search

intelops / genpod

GenPod.dev UI
Other
0 stars 4 forks source link

Bump react-hook-form from 7.49.2 to 7.53.1 #113

Closed dependabot[bot] closed 3 days ago

dependabot[bot] commented 3 weeks ago

Bumps react-hook-form from 7.49.2 to 7.53.1.

Release notes

Sourced from react-hook-form's releases.

Version 7.53.1

🐞 fix: #12294 ensure Invalid Date is evaluated correctly (#12295) 🐞 fix #12316 setValue should work for arrays of primitives to handle checkboxes (#12316) (#12317) 🐞 fix #12097 Use dirty fields along with mount names for form reset with keepDirtyValues (#12211) 🫀 fix #12237 disabled state trigger formState dirty/dirtyFields to update (#12239) 🐞 fix #12291 field array remove cause undefined with FormData (#12305) 📝 improve flatten function with object type check (#12306) 🖐️ improve: resolve type of set function (#12145) 🔧 chore: upgrade eslint to v9 (#12150) 📖 fix: code example input field placeholder name (#12296) 📖 docs: fix typo in code example (#12271)

thanks to @​rasikhq @​abnud11 @​crypt0box @​developer-bandi @​matmannion @​hasancruk & @​vismay7

Version 7.53.0

🌫️ feat: #12148 support isValid when mode is set to onBlur (#12194)

// update formstate isValid with onBlur event
const { formState: { isValid } } = useForm({
  mode: 'onBlur'
})

🐞 fix #12021 issue with disable prop not reflecting on re-render without trigger by useEffect (#12193) 👩‍🌾 close #12168 optimise re-render with validating fields subscription (#12192) 🐞 fix #12127 issue with compare object value changed with object input (#12185) 🎲 improve : break out of recursive loops on first focus (#11827) 📖 fix example of ObjectKeys type (#11965)

thanks to @​suke & @​DPflasterer

Version 7.52.2

👍 close #12108 useController should subscribe to exact field name of form's state (#12109) 👍 chore: upgrade app deps 🩻 fix: add useCallback for ref callback (#12078) 🚀 fix: skip call executeBuiltInValidation if no sub-fields left (#12054)

thanks to @​newsiberian, @​Wendystraite and @​abnud11

Version 7.52.1

🐞 fix #12024 dirty not update issue with values prop (#12041) 🐞 fix: field array validate rules shift errors (#12033)

thanks to @​JardelCheung

Version 7.52.0

⚛️ close #11932 enable react 19 peer dependency (#11935) 👮‍♀️ close #11954 getFieldState remove unnessaried inValidating and touched subscription (#11995) 🐞 fix #11985 logic createFormControl check field before usage (#11986)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dryrunsecurity[bot] commented 3 weeks ago

DryRun Security Summary

The provided code change updates the react-hook-form dependency in the package.json file from version 7.49.2 to version 7.53.1, which should be reviewed and tested for potential security vulnerabilities.

Expand for full summary
**Summary:** The provided code change is an update to the `package.json` file, which is the configuration file for a Node.js project. The key change is the update of the `react-hook-form` dependency from version `7.49.2` to version `7.53.1`. From an application security perspective, the update to the `react-hook-form` dependency is worth reviewing. React Hook Form is a popular library used for managing form state and validation in React applications. Security researchers have identified several vulnerabilities in past versions of this library, including potential cross-site scripting (XSS) issues and other vulnerabilities that could lead to security breaches. While the update to version `7.53.1` may have addressed some of these vulnerabilities, it's always a good practice to review the release notes and security advisories associated with any dependency update, especially for security-critical libraries like React Hook Form. Additionally, it's recommended to thoroughly test the application after the update to ensure that no new security issues have been introduced. **Files Changed:** - `package.json`: The key change in this file is the update of the `react-hook-form` dependency from version `7.49.2` to version `7.53.1`. This update should be carefully reviewed and tested to ensure that no new security vulnerabilities have been introduced.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

:green_circle: Risk threshold not exceeded.

View PR in the DryRun Dashboard.

dependabot[bot] commented 3 days ago

Superseded by #116.