DEPS: Bump @uppy/utils from 6.0.3 to 7.1.5 in the uppy group across 1 directory

[dependabot]

Bumps the uppy group with 1 update in the / directory: @uppy/utils.

Updates @uppy/utils from 6.0.3 to 7.1.5

• Release notes
• Changelog
• Commits

[greptile-apps]

Greptile Summary

Bumped @uppy/utils from 6.0.3 to 7.1.5, a major version upgrade that includes bug fixes and improvements to upload handling.

Key changes in the upgrade:

• Fixed complete event never firing for XHR uploads and improved abort handling
• Fixed postprocessors not running for already uploaded files
• Improved TypeScript types and file ID generation
• Enhanced ghost file handling with nullable file.data

Impact on codebase:
The Discourse codebase uses three specific internal utilities from @uppy/utils:

• EventTracker (uppy-chunked-uploader-plugin.js:2)
• AbortController and createAbortError (uppy-chunked-upload.js:4)
• delay (uppy-chunked-upload.js:5)

These are low-level utilities that maintain backward compatibility. The version 7.x changes primarily affect core Uppy file types and upload lifecycle, not the utility functions used here.

Transitive dependencies:
The lock file also updates transitive dependencies including lodash (4.17.21 → 4.17.23) and preact (10.23.2 → 10.28.2), which are internal to the uppy packages.

Confidence Score: 5/5

• Safe to merge - standard dependency update with no breaking changes to used APIs
• This is a straightforward dependency update managed by Dependabot. The codebase only uses low-level utility functions (EventTracker, AbortController, delay) which maintain backward compatibility. The v7.x breaking changes affect core UppyFile types and upload lifecycle that are not directly used in the Discourse implementation. All changes are in package manifests with no code modifications needed.
• No files require special attention

Important Files Changed

Filename	Overview
frontend/discourse/package.json	Bumped @uppy/utils from ^6.0.3 to ^7.1.5 as part of dependency update
pnpm-lock.yaml	Updated lock file with new @uppy/utils v7.1.5, includes transitive dependency updates (lodash 4.17.23, preact 10.28.2)

Sequence Diagram

sequenceDiagram
    participant DBot as Dependabot
    participant Pkg as package.json
    participant Lock as pnpm-lock.yaml
    participant Utils as @uppy/utils
    participant Chunked as uppy-chunked-upload.js
    participant Plugin as uppy-chunked-uploader-plugin.js

    DBot->>Pkg: Update @uppy/utils: ^6.0.3 → ^7.1.5
    DBot->>Lock: Resolve dependencies
    Lock->>Utils: Install v7.1.5
    Lock->>Lock: Update transitive deps (lodash, preact)
    
    Note over Chunked,Plugin: Existing code continues to work
    Plugin->>Utils: import EventTracker
    Chunked->>Utils: import AbortController, createAbortError
    Chunked->>Utils: import delay
    
    Note over Utils: v7.x maintains backward compatibility<br/>for utility functions

Loading

[github-actions]

PR body updated to plaintext for easier squash-merging. Original body content below:

---

Bumps the uppy group with 1 update in the / directory: @uppy/utils.

Updates @uppy/utils from 6.0.3 to 7.1.5

Release notes

Sourced from @​uppy/utils's releases.

@​uppy/utils@​7.1.5

Patch Changes

• 648f245: Fix complete event never firing for XHR and make sure the fetch aborts immediately if Uppy is cancelled before the fetch starts.

@​uppy/utils@​7.1.4

Patch Changes

• ac12f35: Fix: Move completed uploads exclusion logic into uploaders. This fixes the problem where postprocessors would not run for already uploaded files.

@​uppy/utils@​7.1.3

Patch Changes

• ad50314: Allow getSafeFileId to accept UppyFile

@​uppy/utils@​7.1.2

Patch Changes

• 08b64f9: fix ts issue with generateFileID and exactOptionalPropertyTypes

@​uppy/utils@​7.1.1

Patch Changes

• 0c16fe4: - Make file.data nullable - Because for ghosts it will be undefined and we don't have any type to distinguish ghosts from other (local) files. This caused a crash, because we didn't check for undefined everywhere (when trying to store a blob that was undefined)
  • Introduce new field progress.complete: if there is a post-processing step, set it to true once post processing is complete. If not, set it to true once upload has finished.
  • Throw a proper Nonexistent upload error message if trying to upload a non-existent upload, instead of TypeError
  • Rewrite Uppy.upload() - this fixes two bugs:
    1. No more duplicate emit call when this.#restricter.validateMinNumberOfFiles throws (#informAndEmit and this.emit('error'))
    2. 'restriction-failed' now also gets correctly called when checkRequiredMetaFields check errors.
  • Don't re-upload completed files #5930
  • Split UppyFile into two intefaces distinguished by the isRemote boolean:
    • LocalUppyFile
    • RemoteUppyFile
  • Remove TagFile type - Use UppyFile instead.
  • Make name required on UppyFile (it is in reality always set)
  • Fix bug: RestrictionError sometimes thrown with a file property that was not a UppyFile, but a File. This would happen if someone passed a File instead of a MinimalRequiredUppyFile into core.addFile (which is valid to do according to our API)
  • Improve some log messages
  • Simplify Uppy postprocess-complete handler

@​uppy/utils@​7.1.0

Minor Changes

• 5ba2c1c: Introduce the concept of server-side search and add support for it for the Dropbox provider. Previously, only client-side filtering in the currently viewed folder was possible, which was limiting. Now users using Companion with Dropbox can perform a search across their entire account.

Commits

• 9d08779 [ci] release (#6096)
• d766c30 don't restore currentUploads if no files (#6098)
• 648f245 fix xhr abort (#6097)
• 9b9e698 CI: update CDN publish after migration (#6100)
• a25226a Fix @​uppy/examples (#6099)
• 50e2420 resolve folder inside shared drive (#6093)
• 943ed7a Upgrade playwright in all packages (#6086)
• 78d0c28 build(deps): bump jws from 3.2.2 to 3.2.3 (#6091)
• 3c3034b Dedupe dependencies (#6085)
• 5c63376 [ci] release (#6087)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by uppydev, a new releaser for @​uppy/utils since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like @uppy/utils is no longer updatable, so this is no longer needed.