Releases: mercadona/wrapito
Release list
Release refs/tags/v13.5.0
Release refs/tags/v13.5.0-beta10
📦 Uncategorized
- Bump mikepenz/release-changelog-builder-action from 6.2.1 to 6.2.2
- PR: #326
- Bump react-redux from 9.2.0 to 9.3.0
- PR: #325
- [Changed]: dependabot config to group large groups together
- PR: #334
- Bump actions/checkout from 6.0.2 to 6.0.3
- PR: #335
- Bump the react group across 1 directory with 3 updates
- PR: #336
- fix: upgrade vitest 1.x → 4.1.5 to resolve all 11 security vulnerabilities
- PR: #311
- chore(ci): improve dependabot commit messages and group github-actions
- PR: #346
- chore(deps): within-major hygiene bumps + clear remaining ws advisory
- PR: #319
- chore(deps-dev): bump @types/react from 19.2.16 to 19.2.17 in the react group
- PR: #352
- fix(deps): downgrade chalk to ^4.1.2 to restore CJS consumer compatibility
- PR: #349
- chore(deps-dev): bump prettier from 3.8.3 to 3.8.4
- PR: #297
- ci: add @arethetypeswrong/cli + fix dual ESM/CJS contract
- PR: #350
- chore(deps-dev): bump react-router-dom from 5.3.4 to 7.17.0
- PR: #347
- chore(deps-dev): migrate from legacy Redux to Redux Toolkit
- PR: #354
- chore(deps-dev): bump @types/react from 19.2.16 to 19.2.17 in the react group
- PR: #357
- chore(deps-dev): bump prettier from 3.8.3 to 3.8.4
- PR: #358
- chore(deps): upgrade Node.js 20.19.5 → 24.15.0 (LTS)
- PR: #355
- chore(deps-dev): upgrade ESLint 8 → 9.x with flat config migration
- PR: #356
- chore(deps): add @eslint/* to the dependabot eslint group
- PR: #362
- chore(deps-dev): bump react-router-dom from 7.17.0 to 7.18.0
- PR: #367
- chore(deps-dev): bump typescript-eslint from 8.61.0 to 8.61.1
- PR: #366
- chore: add vitest deps to dependabot test group
- PR: #368
- chore(deps-dev): bump the testing group across 1 directory with 3 updates
- PR: #369
Release refs/tags/v13.5.0-beta9
- no changes
Release refs/tags/v13.5.0-beta8
- no changes
Release refs/tags/v13.5.0-beta7
📦 Uncategorized
- Bump mikepenz/release-changelog-builder-action from 6.2.1 to 6.2.2
- PR: #326
- Bump react-redux from 9.2.0 to 9.3.0
- PR: #325
- [Changed]: dependabot config to group large groups together
- PR: #334
- Bump actions/checkout from 6.0.2 to 6.0.3
- PR: #335
- Bump the react group across 1 directory with 3 updates
- PR: #336
- fix: upgrade vitest 1.x → 4.1.5 to resolve all 11 security vulnerabilities
- PR: #311
- chore(ci): improve dependabot commit messages and group github-actions
- PR: #346
- chore(deps): within-major hygiene bumps + clear remaining ws advisory
- PR: #319
- chore(deps-dev): bump @types/react from 19.2.16 to 19.2.17 in the react group
- PR: #352
- fix(deps): downgrade chalk to ^4.1.2 to restore CJS consumer compatibility
- PR: #349
- chore(deps-dev): bump prettier from 3.8.3 to 3.8.4
- PR: #297
- ci: add @arethetypeswrong/cli + fix dual ESM/CJS contract
- PR: #350
- chore(deps-dev): bump react-router-dom from 5.3.4 to 7.17.0
- PR: #347
- chore(deps-dev): migrate from legacy Redux to Redux Toolkit
- PR: #354
- chore(deps-dev): bump @types/react from 19.2.16 to 19.2.17 in the react group
- PR: #357
- chore(deps-dev): bump prettier from 3.8.3 to 3.8.4
- PR: #358
- chore(deps): upgrade Node.js 20.19.5 → 24.15.0 (LTS)
- PR: #355
- chore(deps-dev): upgrade ESLint 8 → 9.x with flat config migration
- PR: #356
- chore(deps): add @eslint/* to the dependabot eslint group
- PR: #362
- chore(deps-dev): bump react-router-dom from 7.17.0 to 7.18.0
- PR: #367
- chore(deps-dev): bump typescript-eslint from 8.61.0 to 8.61.1
- PR: #366
- chore: add vitest deps to dependabot test group
- PR: #368
- chore(deps-dev): bump the testing group across 1 directory with 3 updates
- PR: #369
Release refs/tags/v13.4.2-beta.0
Release refs/tags/v13.4.1
🚨 Breaking Fix: CJS consumer compatibility restored
If you use wrapito in a Jest / react-scripts environment, this release is a required upgrade.
fix(deps): chalk downgraded to ^4.1.2 to restore CJS bundle (#349)
chalk@5 is ESM-only. Since wrapito ships a dual ESM/CJS bundle, the CJS entry (dist/index.js) was broken for consumers running under Jest or any pure-CJS test runner:
SyntaxError: Cannot use import statement outside a module
at .../wrapito/node_modules/chalk/source/index.js
at Object.<anonymous> (node_modules/wrapito/dist/index.js)
Reverted to chalk@4 (last CJS-compatible release). The API used internally is identical between v4 and v5.
fix: global.fetch spy was not shared with global.window.fetch (#349)
In Jest + jsdom, global.fetch and global.window.fetch are distinct objects. Consumers calling global.window.fetch.mockImplementation(...) were configuring a spy that wrapito's matchers never read, causing all toHaveBeenFetchedWith / toHaveFetched assertions to fail silently.
Both references now point to the same spy instance.
🔒 Security fixes
fix: vitest upgraded 1.x → 4.1.5 (#311)
Resolves 11 vulnerabilities (4 high, 7 moderate) in dev dependencies:
- esbuild GHSA-67mh-4wv8-2f99 — dev server CORS bypass
- vite GHSA-4w7w-66w2-5vf9 — path traversal in .map handling
- rollup GHSA-mw96-cpmx-2vgc — arbitrary file write via path traversal
- postcss GHSA-qx2v-qp2m-jg93 — XSS via unescaped
</style> - lodash GHSA-r5fr-rjxr-66jc, GHSA-f23m-r3pf-42rh
📦 Other changes (dependency bumps)
- Bump softprops/action-gh-release from 2.5.0 to 2.6.1 (#272)
- Bump actions/setup-node from 6.2.0 to 6.3.0 (#262)
- Bump mikepenz/release-changelog-builder-action 6.1.0 → 6.2.2 (#261, #282, #294, #326)
- Bump prettier from 3.8.1 to 3.8.2 (#290)
- Bump react-dom from 19.2.4 to 19.2.5 (#289)
- Bump actions/setup-node from 6.3.0 to 6.4.0 (#300)
- Bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#295)
- Bump react-redux from 9.2.0 to 9.3.0 (#325)
- Bump actions/checkout from 6.0.2 to 6.0.3 (#335)
- Bump the react group across 1 directory with 3 updates (#336)
- chore(deps-dev): bump @types/react (#352)
- chore(deps): within-major hygiene bumps + clear remaining ws advisory (#319)
- chore(ci): improve dependabot commit messages and group github-actions (#346)
Release refs/tags/v13.5.0-beta6
- no changes
Release refs/tags/v13.5.0-beta5
- no changes
Release refs/tags/v13.5.0-beta4
- no changes