Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

📦 Update core dependencies #37042

Closed
wants to merge 1 commit into from
Closed

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 23, 2021

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@use-gesture/react (source) 10.2.10 -> 10.3.1 age adoption passing confidence
@webcomponents/webcomponentsjs (source) 2.6.0 -> 2.8.0 age adoption passing confidence
date-fns 2.27.0 -> 2.30.0 age adoption passing confidence
dompurify 3.0.2 -> 3.1.6 age adoption passing confidence
intersection-observer 0.12.0 -> 0.12.2 age adoption passing confidence
jss (source) 10.8.2 -> 10.10.0 age adoption passing confidence
jss-preset-default (source) 10.8.2 -> 10.10.0 age adoption passing confidence
moment (source) 2.29.4 -> 2.30.1 age adoption passing confidence
preact (source) 10.16.0 -> 10.23.2 age adoption passing confidence
react-day-picker (source) 8.0.0-beta.37 -> 8.10.1 age adoption passing confidence
react-jss (source) 10.8.2 -> 10.10.0 age adoption passing confidence
rrule (source) 2.7.2 -> 2.8.1 age adoption passing confidence

See all other Renovate PRs on the Dependency Dashboard

How to resolve breaking changes

This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below:

# Check out the PR branch
git checkout -b renovate/core-dependencies main
git pull https://github.com/ampproject/amphtml.git renovate/core-dependencies

# Directly make fixes and commit them
amp lint --fix # For lint errors in JS files
amp prettify --fix # For prettier errors in non-JS files
# Edit source code in case of new compiler warnings / errors

# Push the changes to the branch
git push [email protected]:ampproject/amphtml.git renovate/core-dependencies:renovate/core-dependencies

Release Notes

pmndrs/use-gesture (@​use-gesture/react)

v10.3.1

Compare Source

Patch Changes

v10.3.0

Compare Source

Patch Changes

v10.2.27

Compare Source

Patch Changes

v10.2.26

Compare Source

Patch Changes

v10.2.25

Compare Source

Patch Changes

v10.2.24

Compare Source

Patch Changes

v10.2.23

Compare Source

Patch Changes

v10.2.22

Compare Source

Patch Changes

v10.2.21

Compare Source

Patch Changes

v10.2.20

Compare Source

Patch Changes

v10.2.19

Compare Source

Patch Changes

v10.2.18

Compare Source

Patch Changes

v10.2.17

Compare Source

Patch Changes

v10.2.16

Compare Source

Patch Changes

v10.2.15

Compare Source

Patch Changes

v10.2.14

Compare Source

Patch Changes

v10.2.13

Compare Source

Patch Changes

v10.2.12

Compare Source

Patch Changes

v10.2.11

Compare Source

Patch Changes
webcomponents/polyfills (@​webcomponents/webcomponentsjs)

v2.8.0

Compare Source

  • Update dependencies (#​542)
  • Polyfill Element.toggleAttribute(). (#​541)

v2.7.0

Compare Source

  • Polyfill addEventListener/removeEventListener event listener options,
    including {capture: boolean, once: boolean}.
    (#​469)
  • Make webcomponents-loader.js compatible with the Trusted Types API
    (#​501)
  • Remove an arrow function in webcomponents-loader.js.
    (#​507)
date-fns/date-fns (date-fns)

v2.30.0

Compare Source

Kudos to @​kossnocorp and @​Andarist for working on the release.

Changes
  • Fixed increased build size after enabling compatibility with older browsers in the previous release. This was done by adding @​babel/runtime as a dependency. See more details.

v2.29.3

Compare Source

This release is prepared by our own @​leshakoss.

Fixed

v2.29.2

Compare Source

This release is brought to you by @​nopears, @​vadimpopa and @​leshakoss.

Fixed

v2.29.1

Compare Source

Thanks to @​fturmel for working on the release.

Fixed

v2.29.0

Compare Source

On this release worked @​tan75, @​kossnocorp, @​nopears, @​Balastrong, @​cpapazoglou, @​dovca, @​aliasgar55, @​tomchentw, @​JuanM04, @​alexandresaura, @​fturmel, @​aezell, @​andersravn, @​TiagoPortfolio, @​SukkaW, @​Zebreus, @​aviskarkc10, @​maic66, @​a-korzun, @​Mejans, @​davidspiess, @​alexgul1, @​matroskin062, @​undecaf, @​mprovenc, @​jooola and @​leshakoss.

Added
Fixed
Changed

v2.28.0

Compare Source

Kudos to @​tan75, @​fturmel, @​arcanar7, @​jeffjose, @​helmut-lang, @​zrev2220, @​jooola, @​minitesh, @​cowboy-bebug, @​mesqueeb, @​JuanM04, @​zhirzh, @​damon02 and @​leshakoss for working on the release.

Added
Fixed
cure53/DOMPurify (dompurify)

v3.1.6: DOMPurify 3.1.6

Compare Source

  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @​kevin-mizu
  • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @​realansgar
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Fixed several minor typos in docs, comments and comment blocks, thanks @​Rotzbua
  • Updated several development dependencies

v3.1.5: DOMPurify 3.1.5

Compare Source

  • Fixed a minor issue with the dist paths in bower.js, thanks @​HakumenNC
  • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @​kakao-bishop-cho

v3.1.4: DOMPurify 3.1.4

Compare Source

  • Fixed an issue with the recently implemented isNaN checks, thanks @​tulach
  • Added several new popover attributes to allow-list, thanks @​Gigabyte5671
  • Fixed the tests and adjusted the test runner to cover all branches

v3.1.3: DOMPurify 3.1.3

Compare Source

  • Fixed several mXSS variations found by and thanks to @​kevin-mizu & @​Ry0taK
  • Added better configurability for comment scrubbing default behavior
  • Added better hardening against Prototype Pollution attacks, thanks @​kevin-mizu
  • Added better handling and readability of the nodeType property, thanks @​ssi02014
  • Fixed some smaller issues in README and other documentation

v3.1.2: DOMPurify 3.1.2

Compare Source

  • Addressed and fixed a mXSS variation found by @​kevin-mizu
  • Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
  • Updated tests for older Safari and Chrome versions

v3.1.1: DOMPurify 3.1.1

Compare Source

  • Fixed an mXSS sanitiser bypass reported by @​icesfont
  • Added new code to track element nesting depth
  • Added new code to enforce a maximum nesting depth of 255
  • Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

v3.1.0: DOMPurify 3.1.0

Compare Source

  • Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
  • Updated README to warn about happy-dom not being safe for use with DOMPurify yet
  • Updated the LICENSE file to show the accurate year number
  • Updated several build and test dependencies

v3.0.11: DOMPurify 3.0.11

Compare Source

  • Fixed another conditional bypass caused by Processing Instructions, thanks @​Ry0taK
  • Fixed the regex for HTML Custom Element detection, thanks @​AlekseySolovey3T

v3.0.10: DOMPurify 3.0.10

Compare Source

  • Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @​Slonser
  • Bumped up some build and test dependencies

v3.0.9: DOMPurify 3.0.9

Compare Source

  • Fixed a problem with proper detection of Custom Elements, thanks @​kevin-mizu
  • Refactored the hasOwnProperty logic, thanks @​ssi02014
  • Removed a superfluous console.warn making HappyDom happier, thanks @​HugoPoi
  • Modernized some of the demo hooks for better looks, thanks @​Steb95

v3.0.8: DOMPurify 3.0.8

Compare Source

  • Fixed errors caused by conditional exports, thanks @​ssi02014
  • Fixed a type error when working with custom element config, thanks @​cpmotion

v3.0.7: DOMPurify 3.0.7

Compare Source

  • Added better protection against CSPP attacks, thanks @​kevin-mizu
  • Updated browser versions for automated tests
  • Updated Node versions for automated tests

v3.0.6: DOMPurify 3.0.6

Compare Source

  • Refactored the core code-base and several utilities, thanks @​ssi02014
  • Updated and fixed several sections of the README, thanks @​ssi02014
  • Updated several outdated build and test dependencies

v3.0.5: DOMPurify 3.0.5

Compare Source

  • Fixed a licensing issue spotted and reported by @​george-thomas-hill
  • Updated several build and test dependencies

v3.0.4: DOMPurify 3.0.4

Compare Source

  • Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @​leeN
  • Fixed a typo with shadowrootmod which should be shadowrootmode, thanks @​masatokinugawa

v3.0.3: DOMPurify 3.0.3

Compare Source

  • Added new TRUSTED_TYPES_POLICY configuration option, thanks @​dejang
  • Added feDropShadow to the SVG filter allow-list, thanks @​SelfMadeSystem
GoogleChromeLabs/intersection-observer (intersection-observer)

v0.12.2

Compare Source

cssinjs/jss (jss)

v10.10.0

Compare Source

Improvements

v10.9.2

Compare Source

Bug fixes
  • [react-jss] Fix import useInsertionEffect 1627

v10.9.1

Compare Source

Bug fixes
  • [jss] Update stylesheet if !important flag is set before and after the update 1612

v10.9.0

Compare Source

Bug fixes
  • [jss, jss-plugin-global, jss-plugin-nested, jss-plugin-rule-value-function] Fixes a memory leak with nested function rules 1574
Improvements
  • Keep classes ref when sheet and dynamicRules have not any change 1573
moment/moment (moment)

v2.30.1

Compare Source

v2.30.0

Compare Source

  • Release Dec 26, 2023
preactjs/preact (preact)

v10.23.2

Compare Source

Fixes

Types

Maintenance

v10.23.1

Compare Source

Fixes

v10.23.0

Compare Source

Features

This adds support for returning a function in functional refs, example

<input
  ref={(ref) => {
    // Assign ref, do something with it
    return () => {
      // ref cleanup, when the element unmounts
      // we run the cleanup
    };
  }}
/>

Fixes

Types

Maintenance

v10.22.1

Compare Source

Fixes

Types

Maintenance

Performance

v10.22.0

Compare Source

Features

Types

Maintenance

Fixes

@renovate renovate bot force-pushed the renovate/core-dependencies branch from 125f999 to acd09d1 Compare May 26, 2022 16:17
@renovate renovate bot force-pushed the renovate/core-dependencies branch from acd09d1 to 62bf979 Compare June 7, 2022 15:42
@renovate renovate bot changed the title 📦 Update dependency preact to v10.6.0 📦 Update core dependencies Jun 7, 2022
@renovate renovate bot force-pushed the renovate/core-dependencies branch 2 times, most recently from 23cc40f to 687c19d Compare May 2, 2023 19:21
@renovate renovate bot force-pushed the renovate/core-dependencies branch 2 times, most recently from b5b595a to 910810e Compare June 6, 2023 18:29
@renovate renovate bot force-pushed the renovate/core-dependencies branch from 910810e to 8a2fb59 Compare June 28, 2023 15:35
@renovate renovate bot force-pushed the renovate/core-dependencies branch 2 times, most recently from f0ddce8 to 00745f5 Compare July 12, 2023 18:16
@danielrozenberg danielrozenberg force-pushed the renovate/core-dependencies branch 2 times, most recently from 7c410c7 to aace4d7 Compare July 12, 2023 20:14
@amp-owners-bot
Copy link

amp-owners-bot bot commented Jul 12, 2023

Hey @ampproject/wg-performance! These files were changed:

tsconfig.base.json

@danielrozenberg
Copy link
Member

This PR updates core dependencies (not devDependencies) so I think we should have a thorough review here :)

@renovate renovate bot force-pushed the renovate/core-dependencies branch 2 times, most recently from d43a48a to d1e63ae Compare May 6, 2024 15:49
@renovate renovate bot force-pushed the renovate/core-dependencies branch 2 times, most recently from 179320c to f791e0c Compare May 14, 2024 16:07
@renovate renovate bot force-pushed the renovate/core-dependencies branch from f791e0c to 721a1d7 Compare May 20, 2024 18:10
@renovate renovate bot force-pushed the renovate/core-dependencies branch 2 times, most recently from 9143568 to a983202 Compare June 3, 2024 19:07
@renovate renovate bot force-pushed the renovate/core-dependencies branch 2 times, most recently from 1ca2132 to f006216 Compare June 11, 2024 17:27
@renovate renovate bot force-pushed the renovate/core-dependencies branch from f006216 to 59305c4 Compare June 13, 2024 13:15
@renovate renovate bot force-pushed the renovate/core-dependencies branch 3 times, most recently from b7f0680 to b54efb9 Compare June 26, 2024 16:02
@renovate renovate bot changed the title 📦 Update core dependencies 📦 Update core dependencies - autoclosed Jun 27, 2024
@renovate renovate bot closed this Jun 27, 2024
@renovate renovate bot deleted the renovate/core-dependencies branch June 27, 2024 09:51
@renovate renovate bot changed the title 📦 Update core dependencies - autoclosed 📦 Update core dependencies Jun 27, 2024
@renovate renovate bot restored the renovate/core-dependencies branch June 27, 2024 18:52
@renovate renovate bot reopened this Jun 27, 2024
@renovate renovate bot force-pushed the renovate/core-dependencies branch 3 times, most recently from 4bac6e0 to 63d8874 Compare July 11, 2024 16:55
@renovate renovate bot force-pushed the renovate/core-dependencies branch 3 times, most recently from cede5e4 to bf458dd Compare August 12, 2024 17:01
@renovate renovate bot force-pushed the renovate/core-dependencies branch from bf458dd to 032b827 Compare August 27, 2024 10:39
@renovate renovate bot force-pushed the renovate/core-dependencies branch from 032b827 to bbcf3a0 Compare September 3, 2024 17:05
@renovate renovate bot force-pushed the renovate/core-dependencies branch from bbcf3a0 to ac4e521 Compare September 4, 2024 16:27
@powerivq powerivq closed this Sep 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants