Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update weekly patch updates #431

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 15, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@emotion/react (source) 11.11.0 -> 11.11.3 age adoption passing confidence dependencies patch
@headlessui/react (source) 1.7.4 -> 1.7.17 age adoption passing confidence dependencies patch
@mui/lab (source) 5.0.0-alpha.129 -> 5.0.0-alpha.159 age adoption passing confidence dependencies patch
@tailwindcss/forms 0.5.3 -> 0.5.7 age adoption passing confidence devDependencies patch
@types/react (source) 18.2.8 -> 18.2.47 age adoption passing confidence devDependencies patch
@types/react-dom (source) 18.2.4 -> 18.2.18 age adoption passing confidence devDependencies patch
autoprefixer 10.4.14 -> 10.4.16 age adoption passing confidence devDependencies patch
chrono 0.4.23 -> 0.4.31 age adoption passing confidence dependencies patch
husky (source) 8.0.2 -> 8.0.3 age adoption passing confidence devDependencies patch
image 0.24.4 -> 0.24.7 age adoption passing confidence dependencies patch
nginx 1.25.0-alpine -> 1.25.3-alpine age adoption passing confidence final patch
prettier (source) 2.8.0 -> 2.8.8 age adoption passing confidence devDependencies patch
reqwest 0.11.13 -> 0.11.23 age adoption passing confidence dependencies patch
rocket (source) 0.5.0-rc.2 -> 0.5.0 age adoption passing confidence dependencies patch
rocket_sync_db_pools (source) 0.1.0-rc.2 -> 0.1.0 age adoption passing confidence dependencies patch
serde_json 1.0.89 -> 1.0.111 age adoption passing confidence dependencies patch
vite-tsconfig-paths 4.2.0 -> 4.2.3 age adoption passing confidence devDependencies patch

Release Notes

emotion-js/emotion (@​emotion/react)

v11.11.3

Compare Source

Patch Changes

v11.11.1

Compare Source

Patch Changes
  • #​3048 9357f337 Thanks @​naari3! - Added ElementType to the Emotion's JSX namespace. It's defined in the same way as the one in @types/react and should make it possible to use components that return strings, Promises and other types that are valid in React.
tailwindlabs/headlessui (@​headlessui/react)

v1.7.17

Compare Source

Fixed
  • Use correct value when resetting <Listbox multiple> and <Combobox multiple> (#​2626)
  • Render <MainTreeNode /> in Popover.Group component only (#​2634)
  • Disable smooth scrolling when opening/closing Dialog components on iOS (#​2635)
  • Don't assume <Tab /> components are available when setting the next index (#​2642)
  • Fix incorrectly focused Combobox.Input component on page load (#​2654)
  • Ensure appear works using the Transition component (even when used with SSR) (#​2646)
  • Improve resetting values when using the nullable prop on the Combobox component (#​2660)
  • Fix hydration of components inside <Suspense> (#​2663)
  • Prevent scrolling when focusing a tab (#​2674)

v1.7.16

Compare Source

Fixed
  • Ensure the caret is in a consistent position when syncing the Combobox.Input value (#​2568)
  • Improve "outside click" behaviour in combination with 3rd party libraries (#​2572)
  • Ensure IME works on Android devices (#​2580)
  • Calculate aria-expanded purely based on the open/closed state (#​2610)
  • Submit form on Enter even if no submit-like button was found (#​2613)

v1.7.15

Compare Source

Added
  • [internal] add demo mode to Menu and Popover components (#​2448)
Fixed
  • Ensure FocusTrap is only active when the given enabled value is true (#​2456)
  • Stop <Transition appear> from overwriting classes on re-render (#​2457)
  • Improve control over Menu and Listbox options while searching (#​2471)
  • Consider clicks inside iframes to be "outside" (#​2485)
  • Ensure moving focus within a Portal component, does not close the Popover component (#​2492)
Changed
  • Move types condition to the front (#​2469)

v1.7.14

Compare Source

Fixed
  • Fix focus styles showing up when using the mouse (#​2347)
  • Fix "Can't perform a React state update on an unmounted component." when using the Transition component (#​2374)
  • Add FocusTrap event listeners once document has loaded (#​2389)
  • Fix className hydration for <Transition appear> (#​2390)
  • Improve Combobox types to improve false positives (#​2411)
  • Merge className correctly when it’s a function (#​2412)
  • Correctly handle IME composition in <Combobox.Input> (#​2426)
Added
  • Add form prop to form-like components such as RadioGroup, Switch, Listbox, and Combobox (#​2356)

v1.7.13

Compare Source

Fixed
  • Ensure Transition component completes if nothing is transitioning (#​2318)
  • Enable native label behavior for <Switch> where possible (#​2265)
  • Allow root containers from the Dialog component in the FocusTrap component (#​2322)
  • Fix XYZPropsWeControl and cleanup internal TypeScript types (#​2329)
  • Fix invalid warning when using multiple Popover.Button components inside a Popover.Panel (#​2333)
  • Fix restore focus to buttons in Safari, when Dialog component closes (#​2326)

v1.7.12

Compare Source

Added
  • Add explicit props types for every component (#​2282)
Fixed
  • Ensure the main tree and parent Dialog components are marked as inert (#​2290)
  • Fix nested Popover components not opening (#​2293)
  • Make React types more compatible with other libraries (#​2282)
  • Fix Dialog cleanup when the Dialog becomes hidden (#​2303)

v1.7.11

Compare Source

Fixed
  • Ensure we handle null values for the dataRef correctly (#​2258)
  • Move aria-multiselectable to [role=listbox] in the Combobox component (#​2271)
  • Re-focus Combobox.Input when a Combobox.Option is selected (#​2272)
  • Ensure we reset the activeOptionIndex if the active option is unmounted (#​2274)
  • Improve Ref type for forwarded Switch's ref (#​2277)
  • Start cleanup phase of the Dialog component when going into the Closing state (#​2264)

v1.7.10

Compare Source

Fixed
  • Revert "Use the import * as React from 'react' pattern (#​2242)

v1.7.9

Compare Source

Fixed
  • Fix SSR tab hydration when using Strict Mode in development (#​2231)
  • Don't break overflow when multiple dialogs are open at the same time (#​2215)
  • Fix "This Suspense boundary received an update before it finished hydrating" error in the Disclosure component (#​2238)
  • Use the import * as React from 'react' pattern (#​2242)

v1.7.8

Compare Source

Fixed
  • Fix SSR tab rendering on React 17 (#​2102)
  • Fix arrow key handling in Tab (after DOM order changes) (#​2145)
  • Fix false positive warning about using multiple <Popover.Button> components (#​2146)
  • Fix Tab key with non focusable elements in Popover.Panel (#​2147)
  • Fix false positive warning when using <Popover.Button /> in React 17 (#​2163)
  • Fix failed to removeChild on Node bug (#​2164)
  • Don’t overwrite classes during SSR when rendering fragments (#​2173)
  • Improve Combobox accessibility (#​2153)
  • Fix crash when reading headlessuiFocusGuard of relatedTarget in the FocusTrap component (#​2203)
  • Fix FocusTrap in Dialog when there is only 1 focusable element (#​2172)
  • Improve Tabs wrapping around when controlling the component and overflowing the selectedIndex (#​2213)
  • Fix shadow-root bug closing Dialog containers (#​2217)
Added
  • Allow setting tabIndex on the Tab.Panel (#​2214)

v1.7.7

Compare Source

Fixed
  • Improve scroll restoration after Dialog closes (b20e48dd)

v1.7.6

Compare Source

Fixed
  • Fix regression where displayValue crashes (#​2087)
  • Fix displayValue syncing when Combobox.Input is unmounted and re-mounted in different trees (#​2090)
  • Fix FocusTrap escape due to strange tabindex values (#​2093)
  • Improve scroll locking on iOS (#​2100, 28234b0e)

v1.7.5

Compare Source

Fixed
  • Reset form-like components when the parent <form> resets (#​2004)
  • Add warning when using <Popover.Button /> multiple times (#​2007)
  • Ensure Popover doesn't crash when focus is going to window (#​2019)
  • Ensure shift+home and shift+end works as expected in the Combobox.Input component (#​2024)
  • Improve syncing of the Combobox.Input value (#​2042)
  • Fix crash when using multiple mode without value prop (uncontrolled) for Listbox and Combobox components (#​2058)
  • Apply enter and enterFrom classes in SSR for Transition component (#​2059)
  • Allow passing in your own id prop (#​2060)
  • Fix Dialog unmounting problem due to incorrect transitioncancel event in the Transition component on Android (#​2071)
  • Ignore pointer events in Listbox, Menu, and Combobox when cursor hasn't moved (#​2069)
  • Allow clicks inside dialog panel when target is inside shadow root (#​2079)
mui/material-ui (@​mui/lab)

v5.0.0-alpha.159

Compare Source

v5.0.0-alpha.158

Compare Source

v5.0.0-alpha.157

Compare Source

v5.0.0-alpha.156

Compare Source

v5.0.0-alpha.155

Compare Source

v5.0.0-alpha.154

Compare Source

v5.0.0-alpha.152

v5.0.0-alpha.151

Compare Source

v5.0.0-alpha.150

Compare Source

v5.0.0-alpha.149

Compare Source

v5.0.0-alpha.148

Compare Source

v5.0.0-alpha.147

Compare Source

v5.0.0-alpha.146

Compare Source

v5.0.0-alpha.145

Compare Source

v5.0.0-alpha.144

Compare Source

v5.0.0-alpha.143

Compare Source

v5.0.0-alpha.142

Compare Source

v5.0.0-alpha.139

Compare Source

v5.0.0-alpha.138

Compare Source

v5.0.0-alpha.137

Compare Source

v5.0.0-alpha.135

v5.0.0-alpha.134

Compare Source

v5.0.0-alpha.133

Compare Source

v5.0.0-alpha.132

Compare Source

v5.0.0-alpha.131

Compare Source

v5.0.0-alpha.130

Compare Source

tailwindlabs/tailwindcss-forms (@​tailwindcss/forms)

v0.5.7

Compare Source

Fixed
  • Use normal checkbox and radio appearance in forced-colors mode (#​152)

v0.5.6

Compare Source

Fixed
  • Fix date time bottom spacing on MacOS Safari (#​146)

v0.5.5

Compare Source

Fixed
  • Fix text alignment on date and time inputs on iOS (#​144)

v0.5.4

Compare Source

Fixed
  • Remove chevron for selects with a non-default size (#​137)
  • Allow for without type (#​141)
postcss/autoprefixer (autoprefixer)

v10.4.16

Compare Source

  • Improved performance (by Romain Menke).
  • Fixed docs (by Christian Oliff).

v10.4.15

Compare Source

  • Fixed ::backdrop prefixes (by 一丝).
  • Fixed docs (by Christian Oliff).
chronotope/chrono (chrono)

v0.4.31: 0.4.31

Compare Source

Another maintenance release.
It was not a planned effort to improve our support for UNIX timestamps, yet most PRs seem related to this.

Deprecations
  • Deprecate timestamp_nanos in favor of the non-panicking timestamp_nanos_opt (#​1275)
Additions
Fixes
  • Format day of month in RFC 2822 without padding (#​1272)
  • Don't allow strange leap seconds which are not on a minute boundary initialization methods (#​1283)
    This makes many methods a little more strict:
    • NaiveTime::from_hms_milli
    • NaiveTime::from_hms_milli_opt
    • NaiveTime::from_hms_micro
    • NaiveTime::from_hms_micro_opt
    • NaiveTime::from_hms_nano
    • NaiveTime::from_hms_nano_opt
    • NaiveTime::from_num_seconds_from_midnight
    • NaiveTime::from_num_seconds_from_midnight_opt
    • NaiveDate::and_hms_milli
    • NaiveDate::and_hms_milli_opt
    • NaiveDate::and_hms_micro
    • NaiveDate::and_hms_micro_opt
    • NaiveDate::and_hms_nano
    • NaiveDate::and_hms_nano_opt
    • NaiveDateTime::from_timestamp
    • NaiveDateTime::from_timestamp_opt
    • TimeZone::timestamp
    • TimeZone::timestamp_opt
  • Fix underflow in NaiveDateTime::timestamp_nanos_opt (#​1294, thanks @​crepererum)
Documentation
  • Add more documentation about the RFC 2822 obsolete date format (#​1267)
Internal
  • Remove internal __doctest feature and doc_comment dependency (#​1276)
  • CI: Bump actions/checkout from 3 to 4 (#​1280)
  • Optimize NaiveDate::add_days for small values (#​1214)
  • Upgrade pure-rust-locales to 0.7.0 (#​1288, thanks @​jeremija wo did good improvements on pure-rust-locales)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.30: 0.4.30

Compare Source

In this release, we have decided to swap out the chrono::Duration type (which has been a re-export of time 0.1 Duration type) with our own definition, which exposes a strict superset of the time::Duration API. This helps avoid warnings about the CVE-2020-26235 and RUSTSEC-2020-0071 advisories for downstream users and allows us to improve the Duration API going forward.

While this is technically a SemVer-breaking change, we expect the risk of downstream users experiencing actual incompatibility to be exceedingly limited (see our analysis of public code using a crater-like experiment), and not enough justification for the large ecosystem churn of a 0.5 release. If you have any feedback on these changes, please let us know in #​1268.

Additions
Documentation

Relation between chrono and time 0.1

Rust first had a time module added to std in its 0.7 release. It later moved to libextra, and then to a libtime library shipped alongside the standard library. In 2014 work on chrono started in order to provide a full-featured date and time library in Rust. Some improvements from chrono made it into the standard library; notably, chrono::Duration was included as std::time::Duration (rust#15934) in 2014.

In preparation of Rust 1.0 at the end of 2014 libtime was moved out of the Rust distro and into the time crate to eventually be redesigned (rust#18832, rust#18858), like the num and rand crates. Of course chrono kept its dependency on this time crate. time started re-exporting std::time::Duration during this period. Later, the standard library was changed to have a more limited unsigned Duration type (rust#24920, RFC 1040), while the time crate kept the full functionality with time::Duration. time::Duration had been a part of chrono's public API.

By 2016 time 0.1 lived under the rust-lang-deprecated organisation and was not actively maintained (time#136). chrono absorbed the platform functionality and Duration type of the time crate in chrono#478 (the work started in chrono#286). In order to preserve compatibility with downstream crates depending on time and chrono sharing a Duration type, chrono kept depending on time 0.1. chrono offered the option to opt out of the time dependency by disabling the oldtime feature (swapping it out for an effectively similar chrono type). In 2019, @​jhpratt took over maintenance on the time crate and released what amounts to a new crate as time 0.2.

Security advisories

In November of 2020 CVE-2020-26235 and RUSTSEC-2020-0071 were opened against the time crate. @​quininer had found that calls to localtime_r may be unsound (chrono#499). Eventually, almost a year later, this was also made into a security advisory against chrono as RUSTSEC-2020-0159, which had platform code similar to time.

On Unix-like systems a process is given a timezone id or description via the TZ environment variable. We need this timezone data to calculate the current local time from a value that is in UTC, such as the time from the system clock. time 0.1 and chrono used the POSIX function localtime_r to do the conversion to local time, which reads the TZ variable.

Rust assumes the environment to be writable and uses locks to access it from multiple threads. Some other programming languages and libraries use similar locking strategies, but these are typically not shared across languages. More importantly, POSIX declares modifying the environment in a multi-threaded process as unsafe, and getenv in libc can't be changed to take a lock because it returns a pointer to the data (see rust#27970 for more discussion).

Since version 4.20 chrono no longer uses localtime_r, instead using Rust code to query the timezone (from the TZ variable or via iana-time-zone as a fallback) and work with data from the system timezone database directly. The code for this was forked from the tz-rs crate by @​x-hgg-x. As such, chrono now respects the Rust lock when reading the TZ environment variable. In general, code should avoid modifying the environment.

Removing time 0.1

Because time 0.1 has been unmaintained for years, however, the security advisory mentioned above has not been addressed. While chrono maintainers were careful not to break backwards compatibility with the time::Duration type, there has been a long stream of issues from users inquiring about the time 0.1 dependency with the vulnerability. We investigated the potential breakage of removing the time 0.1 dependency in chrono#1095 using a crater-like experiment and determined that the potential for breaking (public) dependencies is very low. We reached out to those few crates that did still depend on compatibility with time 0.1.

As such, for chrono 0.4.30 we have decided to swap out the time 0.1 Duration implementation for a local one that will offer a strict superset of the existing API going forward. This will prevent most downstream users from being affected by the security vulnerability in time 0.1 while minimizing the ecosystem impact of semver-incompatible version churn.

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.29: 0.4.29

Compare Source

This release fixes a panic introduced in chrono 0.4.27 in FromStr<DateTime<Utc>> (#​1253).

Chrono now has a Discord channel.

Fixes

  • Fix arbitrary string slicing in parse_rfc3339_relaxed (#​1254)

Deprecations

  • Deprecate TimeZone::datetime_from_str (#​1251)

Documentation

Internal improvements

  • Revert "add test_issue_866" (#​1238)
  • CI: run tests on i686 and wasm32-wasi (#​1237)
  • CI: Include doctests for code coverage (#​1248)
  • Move benchmarks to a separate crate (#​1243)
    This allows us to upgrade the criterion dependency to 5.1 without changing our MSRV.
  • Add Discord link to README (#​1240, backported in #​1256)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.28: 0.4.28

Compare Source

This release fixes a test failure on 32-bit targets introduced with 0.4.27, see https://github.com/chronotope/chrono/issues/1234.

v0.4.27: 0.4.27

Compare Source

This release bumps the MSRV from 1.56 to 1.57. This allows us to take advantage of the panicking in const feature. In this release most methods on NaiveDate and NaiveTime are made const, NaiveDateTime and others will follow in a later release.

The parser for the %+ formatting specifier and the RFC3339 formatting item is switched from a strict to a relaxed parser (see https://github.com/chronotope/chrono/pull/1145). This matches the existing documentation, and the parser used by DateTime::from_str. If you need to validate the input, consider using DateTime::from_rfc3339.

Deprecations

Additions

Fixes


Configuration

📅 Schedule: Branch creation - "before 5am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from a team as a code owner May 15, 2023 04:52
@renovate renovate bot added dependencies Pull requests that update a dependency file deps: patches labels May 15, 2023
@renovate
Copy link
Contributor Author

renovate bot commented May 15, 2023

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.


  • Branch has one or more failed status checks

@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 5 times, most recently from 11b3492 to 3e3bd9d Compare May 18, 2023 13:06
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 3 times, most recently from bae16ae to 1218ac2 Compare May 26, 2023 13:06
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 6 times, most recently from 222634f to 5a79515 Compare June 8, 2023 19:34
@renovate renovate bot changed the title fix(deps): update weekly patch updates chore(deps): update weekly patch updates Jun 8, 2023
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 9 times, most recently from 0c75f46 to b7ec70a Compare June 14, 2023 04:02
@renovate renovate bot requested a review from a team as a code owner June 14, 2023 04:02
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 3 times, most recently from 0a2a333 to cd5c4e3 Compare November 22, 2023 03:55
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 5 times, most recently from ae7f617 to c17eab5 Compare December 4, 2023 19:23
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 2 times, most recently from f71794e to 6f7eaaf Compare December 5, 2023 13:02
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 5 times, most recently from 1273d3b to b8cd718 Compare December 13, 2023 04:53
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 4 times, most recently from fa34349 to b4f8d91 Compare December 19, 2023 12:11
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 4 times, most recently from 5f6fd57 to 457a0e4 Compare December 28, 2023 20:00
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch 4 times, most recently from 8277f61 to 73df2b5 Compare January 4, 2024 09:46
@renovate renovate bot force-pushed the renovate/weekly-patch-updates branch from 73df2b5 to 222aae9 Compare January 6, 2024 14:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file deps: patches
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant