerErrorBoundary</code></td> <td><code>ErrorBoundary</code></td> </tr> <tr> <td><code>ServerLayout</code></td> <td><code>Layout</code></td> </tr> <tr> <td><code>ServerHydrateFallback</code></td> <td><code>HydrateFallback</code></td> </tr> </tbody> </table> <p>If you were previously exporting a <code>ServerComponent</code>, your <code>ErrorBoundary</code>, <code>Layout</code>, and <code>HydrateFallback</code> were also server components. If you want to keep those as server components, you can rename them and prefix them with <code>Server</code>. If you were previously importing the implementations of those components from a client module, you can simply inline them.</p> <p>Example:</p> <p>Before</p> <pre lang="tsx"><code>import { ErrorBoundary as ClientErrorBoundary } from "./client"; <p>export function ServerComponent() {<br /> // ...<br /> }</p> <p>export function ErrorBoundary() {<br /> return <ClientErrorBoundary />;<br /> }</p> <p>export function Layout() {<br /> // ...<br /> }</p> <p>export function HydrateFallback() {<br /> // ...<br /> }<br /> </code></pre></p> <p>After</p> <pre lang="tsx"><code>export function ServerComponent() { // ... } <p>export function ErrorBoundary() {<br /> // previous implementation of ClientErrorBoundary, this is now a client component<br /> </code></pre></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d53799db05 |
Bump @typescript-eslint/parser from 8.57.0 to 8.58.0 in /frontend (#1644)
Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.57.0 to 8.58.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases"><code>@typescript-eslint/parser</code>'s releases</a>.</em></p> <blockquote> <h2>v8.58.0</h2> <h2>8.58.0 (2026-03-30)</h2> <h3>🚀 Features</h3> <ul> <li>support TypeScript 6 (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12124">#12124</a>)</li> </ul> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> crash in <code>no-unnecessary-type-arguments</code> (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12163">#12163</a>)</li> <li><strong>eslint-plugin:</strong> [no-extraneous-class] handle index signatures (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12142">#12142</a>)</li> <li><strong>eslint-plugin:</strong> [prefer-regexp-exec] avoid fixing unknown RegExp flags (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12161">#12161</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>ej shafran <a href="https://github.com/ej-shafran"><code>@ej-shafran</code></a></li> <li>Evyatar Daud <a href="https://github.com/StyleShit"><code>@StyleShit</code></a></li> <li>GG ZIBLAKING</li> <li>milkboy2564 <a href="https://github.com/SeolJaeHyeok"><code>@SeolJaeHyeok</code></a></li> <li>teee32 <a href="https://github.com/teee32"><code>@teee32</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>v8.57.2</h2> <h2>8.57.2 (2026-03-23)</h2> <h3>🩹 Fixes</h3> <ul> <li><strong>eslint-plugin:</strong> [prefer-optional-chain] remove dangling closing parenthesis (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11865">#11865</a>)</li> <li><strong>eslint-plugin:</strong> [array-type] ignore Array and ReadonlyArray without type arguments (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11971">#11971</a>)</li> <li><strong>eslint-plugin:</strong> [no-restricted-types] flag banned generics in extends or implements (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12120">#12120</a>)</li> <li><strong>eslint-plugin:</strong> [no-unsafe-return] false positive on unwrapping generic (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12125">#12125</a>)</li> <li><strong>eslint-plugin:</strong> [no-unsafe-return] false positive on unwrapping generic (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12125">#12125</a>)</li> <li><strong>eslint-plugin:</strong> [no-useless-default-assignment] skip reporting false positives for unresolved type parameters (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12127">#12127</a>)</li> <li><strong>eslint-plugin:</strong> [prefer-readonly-parameter-types] preserve type alias infomation (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11954">#11954</a>)</li> <li><strong>typescript-estree:</strong> skip createIsolatedProgram fallback for projectService (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12066">#12066</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12065">#12065</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@kirkwaiblinger</code></a></li> <li>Konv Suu</li> <li>mdm317</li> <li>Newton Yuan <a href="https://github.com/NewtonYuan"><code>@NewtonYuan</code></a></li> <li>RyoheiYamamoto</li> <li>SungHyun627 <a href="https://github.com/SungHyun627"><code>@SungHyun627</code></a></li> <li>Tamashoo <a href="https://github.com/Tamashoo"><code>@Tamashoo</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.57.2">GitHub Releases</a> for more information.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md"><code>@typescript-eslint/parser</code>'s changelog</a>.</em></p> <blockquote> <h2>8.58.0 (2026-03-30)</h2> <h3>🚀 Features</h3> <ul> <li>support TypeScript 6 (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12124">#12124</a>)</li> </ul> <h3>❤️ Thank You</h3> <ul> <li>Evyatar Daud <a href="https://github.com/StyleShit"><code>@StyleShit</code></a></li> </ul> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.58.0">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>8.57.2 (2026-03-23)</h2> <p>This was a version bump only for parser to align it with other projects, there were no code changes.</p> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.57.2">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> <h2>8.57.1 (2026-03-16)</h2> <p>This was a version bump only for parser to align it with other projects, there were no code changes.</p> <p>See <a href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.57.1">GitHub Releases</a> for more information.</p> <p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eeebb5316a |
Bump @hey-api/openapi-ts from 0.94.0 to 0.95.0 in /frontend (#1643)
Bumps [@hey-api/openapi-ts](https://github.com/hey-api/openapi-ts) from 0.94.0 to 0.95.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hey-api/openapi-ts/releases"><code>@hey-api/openapi-ts</code>'s releases</a>.</em></p> <blockquote> <h2><code>@hey-api/openapi-ts</code><a href="https://github.com/0"><code>@0</code></a>.95.0</h2> <h3>Minor Changes</h3> <ul> <li><strong>plugin(valibot)</strong>: remove request data schema (<a href="https://redirect.github.com/hey-api/openapi-ts/pull/3671">#3671</a>) (<a href=" |
||
|
dependabot[bot]
|
9d01188714 |
Bump axios from 1.13.5 to 1.14.0 in /frontend (#1642)
Bumps [axios](https://github.com/axios/axios) from 1.13.5 to 1.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/axios/axios/releases">axios's releases</a>.</em></p> <blockquote> <h2>v1.14.0</h2> <p>This release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.</p> <h2>⚠️ Important Changes</h2> <ul> <li><strong>Breaking Changes:</strong> None identified in this release.</li> <li><strong>Action Required:</strong> If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably <code>proxy-from-env</code> v2 alignment and <code>main</code> entry compatibility fix).</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>Runtime Features:</strong> No new end-user features were introduced in this release.</li> <li><strong>Test Coverage Expansion:</strong> Added broader smoke/module test coverage for CJS and ESM package usage. (<a href="https://redirect.github.com/axios/axios/pull/7510">#7510</a>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Headers:</strong> Trim trailing CRLF in normalised header values. (<a href="https://redirect.github.com/axios/axios/pull/7456">#7456</a>)</li> <li><strong>HTTP/2:</strong> Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (<a href="https://redirect.github.com/axios/axios/pull/7457">#7457</a>)</li> <li><strong>Fetch Adapter:</strong> Cancel <code>ReadableStream</code> created during request-stream capability probing to prevent async resource leaks. (<a href="https://redirect.github.com/axios/axios/pull/7515">#7515</a>)</li> <li><strong>Proxy Handling:</strong> Fixed env proxy behavior with <code>proxy-from-env</code> v2 usage. (<a href="https://redirect.github.com/axios/axios/pull/7499">#7499</a>)</li> <li><strong>CommonJS Compatibility:</strong> Fixed package <code>main</code> entry regression affecting CJS consumers. (<a href="https://redirect.github.com/axios/axios/pull/7532">#7532</a>)</li> </ul> <h2>🔧 Maintenance & Chores</h2> <ul> <li><strong>Security/Dependencies:</strong> Updated <code>formidable</code> and refreshed package set to newer versions. (<a href="https://redirect.github.com/axios/axios/pull/7533">#7533</a>, <a href="https://redirect.github.com/axios/axios/pull/10556">#10556</a>)</li> <li><strong>Tooling:</strong> Continued migration to Vitest and modernised CI/test harnesses. (<a href="https://redirect.github.com/axios/axios/pull/7484">#7484</a>, <a href="https://redirect.github.com/axios/axios/pull/7489">#7489</a>, <a href="https://redirect.github.com/axios/axios/pull/7498">#7498</a>)</li> <li><strong>Build/Lint Stack:</strong> Rollup, ESLint, TypeScript, and related dev-dependency updates. (<a href="https://redirect.github.com/axios/axios/pull/7508">#7508</a>, <a href="https://redirect.github.com/axios/axios/pull/7509">#7509</a>, <a href="https://redirect.github.com/axios/axios/pull/7522">#7522</a>)</li> <li><strong>Documentation:</strong> Clarified JSON parsing and adapter-related docs/comments. (<a href="https://redirect.github.com/axios/axios/pull/7398">#7398</a>, <a href="https://redirect.github.com/axios/axios/pull/7460">#7460</a>, <a href="https://redirect.github.com/axios/axios/pull/7478">#7478</a>)</li> </ul> <h2>🌟 New Contributors</h2> <p>We are thrilled to welcome our new contributors. Thank you for helping improve Axios:</p> <ul> <li><a href="https://github.com/aviu16"><code>@aviu16</code></a> (<a href="https://redirect.github.com/axios/axios/pull/7456">#7456</a>)</li> <li><a href="https://github.com/NETIZEN-11"><code>@NETIZEN-11</code></a> (<a href="https://redirect.github.com/axios/axios/pull/7460">#7460</a>)</li> <li><a href="https://github.com/fedotov"><code>@fedotov</code></a> (<a href="https://redirect.github.com/axios/axios/pull/7457">#7457</a>)</li> <li><a href="https://github.com/nthbotast"><code>@nthbotast</code></a> (<a href="https://redirect.github.com/axios/axios/pull/7478">#7478</a>)</li> <li><a href="https://github.com/veeceey"><code>@veeceey</code></a> (<a href="https://redirect.github.com/axios/axios/pull/7398">#7398</a>)</li> <li><a href="https://github.com/penkzhou"><code>@penkzhou</code></a> (<a href="https://redirect.github.com/axios/axios/pull/7515">#7515</a>)</li> </ul> <p><em>Full Changelog: <a href="https://github.com/axios/axios/compare/v1.13.6...v1.14.0">v1.13.6...v1.14.0</a></em></p> <h2>v1.13.6</h2> <p>This release focuses on platform compatibility, error handling improvements, and code quality maintenance.</p> <h2>⚠️ Important Changes</h2> <ul> <li><strong>Breaking Changes:</strong> None identified in this release.</li> <li><strong>Action Required:</strong> Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.</li> </ul> <h2>🚀 New Features</h2> <ul> <li><strong>React Native Blob Support:</strong> Axios now includes support for React Native Blob objects. Thanks to <a href="https://github.com/moh3n9595"><code>@moh3n9595</code></a> for the initial implementation. (<a href="https://redirect.github.com/axios/axios/pull/5764">#5764</a>)</li> <li><strong>Code Quality:</strong> Implemented prettier across the codebase and resolved associated formatting issues. (<a href="https://redirect.github.com/axios/axios/pull/7385">#7385</a>)</li> </ul> <h2>🐛 Bug Fixes</h2> <ul> <li><strong>Environment Compatibility:</strong> <ul> <li>Fixed module exports for React Native and Browserify environments. (<a href="https://redirect.github.com/axios/axios/pull/7386">#7386</a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
072becd123 |
Bump @mantine/form from 8.3.7 to 9.0.1 in /frontend (#1640)
Bumps [@mantine/form](https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form) from 8.3.7 to 9.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mantinedev/mantine/releases"><code>@mantine/form</code>'s releases</a>.</em></p> <blockquote> <h2>9.0.1</h2> <h2>What's Changed</h2> <ul> <li><code>[@mantine/core]</code> LoadingOverlay: Fix double overlay visible with dark color scheme (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8811">#8811</a>)</li> <li><code>[@mantine/core]</code> RingProgress: Add missing viewBox (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8806">#8806</a>)</li> <li><code>[@mantine/core]</code> Input: Add <code>rootRef</code> prop support</li> <li><code>[@mantine/core]</code> Combobox: Fix <code>refProp</code> not working on <code>Combobox.Target</code> (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8798">#8798</a>)</li> <li><code>[@mantine/mcp-server]</code> Fix stdio transport to comply with MCP spec (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8792">#8792</a>)</li> <li><code>[@mantine/core]</code> Input: Fix <code>aria-invalid="false"</code> attribute being set (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8785">#8785</a>)</li> <li><code>[@mantine/core]</code> Slider: Fix incorrect orientation inheritance from the parent markup (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8791">#8791</a>)</li> <li><code>[@mantine/core]</code> Fix incorrect default placeholder size in PasswordInput and other components (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8793">#8793</a>)</li> <li><code>[@mantine/core]</code> Badge: Fix text being cut off with some fonts (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8788">#8788</a>)</li> <li><code>[@mantine/hooks]</code> use-scroller: Fix element dynamic resizing not being handled correctly (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8800">#8800</a>)</li> <li><code>[@mantine/core]</code> Fix <code>Checkbox.Group</code>, <code>Switch.Group</code>, <code>Radio.Group</code> and <code>Chip.Group</code> not working with generic primitive values (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8801">#8801</a>)</li> <li><code>[@mantine/core]</code> Popover: Fix missing <code>withProps</code> (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8802">#8802</a>)</li> <li><code>[@mantine/core]</code> Accordion: Fix focus ring being cut off (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8797">#8797</a>)</li> <li><code>[@mantine/charts]</code> Add option to fully customize reference lines label (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8790">#8790</a>)</li> <li><code>[@mantine/core]</code> Fix <code>loading</code> prop not being handled correctly in TagsInput and MultiSelect (<a href="https://github.com/mantinedev/mantine/tree/HEAD/packages/@mantine/form/issues/8803">#8803</a>)</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/mantinedev/mantine/compare/9.0.0...9.0.1">https://github.com/mantinedev/mantine/compare/9.0.0...9.0.1</a></p> <h2>9.0.0 🤩</h2> <p><a href="https://mantine.dev/changelog/9-0-0">View changelog with demos on mantine.dev website</a></p> <h2>Migration guide</h2> <p>This changelog covers breaking changes and new features in Mantine 9.0. To migrate your application to Mantine 9.0, follow <a href="https://mantine.dev/guides/8x-to-9x">8.x → 9.x migration guide</a>.</p> <h2>Peer dependencies requirements updates</h2> <p>Starting from Mantine 9.0, the following dependencies are required:</p> <ul> <li>React 19.2+ for all <code>@mantine/*</code> packages</li> <li>Tiptap 3+ for <code>@mantine/tiptap</code> (<a href="https://mantine.dev/guides/tiptap-3-migration">migration guide</a>)</li> <li>Recharts 3+ for <code>@mantine/charts</code> (no migration required)</li> </ul> <h2>New <code>@mantine/schedule</code> package</h2> <p>New <a href="https://mantine.dev/schedule/getting-started"><code>@mantine/schedule</code></a> package provides a complete set of calendar scheduling components for React applications. It includes multiple view levels, drag-and-drop event management, and extensive customization options.</p> <h3>Schedule</h3> <p><a href="https://mantine.dev/schedule/schedule">Schedule</a> is a unified container component that combines all views with built-in navigation and view switching. Drag events to reschedule them:</p> <pre lang="tsx"><code>import { useState } from 'react'; import dayjs from 'dayjs'; import { Schedule, ScheduleEventData } from '@mantine/schedule'; </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
d5b6102f5a |
Bump i18next from 25.10.5 to 26.0.3 in /frontend (#1639)
Bumps [i18next](https://github.com/i18next/i18next) from 25.10.5 to 26.0.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/i18next/i18next/releases">i18next's releases</a>.</em></p> <blockquote> <h2>v26.0.3</h2> <ul> <li>fix(types): <code>addResourceBundle</code> now accepts an optional 6th <code>options</code> parameter (<code>{ silent?: boolean; skipCopy?: boolean }</code>) matching the runtime API <a href="https://redirect.github.com/i18next/i18next/issues/2419">2419</a></li> </ul> <h2>v26.0.2</h2> <ul> <li>fix(types): <code>t("key", {} as TOptions)</code> no longer produces a type error — the context constraint now bypasses strict checking when <code>context</code> is <code>unknown</code> (e.g. from <code>TOptions</code>) <a href="https://redirect.github.com/i18next/i18next/issues/2418">2418</a></li> </ul> <h2>v26.0.1</h2> <ul> <li>fix: Formatter no longer crashes when <code>alwaysFormat</code> is <code>true</code> and no format specifier is present (<code>format</code> is <code>undefined</code>)</li> <li>fix: Formatter now returns <code>undefined</code>/<code>null</code> values as-is instead of producing <code>NaN</code> when the value is missing</li> </ul> <h2>v26.0.0</h2> <p><strong>This is a major breaking release:</strong></p> <h3>Breaking Changes</h3> <ul> <li><strong>Remove deprecated <code>initImmediate</code> option</strong> — the backward-compatibility mapping from <code>initImmediate</code> to <code>initAsync</code> (introduced in v24) has been removed. Use <code>initAsync</code> instead.</li> <li><strong>Remove legacy <code>interpolation.format</code> function</strong> — the old monolithic format function (<code>interpolation: { format: (value, format, lng) => ... }</code>) is no longer supported. The built-in Formatter (or a custom Formatter module via <code>.use()</code>) is now always used. Migrate to the <a href="https://www.i18next.com/translation-function/formatting">new formatting approach</a> using <code>i18next.services.formatter.add()</code> or <code>.addCached()</code> for custom formatters.</li> <li><strong>Remove console support notice</strong> — the console support notice introduced in v25.8.0 has been removed, along with the <code>showSupportNotice</code> option and all related internal suppression logic (<code>globalThis.__i18next_supportNoticeShown</code>, <code>I18NEXT_NO_SUPPORT_NOTICE</code> env var). See our blog post for the <a href="https://www.locize.com/blog/i18next-support-notice">full story</a>.</li> <li><strong>Remove <code>simplifyPluralSuffix</code> option</strong> — this option was unused by the core PluralResolver (which relies entirely on <code>Intl.PluralRules</code>). It only had an effect in the old v1/v2/v3 compatibility layer. The v4 test compatibility layer now defaults to <code>true</code> internally.</li> <li><strong>Remove deprecated <code>@babel/polyfill</code></strong> from devDependencies.</li> </ul> <h3>Improvements</h3> <ul> <li><strong>Code modernization</strong> across all source files: <ul> <li>Replace <code>indexOf() > -1</code> / <code>indexOf() < 0</code> with <code>.includes()</code> (~40+ occurrences)</li> <li>Replace <code>indexOf() === 0</code> with <code>.startsWith()</code> where appropriate</li> <li>Replace <code>var</code> with <code>const</code>, <code>'' + object</code> with <code>String(object)</code>, <code>.substring()</code> with <code>.slice()</code></li> <li>Replace <code>.apply(observer, [event, ...args])</code> with direct call <code>observer(event, ...args)</code></li> <li>Remove unnecessary <code>.call(this, ...)</code> in BackendConnector retry logic</li> <li>Fix <code>array-callback-return</code> in LanguageUtils <code>getBestMatchFromCodes</code></li> <li>Clean up all stale <code>eslint-disable</code> comments from source files</li> </ul> </li> <li><strong>EventEmitter</strong>: add <code>once()</code> method for one-time event subscriptions</li> <li><strong>Memory leak fix</strong>: move module-level <code>checkedLoadedFor</code> cache to Translator instance, preventing cross-instance state leakage</li> <li><strong>TypeScript</strong>: fix <code>BackendModule</code> generic parameter naming inconsistency between CJS and ESM type definitions</li> <li><strong>TypeScript</strong>: add <code>once()</code> method to <code>i18n</code> and <code>ResourceStore</code> type interfaces</li> <li><strong>ESLint 9</strong>: migrate from ESLint 8 (airbnb-base) to ESLint 9 flat config with <a href="https://github.com/neostandard/neostandard">neostandard</a></li> <li><strong>Vitest 4</strong>: upgrade from vitest 3 to vitest 4, migrate workspace files to <code>test.projects</code> config</li> </ul> <h2>v25.10.10</h2> <ul> <li>feat: suppress support notice automatically in production environments (<code>NODE_ENV=production</code>)</li> </ul> <h2>v25.10.9</h2> <ul> <li>feat(types): export <code>SelectorParam<Ns, KPrefix></code> helper type — a stable, readable alternative to <code>Parameters<TFunction<Ns>>[0]</code> for typing selector function props <a href="https://redirect.github.com/i18next/i18next/issues/2414">2414</a></li> </ul> <h2>v25.10.8</h2> <ul> <li>fix(types): reorder <code>TFunctionSelector</code> overloads so <code>Parameters<TFunction></code> resolves to the general selector signature instead of the branded <code>SelectorKey</code> type <a href="https://redirect.github.com/i18next/i18next/issues/2412">2412</a></li> </ul> <h2>v25.10.7</h2> <ul> <li>feat(types): support typescript 6 to address <a href="https://redirect.github.com/i18next/react-i18next/issues/1910">i18next/react-i18next#1910</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/i18next/i18next/blob/master/CHANGELOG.md">i18next's changelog</a>.</em></p> <blockquote> <h2>26.0.3</h2> <ul> <li>fix(types): <code>addResourceBundle</code> now accepts an optional 6th <code>options</code> parameter (<code>{ silent?: boolean; skipCopy?: boolean }</code>) matching the runtime API <a href="https://redirect.github.com/i18next/i18next/issues/2419">2419</a></li> </ul> <h2>26.0.2</h2> <ul> <li>fix(types): <code>t("key", {} as TOptions)</code> no longer produces a type error — the context constraint now bypasses strict checking when <code>context</code> is <code>unknown</code> (e.g. from <code>TOptions</code>) <a href="https://redirect.github.com/i18next/i18next/issues/2418">2418</a></li> </ul> <h2>26.0.1</h2> <ul> <li>fix: Formatter no longer crashes when <code>alwaysFormat</code> is <code>true</code> and no format specifier is present (<code>format</code> is <code>undefined</code>)</li> <li>fix: Formatter now returns <code>undefined</code>/<code>null</code> values as-is instead of producing <code>NaN</code> when the value is missing</li> </ul> <h2>26.0.0</h2> <p><strong>This is a major breaking release:</strong></p> <h3>Breaking Changes</h3> <ul> <li><strong>Remove deprecated <code>initImmediate</code> option</strong> — the backward-compatibility mapping from <code>initImmediate</code> to <code>initAsync</code> (introduced in v24) has been removed. Use <code>initAsync</code> instead.</li> <li><strong>Remove legacy <code>interpolation.format</code> function</strong> — the old monolithic format function (<code>interpolation: { format: (value, format, lng) => ... }</code>) is no longer supported. The built-in Formatter (or a custom Formatter module via <code>.use()</code>) is now always used. Migrate to the <a href="https://www.i18next.com/translation-function/formatting">new formatting approach</a> using <code>i18next.services.formatter.add()</code> or <code>.addCached()</code> for custom formatters.</li> <li><strong>Remove console support notice</strong> — the console support notice introduced in v25.8.0 has been removed, along with the <code>showSupportNotice</code> option and all related internal suppression logic (<code>globalThis.__i18next_supportNoticeShown</code>, <code>I18NEXT_NO_SUPPORT_NOTICE</code> env var). See our blog post for the <a href="https://www.locize.com/blog/i18next-support-notice">full story</a>.</li> <li><strong>Remove <code>simplifyPluralSuffix</code> option</strong> — this option was unused by the core PluralResolver (which relies entirely on <code>Intl.PluralRules</code>). It only had an effect in the old v1/v2/v3 compatibility layer. The v4 test compatibility layer now defaults to <code>true</code> internally.</li> <li><strong>Remove deprecated <code>@babel/polyfill</code></strong> from devDependencies.</li> </ul> <h3>Improvements</h3> <ul> <li><strong>Code modernization</strong> across all source files: <ul> <li>Replace <code>indexOf() > -1</code> / <code>indexOf() < 0</code> with <code>.includes()</code> (~40+ occurrences)</li> <li>Replace <code>indexOf() === 0</code> with <code>.startsWith()</code> where appropriate</li> <li>Replace <code>var</code> with <code>const</code>, <code>'' + object</code> with <code>String(object)</code>, <code>.substring()</code> with <code>.slice()</code></li> <li>Replace <code>.apply(observer, [event, ...args])</code> with direct call <code>observer(event, ...args)</code></li> <li>Remove unnecessary <code>.call(this, ...)</code> in BackendConnector retry logic</li> <li>Fix <code>array-callback-return</code> in LanguageUtils <code>getBestMatchFromCodes</code></li> <li>Clean up all stale <code>eslint-disable</code> comments from source files</li> </ul> </li> <li><strong>EventEmitter</strong>: add <code>once()</code> method for one-time event subscriptions</li> <li><strong>Memory leak fix</strong>: move module-level <code>checkedLoadedFor</code> cache to Translator instance, preventing cross-instance state leakage</li> <li><strong>TypeScript</strong>: fix <code>BackendModule</code> generic parameter naming inconsistency between CJS and ESM type definitions</li> <li><strong>TypeScript</strong>: add <code>once()</code> method to <code>i18n</code> and <code>ResourceStore</code> type interfaces</li> <li><strong>ESLint 9</strong>: migrate from ESLint 8 (airbnb-base) to ESLint 9 flat config with <a href="https://github.com/neostandard/neostandard">neostandard</a></li> <li><strong>Vitest 4</strong>: upgrade from vitest 3 to vitest 4, migrate workspace files to <code>test.projects</code> config</li> </ul> <h2>25.10.10</h2> <ul> <li>feat: suppress support notice automatically in production environments (<code>NODE_ENV=production</code>)</li> </ul> <h2>25.10.9</h2> <ul> <li>feat(types): export <code>SelectorParam<Ns, KPrefix></code> helper type — a stable, readable alternative to <code>Parameters<TFunction<Ns>>[0]</code> for typing selector function props <a href="https://redirect.github.com/i18next/i18next/issues/2414">2414</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |