π¨ Breaking Fix: CJS consumer compatibility restored
If you use wrapito in a Jest / react-scripts environment, this release is a required upgrade.
fix(deps): chalk downgraded to ^4.1.2 to restore CJS bundle (#349)
chalk@5 is ESM-only. Since wrapito ships a dual ESM/CJS bundle, the CJS entry (dist/index.js) was broken for consumers running under Jest or any pure-CJS test runner:
SyntaxError: Cannot use import statement outside a module
at .../wrapito/node_modules/chalk/source/index.js
at Object.<anonymous> (node_modules/wrapito/dist/index.js)
Reverted to chalk@4 (last CJS-compatible release). The API used internally is identical between v4 and v5.
fix: global.fetch spy was not shared with global.window.fetch (#349)
In Jest + jsdom, global.fetch and global.window.fetch are distinct objects. Consumers calling global.window.fetch.mockImplementation(...) were configuring a spy that wrapito's matchers never read, causing all toHaveBeenFetchedWith / toHaveFetched assertions to fail silently.
Both references now point to the same spy instance.
π Security fixes
fix: vitest upgraded 1.x β 4.1.5 (#311)
Resolves 11 vulnerabilities (4 high, 7 moderate) in dev dependencies:
- esbuild GHSA-67mh-4wv8-2f99 β dev server CORS bypass
- vite GHSA-4w7w-66w2-5vf9 β path traversal in .map handling
- rollup GHSA-mw96-cpmx-2vgc β arbitrary file write via path traversal
- postcss GHSA-qx2v-qp2m-jg93 β XSS via unescaped
</style> - lodash GHSA-r5fr-rjxr-66jc, GHSA-f23m-r3pf-42rh
π¦ Other changes (dependency bumps)
- Bump softprops/action-gh-release from 2.5.0 to 2.6.1 (#272)
- Bump actions/setup-node from 6.2.0 to 6.3.0 (#262)
- Bump mikepenz/release-changelog-builder-action 6.1.0 β 6.2.2 (#261, #282, #294, #326)
- Bump prettier from 3.8.1 to 3.8.2 (#290)
- Bump react-dom from 19.2.4 to 19.2.5 (#289)
- Bump actions/setup-node from 6.3.0 to 6.4.0 (#300)
- Bump softprops/action-gh-release from 2.6.1 to 3.0.0 (#295)
- Bump react-redux from 9.2.0 to 9.3.0 (#325)
- Bump actions/checkout from 6.0.2 to 6.0.3 (#335)
- Bump the react group across 1 directory with 3 updates (#336)
- chore(deps-dev): bump @types/react (#352)
- chore(deps): within-major hygiene bumps + clear remaining ws advisory (#319)
- chore(ci): improve dependabot commit messages and group github-actions (#346)