fb13e1f6a996ed3efa5ea67e0010aeed84f8542b
53 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
6ac15bce31 |
build(deps-dev): bump esbuild from 0.27.3 to 0.28.0 (#7331)
Bumps [esbuild](https://github.com/evanw/esbuild) from 0.27.3 to 0.28.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/releases">esbuild's releases</a>.</em></p> <blockquote> <h2>v0.28.0</h2> <ul> <li> <p>Add support for <code>with { type: 'text' }</code> imports (<a href="https://redirect.github.com/evanw/esbuild/issues/4435">#4435</a>)</p> <p>The <a href="https://github.com/tc39/proposal-import-text">import text</a> proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by <a href="https://docs.deno.com/examples/importing_text/">Deno</a> and <a href="https://bun.com/docs/guides/runtime/import-html">Bun</a>. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing <a href="https://esbuild.github.io/content-types/#text"><code>text</code> loader</a>. Here's an example:</p> <pre lang="js"><code>import string from './example.txt' with { type: 'text' } console.log(string) </code></pre> </li> <li> <p>Add integrity checks to fallback download path (<a href="https://redirect.github.com/evanw/esbuild/issues/4343">#4343</a>)</p> <p>Installing esbuild via npm is somewhat complicated with several different edge cases (see <a href="https://esbuild.github.io/getting-started/#additional-npm-flags">esbuild's documentation</a> for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the <code>npm</code> command, and then with a HTTP request to <code>registry.npmjs.org</code> as a last resort).</p> <p>This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level <code>esbuild</code> package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.</p> </li> <li> <p>Update the Go compiler from 1.25.7 to 1.26.1</p> <p>This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:</p> <ul> <li>It now uses the <a href="https://go.dev/doc/go1.26#new-garbage-collector">new garbage collector</a> that comes with Go 1.26.</li> <li>The Go compiler is now more aggressive with allocating memory on the stack.</li> <li>The executable format that the Go linker uses has undergone several changes.</li> <li>The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.</li> </ul> <p>You can read the <a href="https://go.dev/doc/go1.26">Go 1.26 release notes</a> for more information.</p> </li> </ul> <h2>v0.27.7</h2> <ul> <li> <p>Fix lowering of define semantics for TypeScript parameter properties (<a href="https://redirect.github.com/evanw/esbuild/issues/4421">#4421</a>)</p> <p>The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:</p> <pre lang="ts"><code>// Original code class Foo { constructor(public x = 1) {} y = 2 } <p>// Old output (with --loader=ts --target=es2021)<br /> class Foo {<br /> constructor(x = 1) {<br /> this.x = x;<br /> __publicField(this, "y", 2);<br /> }<br /> x;<br /> }</p> <p>// New output (with --loader=ts --target=es2021)<br /> class Foo {<br /> </code></pre></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/evanw/esbuild/blob/main/CHANGELOG.md">esbuild's changelog</a>.</em></p> <blockquote> <h2>0.28.0</h2> <ul> <li> <p>Add support for <code>with { type: 'text' }</code> imports (<a href="https://redirect.github.com/evanw/esbuild/issues/4435">#4435</a>)</p> <p>The <a href="https://github.com/tc39/proposal-import-text">import text</a> proposal has reached stage 3 in the TC39 process, which means that it's recommended for implementation. It has also already been implemented by <a href="https://docs.deno.com/examples/importing_text/">Deno</a> and <a href="https://bun.com/docs/guides/runtime/import-html">Bun</a>. So with this release, esbuild also adds support for it. This behaves exactly the same as esbuild's existing <a href="https://esbuild.github.io/content-types/#text"><code>text</code> loader</a>. Here's an example:</p> <pre lang="js"><code>import string from './example.txt' with { type: 'text' } console.log(string) </code></pre> </li> <li> <p>Add integrity checks to fallback download path (<a href="https://redirect.github.com/evanw/esbuild/issues/4343">#4343</a>)</p> <p>Installing esbuild via npm is somewhat complicated with several different edge cases (see <a href="https://esbuild.github.io/getting-started/#additional-npm-flags">esbuild's documentation</a> for details). If the regular installation of esbuild's platform-specific package fails, esbuild's install script attempts to download the platform-specific package itself (first with the <code>npm</code> command, and then with a HTTP request to <code>registry.npmjs.org</code> as a last resort).</p> <p>This last resort path previously didn't have any integrity checks. With this release, esbuild will now verify that the hash of the downloaded binary matches the expected hash for the current release. This means the hashes for all of esbuild's platform-specific binary packages will now be embedded in the top-level <code>esbuild</code> package. Hopefully this should work without any problems. But just in case, this change is being done as a breaking change release.</p> </li> <li> <p>Update the Go compiler from 1.25.7 to 1.26.1</p> <p>This upgrade should not affect anything. However, there have been some significant internal changes to the Go compiler, so esbuild could potentially behave differently in certain edge cases:</p> <ul> <li>It now uses the <a href="https://go.dev/doc/go1.26#new-garbage-collector">new garbage collector</a> that comes with Go 1.26.</li> <li>The Go compiler is now more aggressive with allocating memory on the stack.</li> <li>The executable format that the Go linker uses has undergone several changes.</li> <li>The WebAssembly build now unconditionally makes use of the sign extension and non-trapping floating-point to integer conversion instructions.</li> </ul> <p>You can read the <a href="https://go.dev/doc/go1.26">Go 1.26 release notes</a> for more information.</p> </li> </ul> <h2>0.27.7</h2> <ul> <li> <p>Fix lowering of define semantics for TypeScript parameter properties (<a href="https://redirect.github.com/evanw/esbuild/issues/4421">#4421</a>)</p> <p>The previous release incorrectly generated class fields for TypeScript parameter properties even when the configured target environment does not support class fields. With this release, the generated class fields will now be correctly lowered in this case:</p> <pre lang="ts"><code>// Original code class Foo { constructor(public x = 1) {} y = 2 } <p>// Old output (with --loader=ts --target=es2021)<br /> class Foo {<br /> constructor(x = 1) {<br /> this.x = x;<br /> __publicField(this, "y", 2);<br /> }<br /> x;<br /> }</p> <p></code></pre></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/evanw/esbuild/commit/6a794dff68e6a43539f6da671e3080efdf11ca70"><code>6a794df</code></a> publish 0.28.0 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/64ee0ea63b2ff303caafc9610c388dc72c882c23"><code>64ee0ea</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4435">#4435</a>: support <code>with { type: text }</code> imports</li> <li><a href="https://github.com/evanw/esbuild/commit/ef65aeeaacdb71eade186f888975b1de89574314"><code>ef65aee</code></a> fix sort order in <code>snapshots_packagejson.txt</code></li> <li><a href="https://github.com/evanw/esbuild/commit/1a26a8ecbc39aaf1379c524a0274a08fbcbed655"><code>1a26a8e</code></a> try to fix <code>test-old-ts</code>, also shuffle CI tasks</li> <li><a href="https://github.com/evanw/esbuild/commit/556ce6c1fc00d7c0917fbfada01ed8e5251bc510"><code>556ce6c</code></a> use <code>''</code> instead of <code>null</code> to omit build hashes</li> <li><a href="https://github.com/evanw/esbuild/commit/8e675a81a473ea69a46a69792f1386bb110dd877"><code>8e675a8</code></a> ci: allow missing binary hashes for tests</li> <li><a href="https://github.com/evanw/esbuild/commit/7067763b904fe8a522fa840a4a48c5fbd4c395e0"><code>7067763</code></a> Reapply "update go 1.25.7 => 1.26.1"</li> <li><a href="https://github.com/evanw/esbuild/commit/39473a952ab3b450d0578b698a8b8d2a02332e0d"><code>39473a9</code></a> fix <a href="https://redirect.github.com/evanw/esbuild/issues/4343">#4343</a>: integrity check for binary download</li> <li><a href="https://github.com/evanw/esbuild/commit/2025c9ff6ab15ba6b0f9d074fd732250cc46e4a3"><code>2025c9f</code></a> publish 0.27.7 to npm</li> <li><a href="https://github.com/evanw/esbuild/commit/c6b586e4904f47e8d5f783a2813660c13e2672e7"><code>c6b586e</code></a> fix typo in <code>Makefile</code> for <code>@esbuild/win32-x64</code></li> <li>Additional commits viewable in <a href="https://github.com/evanw/esbuild/compare/v0.27.3...v0.28.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
1325503565 |
build(deps): bump @codemirror/lang-javascript from 6.2.4 to 6.2.5 (#7328)
Bumps [@codemirror/lang-javascript](https://github.com/codemirror/lang-javascript) from 6.2.4 to 6.2.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/codemirror/lang-javascript/blob/main/CHANGELOG.md">@codemirror/lang-javascript's changelog</a>.</em></p> <blockquote> <h2>6.2.5 (2026-03-02)</h2> <h3>Bug fixes</h3> <p>Support code folding of JSX elements and tags.</p> <p>When reading properties in <code>scopeCompletionSource</code>, use the original object, not a prototype.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/codemirror/lang-javascript/commit/a202a000e8d3d107d1c340db933d9f09a828308a"><code>a202a00</code></a> Mark version 6.2.5</li> <li><a href="https://github.com/codemirror/lang-javascript/commit/190b567c8066a4383826b9a32e3a53f3ed01e442"><code>190b567</code></a> Fix missing inherited getters in enumeratePropertyCompletions</li> <li><a href="https://github.com/codemirror/lang-javascript/commit/a94cdcb88454738842564881d6980502f0bfc784"><code>a94cdcb</code></a> Add folding for JSX elements and tags</li> <li><a href="https://github.com/codemirror/lang-javascript/commit/78a85210d83c41bef23c222425f2ebf3d4353e2d"><code>78a8521</code></a> Use git+https format for package.json repository field</li> <li>See full diff in <a href="https://github.com/codemirror/lang-javascript/compare/6.2.4...6.2.5">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
2a77c65189 |
build(deps-dev): bump @tailwindcss/vite from 4.1.18 to 4.3.0 (#7327)
Bumps [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) from 4.1.18 to 4.3.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/releases">@tailwindcss/vite's releases</a>.</em></p> <blockquote> <h2>v4.3.0</h2> <h3>Added</h3> <ul> <li>Add <code>@container-size</code> utility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18901">#18901</a>)</li> <li>Add <code>scrollbar-{auto,thin,none}</code> utilities for <code>scrollbar-width</code>, and <code>scrollbar-thumb-*</code> / <code>scrollbar-track-*</code> color utilities for <code>scrollbar-color</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19981">#19981</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20019">#20019</a>)</li> <li>Add <code>scrollbar-gutter-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20018">#20018</a>)</li> <li>Add <code>zoom-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20020">#20020</a>)</li> <li>Add <code>tab-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20022">#20022</a>)</li> <li>Allow using <code>@variant</code> with stacked variants (e.g. <code>@variant hover:focus { … }</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996">#19996</a>)</li> <li>Allow using <code>@variant</code> with compound variants (e.g. <code>@variant hover, focus { … }</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996">#19996</a>)</li> <li>Support <code>--default(…)</code> in <code>--value(…)</code> and <code>--modifier(…)</code> for functional <code>@utility</code> definitions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19989">#19989</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Ensure <code>@plugin</code> resolves package JavaScript entries instead of browser CSS entries when using <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19949">#19949</a>)</li> <li>Fix relative <code>@import</code> and <code>@plugin</code> paths resolving from the wrong directory when using <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19965">#19965</a>)</li> <li>Ensure CSS files containing <code>@variant</code> are processed by <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19966">#19966</a>)</li> <li>Resolve imports relative to <code>base</code> when <code>result.opts.from</code> is not provided when using <code>@tailwindcss/postcss</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19980">#19980</a>)</li> <li>Canonicalization: preserve significant <code>_</code> whitespace in arbitrary values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986">#19986</a>)</li> <li>Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. <code>w-[calc(100%---spacing(60))]</code> → <code>w-[calc(100%-(--spacing(60)))]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986">#19986</a>)</li> <li>Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. <code>-mt-[20in]</code> → <code>mt-[-20in]</code>, not <code>mt-[-1920px]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19988">#19988</a>)</li> <li>Canonicalization: migrate arbitrary <code>:has()</code> variants from <code>[&:has(…)]</code> to <code>has-[…]</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19991">#19991</a>)</li> <li>Upgrade: don’t migrate inline <code>style</code> attributes (e.g. <code>style="flex-grow: 1"</code> → <code>style="flex-grow: 1"</code>, not <code>style="grow: 1"</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19918">#19918</a>)</li> <li>Allow multiple <code>@utility</code> definitions with the same name but different value types (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19777">#19777</a>)</li> <li>Export missing <code>PluginWithConfig</code> type from <code>tailwindcss/plugin</code> to fix errors when inferring plugin config types (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19707">#19707</a>)</li> <li>Ensure <code>start</code> and <code>end</code> legacy utilities without values do not generate CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20003">#20003</a>)</li> <li>Ensure <code>--value(…)</code> is required in functional <code>@utility</code> definitions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20005">#20005</a>)</li> <li>Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. <code>-left-[(var(--a)+var(--b))]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20011">#20011</a>)</li> </ul> <h2>v4.2.4</h2> <h3>Fixed</h3> <ul> <li>Ensure imports in <code>@import</code> and <code>@plugin</code> still resolve correctly when using Vite aliases in <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19947">#19947</a>)</li> </ul> <h2>v4.2.3</h2> <h3>Fixed</h3> <ul> <li>Canonicalization: improve canonicalizations for <code>tracking-*</code> utilities by preferring non-negative utilities (e.g. <code>-tracking-tighter</code> → <code>tracking-wider</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19827">#19827</a>)</li> <li>Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19829">#19829</a>)</li> <li>Ensure query params in imports are considered unique resources when using <code>@tailwindcss/webpack</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19723">#19723</a>)</li> <li>Canonicalization: collapse arbitrary values into shorthand utilities (e.g. <code>px-[1.2rem] py-[1.2rem]</code> → <code>p-[1.2rem]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19837">#19837</a>)</li> <li>Canonicalization: collapse <code>border-{t,b}-*</code> into <code>border-y-*</code>, <code>border-{l,r}-*</code> into <code>border-x-*</code>, and <code>border-{t,r,b,l}-*</code> into <code>border-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>scroll-m{t,b}-*</code> into <code>scroll-my-*</code>, <code>scroll-m{l,r}-*</code> into <code>scroll-mx-*</code>, and <code>scroll-m{t,r,b,l}-*</code> into <code>scroll-m-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>scroll-p{t,b}-*</code> into <code>scroll-py-*</code>, <code>scroll-p{l,r}-*</code> into <code>scroll-px-*</code>, and <code>scroll-p{t,r,b,l}-*</code> into <code>scroll-p-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>overflow-{x,y}-*</code> into <code>overflow-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>overscroll-{x,y}-*</code> into <code>overscroll-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Read from <code>--placeholder-color</code> instead of <code>--background-color</code> for <code>placeholder-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19843">#19843</a>)</li> <li>Upgrade: ensure files are not emptied out when killing the upgrade process while it's running (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19846">#19846</a>)</li> <li>Upgrade: use <code>config.content</code> when migrating from Tailwind CSS v3 to Tailwind CSS v4 (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19846">#19846</a>)</li> <li>Upgrade: never migrate files that are ignored by git (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19846">#19846</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md">@tailwindcss/vite's changelog</a>.</em></p> <blockquote> <h2>[4.3.0] - 2026-05-08</h2> <h3>Added</h3> <ul> <li>Add <code>@container-size</code> utility (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/18901">#18901</a>)</li> <li>Add <code>scrollbar-{auto,thin,none}</code> utilities for <code>scrollbar-width</code>, and <code>scrollbar-thumb-*</code> / <code>scrollbar-track-*</code> color utilities for <code>scrollbar-color</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19981">#19981</a>, <a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20019">#20019</a>)</li> <li>Add <code>scrollbar-gutter-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20018">#20018</a>)</li> <li>Add <code>zoom-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20020">#20020</a>)</li> <li>Add <code>tab-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20022">#20022</a>)</li> <li>Allow using <code>@variant</code> with stacked variants (e.g. <code>@variant hover:focus { … }</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996">#19996</a>)</li> <li>Allow using <code>@variant</code> with compound variants (e.g. <code>@variant hover, focus { … }</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19996">#19996</a>)</li> <li>Support <code>--default(…)</code> in <code>--value(…)</code> and <code>--modifier(…)</code> for functional <code>@utility</code> definitions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19989">#19989</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Ensure <code>@plugin</code> resolves package JavaScript entries instead of browser CSS entries when using <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19949">#19949</a>)</li> <li>Fix relative <code>@import</code> and <code>@plugin</code> paths resolving from the wrong directory when using <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19965">#19965</a>)</li> <li>Ensure CSS files containing <code>@variant</code> are processed by <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19966">#19966</a>)</li> <li>Resolve imports relative to <code>base</code> when <code>result.opts.from</code> is not provided when using <code>@tailwindcss/postcss</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19980">#19980</a>)</li> <li>Canonicalization: preserve significant <code>_</code> whitespace in arbitrary values (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986">#19986</a>)</li> <li>Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. <code>w-[calc(100%---spacing(60))]</code> → <code>w-[calc(100%-(--spacing(60)))]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19986">#19986</a>)</li> <li>Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. <code>-mt-[20in]</code> → <code>mt-[-20in]</code>, not <code>mt-[-1920px]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19988">#19988</a>)</li> <li>Canonicalization: migrate arbitrary <code>:has()</code> variants from <code>[&:has(…)]</code> to <code>has-[…]</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19991">#19991</a>)</li> <li>Upgrade: don’t migrate inline <code>style</code> attributes (e.g. <code>style="flex-grow: 1"</code> → <code>style="flex-grow: 1"</code>, not <code>style="grow: 1"</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19918">#19918</a>)</li> <li>Allow multiple <code>@utility</code> definitions with the same name but different value types (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19777">#19777</a>)</li> <li>Export missing <code>PluginWithConfig</code> type from <code>tailwindcss/plugin</code> to fix errors when inferring plugin config types (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19707">#19707</a>)</li> <li>Ensure <code>start</code> and <code>end</code> legacy utilities without values do not generate CSS (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20003">#20003</a>)</li> <li>Ensure <code>--value(…)</code> is required in functional <code>@utility</code> definitions (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20005">#20005</a>)</li> <li>Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. <code>-left-[(var(--a)+var(--b))]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/20011">#20011</a>)</li> </ul> <h2>[4.2.4] - 2026-04-21</h2> <h3>Fixed</h3> <ul> <li>Ensure imports in <code>@import</code> and <code>@plugin</code> still resolve correctly when using Vite aliases in <code>@tailwindcss/vite</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19947">#19947</a>)</li> </ul> <h2>[4.2.3] - 2026-04-20</h2> <h3>Fixed</h3> <ul> <li>Canonicalization: improve canonicalization for <code>tracking-*</code> utilities by preferring non-negative utilities (e.g. <code>-tracking-tighter</code> → <code>tracking-wider</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19827">#19827</a>)</li> <li>Fix crash due to invalid characters in candidate (exceeding valid unicode code point range) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19829">#19829</a>)</li> <li>Ensure query params in imports are considered unique resources when using <code>@tailwindcss/webpack</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19723">#19723</a>)</li> <li>Canonicalization: collapse arbitrary values into shorthand utilities (e.g. <code>px-[1.2rem] py-[1.2rem]</code> → <code>p-[1.2rem]</code>) (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19837">#19837</a>)</li> <li>Canonicalization: collapse <code>border-{t,b}-*</code> into <code>border-y-*</code>, <code>border-{l,r}-*</code> into <code>border-x-*</code>, and <code>border-{t,r,b,l}-*</code> into <code>border-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>scroll-m{t,b}-*</code> into <code>scroll-my-*</code>, <code>scroll-m{l,r}-*</code> into <code>scroll-mx-*</code>, and <code>scroll-m{t,r,b,l}-*</code> into <code>scroll-m-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>scroll-p{t,b}-*</code> into <code>scroll-py-*</code>, <code>scroll-p{l,r}-*</code> into <code>scroll-px-*</code>, and <code>scroll-p{t,r,b,l}-*</code> into <code>scroll-p-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>overflow-{x,y}-*</code> into <code>overflow-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Canonicalization: collapse <code>overscroll-{x,y}-*</code> into <code>overscroll-*</code> (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19842">#19842</a>)</li> <li>Read from <code>--placeholder-color</code> instead of <code>--background-color</code> for <code>placeholder-*</code> utilities (<a href="https://redirect.github.com/tailwindlabs/tailwindcss/pull/19843">#19843</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/588bd7371f4cae96426e1387819b7fd1d99765f9"><code>588bd73</code></a> 4.3.0 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/20023">#20023</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/d194d4c3e656313421f1cfa1954db8f58eec0fcd"><code>d194d4c</code></a> docs: fix various typos in comments and documentation (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19878">#19878</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/db27049caaae08978995f25b61f8336f543a4640"><code>db27049</code></a> fix(<code>@tailwindcss/vite</code>): include <a href="https://github.com/variant"><code>@variant</code></a> in feature detection (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19966">#19966</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/5a799900d4b43ca4902398a38c6f0a5b37a98ed9"><code>5a79990</code></a> Always resolve relative files, relative to the current .css file (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19965">#19965</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/f3fdda2a5cb9de50c897c79003aa58182cd9269b"><code>f3fdda2</code></a> fix(vite): avoid resolving JS plugins to browser CSS entries (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19949">#19949</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/69ad7cc5ec091125842aba783c5bfce536e9c234"><code>69ad7cc</code></a> 4.2.4 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19948">#19948</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/685c19e266a6b75842747acab6fe7076e82df62d"><code>685c19e</code></a> Fix issue around resolving paths in <code>@tailwindcss/vite</code> (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19947">#19947</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/2e3fa490a535a8341fd2853d75098f0d4dbcc825"><code>2e3fa49</code></a> 4.2.3 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19944">#19944</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/5cb1efdf416a6d37012d31cc1306c41cb35bbdc1"><code>5cb1efd</code></a> fix(vite): resolve tsconfig paths in CSS and JS resolvers (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19803">#19803</a>)</li> <li><a href="https://github.com/tailwindlabs/tailwindcss/commit/d596b0c43d36ad5099c983930fb155e089cbc291"><code>d596b0c</code></a> 4.2.2 (<a href="https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite/issues/19821">#19821</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-vite">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for <code>@tailwindcss/vite</code> since your current version.</p> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
06ce7ec5b0 |
build(deps): bump dompurify from 3.3.2 to 3.4.8 (#7326)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.2 to 3.4.8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.4.8</h2> <ul> <li>Cleaned up the repository root, renamed some and removed unneeded files</li> <li>Fixed an issue with handling of Trusted Types policies, thanks <a href="https://github.com/fulstadev"><code>@fulstadev</code></a></li> <li>Fixed the node iterator for better template scrubbing, thanks <a href="https://github.com/IamLeandrooooo"><code>@IamLeandrooooo</code></a></li> <li>Included formerly missing LICENSE-MPL in published npm package, thanks <a href="https://github.com/asamuzaK"><code>@asamuzaK</code></a></li> <li>Bumped several dependencies where possible</li> </ul> <h2>DOMPurify 3.4.7</h2> <ul> <li>Hardened the handling of Shadow Roots when using <code>IN_PLACE</code>, thanks <a href="https://github.com/GameZoneHacker"><code>@GameZoneHacker</code></a></li> <li>Removed a problem leading to permanent hook pollution, thanks <a href="https://github.com/offset"><code>@offset</code></a></li> <li>Refactored the test suite and expanded test coverage significantly</li> </ul> <h2>DOMPurify 3.4.6</h2> <ul> <li>Fixed several issues with DOM Clobbering in <code>IN_PLACE</code> mode, thanks <a href="https://github.com/offset"><code>@offset</code></a> & <a href="https://github.com/Bankde"><code>@Bankde</code></a></li> <li>Hardened the checks for cross-realm <code>IN_PLACE</code> and Shadow DOM sanitization, thanks <a href="https://github.com/offset"><code>@offset</code></a> & <a href="https://github.com/Bankde"><code>@Bankde</code></a></li> <li>Added more test coverage for <code>IN_PLACE</code> and general DOM Clobbering attacks</li> <li>Bumped several dependencies where possible</li> </ul> <h2>DOMPurify 3.4.5</h2> <ul> <li>Fixed a bypass caused by the new HTML element <code>selectedcontent</code> added in 3.4.4, thanks <a href="https://github.com/KabirAcharya"><code>@KabirAcharya</code></a></li> </ul> <p><strong>Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.</strong></p> <h2>DOMPurify 3.4.4</h2> <ul> <li>Added the <code>selectedcontent</code> element to default allow-list, thanks <a href="https://github.com/lukewarlow"><code>@lukewarlow</code></a></li> <li>Added the <code>command</code> and <code>commandfor</code> attributes to default allowed-list, thanks <a href="https://github.com/lukewarlow"><code>@lukewarlow</code></a></li> <li>Added better template scrubbing for <code>IN_PLACE</code> operations, thanks <a href="https://github.com/DEMON1A"><code>@DEMON1A</code></a></li> <li>Added stronger checks for cross-realm windows, thanks <a href="https://github.com/DEMON1A"><code>@DEMON1A</code></a> & <a href="https://github.com/fg0x0"><code>@fg0x0</code></a></li> <li>Updated demo website and made sure it uses the latest from main</li> <li>Updated existing workflows, fuzzer, dependabot, etc., added more tests</li> <li>Bumped several dependencies where possible</li> </ul> <p>🚨 <strong>This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead</strong> 🚨</p> <h2>DOMPurify 3.4.3</h2> <ul> <li>Fixed an issue with handling of nested Shadow DOM trees, thanks <a href="https://github.com/fishjojo1"><code>@fishjojo1</code></a></li> <li>Fixed the template regexes to be more robust against ReDoS attacks, thanks <a href="https://github.com/aleung27"><code>@aleung27</code></a></li> <li>Updated the node iteration code to catch more Shadow DOM related issues</li> <li>Updated Playwright and added Node 26 to test matrix</li> <li>Updated existing workflows, fuzzer, release signing, etc., added more tests</li> <li>Bumped several dependencies where possible</li> </ul> <h2>DOMPurify 3.4.2</h2> <ul> <li>Fixed an issue with URI validation on attributes allowed via <code>ADD_ATTR</code> callback, thanks <a href="https://github.com/nelstrom"><code>@nelstrom</code></a></li> <li>Fixed an issue with source maps referring to non-existing files, thanks <a href="https://github.com/cmdcolin"><code>@cmdcolin</code></a></li> <li>Updated existing workflows, fuzzer, release signing, etc., added more tests</li> <li>Bumped several dependencies where possible</li> </ul> <h2>DOMPurify 3.4.1</h2> <ul> <li>Fixed an issue with on-handler stripping for HTML-spec-reserved custom element names (<code>font-face</code>, <code>color-profile</code>, <code>missing-glyph</code>, <code>font-face-src</code>, <code>font-face-uri</code>, <code>font-face-format</code>, <code>font-face-name</code>) under permissive <code>CUSTOM_ELEMENT_HANDLING</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/bcdd8285412dc9c4c149652aed2d712e790d6ccf"><code>bcdd828</code></a> release: 3.4.8 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1439">#1439</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/ca30f070c360df162a3e3848e80e6fd3c9e74bff"><code>ca30f07</code></a> release: 3.4.7 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1414">#1414</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/bb7739e5bccec7e1ab3dae3f3e42d02db3acaaae"><code>bb7739e</code></a> release: 3.4.6 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1394">#1394</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/011b0c78f2a0f57ee54f5fcccb697a46ca6e63ea"><code>011b0c7</code></a> release: 3.4.5 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1382">#1382</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5817ad969c15e67dfcd6cb37248d6e9c1553e7c3"><code>5817ad9</code></a> release: 3.4.4 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1374">#1374</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/520edb0371a9638f9b51f1798051299a250c686b"><code>520edb0</code></a> release: 3.4.3 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1352">#1352</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6f67fd396a7b8c64294343999fe607ca1f5299c0"><code>6f67fd3</code></a> Sync/3.4.2 (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1322">#1322</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5b0cdbbf52331e854c0a2de875b1a3790ecec2b8"><code>5b0cdbb</code></a> chore: merge main into 3.x for 3.4.1 release (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1301">#1301</a>)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/09f59115a311469de5b625225760593e551f080a"><code>09f5911</code></a> test: added three more browsers to test setup (OSX, mobile)</li> <li><a href="https://github.com/cure53/DOMPurify/commit/5b16e0b892e82b1779d62b9928b43c4c4ff290b9"><code>5b16e0b</code></a> Getting 3.x branch ready for 3.4.0 release (<a href="https://redirect.github.com/cure53/DOMPurify/issues/1250">#1250</a>)</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.8">compare view</a></li> </ul> </details> <details> <summary>Install script changes</summary> <p>This version adds <code>prepare</code> script that runs during installation. Review the package contents before updating.</p> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
3d9bd326c9 |
build(deps): bump react-router-dom from 7.13.0 to 7.16.0 (#7325)
Bumps [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) from 7.13.0 to 7.16.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md">react-router-dom's changelog</a>.</em></p> <blockquote> <h2>v7.16.0</h2> <h3>Patch Changes</h3> <ul> <li>Remove stale/invalid <code>unpkg</code> field from <code>package.json</code>. This was removed from other packages with the release of v7 but missed in the <code>react-router-dom</code> re-export package (<a href="https://redirect.github.com/remix-run/react-router/pull/15075">#15075</a>)</li> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.16.0"><code>react-router@7.16.0</code></a></li> </ul> </li> </ul> <h2>v7.15.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.15.1"><code>react-router@7.15.1</code></a></li> </ul> </li> </ul> <h2>v7.15.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.15.0"><code>react-router@7.15.0</code></a></li> </ul> </li> </ul> <h2>v7.14.2</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.14.2"><code>react-router@7.14.2</code></a></li> </ul> </li> </ul> <h2>v7.14.1</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><a href="https://github.com/remix-run/react-router/releases/tag/react-router@7.14.1"><code>react-router@7.14.1</code></a></li> </ul> </li> </ul> <h2>7.14.0</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><code>react-router@7.14.0</code></li> </ul> </li> </ul> <h2>7.13.2</h2> <h3>Patch Changes</h3> <ul> <li>Updated dependencies: <ul> <li><code>react-router@7.13.2</code></li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/remix-run/react-router/commit/8984d23f86ca7ae5655711744b77816090bda4e6"><code>8984d23</code></a> Release v7.16.0 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15105">#15105</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/3ed77afcde0ad9aea79f1afe5f05a700b201f289"><code>3ed77af</code></a> chore: format</li> <li><a href="https://github.com/remix-run/react-router/commit/e96962bc6159a2290632849b55872a3878753342"><code>e96962b</code></a> fix: remove stale unpkg field from react-router-dom (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15075">#15075</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/587d08fca6ca61e00f44c1eda95bf6e6a9ab76ef"><code>587d08f</code></a> Release v7.15.1 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15038">#15038</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/97c8de79c38f107acd15f74d8295c7bf75894a5d"><code>97c8de7</code></a> Release v7.15.0 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/15018">#15018</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/cf1d25003aa1217dc21c16e95d483601940ae9af"><code>cf1d250</code></a> Release v7.14.2 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14993">#14993</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/197674ba9fc1b72b452e17894e5e783bdab7a087"><code>197674b</code></a> Release 7.14.1 (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14973">#14973</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/a87774f997d8ba497c97562840f0766250c3e4ce"><code>a87774f</code></a> Add new release process (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14916">#14916</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/e31077b0c380d9764dbced4c753e9ff99387045d"><code>e31077b</code></a> chore: Update version for release (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14945">#14945</a>)</li> <li><a href="https://github.com/remix-run/react-router/commit/6683e85a9d7d607a45a3f6374afcc598a474f602"><code>6683e85</code></a> chore: Update version for release (pre) (<a href="https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom/issues/14943">#14943</a>)</li> <li>Additional commits viewable in <a href="https://github.com/remix-run/react-router/commits/react-router-dom@7.16.0/packages/react-router-dom">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
cc938d0366 |
build(deps): bump @assistant-ui/react from 0.12.23 to 0.14.13 (#7324)
Bumps [@assistant-ui/react](https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react) from 0.12.23 to 0.14.13. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/assistant-ui/assistant-ui/releases">@assistant-ui/react's releases</a>.</em></p> <blockquote> <h2><code>@assistant-ui/react</code><a href="https://github.com/0"><code>@0</code></a>.14.13</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4176">#4176</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> - feat: add the <code>ToolkitDeclaration</code> / <code>ToolkitDeclarationDefinition</code> types for authoring a toolkit permissively (a backend tool may declare <code>description</code>/<code>parameters</code>/<code>execute</code>); the canonical <code>Toolkit</code> keeps those fields erased. Author with <code>defineToolkit()</code> from <code>@assistant-ui/react</code>, which the <code>"use generative"</code> compiler strips per build. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4176">#4176</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> - feat: move the <code>defineToolkit</code> and <code>hitl</code> use-generative markers from <code>@assistant-ui/next</code> into <code>@assistant-ui/core/react</code>, so they ship once from every distribution (<code>@assistant-ui/react</code>, <code>@assistant-ui/react-native</code>, <code>@assistant-ui/react-ink</code>) and stay portable across build targets. Import them from <code>@assistant-ui/react</code> instead of <code>@assistant-ui/next</code>; they remain no-op markers stripped at build time by a <code>"use generative"</code> compiler. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a>]:</p> <ul> <li>assistant-stream@0.3.19</li> <li><code>@assistant-ui/core</code><a href="https://github.com/0"><code>@0</code></a>.2.9</li> </ul> </li> </ul> <h2><code>@assistant-ui/react-langgraph</code><a href="https://github.com/0"><code>@0</code></a>.14.4</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4125">#4125</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/e639a11838642aa111644077ba51acf6277051f2"><code>e639a11</code></a> - chore: drop tracker-behaviour explainer comments left behind in satellite runtimes (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</li> </ul> <h2><code>@assistant-ui/react</code><a href="https://github.com/0"><code>@0</code></a>.14.11</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4125">#4125</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/e639a11838642aa111644077ba51acf6277051f2"><code>e639a11</code></a> - chore: drop tracker-behaviour explainer comments left behind in satellite runtimes (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</li> </ul> <h2><code>@assistant-ui/react</code><a href="https://github.com/0"><code>@0</code></a>.14.9</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4120">#4120</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/372d4f0c538a766fd9a849fef74e413dde86d74a"><code>372d4f0</code></a> - feat: simplify <code>MessagePrimitive.GroupedParts</code> API and add <code>groupPartByType</code> helper. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> <ul> <li>New <code>groupPartByType({ ... })</code> helper builds a <code>groupBy</code> from a <code>part.type → group-key path</code> lookup. The map keys are typed against <code>PartState["type"]</code> (autocomplete + typo rejection), missing keys leave the part ungrouped, and the returned function carries an internal memo fingerprint so the tree survives unrelated re-renders even when reconstructed inline.</li> <li>Special map key <code>"mcp-app"</code> matches tool-call parts that point at an assistant-ui MCP app resource (<code>ui://...</code>). It takes precedence over the <code>"tool-call"</code> entry for those parts, so MCP apps can be routed separately (e.g. rendered outside a chain-of-thought wrapper).</li> <li><code>groupBy</code> signature simplified from <code>(part, index, parts) => string | string[] | null | undefined</code> to <code>(part) => readonly \</code>group-${string}`[] | null<code>. The 2nd/3rd args were unused in practice. Arrays are required (no bare-string shorthand); </code>null<code>is accepted as an alias for</code>[]` to soften the migration.</li> <li>Internal memoization now uses the helper's memo fingerprint when present, otherwise rebuilds the tree per render (O(n), cheap). The previous "pass a stable reference" advice is dropped — inline <code>groupBy</code> is fine.</li> <li>Docs and examples updated to lead with <code>groupPartByType</code>. The <code>getMcpAppFromToolPart</code> branch in <code>packages/ui</code> switches to <code>"mcp-app": []</code> via the helper.</li> </ul> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4107">#4107</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/32ae846a91b61eccd01330693868a48f2f3bb0c4"><code>32ae846</code></a> - feat: surface AI SDK v6 tool approvals as a first-class <code>respondToApproval</code> prop on tool components. tool-call parts in the <code>approval-requested</code> state now carry <code>part.approval = { id, isAutomatic? }</code>; tool components call <code>respondToApproval({ approved, reason? })</code> to ack the gate without threading <code>chatHelpers</code> through application context. also fixes a transient <code>requires-action</code> flicker for the <code>approval-responded</code> state and tightens the external-message converter so interrupt vs pending tool calls are distinguished by an actual <code>interrupt</code>/<code>approval</code> field rather than by <code>result === undefined</code>. (<a href="https://github.com/okisdev"><code>@okisdev</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/372d4f0c538a766fd9a849fef74e413dde86d74a"><code>372d4f0</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/d4f1db428b1a1fe5c122150e1e366a377e9adb5f"><code>d4f1db4</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/32ae846a91b61eccd01330693868a48f2f3bb0c4"><code>32ae846</code></a>]:</p> <ul> <li><code>@assistant-ui/core</code><a href="https://github.com/0"><code>@0</code></a>.2.6</li> <li>assistant-stream@0.3.17</li> </ul> </li> </ul> <h2><code>@assistant-ui/react-syntax-highlighter</code><a href="https://github.com/0"><code>@0</code></a>.14.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4085">#4085</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/01244a56026ee92bd4e49cb985136f9eb6d45154"><code>01244a5</code></a> - chore: update dependencies (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/b02b7012cff158b4e73b82503b9ea90638b7398d"><code>b02b701</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/0a0c306286598ea885b046a1dfb85016f720051c"><code>0a0c306</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/01244a56026ee92bd4e49cb985136f9eb6d45154"><code>01244a5</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/f2ec01ce0f01317a8444b779d88f9b6a26d691c5"><code>f2ec01c</code></a>]:</p> <ul> <li><code>@assistant-ui/react</code><a href="https://github.com/0"><code>@0</code></a>.14.8</li> <li><code>@assistant-ui/react-markdown</code><a href="https://github.com/0"><code>@0</code></a>.14.1</li> </ul> </li> </ul> <h2><code>@assistant-ui/react-langgraph</code><a href="https://github.com/0"><code>@0</code></a>.14.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/3967">#3967</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/0a0c306286598ea885b046a1dfb85016f720051c"><code>0a0c306</code></a> - feat(core, react): add <code>MessagePrimitive.GenerativeUI</code> primitive (<a href="https://github.com/samdickson22"><code>@samdickson22</code></a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/assistant-ui/assistant-ui/blob/main/packages/react/CHANGELOG.md">@assistant-ui/react's changelog</a>.</em></p> <blockquote> <h2>0.14.13</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4176">#4176</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> - feat: add the <code>ToolkitDeclaration</code> / <code>ToolkitDeclarationDefinition</code> types for authoring a toolkit permissively (a backend tool may declare <code>description</code>/<code>parameters</code>/<code>execute</code>); the canonical <code>Toolkit</code> keeps those fields erased. Author with <code>defineToolkit()</code> from <code>@assistant-ui/react</code>, which the <code>"use generative"</code> compiler strips per build. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4176">#4176</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> - feat: move the <code>defineToolkit</code> and <code>hitl</code> use-generative markers from <code>@assistant-ui/next</code> into <code>@assistant-ui/core/react</code>, so they ship once from every distribution (<code>@assistant-ui/react</code>, <code>@assistant-ui/react-native</code>, <code>@assistant-ui/react-ink</code>) and stay portable across build targets. Import them from <code>@assistant-ui/react</code> instead of <code>@assistant-ui/next</code>; they remain no-op markers stripped at build time by a <code>"use generative"</code> compiler. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a>, <a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a>]:</p> <ul> <li>assistant-stream@0.3.19</li> <li><code>@assistant-ui/core</code><a href="https://github.com/0"><code>@0</code></a>.2.9</li> </ul> </li> </ul> <h2>0.14.12</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4172">#4172</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/13157895e4d69ad4266d6ab278edfc2e3ea1de92"><code>1315789</code></a> - feat: add the <code>ToolkitDeclaration</code> / <code>ToolkitDeclarationDefinition</code> types for authoring a toolkit permissively (a backend tool may declare <code>description</code>/<code>parameters</code>/<code>execute</code>); the canonical <code>Toolkit</code> keeps those fields erased. Author with <code>defineToolkit()</code> from <code>@assistant-ui/next</code>, which the <code>"use generative"</code> compiler strips per build. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4151">#4151</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/299d4488c8a5bbec0679680866f5975055fe71b3"><code>299d448</code></a> - chore: drop stale <code>biome-ignore</code> pragmas now that the repo lints with oxlint (<a href="https://github.com/okisdev"><code>@okisdev</code></a>)</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4136">#4136</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/4429aa32f6bd4fd50a7a8ddbad1e19f6ccad192b"><code>4429aa3</code></a> - centralize thread-level shared options forwarding across runtime wrapper hooks. follow-up to <a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4135">#4135</a>. (<a href="https://github.com/okisdev"><code>@okisdev</code></a>)</p> <p>new public exports from <code>@assistant-ui/core</code> (re-exported from <code>@assistant-ui/react</code>):</p> <ul> <li><code>ExternalStoreSharedOptions</code>, a typed <code>Pick</code> over <code>ExternalStoreAdapter</code> covering the four thread-level optional fields every wrapper forwards: <code>isDisabled</code>, <code>isSendDisabled</code>, <code>unstable_capabilities</code>, <code>suggestions</code>.</li> <li><code>pickExternalStoreSharedOptions(options)</code>, plucks those four fields from a wider options object. the body uses <code>satisfies Required<...></code> so adding a key to the type without copying it in the function is a compile error rather than a silent missing-field bug.</li> <li><code>useExternalStoreSharedOptions(options)</code> (from <code>@assistant-ui/core/react</code>), a memoized variant for wrappers that wrap their store in <code>useMemo</code>. lets the wrapper list a single stable <code>shared</code> reference as a dep instead of enumerating the four fields. same <code>satisfies</code> guard internally so the destructure stays in sync with the type.</li> </ul> <p>internal: every runtime wrapper hook (<code>useChatRuntime</code>, <code>useAISDKRuntime</code>, <code>useLangGraphRuntime</code>, <code>useA2ARuntime</code>, <code>useAgUiRuntime</code>, <code>useAdkRuntime</code>, <code>useStreamRuntime</code>, <code>useOpenCodeRuntime</code>) now uses these helpers instead of inlining the conditional spreads added in <a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4135">#4135</a>. each wrapper sheds 20 to 40 lines of duplicated declarations and conditional spreads; future additions to the shared option set propagate through a single edit in <code>pickExternalStoreSharedOptions</code> instead of touching every wrapper. no user-facing behavior change.</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4141">#4141</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/0b999594ff30ded9f804896093eab0478ac5ce46"><code>0b99959</code></a> - fix(react): stop subtree mutations from snapping a scrolled-up viewport back to bottom; loosen at-bottom threshold for high-DPR displays (<a href="https://github.com/vaniyokk"><code>@vaniyokk</code></a>)</p> <p><code>useThreadViewportAutoScroll</code> had two related bugs surfaced on Chrome macOS at <code>devicePixelRatio: 2</code>:</p> <ol> <li>subtree mutations snapped the viewport back to bottom after the user scrolled away. <code>scrollingToBottomBehaviorRef</code> was planted on <code>thread.runStart</code> / <code>useOnScrollToBottom</code> / initialize / thread switch and only cleared in <code>handleScroll</code> once <code>newIsAtBottom</code> became true. while the ref stayed set, every non-style subtree mutation (a Radix <code>data-state</code> flip, a markdown re-render, an image lazy-load, an attribute toggle on a child) re-entered <code>useOnResizeContent</code>'s callback and called <code>scrollToBottom(scrollBehavior)</code>, locking the viewport to the bottom until reload.</li> <li><code>isAtBottom</code> never registered as <code>true</code> on high-DPR displays. <code>Math.abs(scrollHeight - scrollTop - clientHeight) < 1</code> is strict-less-than, and Chrome macOS at <code>devicePixelRatio: 2</code> clips <code>scrollTop</code> one pixel short of <code>scrollHeight - clientHeight</code> (<code>Math.abs(1) < 1 === false</code>), so the store never updated and <code>ScrollToBottom</code> never moved into its disabled state.</li> </ol> <p>the fix combines two layers. <code>handleScroll</code> now tracks <code>lastScrollHeight</code> alongside <code>lastScrollTop</code> and releases the auto-stick intent when the user scrolls up with content size unchanged, ruling out content-driven scrollTop shifts. the resize callback also bails when neither <code>scrollHeight</code> nor <code>clientHeight</code> has changed since the last fire, so mutations that don't move layout never re-enter the snap path. at-bottom auto-follow during streaming is preserved (verified by appending a synthetic 600px child while scrolled to bottom; viewport follows to new bottom). the threshold becomes <code><= 1</code> to absorb the 1px sub-pixel clip.</p> <p>closes <a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4140">#4140</a>.</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4160">#4160</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/e76611fcb80a39d7b6071d82bcfaf1bb7345110b"><code>e76611f</code></a> - feat: add <code>indicator</code> support to <code>MessagePrimitive.GroupedParts</code>. (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> <p>Restores loading-state handling that was dropped from the grouped renderer. <code>GroupedParts</code> now emits a synthetic <code>{ part: { type: "indicator" } }</code> render call you handle with <code>case "indicator"</code> in your <code>switch (part.type)</code> — render a "thinking…" dot or any loading affordance.</p> <ul> <li>The indicator is only ever emitted while the message is <strong>running</strong>, so its presence alone means "render loading UI here" — there's no <code>status</code> to branch on.</li> <li>New <code>indicator</code> prop restricts which running states qualify: <code>"never"</code>, <code>"empty"</code> (no parts yet), <code>"no-text"</code> (default — last part isn't <code>text</code>/<code>reasoning</code>, e.g. the model ended on a tool call), or <code>"always"</code> (any running state).</li> </ul> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4162">#4162</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/eef724efe4a9075337577c626d7ea7aead45cfbe"><code>eef724e</code></a> - fix: drop phantom sibling messages when an external store swaps an optimistic message id mid-run (<a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4037">#4037</a>). (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> <p>Messages can now be flagged <code>metadata.isOptimistic</code>. Optimistic messages are treated as ephemeral: they only ever live on the current head branch (the repository evicts off-branch optimistic messages whenever the head moves) and they are never written to persisted state (<code>export()</code> omits them). The AI SDK v6 adapter flags the streaming assistant message as optimistic, so when its client-generated id is replaced by a server-provided one mid-run, the stale placeholder no longer lingers as a phantom branch (e.g. <code>BranchPicker</code> showing <code>2/2</code> on a turn the user never branched). Unlike the reverted blanket id-diff (<a href="https://redirect.github.com/assistant-ui/assistant-ui/issues/4040">#4040</a>), only explicitly-optimistic messages are affected, so legitimate <code>onEdit</code> / <code>onReload</code> / <code>switchToBranch</code> branches are preserved.</p> </li> <li> <p><a href="https://redirect.github.com/assistant-ui/assistant-ui/pull/4175">#4175</a> <a href="https://github.com/assistant-ui/assistant-ui/commit/2dec3aeba0431178f4ca26e470b304f5a89390ba"><code>2dec3ae</code></a> - chore: update dependencies (<a href="https://github.com/Yonom"><code>@Yonom</code></a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/426c4acd6eeb81c2b4ef8368eb7669f1fe03f431"><code>426c4ac</code></a> chore: update versions (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4177">#4177</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/27ae936dec6dc5d05d21fd892af0a8e1db61928e"><code>27ae936</code></a> feat: move use-generative markers to core/react, extract the compiler, add <a href="https://github.com/a"><code>@a</code></a>...</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/275aef6774a4118a186abb39afda220ce4aa9a58"><code>275aef6</code></a> chore: update versions (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4129">#4129</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/2dec3aeba0431178f4ca26e470b304f5a89390ba"><code>2dec3ae</code></a> chore: update dependencies (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4175">#4175</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/eef724efe4a9075337577c626d7ea7aead45cfbe"><code>eef724e</code></a> fix: drop phantom siblings on optimistic message id swap (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4037">#4037</a>) (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4162">#4162</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/13157895e4d69ad4266d6ab278edfc2e3ea1de92"><code>1315789</code></a> feat: add <code>@assistant-ui/next</code> + "use generative" toolkit support (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4172">#4172</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/fcb6baf161a9ee7dda65191e0b42de12b368724d"><code>fcb6baf</code></a> feat(core): tool <code>display</code> hint + <code>standalone-tool-call</code> grouping (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4167">#4167</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/299d4488c8a5bbec0679680866f5975055fe71b3"><code>299d448</code></a> chore: drop stale biome-ignore pragmas after migrating to oxlint (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4151">#4151</a>)</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/0b999594ff30ded9f804896093eab0478ac5ce46"><code>0b99959</code></a> fix(react): release auto-stick intent on user scroll-up; fix retina at-bottom...</li> <li><a href="https://github.com/assistant-ui/assistant-ui/commit/4429aa32f6bd4fd50a7a8ddbad1e19f6ccad192b"><code>4429aa3</code></a> refactor: centralize thread-level shared options helper (<a href="https://github.com/assistant-ui/assistant-ui/tree/HEAD/packages/react/issues/4136">#4136</a>)</li> <li>Additional commits viewable in <a href="https://github.com/assistant-ui/assistant-ui/commits/@assistant-ui/react@0.14.13/packages/react">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
07ec29bd84 |
build(deps): bump ajv from 8.18.0 to 8.20.0 (#7323)
Bumps [ajv](https://github.com/ajv-validator/ajv) from 8.18.0 to 8.20.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ajv-validator/ajv/releases">ajv's releases</a>.</em></p> <blockquote> <h2>v8.20.0</h2> <h2>What's Changed</h2> <ul> <li>fix: add support for node 22/24, drop node 16/21 by <a href="https://github.com/jasoniangreen"><code>@jasoniangreen</code></a> in <a href="https://redirect.github.com/ajv-validator/ajv/pull/2580">ajv-validator/ajv#2580</a></li> <li>fix: add ES2022.RegExp for RegExpIndicesArray by <a href="https://github.com/SignpostMarv"><code>@SignpostMarv</code></a> in <a href="https://redirect.github.com/ajv-validator/ajv/pull/2604">ajv-validator/ajv#2604</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0">https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0</a></p> <h2>v8.19.0</h2> <h2>What's Changed</h2> <ul> <li>fix prototype pollution via format keyword using $data ref by <a href="https://github.com/epoberezkin"><code>@epoberezkin</code></a> in <a href="https://redirect.github.com/ajv-validator/ajv/pull/2607">ajv-validator/ajv#2607</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0">https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987"><code>0fba0b8</code></a> 8.20.0</li> <li><a href="https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e"><code>9caf8d6</code></a> fix: add ES2022.RegExp for RegExpIndicesArray; fixes <a href="https://redirect.github.com/ajv-validator/ajv/issues/2603">ajv-validator/ajv#2603</a> (...</li> <li><a href="https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3"><code>2065350</code></a> fix: add support for node 22/24, drop node 16/21 (<a href="https://redirect.github.com/ajv-validator/ajv/issues/2580">#2580</a>)</li> <li><a href="https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2"><code>154b58d</code></a> 8.19.0</li> <li><a href="https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da"><code>e8d2bdc</code></a> test/fix prototype pollution via $data ref with format keyword (<a href="https://redirect.github.com/ajv-validator/ajv/issues/2607">#2607</a>)</li> <li>See full diff in <a href="https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.20.0">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
|
85510f0e5b |
chore(lockfile): refresh pnpm-lock.yaml (#6263)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
9b6d2e6b79 |
chore(lockfile): refresh pnpm-lock.yaml (#6136)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
7e1a27c8ec |
chore(lockfile): refresh pnpm-lock.yaml (#6062)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
94ce7af715 |
chore(lockfile): refresh pnpm-lock.yaml (#5756)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
6e4fa78d86 |
chore(lockfile): refresh pnpm-lock.yaml (#5668)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
a1b2875165 |
chore(lockfile): refresh pnpm-lock.yaml (#5610)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
6a7cca95ef |
chore(lockfile): refresh pnpm-lock.yaml (#4899)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
70679a3321 |
Add sandbox environment support (#4415)
## Thinking Path > - Paperclip orchestrates AI agents for zero-human companies. > - The environment/runtime layer decides where agent work executes and how the control plane reaches those runtimes. > - Today Paperclip can run locally and over SSH, but sandboxed execution needs a first-class environment model instead of one-off adapter behavior. > - We also want sandbox providers to be pluggable so the core does not hardcode every provider implementation. > - This branch adds the Sandbox environment path, the provider contract, and a deterministic fake provider plugin. > - That required synchronized changes across shared contracts, plugin SDK surfaces, server runtime orchestration, and the UI environment/workspace flows. > - The result is that sandbox execution becomes a core control-plane capability while keeping provider implementations extensible and testable. ## What Changed - Added sandbox runtime support to the environment execution path, including runtime URL discovery, sandbox execution targeting, orchestration, and heartbeat integration. - Added plugin-provider support for sandbox environments so providers can be supplied via plugins instead of hardcoded server logic. - Added the fake sandbox provider plugin with deterministic behavior suitable for local and automated testing. - Updated shared types, validators, plugin protocol definitions, and SDK helpers to carry sandbox provider and workspace-runtime contracts across package boundaries. - Updated server routes and services so companies can create sandbox environments, select them for work, and execute work through the sandbox runtime path. - Updated the UI environment and workspace surfaces to expose sandbox environment configuration and selection. - Added test coverage for sandbox runtime behavior, provider seams, environment route guards, orchestration, and the fake provider plugin. ## Verification - Ran locally before the final fixture-only scrub: - `pnpm -r typecheck` - `pnpm test:run` - `pnpm build` - Ran locally after the final scrub amend: - `pnpm vitest run server/src/__tests__/runtime-api.test.ts` - Reviewer spot checks: - create a sandbox environment backed by the fake provider plugin - run work through that environment - confirm sandbox provider execution does not inherit host secrets implicitly ## Risks - This touches shared contracts, plugin SDK plumbing, server runtime orchestration, and UI environment/workspace flows, so regressions would likely show up as cross-layer mismatches rather than isolated type errors. - Runtime URL discovery and sandbox callback selection are sensitive to host/bind configuration; if that logic is wrong, sandbox-backed callbacks may fail even when execution succeeds. - The fake provider plugin is intentionally deterministic and test-oriented; future providers may expose capability gaps that this branch does not yet cover. ## Model Used - OpenAI Codex coding agent on a GPT-5-class backend in the Paperclip/Codex harness. Exact backend model ID is not exposed in-session. Tool-assisted workflow with shell execution, file editing, git history inspection, and local test execution. ## Checklist - [x] I have included a thinking path that traces from project context to this change - [x] I have specified the model used (with version and capability details) - [x] I have checked ROADMAP.md and confirmed this PR does not duplicate planned core work - [x] I have run tests locally and they pass - [x] I have added or updated tests where applicable - [ ] If this change affects the UI, I have included before/after screenshots - [x] I have updated relevant documentation to reflect my changes - [x] I have considered and documented any risks above - [x] I will address all Greptile and reviewer comments before requesting merge |
||
|
|
b94f1a1565 |
chore(lockfile): refresh pnpm-lock.yaml (#4139)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
316790ea0a |
chore(lockfile): refresh pnpm-lock.yaml (#3109)
Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml. Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
e10baee84c | chore(lockfile): refresh pnpm-lock.yaml | ||
|
|
caef115b95 | chore(lockfile): refresh pnpm-lock.yaml | ||
|
|
04a07080af |
chore(lockfile): refresh pnpm-lock.yaml (#1712)
Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
4096db8053 |
chore(lockfile): refresh pnpm-lock.yaml (#1667)
Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
a290d1d550 |
chore(lockfile): refresh pnpm-lock.yaml (#1377)
Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
42c0ca669b |
chore(lockfile): refresh pnpm-lock.yaml (#900)
Co-authored-by: lockfile-bot <lockfile-bot@users.noreply.github.com> |
||
|
|
e6ff4eb8b2 | chore(lockfile): refresh pnpm-lock.yaml | ||
|
|
23dec980e2 | chore(lockfile): refresh pnpm-lock.yaml | ||
|
|
e6e41dba9d | chore(lockfile): refresh pnpm-lock.yaml | ||
|
|
2cb82f326f | Revert lockfile changes from OpenClaw gateway cleanup | ||
|
|
048e2b1bfe | Remove legacy OpenClaw adapter and keep gateway-only flow | ||
|
|
5fae7d4de7 | Fix CI typecheck and default OpenClaw sessions to issue scope | ||
|
|
22053d18e4 |
chore: regenerate pnpm-lock.yaml after merge
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
eb7f690ceb | Adding support for pi-local | ||
|
|
de60519ef6 |
Regenerate pnpm-lock.yaml after PR #62 merge
The lockfile was out of sync with the merged package.json files (adapter-utils @types/node bumped to ^24.6.0 by PR #62). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
6a101e0da1 | Add OpenCode provider integration and strict model selection | ||
|
|
defccdd4d9 |
feat: integrate Changesets for multi-package npm publishing
Migrate from single-bundle CLI publishing to publishing all @paperclipai/* packages individually via Changesets. This fixes the "Cannot find package @paperclipai/server" error when installing from npm. Changes: - Add @changesets/cli with fixed versioning (all packages share version) - Make 7 packages publishable (shared, adapter-utils, db, 3 adapters, server) - Add build scripts, publishConfig, and files fields to all packages - Mark @paperclipai/server as external in CLI esbuild config - Simplify CLI importServerEntry() to use string-literal dynamic import - Add generate-npm-package-json support for external workspace packages - Create scripts/release.sh for one-command releases - Remove old bump-and-publish.sh and version-bump.sh - All packages start at version 0.2.0 Usage: ./scripts/release.sh patch|minor|major [--dry-run] Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
4292c28654 |
feat: auto-open browser after onboard completes
Set PAPERCLIP_OPEN_ON_LISTEN env flag when onboard triggers a run, and open the browser to the UI URL once the server starts listening. Uses the `open` package for cross-platform browser launching. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
4c6fe04700 |
feat: add npm build process, version bump, and forbidden token enforcement
- Add esbuild config to bundle CLI with all workspace code for npm publishing - Add build-npm.sh script that runs forbidden token check, type-check, esbuild bundle, and generates publishable package.json - Add generate-npm-package-json.mjs to resolve workspace:* refs to actual npm dependencies for publishing - Add version-bump.sh for patch/minor/major/explicit version bumping - Add check-forbidden-tokens.mjs that scans codebase for forbidden tokens (mirrors git hook logic, safe if token list is missing) - Add esbuild as dev dependency - Add build:npm, version:bump, check:tokens scripts to root package.json - Update .gitignore for build artifacts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
b6c321f30a |
chore: update pnpm-lock.yaml for @paperclipai package rename
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
b0f3f04ac6 |
feat: add OpenClaw adapter type
Introduce openclaw adapter package with server execution, CLI stream formatting, and UI config fields. Register the adapter across CLI, server, and UI registries. Add adapter label in all relevant pages. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
60d6122271 |
feat: add auth/access foundation - deps, DB schema, shared types, and config
Add Better Auth, drizzle-orm, @dnd-kit, and remark-gfm dependencies. Introduce DB schema for auth tables (user, session, account, verification), company memberships, instance user roles, permission grants, invites, and join requests. Add assigneeUserId to issues. Extend shared config schema with deployment mode/exposure/auth settings, add access types and validators, and wire up new API path constants. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
a4ba4a72cd |
Add MarkdownEditor component, asset image upload, and rich description editing
Introduce MarkdownEditor built on @mdxeditor/editor with headings, lists, links, quotes, image upload with drag-and-drop, and themed CSS integration. Add asset image upload API (routes, service, storage) and wire image upload into InlineEditor multiline mode, NewIssueDialog, NewProjectDialog, GoalDetail, IssueDetail, and ProjectDetail description fields. Tighten prompt template editor styling. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
838480faef |
chore: add assets/attachments DB migration, CLI docs, and lockfile
Add migration 0010 for assets and issue_attachments tables, update CLI documentation with storage configuration section, and sync pnpm lockfile. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
8f3fc077fa | feat(cli): add client commands and home-based local runtime defaults | ||
|
|
c09037ffad |
Implement agent hiring, approval workflows, config revisions, LLM reflection, and sidebar badges
Agent management: hire endpoint with permission gates and pending_approval status, config revision tracking with rollback, agent duplicate route, permission CRUD. Block pending_approval agents from auth, heartbeat, and assignments. Approvals: revision request/resubmit flow, approval comments CRUD, issue-approval linking, auto-wake agents on approval decisions with context snapshot. Costs: per-agent breakdown, period filtering (month/week/day/all), cost by agent list endpoint. Adapters: agentConfigurationDoc on all adapters, /llms/agent-configuration.txt reflection routes. Inject PAPERCLIP_APPROVAL_ID, PAPERCLIP_APPROVAL_STATUS, PAPERCLIP_LINKED_ISSUE_IDS into adapter environments. Sidebar badges endpoint for pending approval/inbox counts. Dashboard and company settings extensions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
a90063415e |
Server: migration prompts, structured logging, heartbeat reaping, and issue-run tracking
Replace auto-migrate-if-empty with interactive migration flow that inspects pending migrations and prompts before applying. Add pino-pretty for structured console + file logging. Add reapOrphanedRuns to clean up stuck heartbeat runs on startup and periodically. Track runId through auth middleware, activity logs, and all mutation routes. Add issue-run cross-reference queries, live-run and active-run endpoints for issues, issue identifier lookup, reopen-via-comment flow, and done/cancelled -> todo status transitions. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
fe6a8687c1 |
Implement local agent JWT authentication for adapters
Add HS256 JWT-based authentication for local adapters (claude_local, codex_local) so agents authenticate automatically without manual API key configuration. The server mints short-lived JWTs per heartbeat run and injects them as PAPERCLIP_API_KEY. The auth middleware verifies JWTs alongside existing static API keys. Includes: CLI onboard/doctor JWT secret management, env command for deployment, config path resolution from ancestor directories, dotenv loading on server startup, event payload secret redaction, multi-status issue filtering, and adapter transcript parsing for thinking/user message kinds. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
631c859b89 |
Move adapter implementations into shared workspace packages
Extract claude-local and codex-local adapter code from cli/server/ui into packages/adapters/ and packages/adapter-utils/. CLI, server, and UI now import shared adapter logic instead of duplicating it. Removes ~1100 lines of duplicated code across packages. Register new packages in pnpm workspace. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
cc24722090 |
Replace PGlite with embedded-postgres and add startup banner
Switch from PGlite (WebAssembly) to embedded-postgres for zero-config local development — provides a real PostgreSQL server with full compatibility. Add startup banner with config summary on server boot. Improve server bootstrap with auto port detection, database creation, and migration on startup. Update DATABASE.md, DEVELOPING.md, and SPEC-implementation.md to reflect the change. Update CLI database check and prompts. Simplify OnboardingWizard database options. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
5306142542 |
Add CLI package, config file support, and workspace setup
Add cli/ package with initial scaffolding. Add config-schema to shared package for typed configuration. Add server config-file loader for paperclip.config.ts support. Register cli in pnpm workspace. Add .paperclip/ and .pnpm-store/ to gitignore. Minor Companies page fix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
2583bf4c43 |
Add agent runtime DB schemas and expand shared types
New schemas: agent_runtime_state, agent_wakeup_requests, heartbeat_run_events. New migrations for runtime tables. Expand heartbeat types with run events, wakeup reasons, and adapter state. Add live event types. Update agent schema and shared constants. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|
|
fad1bd27ce |
Add shared UI primitives, contexts, and reusable components
Add shadcn components: avatar, breadcrumb, checkbox, collapsible, command, dialog, dropdown-menu, label, popover, scroll-area, sheet, skeleton, tabs, textarea, tooltip. Add shared components: BreadcrumbBar, CommandPalette, CompanySwitcher, CommentThread, EmptyState, EntityRow, FilterBar, InlineEditor, MetricCard, PageSkeleton, PriorityIcon, PropertiesPanel, StatusIcon, SidebarNavItem/Section. Add contexts for breadcrumbs, dialogs, and side panels. Add keyboard shortcut hook and utility helpers. Update layout, sidebar, and main app shell. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |