Skip to content

chore(deps): bump react-datepicker from 7.3.0 to 8.10.0#1799

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/react-datepicker-8.10.0
Closed

chore(deps): bump react-datepicker from 7.3.0 to 8.10.0#1799
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/react-datepicker-8.10.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Dec 2, 2025
edited
Loading

Bumps react-datepicker from 7.3.0 to 8.10.0.

Release notes

Sourced from react-datepicker's releases.

8.10.0

What's Changed

New Contributors

Full Changelog: Hacker0x01/react-datepicker@v8.9.0...v8.10.0

8.9.0

What's Changed

New Contributors

Full Changelog: Hacker0x01/react-datepicker@v8.8.0...v8.9.0

8.8.0

What's Changed

Major overhaul to the Docs site with new Typscript examples

Other changes

... (truncated)

Commits
  • 617522c 8.10.0
  • c261620 Merge pull request #6056 from Hacker0x01/fix/aria-attributes-standard-names
  • b1f069e Support standard HTML aria attribute names
  • 43acb66 Merge pull request #6055 from Hacker0x01/docs/timezone-handling-guide
  • c60ac8a Add timezone handling documentation
  • c150b04 Merge pull request #6054 from Hacker0x01/fix/keyboard-focus-inline-navigation
  • 3e53cf4 Fix keyboard focus loss during same-month navigation in inline mode
  • ca268cf Merge pull request #5948 from tejas-fullstack/fix/5939
  • 8283ac1 test: add test for monthSelectedIn reset when selectsRange is true
  • 1092f15 Merge remote-tracking branch 'origin/main' into fix/5939
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 2, 2025
@dependabot dependabot Bot requested review from a team as code owners December 2, 2025 10:03
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Dec 2, 2025
@dependabot dependabot Bot mentioned this pull request Dec 2, 2025
Closed
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Dec 2, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 79abaf2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sentry[bot]
sentry Bot reviewed Dec 2, 2025
View reviewed changes
Comment thread packages/big-design/package.json
@@ -43,7 +43,7 @@
"focus-trap": "^7.6.4",
"polished": "^4.3.1",
"react-beautiful-dnd": "^13.1.1",
Copy link
Copy Markdown

@sentry sentry Bot Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Datepicker component loses manual input on blur due to react-datepicker v8.6.0+ behavior and missing onChangeRaw implementation.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The Datepicker component allows manual input but does not manage inputValue or implement onChangeRaw. When a user types a date manually and then blurs the input field, react-datepicker v8.6.0+ resets inputValue to null. This behavior, combined with the component's lack of handling for partially parsed dates, causes the user's typed input to silently disappear from the field if it wasn't fully parsed into a Date object, leading to data loss.

💡 Suggested Fix

Implement onChangeRaw with proper date validation to handle manual input, or manage the inputValue prop to persist values, or explicitly document that manual input is not supported by the component.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: packages/big-design/package.json#L45

Potential issue: The `Datepicker` component allows manual input but does not manage
`inputValue` or implement `onChangeRaw`. When a user types a date manually and then
blurs the input field, `react-datepicker` v8.6.0+ resets `inputValue` to `null`. This
behavior, combined with the component's lack of handling for partially parsed dates,
causes the user's typed input to silently disappear from the field if it wasn't fully
parsed into a `Date` object, leading to data loss.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 4799730

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/react-datepicker-8.10.0 branch 2 times, most recently from 6ee7d7c to 944f6ae Compare December 2, 2025 22:13
@dependabot
chore(deps): bump react-datepicker from 7.3.0 to 8.10.0
79abaf2 
Bumps [react-datepicker](https://github.com/Hacker0x01/react-datepicker) from 7.3.0 to 8.10.0.
- [Release notes](https://github.com/Hacker0x01/react-datepicker/releases)
- [Commits](Hacker0x01/react-datepicker@v7.3.0...v8.10.0)

---
updated-dependencies:
- dependency-name: react-datepicker
  dependency-version: 8.10.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/react-datepicker-8.10.0 branch from 944f6ae to 79abaf2 Compare December 3, 2025 20:35
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Dec 9, 2025

Superseded by #1804.

@dependabot dependabot Bot closed this Dec 9, 2025
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/react-datepicker-8.10.0 branch December 9, 2025 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants