amphtml
amphtml copied to clipboard
Published
20 hours ago •
ampproject
ampproject
📦 Update core dependencies
This PR contains the following updates:
See all other Renovate PRs on the Dependency Dashboard
How to resolve breaking changes
This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below:
# Check out the PR branch
git checkout -b renovate/core-dependencies main
git pull https://github.com/ampproject/amphtml.git renovate/core-dependencies
# Directly make fixes and commit them
amp lint --fix # For lint errors in JS files
amp prettify --fix # For prettier errors in non-JS files
# Edit source code in case of new compiler warnings / errors
# Push the changes to the branch
git push [email protected]:ampproject/amphtml.git renovate/core-dependencies:renovate/core-dependencies
Release Notes
pmndrs/use-gesture (@​use-gesture/react)
v10.3.1
Patch Changes
- Updated dependencies [
6f6f4a5]
v10.3.0
Patch Changes
v10.2.27
Patch Changes
v10.2.26
Patch Changes
v10.2.25
Patch Changes
- Updated dependencies [
3701753]
v10.2.24
Patch Changes
- Updated dependencies [
60aae21]
v10.2.23
Patch Changes
- Updated dependencies [
79684a0]
v10.2.22
Patch Changes
- Updated dependencies [
c6215e8]
v10.2.21
Patch Changes
v10.2.20
Patch Changes
- Updated dependencies [
de807fd]
v10.2.19
Patch Changes
- Updated dependencies [
c7cb407]
v10.2.18
Patch Changes
- Updated dependencies [
115ee1f]
v10.2.17
Patch Changes
v10.2.16
Patch Changes
v10.2.15
Patch Changes
- Updated dependencies [
be1703a]
v10.2.14
Patch Changes
- Updated dependencies [
e82f1c2]
v10.2.13
Patch Changes
v10.2.12
Patch Changes
v10.2.11
Patch Changes
date-fns/date-fns (date-fns)
v2.30.0
Kudos to @​kossnocorp and @​Andarist for working on the release.
Changes
- Fixed increased build size after enabling compatibility with older browsers in the previous release. This was done by adding @​babel/runtime as a dependency. See more details.
v2.29.3
This release is prepared by our own @​leshakoss.
Fixed
v2.29.2
This release is brought to you by @​nopears, @​vadimpopa and @​leshakoss.
Fixed
v2.29.1
Thanks to @​fturmel for working on the release.
Fixed
v2.29.0
On this release worked @​tan75, @​kossnocorp, @​nopears, @​Balastrong, @​cpapazoglou, @​dovca, @​aliasgar55, @​tomchentw, @​JuanM04, @​alexandresaura, @​fturmel, @​aezell, @​andersravn, @​TiagoPortfolio, @​SukkaW, @​Zebreus, @​aviskarkc10, @​maic66, @​a-korzun, @​Mejans, @​davidspiess, @​alexgul1, @​matroskin062, @​undecaf, @​mprovenc, @​jooola and @​leshakoss.
Added
Fixed
-
Fixed long formatters in the South African English locale (
en-ZA). -
Fixed weekday format for
formatRelativein the Portuguese locale (pt). -
Fixed issue parsing months in Croatian (
hr), Georgian (ka) and Serbian (srandsr-Latn) locales.
Changed
v2.28.0
Kudos to @​tan75, @​fturmel, @​arcanar7, @​jeffjose, @​helmut-lang, @​zrev2220, @​jooola, @​minitesh, @​cowboy-bebug, @​mesqueeb, @​JuanM04, @​zhirzh, @​damon02 and @​leshakoss for working on the release.
Added
Fixed
cure53/DOMPurify (dompurify)
v3.1.5: DOMPurify 3.1.5
- Fixed a minor issue with the dist paths in
bower.js, thanks @​HakumenNC - Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @​kakao-bishop-cho
v3.1.4: DOMPurify 3.1.4
- Fixed an issue with the recently implemented
isNaNchecks, thanks @​tulach - Added several new popover attributes to allow-list, thanks @​Gigabyte5671
- Fixed the tests and adjusted the test runner to cover all branches
v3.1.3: DOMPurify 3.1.3
- Fixed several mXSS variations found by and thanks to @​kevin-mizu & @​Ry0taK
- Added better configurability for comment scrubbing default behavior
- Added better hardening against Prototype Pollution attacks, thanks @​kevin-mizu
- Added better handling and readability of the
nodeTypeproperty, thanks @​ssi02014 - Fixed some smaller issues in README and other documentation
v3.1.2: DOMPurify 3.1.2
- Addressed and fixed a mXSS variation found by @​kevin-mizu
- Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
- Updated tests for older Safari and Chrome versions
v3.1.1: DOMPurify 3.1.1
- Fixed an mXSS sanitiser bypass reported by @​icesfont
- Added new code to track element nesting depth
- Added new code to enforce a maximum nesting depth of 255
- Added coverage tests and necessary clobbering protections
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
v3.1.0: DOMPurify 3.1.0
- Added new setting
SAFE_FOR_XMLto enable better control over comment scrubbing - Updated README to warn about happy-dom not being safe for use with DOMPurify yet
- Updated the LICENSE file to show the accurate year number
- Updated several build and test dependencies
v3.0.11: DOMPurify 3.0.11
- Fixed another conditional bypass caused by Processing Instructions, thanks @​Ry0taK
- Fixed the regex for HTML Custom Element detection, thanks @​AlekseySolovey3T
v3.0.10: DOMPurify 3.0.10
- Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @​Slonser
- Bumped up some build and test dependencies
v3.0.9: DOMPurify 3.0.9
- Fixed a problem with proper detection of Custom Elements, thanks @​kevin-mizu
- Refactored the
hasOwnPropertylogic, thanks @​ssi02014 - Removed a superfluous
console.warnmaking HappyDom happier, thanks @​HugoPoi - Modernized some of the demo hooks for better looks, thanks @​Steb95
v3.0.8: DOMPurify 3.0.8
- Fixed errors caused by conditional exports, thanks @​ssi02014
- Fixed a type error when working with custom element config, thanks @​cpmotion
v3.0.7: DOMPurify 3.0.7
- Added better protection against CSPP attacks, thanks @​kevin-mizu
- Updated browser versions for automated tests
- Updated Node versions for automated tests
v3.0.6: DOMPurify 3.0.6
- Refactored the core code-base and several utilities, thanks @​ssi02014
- Updated and fixed several sections of the README, thanks @​ssi02014
- Updated several outdated build and test dependencies
v3.0.5: DOMPurify 3.0.5
- Fixed a licensing issue spotted and reported by @​george-thomas-hill
- Updated several build and test dependencies
v3.0.4: DOMPurify 3.0.4
- Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @​leeN
- Fixed a typo with
shadowrootmodwhich should beshadowrootmode, thanks @​masatokinugawa
v3.0.3: DOMPurify 3.0.3
- Added new
TRUSTED_TYPES_POLICYconfiguration option, thanks @​dejang - Added
feDropShadowto the SVG filter allow-list, thanks @​SelfMadeSystem
cssinjs/jss (jss)
v10.10.0
Improvements
- [jss] Added support for @​container query 1637
v10.9.2
Bug fixes
- [react-jss] Fix import useInsertionEffect 1627
v10.9.1
Bug fixes
- [jss] Update stylesheet if !important flag is set before and after the update 1612
v10.9.0
Bug fixes
- [jss, jss-plugin-global, jss-plugin-nested, jss-plugin-rule-value-function] Fixes a memory leak with nested function rules 1574
Improvements
- Keep classes ref when sheet and dynamicRules have not any change 1573
moment/moment (moment)
v2.30.1
- Release Dec 27, 2023
- Revert https://github.com/moment/moment/pull/5827, because it's breaking a lot of TS code.
v2.30.0
- Release Dec 26, 2023
preactjs/preact (preact)
v10.22.0
Features
- Support MathML namespace (#​4364, thanks @​rschristian)
Types
- Add popover types (#​4378, thanks @​rschristian)
Maintenance
- Skip running compressed-size builds twice (#​4377, thanks @​rschristian)
- Test types and warnings (#​4369, thanks @​rschristian)
- Bump compressed-size-action (#​4368, thanks @​rschristian)
Fixes
- Allow the same component to render many times across different phases (#​4382, thanks @​JoviDeCroock)
- Provide error for illegal nesting of
- Disallow
as a child of (#​4375, thanks @​rschristian)
- Change syntax in
compat/clientfor IE11 support (#​4372, thanks @​rschristian)v10.21.0Features
- Debug throw on too many rerenders (#​4349, thanks @​rschristian)
- Add compat/client types (#​4345, thanks @​rschristian)
Fixes
- Expose hooks through compat's
ReactCurrentDispatcher(#​4342, thanks @​rschristian) - Respect default value (#​4341, thanks @​JoviDeCroock)
- Incorrect "missing transform-jsx-source" warning (#​4350, thanks @​rschristian)
Types
- Support ComponentChild(ren) in compat render/hydrate/createPortal (#​4346, thanks @​rschristian)
- Import and re-export PreactElement (#​3228, thanks @​henryqdineen)
Maintenance
- Add zustand and redux-toolkit to the demo. (#​3523, thanks @​MortezaMirjavadi)
- Optimise jsx runtime (#​4337, thanks @​JoviDeCroock)
v10.20.2Fixes
- Check whether
oldDomis present in the DOM (#​4318, thanks @​JoviDeCroock) - Simplify the logic introduced in #​4322 & use eventClock for capture events too (#​4324, thanks @​jviide)
- Use a virtual clock instead of Date.now() for event dispatch times (#​4322, thanks @​jviide)
Types
- Add template tag JSX type (#​4334, thanks @​marvinhagemeister)
Maintenance
- Integrate the new benchmarks repo and update (#​4310, thanks @​andrewiggins)
- Some byte improvements (#​4321, thanks @​JoviDeCroock)
v10.20.1Fixes
- Add special case for focusIn and focusOut (#​4316, thanks @​JoviDeCroock)
v10.20.0Features
- Add isMemo to compact to allow compatibility with react-is dependant libraries (#​4302, thanks @​ziongh)
Fixes
- Fix case where shrinking a list would cause an exception (#​4312, thanks @​JoviDeCroock)
v10.19.7Types
- Bring consistency to our focus-event types (#​4307, thanks @​JoviDeCroock)
- Add onScrollend listener type (#​4305, thanks @​JoviDeCroock)
- Align state updater type with Raeect (#​4306, thanks @​JoviDeCroock)
Fixes
- Revert batch commit callbacks from all components in the render queue (#​4297, thanks @​JoviDeCroock)
v10.19.6tl;dr: This release contains bug fixes for incorrect ordering of unkeyed children.
Fixes
- Match
nullplaceholders using skewed index (#​4290, thanks @​andrewiggins) - Fix increment skew when we aren't removing the first pointer (#​4284, thanks @​JoviDeCroock)
- Fix invalid vnode internal id for text nodes (#​4291, thanks @​marvinhagemeister)
- Fix unkeyed reconciliation order in certain scenarios (#​4287, thanks @​marvinhagemeister, thanks @​JoviDeCroock)
Full Changelog: https://github.com/preactjs/preact/compare/10.19.5...10.19.6
v10.19.5Fixes
- Address scenario where we would crash when replacing a matched vnode with null (#​4281, thanks @​JoviDeCroock)
- Correctly restore _original (#​4280, thanks @​JoviDeCroock)
- Protect against nullish render (#​4278, thanks @​JoviDeCroock)
- Support setting translate through direct access (#​3800, thanks @​JoviDeCroock)
Types
- Add dpub aria 1.0 role JSX types (#​4276, thanks @​novari)
v10.19.4Fixes
- event-listeners in safari 12.3 fix (#​4253, thanks @​JoviDeCroock)
- support passing context into pure component (#​4269, thanks @​JoviDeCroock)
- retain masks across render invocations (#​4245, thanks @​JoviDeCroock)
- skip comment nodes for placeChild (#​4128, thanks @​JoviDeCroock)
- ensure we are able to support capture events from compat (#​4243, thanks @​JoviDeCroock)
- batch commit callbacks from all components in the render queue (#​4234, thanks @​developit)
Types
- improve preact compat types adding a few missing @​types/react used by styled-components (#​4271, thanks @​jduthon)
Maintenance
- add some sensible timeouts to actions that call out to external services (#​4259, thanks @​andrewiggins)
- add missing contenteditable "inherit" value (#​4242, thanks @​marvinhagemeister)
- add ComponentType to preact/compat (#​4239, thanks @​ianobermiller)
- improve types of hook source (#​4229, thanks @​andrewiggins)
v10.19.3Bug Fixes
- Add
MathMLtypes (#​4214, thanks @​fekete965) - Fix event handler event types for
onInput,onBeforeInputandonSubmit(#​4226, #​4220, thanks @​marvinhagemeister) - Fix invalid vnodes not filtered out in children (#​4219 , thanks @​billti)
Maintenance
- Remove focus from event capturing tests (#​4217, @​andrewiggins)
v10.19.2Fixes
- Call options.vnode on rerender (#​4209, thanks @​andrewiggins)
Maintenance
- Fix tests in IE11 (#​4211, thanks @​andrewiggins)
- Add test for removing children of memoed components (#​4210, thanks @​andrewiggins)
v10.19.1Fixes
- Missing preact import error when using compat (#​4206, thanks @​JoviDeCroock)
Types
- Make
childrenoptional inProvider's typings (#​4205, thanks @​shicks)
v10.19.0Features
- Support precompiled JSX transform (#​4177, thanks @​marvinhagemeister)
Fixes
- Rework children diffing to run in multiple phases (#​4180, thanks @​andrewiggins)
Performance
- Inline
diffPropsfunction (#​4200, thanks @​andrewiggins) - Do typeof string check before looking for String constructor (#​4198, thanks @​andrewiggins)
- Only run unmounting loop if any children remain to unmount (+2 B) (#​4199, thanks @​andrewiggins)
- Fix debug throwing in valid nested table (#​4193, thanks @​marvinhagemeister)
Types
- Compat PureComponent parity with upstream react type definitions (#​4056, thanks @​Blufords)
v10.18.2Types
- Update
contentEditableattribute values (#​4163, thanks @​shoonia) - Add
elementTimingattribute/property (#​4165, thanks @​shoonia) - Add the
exportpartsglobal attribute (#​4164, thanks @​shoonia) - Fix vnode type coercion (#​4158, thanks @​JoviDeCroock)
Fixes
- Fix case where parent catches error and switches vnode return type (#​4182, thanks @​JoviDeCroock)
- Allow handling errors in getSnapshot of useSyncExternalStore & add more tests (#​4175, thanks @​andrewiggins)
- Prevent invalid DOM nesting false positives (#​4160, thanks @​marvinhagemeister)
Improvements
- Improve place child (#​4172, thanks @​andrewiggins)
- Use copied VNode as newVNode instead of oldVNode when rerendering (#​4171, thanks @​andrewiggins)
- Manually track children's index & fix parent pointers when rerendering components (#​4170, thanks @​andrewiggins)
- Always clear
_nextDomfield on VNodes (#​4166, thanks @​andrewiggins) - Switch
===to==in a few places where not needed (#​4157, thanks @​rschristian) - Add support for new String() as a child (#​4152, thanks @​appsforartists)
Maintenance
- Update deopt script to generate log for usage in DeoptExplorer VSCode extension (#​4188, thanks @​andrewiggins)
- Fix benchmark debug action (#​4187, thanks @​andrewiggins)
- Add Benchmark Debug workflow (#​4185, thanks @​andrewiggins)
- Upgrade workflow actions (#​4184, thanks @​andrewiggins)
- Use import.meta.resolve in benchmark setup (#​4179, thanks @​andrewiggins)
- Improve code coverage (#​4174, thanks @​andrewiggins)
- Improve internal JSDoc types (#​4173, thanks @​andrewiggins)
- Upgrade to node@20 for development (#​4167, thanks @​andrewiggins)
v10.18.1Fixes
- Avoid crashing when there is no _children (#​4147, thanks @​JoviDeCroock)
- Fix regex for "Improper nesting of paragraph" for span under a paragraph (#​4144, thanks @​cheeaun)
v10.18.0[Compare Source](https://togithub.com/preactjs/preact/compare/10.17.1...10
Configuration
📅 Schedule: Branch creation - "after 12am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Never, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
- Change syntax in
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hey @ampproject/wg-performance! These files were changed:
tsconfig.base.json
![amp-owners-bot[bot] avatar](https://avatars.githubusercontent.com/in/22611?v=4 "Published by a pub.dev verified publisher"){kind=small}
This PR updates core dependencies (not devDependencies) so I think we should have a thorough review here :)
This PR updates core dependencies (not devDependencies) so I think we should have a thorough review here :)
Ping @erwinmombay / @ychsieh - I want to get at least one more approval before merging this