Search code, repositories, users, issues, pull requests...

Features

fix: add use client to ensure loaders run on server components by @davidhu2000 in #639

Chores

Remove unused outputted files from published package, including umd files, duplicated cjs files, test files, and unnecessary config files. This decreased the total package size by 321KB,

- 541KB
+ 220KB

Changelog

release 0.17.0-beta.1 by @davidhu2000 in #640
chore(deps-dev): bump the eslint group with 2 updates by @dependabot in #641
chore(deps-dev): bump @vitejs/plugin-react from 4.3.4 to 4.4.0 by @dependabot in #642
chore(deps-dev): bump vite from 6.2.6 to 6.3.1 by @dependabot in #643
chore: update-yarn to stable version, dedupe deps by @davidhu2000 in #644
chore: add unnecessary files to npmignore by @davidhu2000 in #645
chore: remove umd files from npm publish by @davidhu2000 in #646
chore: dedupe-cjs-outputs by @davidhu2000 in #647
chore: revert cjs changes, remove cjs folder from build outputs by @davidhu2000 in #648
chore: add eslint config to npmignore by @davidhu2000 in #649
chore: update readme example to not use path import by @davidhu2000 in #650
chore(deps-dev): bump vite from 6.3.1 to 6.3.2 by @dependabot in #651
chore(deps-dev): bump eslint from 9.24.0 to 9.25.0 in the eslint group by @dependabot in #653
chore(deps-dev): bump @vitejs/plugin-react from 4.4.0 to 4.4.1 by @dependabot in #652
chore: release-0.17.0 by @davidhu2000 in #654

Full Changelog: davidhu2000/react-spinners@v0.16.1...v0.17.0

`v0.16.1`

What's Changed

fix: update scale loader prop to be optional to fix breaking change by @davidhu2000 in #638

Full Changelog: davidhu2000/react-spinners@v0.16.0...v0.16.1

`v0.16.0`

[!CAUTION]
This version included a breaking change in ScaleLoader where the newly introduced barCount prop was not marked as optional. This issue has been patched in v0.16.1.

What's Changed

chore: add-dependabot-gruping by @davidhu2000 in #618
Bump nanoid from 3.3.7 to 3.3.8 by @dependabot in #616
chore(deps-dev): bump the testing group with 3 updates by @dependabot in #623
chore: add storybook to storeybook grouping by @davidhu2000 in #627
chore: update storybook to latest version by @davidhu2000 in #630
feat: add configurable bar count for ScaleLoader by @BlueManCZ in #617
chore(deps-dev): bump the eslint group with 9 updates by @dependabot in #625
chore(deps-dev): bump the react group with 4 updates by @dependabot in #626
chore(deps-dev): bump vite from 5.3.1 to 6.2.6 by @dependabot in #628
chore: update-all-packages by @davidhu2000 in #631
chore: remove-jsx-element return type by @davidhu2000 in #633
chore(deps): bump store2 from 2.14.3 to 2.14.4 by @dependabot in #620
Bump cross-spawn from 7.0.3 to 7.0.6 by @dependabot in #613
Bump express from 4.19.2 to 4.21.0 by @dependabot in #609

New Contributors

@BlueManCZ made their first contribution in #617

Full Changelog: davidhu2000/react-spinners@v0.15.0...v0.16.0

`v0.15.0`

What's Changed

Bump micromatch from 4.0.5 to 4.0.8 by @dependabot in #607
Update peer dependencies to support React 19 by @mobeigi in #612

New Contributors

@mobeigi made their first contribution in #612

Full Changelog: davidhu2000/react-spinners@0.14.1...v0.15.0

`v0.14.1`

revert #602 due to issues with test and server side rendering

`v0.14.0`

feat: color prop can accept rgb colors #586
fix: multiple hash loader with different color renders as the same color #602
fix: moon loader wobble if size is not divisible by 7 #603

`v0.13.8`

bugfix: Remove Animation Fill Mode from CircleLoader to fix SSR mismatch style error. #558

`v0.13.7`

bugfix: fix PacmanLoader container height/width to adjust with size prop

`v0.13.6`

Improve formatting of example code to include data-testid prop

`v0.13.5`

Improve README to include additional available props via span tag

`v0.13.4`

bugfix: fix server side render issue on HashLoader

`v0.13.3`

bugfix: Fix PuffLoader initial rendering issue

`v0.13.2`

remove next version badge until needed

`v0.13.1`

update homepage in package.json

`v0.13.0`

Rewrite each loader from the ground up using functional components.
Replaced @emotion with vanilla javascript and inline style to reduce component size by 75%. This project now have 0 dependencies, while continuing to support server side rendering.
Added support for custom props such as aria-label
renamed css prop to cssOverride to avoid type conflicts with css-in-js libraries.

`v0.12.0`

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

Feature: output commonjs, es module, and umd file types.
Feature: add support for react 18 #464

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

sonarqubecloud · 2023-01-10T10:56:28Z

Kudos, SonarCloud Quality Gate passed!

No Coverage information
0.0% Duplication

socket-security · 2023-02-21T13:28:15Z

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

sonarqubecloud · 2023-03-14T11:33:09Z

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

github-actions · 2023-04-24T16:32:32Z

🎉 Deployment for commit ff36791 :

Ingresses

🚀 https://standup-renovate-all-dependencies-minor-pat-6a48er.dev.fabrique.social.gouv.fr/

Docker images

📦 docker pull ghcr.io/socialgouv/standup/app:sha-ff367911d331949592ffe87d81f245458f7ced53

Debug

socket-security · 2023-06-13T08:42:54Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality
graceful-fs@4.2.6 ⏵ 4.2.11	⁺¹	⁺¹
debug@4.3.1 ⏵ 4.3.4	⁺¹	⁺¹
react-spinners@0.11.0 ⏵ 0.17.0	⁺¹	⁺¹

View full report

sonarqubecloud · 2024-12-17T11:49:48Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

revu-bot

Pull Request Analysis

Overview

This PR updates the react-spinners package from version 0.11.0 to 0.16.0. The change is minimal and focused solely on this dependency upgrade, with corresponding updates to the yarn.lock file reflecting the new version and its dependency changes.

The PR effectively accomplishes its goal of updating the package to a newer version, which likely includes bug fixes, performance improvements, and compatibility with newer React versions.

Code Quality Review

Strengths

The PR is focused on a single concern (updating one dependency), making it easy to review and understand
The change is minimal and doesn't introduce any code modifications beyond the dependency update
The yarn.lock file is properly updated, ensuring consistent installations across environments
The update removes several dependencies that were previously required by react-spinners (notably @emotion/* packages), which reduces the overall dependency footprint

Areas for Improvement

No issues identified in the implementation of this change

Security Assessment

The update appears to have positive security implications:
- Newer versions typically include security patches
- The removal of several dependencies reduces the attack surface
No new security vulnerabilities are introduced by this change
The update removes several dependencies that could have been potential security risks

Best Practices Evaluation

The PR follows best practices for dependency management:
- Updates a single package at a time
- Includes the updated lock file
- Maintains compatibility with the existing React version
The new version of react-spinners (0.16.0) expands peer dependency compatibility to include React 18 and 19, which provides better future-proofing
The removal of @emotion dependencies suggests the library has been simplified, which is generally a positive change

Recommendations

Consider adding a brief changelog or release notes comment to the PR to document what improvements or fixes are included in the new version
If this update is part of a larger effort to update dependencies, consider creating a dependency update plan to track progress
After merging, verify that the spinners still function correctly in all use cases within the application

Additional Notes

The update to react-spinners 0.16.0 has removed the dependency on @emotion/react, which suggests a significant architectural change in the library
The peer dependency requirements have been expanded to include React 16-19, making the library more flexible for future React upgrades
This change appears to be low-risk but should still be tested to ensure the spinners render correctly in all contexts where they're used

sonarqubecloud · 2025-04-21T17:07:36Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

revu-bot

Pull Request Analysis

Overview

This PR updates the react-spinners package from version 0.11.0 to 0.17.0. This is a dependency update that modernizes the loading spinner component library used in the application. The changes are limited to the package.json and yarn.lock files, with no actual code modifications.

Code Quality Review

Strengths

The PR is focused on a single concern: updating one dependency
The update removes a dependency on @emotion/react which was previously required by react-spinners 0.11.0
The yarn.lock changes show proper resolution of dependencies
The update expands React compatibility to include React 18 and 19 in peer dependencies

Areas for Improvement

No code changes were needed, which is good, but it would be helpful to verify that all spinner implementations in the codebase still work as expected with the new version

Security Assessment

The update removes several dependencies (including the entire @emotion ecosystem), which reduces the attack surface
Updating to a newer version generally includes security fixes from the package maintainers
No direct security concerns are evident in this dependency update

Best Practices Evaluation

The PR follows the best practice of keeping dependencies up to date
The update is significant (from 0.11.0 to 0.17.0), which represents multiple major version changes in a minor package
The yarn.lock file is properly updated, ensuring consistent installations across environments
The PR doesn't include any tests to verify that the updated package works correctly with the existing code

Recommendations

Add verification tests: Consider adding or updating tests that specifically verify that components using react-spinners still function correctly after the update.
Document breaking changes: If there are any breaking changes between 0.11.0 and 0.17.0 that required code modifications (not shown in this diff), document them in the PR description.
Consider incremental updates: For future updates, consider making smaller incremental updates (e.g., 0.11.0 → 0.14.0 → 0.17.0) to make it easier to identify and address any issues that might arise.
Update peer dependencies: Ensure that the project's React version is compatible with the new peer dependency requirements (React 16-19).

Additional Notes

The removal of the @emotion dependency is a significant change that might affect styling in the application. The new version of react-spinners likely uses a different styling approach.
This update appears to be part of ongoing maintenance to keep dependencies current, which is a good practice.
The PR is straightforward and low-risk since it only updates a UI component library that's likely used in isolated parts of the application.

sonarqubecloud · 2025-08-04T19:38:32Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

renovate · 2025-11-18T13:38:02Z

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

any of the package files in this branch needs updating, or
the branch becomes conflicted, or
you click the rebase/retry checkbox if found above, or
you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

! Corepack is about to download https://repo.yarnpkg.com/3.7.0/packages/yarnpkg-cli/bin/yarn.js
/opt/containerbase/tools/corepack/0.34.4/24.11.1/node_modules/corepack/dist/lib/corepack.cjs:22053
    throw new Error(
          ^

Error: Server answered with HTTP 500 when performing the request to https://repo.yarnpkg.com/3.7.0/packages/yarnpkg-cli/bin/yarn.js; for troubleshooting help, see https://github.com/nodejs/corepack#troubleshooting
    at fetch (/opt/containerbase/tools/corepack/0.34.4/24.11.1/node_modules/corepack/dist/lib/corepack.cjs:22053:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:103:5)
    at async fetchUrlStream (/opt/containerbase/tools/corepack/0.34.4/24.11.1/node_modules/corepack/dist/lib/corepack.cjs:22076:20)
    at async download (/opt/containerbase/tools/corepack/0.34.4/24.11.1/node_modules/corepack/dist/lib/corepack.cjs:22247:18)
    at async installVersion (/opt/containerbase/tools/corepack/0.34.4/24.11.1/node_modules/corepack/dist/lib/corepack.cjs:22343:55)
    at async Engine.ensurePackageManager (/opt/containerbase/tools/corepack/0.34.4/24.11.1/node_modules/corepack/dist/lib/corepack.cjs:22856:32)
    at async Engine.executePackageManagerRequest (/opt/containerbase/tools/corepack/0.34.4/24.11.1/node_modules/corepack/dist/lib/corepack.cjs:22967:25)
    at async Object.runMain (/opt/containerbase/tools/corepack/0.34.4/24.11.1/node_modules/corepack/dist/lib/corepack.cjs:23667:7)

Node.js v24.11.1

sonarqubecloud · 2025-11-18T13:38:32Z

Quality Gate passed

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code