[Snyk] Upgrade @vscode/webview-ui-toolkit from 1.2.2 to 1.4.0

[sumansaurabh]

User description

Snyk has created this PR to upgrade @vscode/webview-ui-toolkit from 1.2.2 to 1.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.

• The recommended version was released a year ago.

Release notes

Package name: @vscode/webview-ui-toolkit

• 1.4.0 - 2023-12-06
  

  Features

  • update dropdown styles: updates some dropdown styles to match new VS Code dropdown style (#532), closes #521

  Docs

  • fix image typo: fixes incorrect image used in badge docs (#522)

  Admin

  • bump @ microsoft/fast-element: bumps @ microsoft/fast-element from 1.6.2 to 1.12.0 (#525)
  • bump @ microsoft/fast-foundation: bumps @ microsoft/fast-foundation from 2.38.0 to 2.49.4 (#525), closes #494
  • bump @ microsoft/fast-react-wrapper: bumps @ microsoft/fast-react-wrapper from 0.1.18 to 0.3.22 (#525)
  • bump eslint related deps: bumps eslint and other related packages to latest stable versions (#526)
  • update ci pipelines: updates github and azure ci pipelines to use node v18 (#526)
  • bump prettier: bumps prettier from 2.2.1 to 3.1.0 (#528)
  • bump @ microsoft/api-extractor: bumps @ microsoft/api-extractor from 7.18.9 to 7.38.4 (#529)
  • add tsdoc.json: adds a tsdoc.json file to resolve api-extrator warnings (#529)
  • bump typescript: bumps typescript from 4.3.5 to 4.6.2 (#530), closes #514
  • add tslib production dep: fixes error in other package managers (i.e. yarn) where tslib could not be resolved (#531), closes #451
• 1.3.1 - 2023-11-14
  

  Admin

  • update npmignore: adds a directory to npmignore (accidentally published a big test folder in v1.3.0, sorry 😅)
• 1.3.0 - 2023-11-13
  

  Features

  • input border radius: adds a 2px border radius to input elements (text field and text area) to match new VS Code button style (#510)

  Docs

  • replace storybook with codesandbox: removes storybook and replace it with codesandbox sample links (#460), closes #446
  • dropdown label: adds better docs on how to create labels in dropdown that adhere to VS Code design language (#463), closes #461
  • divider and radio group typos: fixes two typos found in the documentation (#462)
  • getting started: updates esbuild configuration code snippet in getting started guide (#450)
  • data grid typo: fixes data grid example code typo (#471)
  • contributing docs: removes deleted npm test and build:docs scripts from contributing doc (#492)
  • editable data grid: adds a new section to the data grid docs linking to the editable data grid sample extension (#499), closes #493
  • radio docs: adds note about workaround fix to the issue described in #476 (#511)

  Admin

  • remove jest dependency: removes unused jest dependency (#459)
  • react testing environment: adds npm script and testing environment to test toolkit react components (#478)
  • bump word-wrap: bumps word-wrap from 1.2.3 to 1.2.4 (#501)
  • bump @ babel/traverse: bumps @ babel/traverse from 7.15.4 to 7.23.2 (#515)
  • bump http-cache-semantics: bumps http-cache-semantics from 4.1.0 to 4.1.1 (#454)
  • bump json5: bumps json5 from 1.0.1 to 1.0.2 (#443)
• 1.2.2 - 2023-02-24
  

  Bug fixes

  • fix react build script: fixes react build script that was generating incorrect react type declaration file (#456), closes #455

  Docs

  • new getting started guide: adds new content to getting started guide demoing better component API usage and extension CSP (#383), closes #74 and #348
  • update resource links: adds and removes a few links to resources in the project readme.md and getting-started.md (#447)
  • remove readme badge: removes deploy docs readme badge since it was broken to due removal of docs CD pipeline (#449)
  • data grid docs: updates data grid docs to show how to create data grids with React (#457), closes #453

  Admin

  • add .eslintrc.cjs to npmignore: forgot to include in a previous release (#444), resolves #438
  • enable codeql: adds codeql to azure pipeline for improved static analysis and security audits of toolkit source code (#441)

from @vscode/webview-ui-toolkit GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Description

• Upgraded @vscode/webview-ui-toolkit from version 1.2.2 to 1.4.0, enhancing the UI toolkit used in the project.
• Updated several related dependencies to their latest versions for better compatibility and performance.
• Included new license information for various packages to ensure compliance.

---

Changes walkthrough 📝

Relevant files

Enhancement

package-lock.json Upgrade @vscode/webview-ui-toolkit and related dependencies frameworks/hello-world-svelte/webview-ui/package-lock.json Upgraded @vscode/webview-ui-toolkit from version 1.2.2 to 1.4.0. Updated dependencies for @microsoft/fast-element, @microsoft/fast-foundation, and @microsoft/fast-react-wrapper. Added new license information for several packages. +76/-76  package.json Update package.json for toolkit upgrade                                    frameworks/hello-world-svelte/webview-ui/package.json Updated @vscode/webview-ui-toolkit dependency version from 1.2.2 to 1.4.0. +1/-1

---

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

[penify-dev]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	2, because the changes are primarily version upgrades in the package-lock.json and package.json files, which are straightforward to review.
🧪 Relevant tests	No
⚡ Possible issues	Deprecated Package: The upgraded version of @vscode/webview-ui-toolkit (1.4.0) is marked as deprecated. This may lead to issues in the future if no alternative is provided.
🔒 Security concerns	No

[penify-dev]

PR Code Suggestions ✨

Category	Suggestion	Score
Testing	Test the application to confirm functionality after the upgrade Ensure that the updated version of @vscode/webview-ui-toolkit is tested in your application to confirm that it works as expected without introducing any issues. frameworks/hello-world-svelte/webview-ui/package.json [12] -"@vscode/webview-ui-toolkit": "^1.4.0", +"@vscode/webview-ui-toolkit": "^1.4.0", // Test the application after upgrading Suggestion importance[1-10]: 9 Why: Testing the application after upgrading dependencies is essential to catch potential issues early, making this a highly relevant suggestion.	9
Compatibility	Verify compatibility with the new version of the dependency Consider checking the release notes or changelog for @vscode/webview-ui-toolkit version 1.4.0 to ensure that there are no breaking changes or required migration steps that could affect your application. frameworks/hello-world-svelte/webview-ui/package.json [12] -"@vscode/webview-ui-toolkit": "^1.4.0", +"@vscode/webview-ui-toolkit": "^1.4.0", // Ensure compatibility with the new version Suggestion importance[1-10]: 8 Why: This suggestion addresses the importance of verifying compatibility with a new dependency version, which is crucial for maintaining application stability.	8
Dependency management	Check for and update any peer dependencies related to the new version If there are any peer dependencies specified by @vscode/webview-ui-toolkit, ensure they are also updated to compatible versions. frameworks/hello-world-svelte/webview-ui/package.json [12] -"@vscode/webview-ui-toolkit": "^1.4.0", +"@vscode/webview-ui-toolkit": "^1.4.0", // Check for peer dependencies Suggestion importance[1-10]: 7 Why: This suggestion is important for maintaining compatibility, but it is somewhat less critical than testing the application directly after the upgrade.	7
	Review and potentially update related dependencies for compatibility Consider updating the version of sirv-cli if there are any compatibility concerns with the new version of @vscode/webview-ui-toolkit. frameworks/hello-world-svelte/webview-ui/package.json [13] -"sirv-cli": "^2.0.0" +"sirv-cli": "^2.0.0" // Check for compatibility with the new toolkit version Suggestion importance[1-10]: 6 Why: While this suggestion is valid, it addresses a less immediate concern compared to testing the application, hence the lower score.	6