Home Explore Help
Sign In
biheng
/
uppy
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ecf8b8c044
Branches Tags
uppy
/
website
/
src
/
_posts
/
2020-02-28-1.9.md

2020-02-28-1.9.md 4.8 KB
History Raw

title: "Uppy 1.8 and 1.9: security, error handling and better types" date: 2020-03-06 author: arturi

published: false

Uppy 1.8, 1.9 and a few important security patches are out! Here’s are the highlights:

Companion: Security patches and new Instagram API

  • We released a patch to an SSRF vulnerability affecting @uppy/companion and the @uppy/url plugin. Many thanks you the parties involved in reporting and disclosing this vulnerability with the Uppy team. The patch is available in @uppy/companion version 1.9.5
  • As the Instagram Legacy API will soon no longer be available, we have now added support for the new Instagram Graph API. As far as using this on @uppy/companion goes, not much has changed. The only difference is that you will now be retrieving your Instagram credentials from the Facebook Developer Platform, and no longer the Instagram Developer Platform

Error handling

  • We’ve significantly improved error handling and retries in @uppy/core, @uppy/transloadit and @uppy/dashboard. Retry button on the Status Bar, which was broken in some edge cases, now works as expected.
  • Errors from Transloadit assemblies now include Assembly ID, as well as the full assembly object, for easier debugging.
  • You can now click on the question mark (?) icon on the Informer or Dashboard error message, and get a browser alert with error details — much easier for the users to copy-paste the text this way. The Informer now also conveniently stays on screen, while the (?) is hovered.

Dashboard

The Dashboard plugin has gained new file type icons: for images — useful before the preview is generated, or when there’s no preview at all, like with images from the Url plugin — and for archives.

Types

Our typings got a significant upgrade: plugin options can now be type-checked! In the past, we did have typings for plugin options, but the uppy.use() function had a fallback that would accept any object as options. If your plugin options were wrong, typescript would just use the fallback and not tell you about it!

Stricter typings normally mean that old code may no longer type-check. So, although this is a bugfix, you have to opt in to the new types. In 2.0, the old way will be removed and only the strict types will be available.

You can opt in by specifying the StrictTypes type parameter to the Uppy type:

import Uppy = require('@uppy/core')
const uppy = Uppy<Uppy.StrictTypes>({
  // options here
})

This type parameter must also be specified if you are storing the uppy instance anywhere. For example, inside a class:

class UppyProvider extends React.Component {
  private uppy: Uppy<Uppy.StrictTypes>
  constructor (props) {
    super(props)
    this.uppy = Uppy<Uppy.StrictTypes>({
      // etc
    })
  }
}

If you do not specify the StrictTypes parameter, the old fallback for the uppy.use() method remains available.

The typings for @uppy/react component props are now derived from plugin options types, so they will no longer get out of sync, as sometimes they have in the past. For example, in version 1.7, the @uppy/drag-drop plugin supported a note option to add some text to the drop area. The React typings didn't include that option, so you couldn't use it from typescript! Now, that's permanently fixed:

import components = require('@uppy/react')
const { DragDrop } = components

// assuming some `uppy` variable already exists
declare var uppy: Uppy<Uppy.StrictTypes>

function MyComponent () {
  return (
    <DragDrop
      uppy={uppy}
      note='This prop is now supported!'
    />
  )
}

Finally, the locale options and React props now have full typings. Your editor should now be able to provide autocompletion for language keys!

Screenshot showing VS Code autocompletion for a language key.

We now also use tsd, so our typings are actually tested.

See PR #1918 for all the details.

Downloadable ZIP archives of Uppy releases

Uppy is now available as a downloadable zip archive from the Transloadit CDN! NPM down? Don’t like build tools? Quick way to play with Uppy? We’ve got you covered:

https://transloadit.edgly.net/releases/uppy/v1.9.3/uppy-v1.9.3.zip

Locales

  • Uppy now speaks Korean and Vietnamese.
  • The French and German translations have been improved.

Misc

As always, you can find the full list of changes and package versions, as well as future plans, in our changelog.