Skip to content

fix(deps): Update dependency @xstate/react to v2 #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): Update dependency @xstate/react to v2 #282

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 12, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@xstate/react (source) ^1.2.0 -> ^2.0.1 age adoption passing confidence

Release Notes

statelyai/xstate (@​xstate/react)

v2.0.1

Compare Source

Patch Changes
  • #​3089 862697e29 Thanks @​Andarist! - Fixed compatibility with Skypack by exporting some shared utilities from root entry of XState and consuming them directly in other packages (this avoids accessing those things using deep imports and thus it avoids creating those compatibility problems).

v2.0.0

Compare Source

Major Changes

  • #​2674 e5a8b8dff Thanks @​Andarist, @​mattpocock! - To avoid breaking any consumers and to leverage the newly introduced typegen support, the major version of this package had to be bumped. While you can still use it with older versions of TS, the typegen support in this package requires TS version 4.0 or greater.

    When using hooks from @xstate/react it's recommended to skip providing explicit generics to them. Note that that generics list has changed since v1 and we now only accept a single generic, TMachine.

  • #​2674 ab919d300 Thanks @​Andarist! - Removed already deprecated useService from @xstate/react. You can replace its usage with useActor.

Patch Changes

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate using a curated preset maintained by Sanity. View repository job log here

@socket-security
Copy link

socket-security bot commented Jun 12, 2023
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedshell-quote@​1.7.21002510082100
Addednumber-is-nan@​1.0.1671005751100
Addedside-channel@​1.0.4671006552100
Addedsort-order@​1.0.1991004876100
Addedutil.promisify@​1.0.1671007452100
Updatedtty-browserify@​0.0.0 ⏵ 0.0.11001005083100
Addedsafer-buffer@​2.1.26710010051100
Addedobject.hasown@​1.1.0671008351100
Addedobject.fromentries@​2.0.5671008151100
Addedpath-parse@​1.0.7671007851100
Addedobject-keys@​1.1.1671009151100
Addedobject-is@​1.1.5671008651100
Addedobject.getownpropertydescriptors@​2.1.36710010051100
Addedunbox-primitive@​1.0.1671007851100
Addedobject.values@​1.1.5671008552100
Addedstring.prototype.matchall@​4.0.6661009252100
Addedstring.prototype.trimend@​1.0.4671007853100
Addedstring.prototype.trimstart@​1.0.4671007852100
Addedwhich-boxed-primitive@​1.0.2671009052100
Addedregexp.prototype.flags@​1.3.1671008452100
See 313 more rows in the dashboard

View full report

@renovate renovate bot changed the title fix(deps): update dependency @xstate/react to v2 fix(deps): Update dependency @xstate/react to v2 Aug 4, 2023
@renovate renovate bot force-pushed the renovate/major-2-xstate-monorepo branch from ffa9645 to b5a8330 Compare May 14, 2025 10:33
@vercel Vercel
Copy link

vercel bot commented May 14, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
react-spring-bottom-sheet ❌ Failed (Inspect) May 14, 2025 10:33am

@socket-security Socket Security
Copy link

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert (click for details)
Warn Critical
[email protected] has a Critical CVE.

CVE: GHSA-g4rg-993r-mgx7 Improper Neutralization of Special Elements used in a Command in Shell-quote (CRITICAL)

Affected versions: <= 1.7.2

Patched version: 1.7.3

From: package-lock.jsonnpm/[email protected]

ℹ Read more on: This package | This alert | What is a critical CVE?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
🤖 bot 📦 deps ⚠️ major
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants