[Snyk] Upgrade @contentstack/live-preview-utils from 1.4.1 to 4.3.0

[shafeeqd959]

Snyk has created this PR to upgrade @contentstack/live-preview-utils from 1.4.1 to 4.3.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 35 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: @contentstack/live-preview-utils

• 4.3.0 - 2026-03-23
  

  What's Changed

  • v4.3.0 by @ csAdityaPachauri in #566

  changes

  • Live Preview outside iframe
  • isValidCslp CSLP validation
  • Dev build performance
  • Visual Builder → Visual Editor URL changes
  • Variant highlights

  Full Changelog: v4.2.1...v4.3.0

• 4.2.1 - 2026-01-27
  

  What's Changed

  • Remove toolbar and selection on mouse leave for VB by @ hiteshshetty-dev in #518
  • [Feat/VB-499] Added resolved variants' permission communication and field disablement by @ csAyushDubey in #517
  • Update preact and preact/signals packages to fix global sCU issue by @ hiteshshetty-dev in #520
  • fix: update font-family to include sans-serif fallback in collab and visual builder styles by @ hiteshshetty-dev in #519
  • feat: adding post messages to link unlinked ct to variant group by @ karancs06 in #514
  • fix: Canvas element not selectable after field change by @ hiteshshetty-dev in #527
  • fix: handle empty data-cslp attributes in getEntryIdentifiersInCurrentPage function by @ hiteshshetty-dev in #528
  • Vitest 3 optimizing by @ karancs06 in #524
  • Highlight variant changes by @ csAyushDubey in #549
  • v4.2.1 by @ csAyushDubey in #550
  • v4.2.1 (version bump) by @ csAyushDubey in #553

  Full Changelog: v4.2.0...v4.2.1

• 4.2.0 - 2026-01-09
  

  What's Changed

  • fix: audit by @ karancs06 in #536
  • [Snyk] Upgrade @ preact/compat from 17.1.2 to 18.3.1 by @ aravindbuilt in #328
  • [Snyk] Upgrade goober from 2.1.14 to 2.1.16 by @ aravindbuilt in #327
  • [Snyk] Upgrade uuid from 8.3.2 to 11.0.3 by @ aravindbuilt in #324
  • [Snyk] Upgrade @ preact/signals from 1.3.0 to 2.0.0 by @ aravindbuilt in #326
  • Update license copyright year(s) by @ github-actions[bot] in #542
  • v4.2.0 by @ hiteshshetty-dev in #543

  New Contributors

  • @ aravindbuilt made their first contribution in #328

  Full Changelog: v4.1.3...v4.2.0

• 4.1.3 - 2025-12-10
  

  General Changes

  • Migration from vitest: 2.x.x to vitest: 3.x.x (Karan Gandhi - #532)

  New Features

  • feat: added resolved variants permission handling logic (csAyushDubey - 15c8f04)
  • feat: added variant order handling logic (csAyushDubey - 47a6f29)

  Fixes

  • fix: handle invalid data-cslp attributes across multiple components to prevent errors (hiteshshetty-dev - ba91cb0)
  • fix: partial state clear when DOM is not visible during mutuation and resize checks (hiteshshetty-dev - 74e6e5b)
  • fix: handle empty data-cslp attributes in getEntryIdentifiersInCurrentPage function (hiteshshetty-dev - 34b7e42)
  • fix: added removal for class (csAyushDubey - f3d83b7)

  Chores And Housekeeping

  • chore: add TODOs for overlay and toolbar position logic to consolidate with existing methods (hiteshshetty-dev - 48e6c69)

  Changes to Test Assests

  • test: added test cases (csAyushDubey - 1ba0b65)
  • test: add additional header element to getEntryIdentifiersInCurrentPage test case (hiteshshetty-dev - b1da67e)

  Full Changelog: v4.1.2...v4.1.3

• 4.1.2 - 2025-11-13
  

  What's Changed

  Bug fixes:

  • Toolbar and outline improper display when user moves out of canvas in VB
  • Upgrades preact and preact/signal to avoid global sCU issue
  • Adds fallback font-family for VB DOMs

  Full Changelog: v4.1.1...v4.1.2

• 4.1.1 - 2025-10-16
  

  What's Changed

  • fix: preact signals issue with newer npm version 11 by @ KANE-99 in #513
  • Develop v4 by @ KANE-99 in #515
  • Release PR by @ KANE-99 in #516

  Full Changelog: v4.1.0...v4.1.1

• 4.1.0 - 2025-10-03
  

  What's Changed

  • [Feat/VB-442] Indicator for variant fields by @ csAyushDubey in #508
  • 1st oct 2025 to develop v4 by @ csAdityaPachauri in #510

  Full Changelog: v4.0.2...v4.1.0

• 4.0.2 - 2025-09-22
  

  What's Changed

  • Field modifiers in canvas by @ SahilCs15 in #449
  • [Feat: HoverToolbar] Component and rendering logic changes by @ csAyushDubey in #450
  • [HoverToolbar]: Handling postMessage for ReferenceParentMap and rendering changes by @ csAyushDubey in #453
  • Disable scroll when field modifer is active by @ SahilCs15 in #458
  • [Feature] HoverToolbar by @ csAyushDubey in #455
  • Ve 5474 field modifier support for canvas in visual builder by @ SahilCs15 in #460
  • Fix: HoverToolbar to not render when focussed by @ csAyushDubey in #461
  • HoverToolbar: Requested Changes by @ csAyushDubey in #464
  • Ve 6955 field location data fails to render when toolbar isnt mounted and event listener is missing by @ SahilCs15 in #462
  • Fix: Issue with hover toolbar click-ability by @ csAyushDubey in #467
  • Main to Develop_v3 by @ csAdityaPachauri in #476
  • VE-6918 : warning message improved by @ csAdityaPachauri in #475
  • fix: removed edit icon when the click is on the container by @ SahilCs15 in #478
  • fix: multiple reloads in timeline by @ contentstackMridul in #479
  • feat(VE-7062-dev): disable editing based on workflow stage rules by @ faraazb in #489
  • VB-248 fixed the cursor moving to the start with a explicitly adding pseudo element on second time a field is visited by @ SahilCs15 in #497
  • fix: remove integrity attribute from script tag and update copyright year in main.mustache by @ hiteshshetty-dev in #499
  • Live preview new tab ssr issue by @ contentstackMridul in #502
  • 18th sept 2025 release by @ KANE-99 in #505
  • Develop v4 by @ KANE-99 in #506
  • stage v4 to main by @ csAdityaPachauri in #507

  Full Changelog: v4.0.1...v4.0.2

• 4.0.1 - 2025-08-25
  

  What's Changed

  • V4.0.1 by @ ZuhairAhmed-cs in #496

  Full Changelog: v4.0.0...v4.0.1

• 4.0.0 - 2025-08-22
  

  What's Changed

  • feat: live preview: added outside iframe code by @ contentstackMridul in #468
  • feat: live preview: added outside iframe code by @ contentstackMridul in #477
  • fix:added offset by @ karancs06 in #493
  • feat(VB-132 | VE-7062): disable editing when workflow stage rules restrict the same by @ faraazb in #494
  • Live preview outside iframe by @ contentstackMridul in #492
  • 21st august 2025 release by @ SahilCs15 in #495

  Full Changelog: v3.4.0...v4.0.0

• 3.4.0 - 2025-08-07
• 3.3.0 - 2025-07-24
• 3.2.5 - 2025-07-10
• 3.2.4 - 2025-06-16
• 3.2.3 - 2025-05-29
• 3.2.2 - 2025-05-16
• 3.2.1 - 2025-04-24
• 3.2.0 - 2025-04-11
• 3.2.0-alpha.1 - 2025-02-25
• 3.1.3 - 2025-04-04
• 3.1.2 - 2025-03-07
• 3.1.1 - 2025-02-06
• 3.1.0 - 2025-01-16
• 3.0.2 - 2025-01-03
• 3.0.1 - 2024-11-15
• 3.0.0 - 2024-11-05
• 2.0.4 - 2024-09-19
• 2.0.3 - 2024-07-22
• 2.0.2 - 2024-06-25
• 2.0.1 - 2024-06-18
• 2.0.0 - 2024-06-18
• 1.4.5 - 2024-09-19
• 1.4.4 - 2024-07-22
• 1.4.3 - 2024-06-25
• 1.4.2 - 2024-04-24
• 1.4.1 - 2024-02-27

from @contentstack/live-preview-utils GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type	Count (with fixes)	Without fixes	Threshold	Result
🔴 Critical Severity	0	1	10	✅ Passed
🟠 High Severity	11	4	25	✅ Passed
🟡 Medium Severity	15	18	500	✅ Passed
🔵 Low Severity	0	2	1000	✅ Passed

⏱️ SLA Breach Summary

⚠️ Warning: The following vulnerabilities have exceeded their SLA thresholds (days since publication).

Severity	Breaches (with fixes)	Breaches (no fixes)	SLA Threshold (with/no fixes)	Status
🔴 Critical	0	1	15 / 30 days	⚠️ Warning
🟠 High	0	1	30 / 120 days	⚠️ Warning
🟡 Medium	0	1	90 / 365 days	⚠️ Warning
🔵 Low	0	0	180 / 365 days	✅ Passed

ℹ️ Vulnerabilities Without Available Fixes (Informational Only)

The following vulnerabilities were detected but do not have fixes available (no upgrade or patch). These are excluded from failure thresholds:

• Critical without fixes: 1
• High without fixes: 4
• Medium without fixes: 18
• Low without fixes: 2

⚠️ BUILD PASSED WITH WARNINGS - SLA breaches detected for issues without available fixes

Consider reviewing these vulnerabilities when fixes become available.