chore: version packages (rc)#490
Open
github-actions[bot] wants to merge 1 commit into
Open
Conversation
71820b0 to
7bc014c
Compare
7bc014c to
631e4dd
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated.
masteris currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, runchangeset pre exitonmaster.Releases
@paper/genesis@1.0.0-rc.5
Minor Changes
5b17730Thanks @johnleider! - feat(GnDocsExample): replace the "Show code" / "Hide code" text label on the code toggle bar with a rotating chevron indicator. The chevron is a newtoggle-iconscoped slot (receivesexpanded) with an inline-SVG fallback matching the GnPeek idiom (chevron-down, rotates 180° when expanded). The button keeps its accessible name via a dynamicaria-label("Show code" / "Hide code"), and the filename/language/file-count meta on the right is unchanged.Patch Changes
5c6d087]:@vuetify/v0@1.0.0-rc.7
Patch Changes
#489
5c6d087Thanks @johnleider! - fix(security): apply prototype-pollution and CSS-injection guards flagged in the security reviewuseFeaturesadapters (LaunchDarkly / Flagsmith / PostHog) now skipUNSAFE_KEYS(__proto__/constructor/prototype) flag names when building the flags object, matching the guard already used bymergeDeep,usePermissions, andcreateTokensuseLocalerestore()validates the persisted value withisString/isNumberguards before applying it instead of blind-castingsaved as ID, completing the persist/restore sweep (useThemeanduseRtlnow use the same guards)ThemeAdapter'sUNSAFE_CSSdenylist is hardened against declaration injection: it now also rejects;,\(CSS escape evasion), and the URL-loading functionssrc()/image()/image-set()/cross-fade()@vuetify/paperuseThemesanitizes color keys and values before writing them into the injected<style>element, mirroring the hardened v0ThemeAdapterSAFE_IDENT/UNSAFE_CSSguards@vuetify/papercreateThemenow mergesoptions.themesinto the defaults — previously they were passed asstructuredClone's options bag and silently dropped, so a customcurrenttheme threw at first renderV0ErrorfiltersUNSAFE_KEYSwhen copying caller-supplied error details onto the instance@vuetify/paper@1.0.0-rc.7
Patch Changes
#489
5c6d087Thanks @johnleider! - fix(security): apply prototype-pollution and CSS-injection guards flagged in the security reviewuseFeaturesadapters (LaunchDarkly / Flagsmith / PostHog) now skipUNSAFE_KEYS(__proto__/constructor/prototype) flag names when building the flags object, matching the guard already used bymergeDeep,usePermissions, andcreateTokensuseLocalerestore()validates the persisted value withisString/isNumberguards before applying it instead of blind-castingsaved as ID, completing the persist/restore sweep (useThemeanduseRtlnow use the same guards)ThemeAdapter'sUNSAFE_CSSdenylist is hardened against declaration injection: it now also rejects;,\(CSS escape evasion), and the URL-loading functionssrc()/image()/image-set()/cross-fade()@vuetify/paperuseThemesanitizes color keys and values before writing them into the injected<style>element, mirroring the hardened v0ThemeAdapterSAFE_IDENT/UNSAFE_CSSguards@vuetify/papercreateThemenow mergesoptions.themesinto the defaults — previously they were passed asstructuredClone's options bag and silently dropped, so a customcurrenttheme threw at first renderV0ErrorfiltersUNSAFE_KEYSwhen copying caller-supplied error details onto the instanceUpdated dependencies [
5c6d087]: