Skip to content

chore: version packages (rc)#490

Open
github-actions[bot] wants to merge 1 commit into
masterfrom
changeset-release/master
Open

chore: version packages (rc)#490
github-actions[bot] wants to merge 1 commit into
masterfrom
changeset-release/master

Conversation

@github-actions

@github-actions github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated.

⚠️⚠️⚠️⚠️⚠️⚠️

master is currently in pre mode so this branch has prereleases rather than normal releases. If you want to exit prereleases, run changeset pre exit on master.

⚠️⚠️⚠️⚠️⚠️⚠️

Releases

@paper/genesis@1.0.0-rc.5

Minor Changes

  • #493 5b17730 Thanks @johnleider! - feat(GnDocsExample): replace the "Show code" / "Hide code" text label on the code toggle bar with a rotating chevron indicator. The chevron is a new toggle-icon scoped slot (receives expanded) with an inline-SVG fallback matching the GnPeek idiom (chevron-down, rotates 180° when expanded). The button keeps its accessible name via a dynamic aria-label ("Show code" / "Hide code"), and the filename/language/file-count meta on the right is unchanged.

Patch Changes

  • Updated dependencies [5c6d087]:
    • @vuetify/v0@1.0.0-rc.7

@vuetify/v0@1.0.0-rc.7

Patch Changes

  • #489 5c6d087 Thanks @johnleider! - fix(security): apply prototype-pollution and CSS-injection guards flagged in the security review

    • useFeatures adapters (LaunchDarkly / Flagsmith / PostHog) now skip UNSAFE_KEYS (__proto__ / constructor / prototype) flag names when building the flags object, matching the guard already used by mergeDeep, usePermissions, and createTokens
    • useLocale restore() validates the persisted value with isString / isNumber guards before applying it instead of blind-casting saved as ID, completing the persist/restore sweep (useTheme and useRtl now use the same guards)
    • ThemeAdapter's UNSAFE_CSS denylist is hardened against declaration injection: it now also rejects ;, \ (CSS escape evasion), and the URL-loading functions src() / image() / image-set() / cross-fade()
    • @vuetify/paper useTheme sanitizes color keys and values before writing them into the injected <style> element, mirroring the hardened v0 ThemeAdapter SAFE_IDENT / UNSAFE_CSS guards
    • @vuetify/paper createTheme now merges options.themes into the defaults — previously they were passed as structuredClone's options bag and silently dropped, so a custom current theme threw at first render
    • V0Error filters UNSAFE_KEYS when copying caller-supplied error details onto the instance

@vuetify/paper@1.0.0-rc.7

Patch Changes

  • #489 5c6d087 Thanks @johnleider! - fix(security): apply prototype-pollution and CSS-injection guards flagged in the security review

    • useFeatures adapters (LaunchDarkly / Flagsmith / PostHog) now skip UNSAFE_KEYS (__proto__ / constructor / prototype) flag names when building the flags object, matching the guard already used by mergeDeep, usePermissions, and createTokens
    • useLocale restore() validates the persisted value with isString / isNumber guards before applying it instead of blind-casting saved as ID, completing the persist/restore sweep (useTheme and useRtl now use the same guards)
    • ThemeAdapter's UNSAFE_CSS denylist is hardened against declaration injection: it now also rejects ;, \ (CSS escape evasion), and the URL-loading functions src() / image() / image-set() / cross-fade()
    • @vuetify/paper useTheme sanitizes color keys and values before writing them into the injected <style> element, mirroring the hardened v0 ThemeAdapter SAFE_IDENT / UNSAFE_CSS guards
    • @vuetify/paper createTheme now merges options.themes into the defaults — previously they were passed as structuredClone's options bag and silently dropped, so a custom current theme threw at first render
    • V0Error filters UNSAFE_KEYS when copying caller-supplied error details onto the instance
  • Updated dependencies [5c6d087]:

    • @vuetify/v0@1.0.0-rc.7

@github-actions github-actions Bot force-pushed the changeset-release/master branch 5 times, most recently from 71820b0 to 7bc014c Compare July 3, 2026 14:44
@github-actions github-actions Bot force-pushed the changeset-release/master branch from 7bc014c to 631e4dd Compare July 3, 2026 16:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants