[Snyk] Upgrade @vscode/webview-ui-toolkit from 1.2.2 to 1.4.0

[sumansaurabh]

User description

Snyk has created this PR to upgrade @vscode/webview-ui-toolkit from 1.2.2 to 1.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.

• The recommended version was released a year ago.

Release notes

Package name: @vscode/webview-ui-toolkit

• 1.4.0 - 2023-12-06
  

  Features

  • update dropdown styles: updates some dropdown styles to match new VS Code dropdown style (#532), closes #521

  Docs

  • fix image typo: fixes incorrect image used in badge docs (#522)

  Admin

  • bump @ microsoft/fast-element: bumps @ microsoft/fast-element from 1.6.2 to 1.12.0 (#525)
  • bump @ microsoft/fast-foundation: bumps @ microsoft/fast-foundation from 2.38.0 to 2.49.4 (#525), closes #494
  • bump @ microsoft/fast-react-wrapper: bumps @ microsoft/fast-react-wrapper from 0.1.18 to 0.3.22 (#525)
  • bump eslint related deps: bumps eslint and other related packages to latest stable versions (#526)
  • update ci pipelines: updates github and azure ci pipelines to use node v18 (#526)
  • bump prettier: bumps prettier from 2.2.1 to 3.1.0 (#528)
  • bump @ microsoft/api-extractor: bumps @ microsoft/api-extractor from 7.18.9 to 7.38.4 (#529)
  • add tsdoc.json: adds a tsdoc.json file to resolve api-extrator warnings (#529)
  • bump typescript: bumps typescript from 4.3.5 to 4.6.2 (#530), closes #514
  • add tslib production dep: fixes error in other package managers (i.e. yarn) where tslib could not be resolved (#531), closes #451
• 1.3.1 - 2023-11-14
  

  Admin

  • update npmignore: adds a directory to npmignore (accidentally published a big test folder in v1.3.0, sorry 😅)
• 1.3.0 - 2023-11-13
  

  Features

  • input border radius: adds a 2px border radius to input elements (text field and text area) to match new VS Code button style (#510)

  Docs

  • replace storybook with codesandbox: removes storybook and replace it with codesandbox sample links (#460), closes #446
  • dropdown label: adds better docs on how to create labels in dropdown that adhere to VS Code design language (#463), closes #461
  • divider and radio group typos: fixes two typos found in the documentation (#462)
  • getting started: updates esbuild configuration code snippet in getting started guide (#450)
  • data grid typo: fixes data grid example code typo (#471)
  • contributing docs: removes deleted npm test and build:docs scripts from contributing doc (#492)
  • editable data grid: adds a new section to the data grid docs linking to the editable data grid sample extension (#499), closes #493
  • radio docs: adds note about workaround fix to the issue described in #476 (#511)

  Admin

  • remove jest dependency: removes unused jest dependency (#459)
  • react testing environment: adds npm script and testing environment to test toolkit react components (#478)
  • bump word-wrap: bumps word-wrap from 1.2.3 to 1.2.4 (#501)
  • bump @ babel/traverse: bumps @ babel/traverse from 7.15.4 to 7.23.2 (#515)
  • bump http-cache-semantics: bumps http-cache-semantics from 4.1.0 to 4.1.1 (#454)
  • bump json5: bumps json5 from 1.0.1 to 1.0.2 (#443)
• 1.2.2 - 2023-02-24
  

  Bug fixes

  • fix react build script: fixes react build script that was generating incorrect react type declaration file (#456), closes #455

  Docs

  • new getting started guide: adds new content to getting started guide demoing better component API usage and extension CSP (#383), closes #74 and #348
  • update resource links: adds and removes a few links to resources in the project readme.md and getting-started.md (#447)
  • remove readme badge: removes deploy docs readme badge since it was broken to due removal of docs CD pipeline (#449)
  • data grid docs: updates data grid docs to show how to create data grids with React (#457), closes #453

  Admin

  • add .eslintrc.cjs to npmignore: forgot to include in a previous release (#444), resolves #438
  • enable codeql: adds codeql to azure pipeline for improved static analysis and security audits of toolkit source code (#441)

from @vscode/webview-ui-toolkit GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

---

Description

• Upgraded @vscode/webview-ui-toolkit to version 1.4.0 to enhance functionality and security.
• Updated various dependencies to their latest versions for improved performance and compatibility.
• Removed deprecated packages and adjusted peer dependencies accordingly.

---

Changes walkthrough 📝

Relevant files

Enhancement

package-lock.json Upgrade @vscode/webview-ui-toolkit and dependencies            frameworks/hello-world-solidjs/webview-ui/package-lock.json Upgraded @vscode/webview-ui-toolkit from version 1.2.2 to 1.4.0. Updated several dependencies including @microsoft/fast-element and @microsoft/fast-foundation. Added new dependencies and updated their versions. Removed deprecated packages and adjusted peer dependencies. +81/-81  package.json Update package.json for toolkit upgrade                                    frameworks/hello-world-solidjs/webview-ui/package.json Changed @vscode/webview-ui-toolkit version from 1.2.2 to 1.4.0. Updated dependencies to reflect the new toolkit version. +1/-1

---

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

[penify-dev]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	2, because the changes are primarily version upgrades in the package-lock.json and package.json files, which are straightforward to review.
🧪 Relevant tests	No
⚡ Possible issues	Deprecated Package: The upgraded version of @vscode/webview-ui-toolkit (1.4.0) is marked as deprecated. This may require future attention to find an alternative or updated package.
🔒 Security concerns	No

[penify-dev]

PR Code Suggestions ✨

Category	Suggestion	Score
Best practice	Run tests to confirm application stability after the upgrade Consider running tests after upgrading to ensure that the application behaves as expected with the new version. frameworks/hello-world-solidjs/webview-ui/package.json [11] -"@vscode/webview-ui-toolkit": "^1.4.0", +"@vscode/webview-ui-toolkit": "^1.4.0", // Run tests post-upgrade Suggestion importance[1-10]: 8 Why: Running tests post-upgrade is a crucial step to ensure application stability, making this suggestion valuable for maintaining code quality.	8
Possible issue	Verify compatibility with the new version to avoid potential issues Consider checking the changelog or release notes for @vscode/webview-ui-toolkit version 1.4.0 to ensure that there are no breaking changes or required migration steps that could affect your application. frameworks/hello-world-solidjs/webview-ui/package.json [11] -"@vscode/webview-ui-toolkit": "^1.4.0", +"@vscode/webview-ui-toolkit": "^1.4.0", // Ensure compatibility with breaking changes Suggestion importance[1-10]: 7 Why: This suggestion emphasizes the importance of verifying compatibility with the new version, which is a good practice to avoid potential issues, but it does not directly improve the code itself.	7
Maintainability	Check for compatibility with other dependencies to avoid conflicts Ensure that all other dependencies are compatible with @vscode/webview-ui-toolkit version 1.4.0 to prevent conflicts. frameworks/hello-world-solidjs/webview-ui/package.json [11] -"@vscode/webview-ui-toolkit": "^1.4.0", +"@vscode/webview-ui-toolkit": "^1.4.0", // Check compatibility with other dependencies Suggestion importance[1-10]: 7 Why: This suggestion is relevant as it addresses potential dependency conflicts, which is important for maintainability, but it does not directly change the code.	7
	Align versioning strategy with project practices for better dependency management Review the versioning strategy used for @vscode/webview-ui-toolkit to ensure it aligns with your project's dependency management practices. frameworks/hello-world-solidjs/webview-ui/package.json [11] -"@vscode/webview-ui-toolkit": "^1.4.0", +"@vscode/webview-ui-toolkit": "^1.4.0", // Review versioning strategy Suggestion importance[1-10]: 6 Why: While reviewing versioning strategy is important for maintainability, this suggestion does not directly impact the code or its functionality, making it less critical.	6