[Snyk] Upgrade react-dropzone from 12.0.5 to 12.1.0#9
Closed
ekaterinamishina wants to merge 1 commit into
Closed
Conversation
Snyk has created this PR to upgrade react-dropzone from 12.0.5 to 12.1.0. See this package in npm: https://www.npmjs.com/package/react-dropzone See this project in Snyk: https://app.snyk.io/org/ekaterinamishina/project/a7ae825a-a391-4cf6-9734-4f788c3f8223?utm_source=github&utm_medium=referral&page=upgrade-pr
rbuergi
added a commit
that referenced
this pull request
May 5, 2026
…leasePath is set Tasks #6, #7, #8, #9, #10, #11, #12, #13, #14 from the failing-tests list share one root cause: NodeTypeContractHandler.Handle was short-circuiting on node.AssemblyLocation alone. For freshly-created dynamic NodeTypes (NodeType=NodeType, Content=NodeTypeDefinition), NodeTypeService .EnrichWithNodeType propagates the STATIC "NodeType" type's framework DLL (MeshWeaver.Graph.dll) onto the new node's AssemblyLocation through its fast-path ApplyEntry. The handler then opened MeshWeaver.Graph.dll, found no MeshNodeProvider for the new hub's path, and silently returned Success=true with empty NodeTypeConfigurations — so: - CompileFailsWhenSourceCodeIsInvalid sees Success=true (compile never actually ran). - CompileWithMultipleSourceLocationsPullsInExternalCode misses the external Profile type for the same reason. - CompileActivityLogTest.* never produces an activity log because the Roslyn compile never ran. - LinkedIn* tests can't render their NodeType-bound layout areas. - MeshPluginTest broken-NodeType tests don't see the compile error because no compile happened. Fix: only take the short-circuit path when def.LatestReleasePath is non-empty. A populated LatestReleasePath means StartCompile (or a release publish) has actually emitted an assembly for THIS NodeType; only then is AssemblyLocation a real release DLL. Otherwise fall through to compilationService.CompileAndGetConfigurations, which runs Roslyn, returns the real Success/Failed shape, and lets the cluster behave. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
rbuergi
added a commit
that referenced
this pull request
May 10, 2026
…fix DI lifetimes, redact PII, drop dynamic - ThreadExecution: collapse triple-stacked <summary> blocks on WatchForExecution and NotifyParentCompletion. Tooling kept the last one anyway; the dead scaffolding was just noise. - SocialExtensions: register LinkedInPublisher / XPublisher as TRUE singletons (factory-resolved with named HttpClient). The previous AddHttpClient<T>+AddSingleton<IPlatformPublisher> mix made the concrete type transient while the interface alias was singleton — direct vs via-interface resolution returned different instances. Also gate hosted-service registration on at least one platform being configured (the "all-or-nothing" comment was wrong; with zero platforms the four hosted services started anyway and faulted on first tick). - LinkedInPublisher: replace `(dynamic)media.shareMediaCategory` peek with two concrete payload shapes — typo turns into a compile error instead of a RuntimeBinderException. - LinkedIn / X publishers: cap error-body logs at 200 chars to bound PII exposure (the body can echo the user's post text on validation rejection). Full body still goes to PublishResult.Error for the caller. Addresses PR #95 review items #9, #20, #21, #22, #23. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade react-dropzone from 12.0.5 to 12.1.0.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
✨ Snyk has automatically assigned this pull request, set who gets assigned.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: react-dropzone
-
12.1.0 - 2022-04-26
- deps: bump file-selector from 0.4.0 to 0.5.0 (2a71cc9)
-
12.0.6 - 2022-04-26
- remove autocomplete for file input type (5bc4273)
-
12.0.5 - 2022-04-10
- use KeyboardEvent.key to detect space/enter events (67e3f59)
from react-dropzone GitHub release notes12.1.0 (2022-04-26)
Features
12.0.6 (2022-04-26)
Bug Fixes
12.0.5 (2022-04-10)
Bug Fixes
Commit messages
Package name: react-dropzone
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs