fix(deps): update weekly patch updates

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@emotion/react (source)	11.11.0 -> 11.11.3					dependencies	patch
@headlessui/react (source)	1.7.4 -> 1.7.17					dependencies	patch
@mui/lab (source)	5.0.0-alpha.129 -> 5.0.0-alpha.159					dependencies	patch
@tailwindcss/forms	0.5.3 -> 0.5.7					devDependencies	patch
@types/react (source)	18.2.8 -> 18.2.47					devDependencies	patch
@types/react-dom (source)	18.2.4 -> 18.2.18					devDependencies	patch
autoprefixer	10.4.14 -> 10.4.16					devDependencies	patch
chrono	0.4.23 -> 0.4.31					dependencies	patch
husky (source)	8.0.2 -> 8.0.3					devDependencies	patch
image	0.24.4 -> 0.24.7					dependencies	patch
nginx	1.25.0-alpine -> 1.25.3-alpine					final	patch
prettier (source)	2.8.0 -> 2.8.8					devDependencies	patch
reqwest	0.11.13 -> 0.11.23					dependencies	patch
rocket (source)	0.5.0-rc.2 -> 0.5.0					dependencies	patch
rocket_sync_db_pools (source)	0.1.0-rc.2 -> 0.1.0					dependencies	patch
serde_json	1.0.89 -> 1.0.111					dependencies	patch
vite-tsconfig-paths	4.2.0 -> 4.2.3					devDependencies	patch

---

Release Notes

emotion-js/emotion (@​emotion/react)

v11.11.3

Compare Source

Patch Changes

• #​3101 49c20b4f Thanks @​kyvong! - Fix Theme import for newer Typescript module resolution modes

• Updated dependencies [45c440fb]:

  • @​emotion/serialize@​1.1.3

v11.11.1

Compare Source

Patch Changes

• #​3048 9357f337 Thanks @​naari3! - Added ElementType to the Emotion's JSX namespace. It's defined in the same way as the one in @types/react and should make it possible to use components that return strings, Promises and other types that are valid in React.

tailwindlabs/headlessui (@​headlessui/react)

v1.7.17

Compare Source

Fixed

• Use correct value when resetting <Listbox multiple> and <Combobox multiple> (#​2626)
• Render <MainTreeNode /> in Popover.Group component only (#​2634)
• Disable smooth scrolling when opening/closing Dialog components on iOS (#​2635)
• Don't assume <Tab /> components are available when setting the next index (#​2642)
• Fix incorrectly focused Combobox.Input component on page load (#​2654)
• Ensure appear works using the Transition component (even when used with SSR) (#​2646)
• Improve resetting values when using the nullable prop on the Combobox component (#​2660)
• Fix hydration of components inside <Suspense> (#​2663)
• Prevent scrolling when focusing a tab (#​2674)

v1.7.16

Compare Source

Fixed

• Ensure the caret is in a consistent position when syncing the Combobox.Input value (#​2568)
• Improve "outside click" behaviour in combination with 3rd party libraries (#​2572)
• Ensure IME works on Android devices (#​2580)
• Calculate aria-expanded purely based on the open/closed state (#​2610)
• Submit form on Enter even if no submit-like button was found (#​2613)

v1.7.15

Compare Source

Added

• [internal] add demo mode to Menu and Popover components (#​2448)

Fixed

• Ensure FocusTrap is only active when the given enabled value is true (#​2456)
• Stop <Transition appear> from overwriting classes on re-render (#​2457)
• Improve control over Menu and Listbox options while searching (#​2471)
• Consider clicks inside iframes to be "outside" (#​2485)
• Ensure moving focus within a Portal component, does not close the Popover component (#​2492)

Changed

• Move types condition to the front (#​2469)

v1.7.14

Compare Source

Fixed

• Fix focus styles showing up when using the mouse (#​2347)
• Fix "Can't perform a React state update on an unmounted component." when using the Transition component (#​2374)
• Add FocusTrap event listeners once document has loaded (#​2389)
• Fix className hydration for <Transition appear> (#​2390)
• Improve Combobox types to improve false positives (#​2411)
• Merge className correctly when it’s a function (#​2412)
• Correctly handle IME composition in <Combobox.Input> (#​2426)

Added

• Add form prop to form-like components such as RadioGroup, Switch, Listbox, and Combobox (#​2356)

v1.7.13

Compare Source

Fixed

• Ensure Transition component completes if nothing is transitioning (#​2318)
• Enable native label behavior for <Switch> where possible (#​2265)
• Allow root containers from the Dialog component in the FocusTrap component (#​2322)
• Fix XYZPropsWeControl and cleanup internal TypeScript types (#​2329)
• Fix invalid warning when using multiple Popover.Button components inside a Popover.Panel (#​2333)
• Fix restore focus to buttons in Safari, when Dialog component closes (#​2326)

v1.7.12

Compare Source

Added

• Add explicit props types for every component (#​2282)

Fixed

• Ensure the main tree and parent Dialog components are marked as inert (#​2290)
• Fix nested Popover components not opening (#​2293)
• Make React types more compatible with other libraries (#​2282)
• Fix Dialog cleanup when the Dialog becomes hidden (#​2303)

v1.7.11

Compare Source

Fixed

• Ensure we handle null values for the dataRef correctly (#​2258)
• Move aria-multiselectable to [role=listbox] in the Combobox component (#​2271)
• Re-focus Combobox.Input when a Combobox.Option is selected (#​2272)
• Ensure we reset the activeOptionIndex if the active option is unmounted (#​2274)
• Improve Ref type for forwarded Switch's ref (#​2277)
• Start cleanup phase of the Dialog component when going into the Closing state (#​2264)

v1.7.10

Compare Source

Fixed

• Revert "Use the import * as React from 'react' pattern (#​2242)

v1.7.9

Compare Source

Fixed

• Fix SSR tab hydration when using Strict Mode in development (#​2231)
• Don't break overflow when multiple dialogs are open at the same time (#​2215)
• Fix "This Suspense boundary received an update before it finished hydrating" error in the Disclosure component (#​2238)
• Use the import * as React from 'react' pattern (#​2242)

v1.7.8

Compare Source

Fixed

• Fix SSR tab rendering on React 17 (#​2102)
• Fix arrow key handling in Tab (after DOM order changes) (#​2145)
• Fix false positive warning about using multiple <Popover.Button> components (#​2146)
• Fix Tab key with non focusable elements in Popover.Panel (#​2147)
• Fix false positive warning when using <Popover.Button /> in React 17 (#​2163)
• Fix failed to removeChild on Node bug (#​2164)
• Don’t overwrite classes during SSR when rendering fragments (#​2173)
• Improve Combobox accessibility (#​2153)
• Fix crash when reading headlessuiFocusGuard of relatedTarget in the FocusTrap component (#​2203)
• Fix FocusTrap in Dialog when there is only 1 focusable element (#​2172)
• Improve Tabs wrapping around when controlling the component and overflowing the selectedIndex (#​2213)
• Fix shadow-root bug closing Dialog containers (#​2217)

Added

• Allow setting tabIndex on the Tab.Panel (#​2214)

v1.7.7

Compare Source

Fixed

• Improve scroll restoration after Dialog closes (b20e48dd)

v1.7.6

Compare Source

Fixed

• Fix regression where displayValue crashes (#​2087)
• Fix displayValue syncing when Combobox.Input is unmounted and re-mounted in different trees (#​2090)
• Fix FocusTrap escape due to strange tabindex values (#​2093)
• Improve scroll locking on iOS (#​2100, 28234b0e)

v1.7.5

Compare Source

Fixed

• Reset form-like components when the parent <form> resets (#​2004)
• Add warning when using <Popover.Button /> multiple times (#​2007)
• Ensure Popover doesn't crash when focus is going to window (#​2019)
• Ensure shift+home and shift+end works as expected in the Combobox.Input component (#​2024)
• Improve syncing of the Combobox.Input value (#​2042)
• Fix crash when using multiple mode without value prop (uncontrolled) for Listbox and Combobox components (#​2058)
• Apply enter and enterFrom classes in SSR for Transition component (#​2059)
• Allow passing in your own id prop (#​2060)
• Fix Dialog unmounting problem due to incorrect transitioncancel event in the Transition component on Android (#​2071)
• Ignore pointer events in Listbox, Menu, and Combobox when cursor hasn't moved (#​2069)
• Allow clicks inside dialog panel when target is inside shadow root (#​2079)

mui/material-ui (@​mui/lab)

v5.0.0-alpha.159

Compare Source

• ​Add use client directive (#​40358) @​DiegoAndai

v5.0.0-alpha.158

Compare Source

v5.0.0-alpha.157

Compare Source

v5.0.0-alpha.156

Compare Source

• ​[lab][LoadingButton] LoadingButton now inherits props from ButtonGroup (#​39679) @​lhilgert9

v5.0.0-alpha.155

Compare Source

v5.0.0-alpha.154

Compare Source

v5.0.0-alpha.152

• [TreeView] Remove tree view import from @​mui/lab (#​39685) @​alexfauquette

v5.0.0-alpha.151

Compare Source

v5.0.0-alpha.150

Compare Source

• ​Update peer dep of @​mui/material (#​39398) @​brijeshb42

v5.0.0-alpha.149

Compare Source

v5.0.0-alpha.148

Compare Source

v5.0.0-alpha.147

Compare Source

v5.0.0-alpha.146

Compare Source

• [TreeView] Fix JSDoc comments in TreeView and TreeItem (#​38874) @​jergason

v5.0.0-alpha.145

Compare Source

v5.0.0-alpha.144

Compare Source

• ​Add TypeScript deprecations (#​38833) @​oliviertassinari
• ​Fix @mui/x-tree-view dependency (#​38822) @​flaviendelangle

v5.0.0-alpha.143

Compare Source

• ​[TreeView] Use Tree View from MUI X in the lab (#​38261) @​flaviendelangle
• ​[LoadingButton] Fix HTML rule button > div forbidden nesting (#​38584) @​oliviertassinari

v5.0.0-alpha.142

Compare Source

v5.0.0-alpha.139

Compare Source

v5.0.0-alpha.138

Compare Source

v5.0.0-alpha.137

Compare Source

v5.0.0-alpha.135

• [Timeline] Fix position alternate-reverse generated classname (#​37678) @​ZeeshanTamboli

v5.0.0-alpha.134

Compare Source

v5.0.0-alpha.133

Compare Source

v5.0.0-alpha.132

Compare Source

v5.0.0-alpha.131

Compare Source

v5.0.0-alpha.130

Compare Source

tailwindlabs/tailwindcss-forms (@​tailwindcss/forms)

v0.5.7

Compare Source

Fixed

• Use normal checkbox and radio appearance in forced-colors mode (#​152)

v0.5.6

Compare Source

Fixed

• Fix date time bottom spacing on MacOS Safari (#​146)

v0.5.5

Compare Source

Fixed

• Fix text alignment on date and time inputs on iOS (#​144)

v0.5.4

Compare Source

Fixed

• Remove chevron for selects with a non-default size (#​137)
• Allow for without type (#​141)

postcss/autoprefixer (autoprefixer)

v10.4.16

Compare Source

• Improved performance (by Romain Menke).
• Fixed docs (by Christian Oliff).

v10.4.15

Compare Source

• Fixed ::backdrop prefixes (by 一丝).
• Fixed docs (by Christian Oliff).

chronotope/chrono (chrono)

v0.4.31: 0.4.31

Compare Source

Another maintenance release.
It was not a planned effort to improve our support for UNIX timestamps, yet most PRs seem related to this.

Deprecations

• Deprecate timestamp_nanos in favor of the non-panicking timestamp_nanos_opt (#​1275)

Additions

• Add DateTime::<Utc>::from_timestamp (#​1279, thanks @​demurgos)
• Add TimeZone::timestamp_micros (#​1285, thanks @​emikitas)
• Add DateTime<Tz>::timestamp_nanos_opt and NaiveDateTime::timestamp_nanos_opt (#​1275)
• Add UNIX_EPOCH constants (#​1291)

Fixes

• Format day of month in RFC 2822 without padding (#​1272)
• Don't allow strange leap seconds which are not on a minute boundary initialization methods (#​1283)
  This makes many methods a little more strict:
  • NaiveTime::from_hms_milli
  • NaiveTime::from_hms_milli_opt
  • NaiveTime::from_hms_micro
  • NaiveTime::from_hms_micro_opt
  • NaiveTime::from_hms_nano
  • NaiveTime::from_hms_nano_opt
  • NaiveTime::from_num_seconds_from_midnight
  • NaiveTime::from_num_seconds_from_midnight_opt
  • NaiveDate::and_hms_milli
  • NaiveDate::and_hms_milli_opt
  • NaiveDate::and_hms_micro
  • NaiveDate::and_hms_micro_opt
  • NaiveDate::and_hms_nano
  • NaiveDate::and_hms_nano_opt
  • NaiveDateTime::from_timestamp
  • NaiveDateTime::from_timestamp_opt
  • TimeZone::timestamp
  • TimeZone::timestamp_opt
• Fix underflow in NaiveDateTime::timestamp_nanos_opt (#​1294, thanks @​crepererum)

Documentation

• Add more documentation about the RFC 2822 obsolete date format (#​1267)

Internal

• Remove internal __doctest feature and doc_comment dependency (#​1276)
• CI: Bump actions/checkout from 3 to 4 (#​1280)
• Optimize NaiveDate::add_days for small values (#​1214)
• Upgrade pure-rust-locales to 0.7.0 (#​1288, thanks @​jeremija wo did good improvements on pure-rust-locales)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.30: 0.4.30

Compare Source

In this release, we have decided to swap out the chrono::Duration type (which has been a re-export of time 0.1 Duration type) with our own definition, which exposes a strict superset of the time::Duration API. This helps avoid warnings about the CVE-2020-26235 and RUSTSEC-2020-0071 advisories for downstream users and allows us to improve the Duration API going forward.

While this is technically a SemVer-breaking change, we expect the risk of downstream users experiencing actual incompatibility to be exceedingly limited (see our analysis of public code using a crater-like experiment), and not enough justification for the large ecosystem churn of a 0.5 release. If you have any feedback on these changes, please let us know in #​1268.

Additions

• Add NaiveDate::leap_year (#​1261)

Documentation

• Update main documentation from README (#​1260, thanks @​Stygmates)
• Add history of relation between chrono and time 0.1 to documentation (https://github.com/chronotope/chrono/pull/1264, https://github.com/chronotope/chrono/pull/1266)
• Clarify Timelike::num_seconds_from_midnight is a simple mapping (#​1255)

Relation between chrono and time 0.1

Rust first had a time module added to std in its 0.7 release. It later moved to libextra, and then to a libtime library shipped alongside the standard library. In 2014 work on chrono started in order to provide a full-featured date and time library in Rust. Some improvements from chrono made it into the standard library; notably, chrono::Duration was included as std::time::Duration (rust#15934) in 2014.

In preparation of Rust 1.0 at the end of 2014 libtime was moved out of the Rust distro and into the time crate to eventually be redesigned (rust#18832, rust#18858), like the num and rand crates. Of course chrono kept its dependency on this time crate. time started re-exporting std::time::Duration during this period. Later, the standard library was changed to have a more limited unsigned Duration type (rust#24920, RFC 1040), while the time crate kept the full functionality with time::Duration. time::Duration had been a part of chrono's public API.

By 2016 time 0.1 lived under the rust-lang-deprecated organisation and was not actively maintained (time#136). chrono absorbed the platform functionality and Duration type of the time crate in chrono#478 (the work started in chrono#286). In order to preserve compatibility with downstream crates depending on time and chrono sharing a Duration type, chrono kept depending on time 0.1. chrono offered the option to opt out of the time dependency by disabling the oldtime feature (swapping it out for an effectively similar chrono type). In 2019, @​jhpratt took over maintenance on the time crate and released what amounts to a new crate as time 0.2.

Security advisories

In November of 2020 CVE-2020-26235 and RUSTSEC-2020-0071 were opened against the time crate. @​quininer had found that calls to localtime_r may be unsound (chrono#499). Eventually, almost a year later, this was also made into a security advisory against chrono as RUSTSEC-2020-0159, which had platform code similar to time.

On Unix-like systems a process is given a timezone id or description via the TZ environment variable. We need this timezone data to calculate the current local time from a value that is in UTC, such as the time from the system clock. time 0.1 and chrono used the POSIX function localtime_r to do the conversion to local time, which reads the TZ variable.

Rust assumes the environment to be writable and uses locks to access it from multiple threads. Some other programming languages and libraries use similar locking strategies, but these are typically not shared across languages. More importantly, POSIX declares modifying the environment in a multi-threaded process as unsafe, and getenv in libc can't be changed to take a lock because it returns a pointer to the data (see rust#27970 for more discussion).

Since version 4.20 chrono no longer uses localtime_r, instead using Rust code to query the timezone (from the TZ variable or via iana-time-zone as a fallback) and work with data from the system timezone database directly. The code for this was forked from the tz-rs crate by @​x-hgg-x. As such, chrono now respects the Rust lock when reading the TZ environment variable. In general, code should avoid modifying the environment.

Removing time 0.1

Because time 0.1 has been unmaintained for years, however, the security advisory mentioned above has not been addressed. While chrono maintainers were careful not to break backwards compatibility with the time::Duration type, there has been a long stream of issues from users inquiring about the time 0.1 dependency with the vulnerability. We investigated the potential breakage of removing the time 0.1 dependency in chrono#1095 using a crater-like experiment and determined that the potential for breaking (public) dependencies is very low. We reached out to those few crates that did still depend on compatibility with time 0.1.

As such, for chrono 0.4.30 we have decided to swap out the time 0.1 Duration implementation for a local one that will offer a strict superset of the existing API going forward. This will prevent most downstream users from being affected by the security vulnerability in time 0.1 while minimizing the ecosystem impact of semver-incompatible version churn.

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.29: 0.4.29

Compare Source

This release fixes a panic introduced in chrono 0.4.27 in FromStr<DateTime<Utc>> (#​1253).

Chrono now has a Discord channel.

Fixes

• Fix arbitrary string slicing in parse_rfc3339_relaxed (#​1254)

Deprecations

• Deprecate TimeZone::datetime_from_str (#​1251)

Documentation

• Correct documentation for FromStr for Weekday and Month (#​1226, thanks @​wfraser)

Internal improvements

• Revert "add test_issue_866" (#​1238)
• CI: run tests on i686 and wasm32-wasi (#​1237)
• CI: Include doctests for code coverage (#​1248)
• Move benchmarks to a separate crate (#​1243)
  This allows us to upgrade the criterion dependency to 5.1 without changing our MSRV.
• Add Discord link to README (#​1240, backported in #​1256)

Thanks to all contributors on behalf of the chrono team, @​djc and @​pitdicker!

v0.4.28: 0.4.28

Compare Source

This release fixes a test failure on 32-bit targets introduced with 0.4.27, see https://github.com/chronotope/chrono/issues/1234.

v0.4.27: 0.4.27

Compare Source

This release bumps the MSRV from 1.56 to 1.57. This allows us to take advantage of the panicking in const feature. In this release most methods on NaiveDate and NaiveTime are made const, NaiveDateTime and others will follow in a later release.

The parser for the %+ formatting specifier and the RFC3339 formatting item is switched from a strict to a relaxed parser (see https://github.com/chronotope/chrono/pull/1145). This matches the existing documentation, and the parser used by DateTime::from_str. If you need to validate the input, consider using DateTime::from_rfc3339.

Deprecations

• Deprecate DateTime::{from_local, from_utc} (https://github.com/chronotope/chrono/pull/1175)

Additions

• Let DateTime::signed_duration_since take argument with Borrow (https://github.com/chronotope/chrono/pull/1119)
• Implement PartialOrd for Month (https://github.com/chronotope/chrono/pull/999, thanks @​Munksgaard)
• Add Ord and Eq for types which already derive PartialOrd and PartialEq (https://github.com/chronotope/chrono/pull/1128, thanks @​totikom)
• implement FusedIterator for NaiveDateDaysIterator and NaiveDateWeeksIterator (https://github.com/chronotope/chrono/pull/1134)
• Make NaiveDateDaysIterator and NaiveDateWeeksIterator public (https://github.com/chronotope/chrono/pull/1134)
• Add FromStr for FixedOffset (https://github.com/chronotope/chrono/pull/1157, thanks @​mcronce)
• Remove Tz::Offset: Display requirement from DateTime::to_rfc* (https://github.com/chronotope/chrono/pull/1160)
• More flexible offset formatting (not exposed yet) (https://github.com/chronotope/chrono/pull/1160)
• Make StrftimeItems with unstable-locales work without allocating (https://github.com/chronotope/chrono/pull/1152)
• Make NaiveDate::from_ymd_opt const (https://github.com/chronotope/chrono/pull/1172, thanks @​kamadorueda)
• Implement Error trait for ParseWeekdayError and ParseMonthError (https://github.com/chronotope/chrono/pull/539, thanks @​mike-kfed)
• Make methods on NaiveTime const, update MSRV to 1.57 (https://github.com/chronotope/chrono/pull/1080)
• Make methods on NaiveDate const (https://github.com/chronotope/chrono/pull/1205)
• Implement operations for core::time::Duration on DateTime types (https://github.com/chronotope/chrono/pull/1229)

Fixes

• Ensure timestamp_nanos panics on overflow in release builds (https://github.com/chronotope/chrono/pull/1123)
• Fix offset_from_local_datetime for wasm_bindgen (https://github.com/chronotope/chrono/pull/1131)
• Parsing: Consider %s to be a timestamp in UTC (https://github.com/chronotope/chrono/pull/1136)
• Don't panic when formatting with %#z ([https://github.com/fix: no panic when formatting with %#z chronotope/chrono#1140](https://tog

---

Configuration

📅 Schedule: Branch creation - "before 5am on monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

---

• Branch has one or more failed status checks