You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade @vscode/webview-ui-toolkit from 1.2.2 to 1.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
2, because the changes are primarily version upgrades in the package-lock.json and package.json files, which are straightforward to review.
🧪 Relevant tests
No
⚡ Possible issues
Deprecated Package: The upgraded version of @vscode/webview-ui-toolkit (1.4.0) is marked as deprecated. This may lead to issues in the future if no alternative is provided.
Verify compatibility and migration steps for the upgraded dependency version
Consider checking the changelog or release notes for @vscode/webview-ui-toolkit to ensure that there are no breaking changes or necessary migration steps when upgrading from version 1.2.2 to 1.4.0.
-"@vscode/webview-ui-toolkit": "^1.4.0",+"@vscode/webview-ui-toolkit": "^1.4.0", // Ensure compatibility with the new version
Suggestion importance[1-10]: 7
Why: While the suggestion is relevant and encourages good practices for dependency management, it does not directly address a critical issue in the code itself. It focuses on a precautionary step rather than a necessary fix.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Snyk has created this PR to upgrade @vscode/webview-ui-toolkit from 1.2.2 to 1.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 3 versions ahead of your current version.
The recommended version was released a year ago.
Release notes
Package name: @vscode/webview-ui-toolkit
-
1.4.0 - 2023-12-06
- update dropdown styles: updates some dropdown styles to match new VS Code dropdown style (#532), closes #521
- fix image typo: fixes incorrect image used in badge docs (#522)
- bump
- bump
- bump
- bump
- update ci pipelines: updates github and azure ci pipelines to use node v18 (#526)
- bump
- bump
- add
- bump
- add
-
1.3.1 - 2023-11-14
- update npmignore: adds a directory to npmignore (accidentally published a big test folder in
-
1.3.0 - 2023-11-13
- input border radius: adds a 2px border radius to input elements (text field and text area) to match new VS Code button style (#510)
- replace storybook with codesandbox: removes storybook and replace it with codesandbox sample links (#460), closes #446
- dropdown label: adds better docs on how to create labels in dropdown that adhere to VS Code design language (#463), closes #461
- divider and radio group typos: fixes two typos found in the documentation (#462)
- getting started: updates esbuild configuration code snippet in getting started guide (#450)
- data grid typo: fixes data grid example code typo (#471)
- contributing docs: removes deleted npm
- editable data grid: adds a new section to the data grid docs linking to the editable data grid sample extension (#499), closes #493
- radio docs: adds note about workaround fix to the issue described in #476 (#511)
- remove
- react testing environment: adds npm script and testing environment to test toolkit react components (#478)
- bump
- bump
- bump
- bump
-
1.2.2 - 2023-02-24
- fix react build script: fixes react build script that was generating incorrect react type declaration file (#456), closes #455
- new getting started guide: adds new content to getting started guide demoing better component API usage and extension CSP (#383), closes #74 and #348
- update resource links: adds and removes a few links to resources in the project
- remove readme badge: removes deploy docs readme badge since it was broken to due removal of docs CD pipeline (#449)
- data grid docs: updates data grid docs to show how to create data grids with React (#457), closes #453
- add
- enable codeql: adds codeql to azure pipeline for improved static analysis and security audits of toolkit source code (#441)
from @vscode/webview-ui-toolkit GitHub release notesFeatures
Docs
Admin
@ microsoft/fast-element: bumps @ microsoft/fast-element from 1.6.2 to 1.12.0 (#525)@ microsoft/fast-foundation: bumps @ microsoft/fast-foundation from 2.38.0 to 2.49.4 (#525), closes #494@ microsoft/fast-react-wrapper: bumps @ microsoft/fast-react-wrapper from 0.1.18 to 0.3.22 (#525)eslintrelated deps: bumps eslint and other related packages to latest stable versions (#526)prettier: bumps prettier from 2.2.1 to 3.1.0 (#528)@ microsoft/api-extractor: bumps @ microsoft/api-extractor from 7.18.9 to 7.38.4 (#529)tsdoc.json: adds a tsdoc.json file to resolve api-extrator warnings (#529)typescript: bumps typescript from 4.3.5 to 4.6.2 (#530), closes #514tslibproduction dep: fixes error in other package managers (i.e. yarn) where tslib could not be resolved (#531), closes #451Admin
v1.3.0, sorry 😅)Features
Docs
testandbuild:docsscripts from contributing doc (#492)Admin
jestdependency: removes unused jest dependency (#459)word-wrap: bumps word-wrap from 1.2.3 to 1.2.4 (#501)@ babel/traverse: bumps @ babel/traverse from 7.15.4 to 7.23.2 (#515)http-cache-semantics: bumps http-cache-semantics from 4.1.0 to 4.1.1 (#454)json5: bumps json5 from 1.0.1 to 1.0.2 (#443)Bug fixes
Docs
readme.mdandgetting-started.md(#447)Admin
.eslintrc.cjsto npmignore: forgot to include in a previous release (#444), resolves #438Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Description
@vscode/webview-ui-toolkitfrom version1.2.2to1.4.0to enhance functionality and security.@microsoft/fast-element,@microsoft/fast-foundation, and@microsoft/fast-react-wrapper.Changes walkthrough 📝
package-lock.json
Upgrade @vscode/webview-ui-toolkit and related dependenciesframeworks/hello-world-vue/webview-ui/package-lock.json
@vscode/webview-ui-toolkitfrom version1.2.2to1.4.0.@microsoft/fast-element,@microsoft/fast-foundation, and@microsoft/fast-react-wrapper.package.json
Update package.json for toolkit version upgradeframeworks/hello-world-vue/webview-ui/package.json
@vscode/webview-ui-toolkitdependency version from^1.2.2to^1.4.0.