You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade @vscode/webview-ui-toolkit from 1.2.2 to 1.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
2, because the changes are primarily version upgrades in the package-lock.json and package.json files, which are straightforward to review.
🧪 Relevant tests
No
⚡ Possible issues
Deprecated Package: The upgraded version of @vscode/webview-ui-toolkit (1.4.0) is marked as deprecated. This could lead to potential issues in the future if no alternative is provided.
-"@vscode/webview-ui-toolkit": "^1.4.0",+"@vscode/webview-ui-toolkit": "^1.4.0", // Review changelog for security issues
Suggestion importance[1-10]: 7
Why: This suggestion addresses a critical aspect of software maintenance—security. However, it does not suggest a specific code change, which reduces its score slightly.
7
Compatibility
Verify compatibility of the upgraded dependency version with existing code
Consider verifying the compatibility of the new version with existing code to avoid potential breaking changes.
Why: While it's important to verify compatibility, the suggestion does not provide a concrete action or change to the code itself, making it less impactful.
6
Testing
Run tests post-upgrade to confirm functionality remains intact
It may be beneficial to run tests after upgrading the dependency to ensure that no functionality is broken.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Snyk has created this PR to upgrade @vscode/webview-ui-toolkit from 1.2.2 to 1.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
The recommended version was released a year ago.
Release notes
Package name: @vscode/webview-ui-toolkit
-
1.4.0 - 2023-12-06
- update dropdown styles: updates some dropdown styles to match new VS Code dropdown style (#532), closes #521
- fix image typo: fixes incorrect image used in badge docs (#522)
- bump
- bump
- bump
- bump
- update ci pipelines: updates github and azure ci pipelines to use node v18 (#526)
- bump
- bump
- add
- bump
- add
-
1.3.1 - 2023-11-14
- update npmignore: adds a directory to npmignore (accidentally published a big test folder in
-
1.3.0 - 2023-11-13
- input border radius: adds a 2px border radius to input elements (text field and text area) to match new VS Code button style (#510)
- replace storybook with codesandbox: removes storybook and replace it with codesandbox sample links (#460), closes #446
- dropdown label: adds better docs on how to create labels in dropdown that adhere to VS Code design language (#463), closes #461
- divider and radio group typos: fixes two typos found in the documentation (#462)
- getting started: updates esbuild configuration code snippet in getting started guide (#450)
- data grid typo: fixes data grid example code typo (#471)
- contributing docs: removes deleted npm
- editable data grid: adds a new section to the data grid docs linking to the editable data grid sample extension (#499), closes #493
- radio docs: adds note about workaround fix to the issue described in #476 (#511)
- remove
- react testing environment: adds npm script and testing environment to test toolkit react components (#478)
- bump
- bump
- bump
- bump
-
1.2.2 - 2023-02-24
- fix react build script: fixes react build script that was generating incorrect react type declaration file (#456), closes #455
- new getting started guide: adds new content to getting started guide demoing better component API usage and extension CSP (#383), closes #74 and #348
- update resource links: adds and removes a few links to resources in the project
- remove readme badge: removes deploy docs readme badge since it was broken to due removal of docs CD pipeline (#449)
- data grid docs: updates data grid docs to show how to create data grids with React (#457), closes #453
- add
- enable codeql: adds codeql to azure pipeline for improved static analysis and security audits of toolkit source code (#441)
from @vscode/webview-ui-toolkit GitHub release notesFeatures
Docs
Admin
@ microsoft/fast-element: bumps @ microsoft/fast-element from 1.6.2 to 1.12.0 (#525)@ microsoft/fast-foundation: bumps @ microsoft/fast-foundation from 2.38.0 to 2.49.4 (#525), closes #494@ microsoft/fast-react-wrapper: bumps @ microsoft/fast-react-wrapper from 0.1.18 to 0.3.22 (#525)eslintrelated deps: bumps eslint and other related packages to latest stable versions (#526)prettier: bumps prettier from 2.2.1 to 3.1.0 (#528)@ microsoft/api-extractor: bumps @ microsoft/api-extractor from 7.18.9 to 7.38.4 (#529)tsdoc.json: adds a tsdoc.json file to resolve api-extrator warnings (#529)typescript: bumps typescript from 4.3.5 to 4.6.2 (#530), closes #514tslibproduction dep: fixes error in other package managers (i.e. yarn) where tslib could not be resolved (#531), closes #451Admin
v1.3.0, sorry 😅)Features
Docs
testandbuild:docsscripts from contributing doc (#492)Admin
jestdependency: removes unused jest dependency (#459)word-wrap: bumps word-wrap from 1.2.3 to 1.2.4 (#501)@ babel/traverse: bumps @ babel/traverse from 7.15.4 to 7.23.2 (#515)http-cache-semantics: bumps http-cache-semantics from 4.1.0 to 4.1.1 (#454)json5: bumps json5 from 1.0.1 to 1.0.2 (#443)Bug fixes
Docs
readme.mdandgetting-started.md(#447)Admin
.eslintrc.cjsto npmignore: forgot to include in a previous release (#444), resolves #438Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Description
@vscode/webview-ui-toolkitfrom version1.2.2to1.4.0to enhance functionality and security.vscodeengine requirement to ensure compatibility with newer versions.Changes walkthrough 📝
package-lock.json
Upgrade @vscode/webview-ui-toolkit and dependenciesdefault/weather-webview/package-lock.json
@vscode/webview-ui-toolkitfrom version1.2.2to1.4.0.vscodeengine requirement from^1.74.0to^1.75.0.@microsoft/fast-element,@microsoft/fast-foundation, and@microsoft/fast-react-wrapper.tslibversion2.8.1.package.json
Update @vscode/webview-ui-toolkit dependencydefault/weather-webview/package.json
@vscode/webview-ui-toolkitdependency from^1.2.2to^1.4.0.