Update all

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@rollup/plugin-replace (source)	5.0.5 -> 5.0.7					devDependencies	patch
@types/node (source)	18.19.22 -> 18.19.66					devDependencies	patch
acorn	8.11.3 -> 8.14.0					devDependencies	minor
acorn-walk	8.3.2 -> 8.3.4					devDependencies	patch
babel-loader	9.1.3 -> 9.2.1					devDependencies	minor
css-loader	6.10.0 -> 6.11.0					devDependencies	minor
magic-string	0.30.8 -> 0.30.14					devDependencies	patch
mini-css-extract-plugin	2.8.1 -> 2.9.2					devDependencies	minor
node (source)	18.19.1 -> 18.20.5					volta	minor
preact (source)	10.19.6 -> 10.25.0					dependencies	minor
prettier (source)	3.2.5 -> 3.4.1					devDependencies	minor
rimraf	5.0.5 -> 5.0.10					devDependencies	patch
rollup-plugin-terser	7.0.2 -> 0.1.0					devDependencies	replacement
typescript (source)	5.4.2 -> 5.7.2					devDependencies	minor

This is a special PR that replaces rollup-plugin-terser with the community suggested minimal stable replacement version.

---

Release Notes

rollup/plugins (@​rollup/plugin-replace)

v5.0.7

2024-06-05

Bugfixes

• fix: add missing sourceMap documentation (#​1698)

v5.0.6

2024-06-05

Bugfixes

• fix: ternary operator replacement (#​1712)

acornjs/acorn (acorn)

v8.14.0

Compare Source

v8.13.0

Compare Source

v8.12.1

Compare Source

v8.12.0

Compare Source

babel/babel-loader (babel-loader)

v9.2.1

Compare Source

v9.2.0

Compare Source

webpack-contrib/css-loader (css-loader)

v6.11.0

Compare Source

Features

• supports multiple composes (#​1582) (bbca614)

Bug Fixes

• do not break @scope at-rule without params (#​1581) (e022e3b)

rich-harris/magic-string (magic-string)

v0.30.14

Compare Source

Features

• Include debugId in SourceMap types (#​294) (5d93dcf)

v0.30.13

Compare Source

Features

• Add support for sourcemap debugId property (#​292) (ef531a8)

v0.30.12

Compare Source

Performance Improvements

• skip line break mappings (#​284) (5b1ecf7)

v0.30.11

Compare Source

Bug Fixes

• not use negative indices for remove in empty string (#​281) (5c1cba0)

v0.30.10

Compare Source

Bug Fixes

• types: improve chainable types (#​278) (072188f)

v0.30.9

Compare Source

Performance Improvements

• avoid create uncessary overrides for replace (a1b857c)

webpack-contrib/mini-css-extract-plugin (mini-css-extract-plugin)

v2.9.2

Compare Source

v2.9.1

Compare Source

v2.9.0

Compare Source

Features

• add support for link preload/prefetch (#​1043) (ee25e51)
• added the defaultExport option to generate default and named export together (#​1084) (74ae781)

Bug Fixes

• avoid reloading all csses when hot load (#​1090) (1a56673)

2.8.1 (2024-02-27)

Bug Fixes

• add nonce if __webpack_nonce__ has been defined (c7f0aee)

nodejs/node (node)

v18.20.5: 2024-11-12, Version 18.20.5 'Hydrogen' (LTS), @​aduh95

Compare Source

Notable Changes

• [ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #​55333

Commits

• [c2e6a8f215] - benchmark: fix napi/ref addon (Michaël Zasso) #​53233
• [4c2e07aaac] - build: pin doc workflow to Node.js 20 (Richard Lau) #​55755
• [6ba4ebd060] - build: fix build with Python 3.12 (Luigi Pinca) #​50582
• [c50f01399e] - crypto: ensure invalid SubtleCrypto JWK data import results in DataError (Filip Skokan) #​55041
• [5c46782137] - crypto: make deriveBits length parameter optional and nullable (Filip Skokan) #​53601
• [6e7274fa53] - crypto: reject dh,x25519,x448 in {Sign,Verify}Final (Huáng Jùnliàng) #​53774
• [d2442044db] - crypto: reject Ed25519/Ed448 in Sign/Verify prototypes (Filip Skokan) #​52340
• [93670de499] - deps: upgrade npm to 10.8.2 (npm team) #​53799
• [8531c95587] - deps: upgrade npm to 10.8.1 (npm team) #​53207
• [fd9933ea0f] - deps: upgrade npm to 10.8.0 (npm team) #​53014
• [03852495d7] - deps: update simdutf to 5.6.0 (Node.js GitHub Bot) #​55379
• [3597be4146] - deps: update simdutf to 5.5.0 (Node.js GitHub Bot) #​54434
• [52d2c03738] - deps: update simdutf to 5.3.4 (Node.js GitHub Bot) #​54312
• [dd882ac483] - deps: update simdutf to 5.3.1 (Node.js GitHub Bot) #​54196
• [5fb8e1b428] - deps: update simdutf to 5.3.0 (Node.js GitHub Bot) #​53837
• [c952fd886d] - deps: update simdutf to 5.2.8 (Node.js GitHub Bot) #​52727
• [a1ae050ed5] - deps: update simdutf to 5.2.6 (Node.js GitHub Bot) #​52727
• [96ec48da7f] - deps: update brotli to 1.1.0 (Node.js GitHub Bot) #​50804
• [11242bcfb4] - deps: update zlib to 1.3.0.1-motley-71660e1 (Node.js GitHub Bot) #​53464
• [64f98a9869] - deps: update zlib to 1.3.0.1-motley-c2469fd (Node.js GitHub Bot) #​53464
• [4b815550e0] - deps: update zlib to 1.3.0.1-motley-68e57e6 (Node.js GitHub Bot) #​53464
• [f6b2f68ce7] - deps: update zlib to 1.3.0.1-motley-8b7eff8 (Node.js GitHub Bot) #​53464
• [e151ebef86] - deps: update zlib to 1.3.0.1-motley-e432200 (Node.js GitHub Bot) #​53464
• [637a306e02] - deps: update zlib to 1.3.0.1-motley-887bb57 (Node.js GitHub Bot) #​53464
• [569a739569] - deps: update zlib to 1.3.0.1-motley-209717d (Node.js GitHub Bot) #​53156
• [033f1e2ba5] - deps: update zlib to 1.3.0.1-motley-4f653ff (Node.js GitHub Bot) #​53052
• [aaa857fc01] - deps: update ada to 2.8.0 (Node.js GitHub Bot) #​53254
• [d577321877] - deps: update acorn to 8.13.0 (Node.js GitHub Bot) #​55558
• [55b3c8a41f] - deps: update acorn-walk to 8.3.4 (Node.js GitHub Bot) #​54950
• [50a9456f1e] - deps: update acorn-walk to 8.3.3 (Node.js GitHub Bot) #​53466
• [f56cfe776b] - deps: update acorn to 8.12.1 (Node.js GitHub Bot) #​53465
• [fce3ab686d] - deps: update archs files for openssl-3.0.15+quic1 (Node.js GitHub Bot) #​55184
• [46c782486e] - deps: upgrade openssl sources to quictls/openssl-3.0.15+quic1 (Node.js GitHub Bot) #​55184
• [4a18581dc3] - deps: update corepack to 0.29.4 (Node.js GitHub Bot) #​54845
• [67e98831ab] - deps: update archs files for openssl-3.0.14+quic1 (Node.js GitHub Bot) #​54336
• [c60c6630af] - deps: upgrade openssl sources to quictls/openssl-3.0.14+quic1 (Node.js GitHub Bot) #​54336
• [935a506377] - deps: update corepack to 0.29.3 (Node.js GitHub Bot) #​54072
• [dbdfdd0226] - deps: update corepack to 0.29.2 (Node.js GitHub Bot) #​53838
• [395ee44608] - deps: update corepack to 0.28.2 (Node.js GitHub Bot) #​53253
• [6ba8bc0618] - deps: update c-ares to 1.29.0 (Node.js GitHub Bot) #​53155
• [81c3260cd2] - deps: update corepack to 0.28.1 (Node.js GitHub Bot) #​52946
• [e4739e9aa6] - doc: only apply content-visibility on all.html (Filip Skokan) #​53510
• [4d2ac5d98f] - doc: move release key for Myles Borins (Richard Lau) #​54059
• [1c4decc998] - doc: add release key for aduh95 (Antoine du Hamel) #​55349
• [a4f6f0918f] - doc: add names next to release key bash commands (Aviv Keller) #​52878
• [c679348f83] - errors: use determineSpecificType in more error messages (Antoine du Hamel) #​49580
• [3059262185] - esm: fix broken assertion in legacyMainResolve (Antoine du Hamel) #​55708
• [ac37e554a5] - esm: mark import attributes and JSON module as stable (Nicolò Ribaudo) #​55333
• [84b0ead758] - esm: fix hook name in error message (Bruce MacNaughton) #​50466
• [0092358d00] - http: handle multi-value content-disposition header (Arsalan Ahmad) #​50977
• [d814fe935c] - src: account for OpenSSL unexpected version (Shelley Vohr) #​54038
• [6615fe5db1] - src: fix dynamically linked OpenSSL version (Richard Lau) #​53456
• [d6114cb2e2] - test: fix test when compiled without engine support (Richard Lau) #​53232
• [ac3a39051c] - test: fix test-tls-junk-closes-server (Michael Dawson) #​55089
• [c8520ff7d2] - test: fix OpenSSL version checks (Richard Lau) #​53503
• [9824827937] - test: update tls test to support OpenSSL32 (Michael Dawson) #​55030
• [1a4d497936] - test: adjust tls-set-ciphers for OpenSSL32 (Michael Dawson) #​55016
• [341496a5a2] - test: add asserts to validate test assumptions (Michael Dawson) #​54997
• [37a2f7eaa4] - test: adjust key sizes to support OpenSSL32 (Michael Dawson) #​54972
• [75ff0cdf66] - test: update test to support OpenSSL32 (Michael Dawson) #​54968
• [b097d85dfe] - test: adjust test-tls-junk-server for OpenSSL32 (Michael Dawson) #​54926
• [e9997388a6] - test: adjust tls test for OpenSSL32 (Michael Dawson) #​54909
• [c7de027adb] - test: fix test test-tls-dhe for OpenSSL32 (Michael Dawson) #​54903
• [68156cbae1] - test: fix test-tls-client-mindhsize for OpenSSL32 (Michael Dawson) #​54739
• [d5b73e5683] - test: increase key size for ca2-cert.pem (Michael Dawson) #​54599
• [5316314755] - test: update TLS test for OpenSSL 3.2 (Richard Lau) #​54612
• [a1f0c87859] - test: fix test-tls-client-auth test for OpenSSL32 (Michael Dawson) #​54610
• [e9e3306426] - test: use assert.{s,deepS}trictEqual() (Sonny) #​54208
• [1320fb9475] - test: update TLS trace tests for OpenSSL >= 3.2 (Richard Lau) #​53229
• [cc3cdf7cc0] - test: check against run-time OpenSSL version (Richard Lau) #​53456
• [fc43c6803e] - test: update TLS tests for OpenSSL 3.2 (Richard Lau) #​53384
• [627d3993f0] - test: fix unreliable assumption in js-native-api/test_cannot_run_js (Joyee Cheung) #​51898
• [9f521f456e] - test: update tests for OpenSSL 3.0.14 (Richard Lau) #​53373
• [0fb652eba9] - tools: update gyp-next to v0.16.1 (Michaël Zasso) #​50380
• [fa72b2c2de] - tools: skip ruff on tools/gyp (Michaël Zasso) #​50380

v18.20.4

Compare Source

v18.20.3: 2024-05-21, Version 18.20.3 'Hydrogen' (LTS), @​richardlau

Compare Source

Notable Changes

This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.

A fix has also been included for compiling Node.js from source with newer versions of Clang.

The list of keys used to sign releases has been synchronized with the current list from the main branch.

Updated dependencies

• acorn updated to 8.11.3.
• acorn-walk updated to 8.3.2.
• ada updated to 2.7.8.
• c-ares updated to 1.28.1.
• corepack updated to 0.28.0.
• nghttp2 updated to 1.61.0.
• ngtcp2 updated to 1.3.0.
• npm updated to 10.7.0. Includes a fix from [email protected] to limit the number of open connections npm/cli#7324.
• simdutf updated to 5.2.4.
• zlib updated to 1.3.0.1-motley-7d77fb7.

Commits

• [0c260e10e7] - deps: update zlib to 1.3.0.1-motley-7d77fb7 (Node.js GitHub Bot) #​52516
• [1152d7f919] - deps: update zlib to 1.3.0.1-motley-24c07df (Node.js GitHub Bot) #​52199
• [755399db9d] - deps: update zlib to 1.3.0.1-motley-24342f6 (Node.js GitHub Bot) #​52123
• [af3e32073b] - deps: update ada to 2.7.8 (Node.js GitHub Bot) #​52517
• [e4ea2db58b] - deps: update c-ares to 1.28.1 (Node.js GitHub Bot) #​52285
• [14e857bea2] - deps: update corepack to 0.28.0 (Node.js GitHub Bot) #​52616
• [7f5dd44ca6] - deps: upgrade npm to 10.7.0 (npm team) #​52767
• [78f84ebb09] - deps: update ngtcp2 to 1.3.0 (Node.js GitHub Bot) #​51796
• [1f489a3753] - deps: update ngtcp2 to 1.2.0 (Node.js GitHub Bot) #​51584
• [3034968225] - deps: update ngtcp2 to 1.1.0 (Node.js GitHub Bot) #​51319
• [1aa9da467f] - deps: add nghttp3/**/.deps to .gitignore (Luigi Pinca) #​51400
• [28c0c78c9a] - deps: update ngtcp2 and nghttp3 (James M Snell) #​51291
• [8fd5a35364] - deps: upgrade npm to 10.5.2 (npm team) #​52458
• [2c53ff31c9] - deps: update acorn-walk to 8.3.2 (Node.js GitHub Bot) #​51457
• [12f28f33c2] - deps: update acorn to 8.11.3 (Node.js GitHub Bot) #​51317
• [dddb7eb3e0] - deps: update acorn-walk to 8.3.1 (Node.js GitHub Bot) #​50457
• [c86550e607] - deps: update acorn-walk to 8.3.0 (Node.js GitHub Bot) #​50457
• [9500817f66] - deps: update acorn to 8.11.2 (Node.js GitHub Bot) #​50460
• [7a8c7b6275] - deps: update ada to 2.7.7 (Node.js GitHub Bot) #​52028
• [b199889943] - deps: update corepack to 0.26.0 (Node.js GitHub Bot) #​52027
• [052b0ba0c6] - deps: upgrade npm to 10.5.1 (npm team) #​52351
• [209823d3af] - deps: update simdutf to 5.2.4 (Node.js GitHub Bot) #​52473
• [5114cbe18a] - deps: update simdutf to 5.2.3 (Yagiz Nizipli) #​52381
• [be30309ea0] - deps: update simdutf to 5.0.0 (Daniel Lemire) #​52138
• [b56f66e250] - deps: update simdutf to 4.0.9 (Node.js GitHub Bot) #​51655
• [a9f3b9d9d1] - deps: update nghttp2 to 1.61.0 (Node.js GitHub Bot) #​52395
• [1b6fa70620] - deps: update nghttp2 to 1.60.0 (Node.js GitHub Bot) #​51948
• [3c9dbbf4d4] - deps: update nghttp2 to 1.59.0 (Node.js GitHub Bot) #​51581
• [e28316da54] - deps: update nghttp2 to 1.58.0 (Node.js GitHub Bot) #​50441
• [678641f470] - deps: V8: cherry-pick d15d49b (Bo Anderson) #​52337
• [1147fee7d9] - doc: remove ableist language from crypto (Jamie King) #​52063
• [5e93eae972] - doc: add release key for marco-ippolito (marco-ippolito) #​52257
• [6689a98488] - http: remove closeIdleConnections function while calling server close (Kumar Rishav) #​52336
• [71616e8a8a] - node-api: make tsfn accept napi_finalize once more (Gabriel Schulhof) #​51801
• [d9d9e62474] - src: avoid draining platform tasks at FreeEnvironment (Chengzhong Wu) #​51290
• [e5fc8ec9fc] - test: skip v8-updates/test-linux-perf (Michaël Zasso) #​49639
• [351ef189ca] - test: v8: Add test-linux-perf-logger test suite (Luke Albao) #​50352
• [5cec2efc31] - test: reduce the number of requests and parsers (Luigi Pinca) #​50240
• [5186e453d9] - test: deflake test-http-regr-gh-2928 (Luigi Pinca) #​49574
• [c60cd67e1c] - test: skip test for dynamically linked OpenSSL (Richard Lau) #​52542

v18.20.2: 2024-04-10, Version 18.20.2 'Hydrogen' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

• [6627222409] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#564

v18.20.1

Compare Source

v18.20.0

Compare Source

preactjs/preact (preact)

v10.25.0

Compare Source

Features

Move per-element type interfaces into core and more strictly type IntrinsicElements (#​4546, thanks @​rschristian)

This adds per-element typings for every DOM-node type, this means that our types might become slightly stricter when you are using DOM attributes/properties where they are not allowed, an example of this might be <div src="x" />.

If you notice any issues when upgrading tell us about them, we can evaluate whether we have missed a case.

Recreate unkeyed functional components when they change position. (#​4550, thanks @​JoviDeCroock)

This is a long time bugfix, when we have elements that look like

return (
	{condition ? <Element /> : null}
	{condition ? null : <Element />
)

We would reuse the state of the first VNode to render the second one when the condition switches. When you are using key, this issue was not present.

Support { handleEvent() {} } object interface as a listener (#​4538, thanks @​lilnasy)

We've added support for attaching object/class event-handlers

let handler = {
	onclick,
	handleEvent() {
		this.onclick()
	}
}

<div onClick={handler} />

Fixes

• Ensure state updates work in signals (#​4560, thanks @​JoviDeCroock)
• Ensure SVGAttributes includes height & width (#​4556, thanks @​rschristian)
• Fork types for TS 5.1 and beyond (#​4548, thanks @​JoviDeCroock)
• Re-add missing properties & property casings (#​4554, thanks @​rschristian)
• Ensure we unwrap custom .then() (#​4547, thanks @​JoviDeCroock)
• Fix error message when nesting invalid elements within <p> tags (#​4534, thanks @​jubalm)

Maintenance

• Try constant for undefined (#​4552, thanks @​JoviDeCroock)
• Fix demo (#​4551, thanks @​JoviDeCroock)
• Use Signalish helper to reduce verbosity (#​4545, thanks @​rschristian)
• Re-export ErrorInfo type (#​4541, thanks @​jose-torres-marin)
• Skip PR reporter action on non-pull request triggers (#​4536, thanks @​rschristian)
• upgrade biome to 1.9.4 (#​4535, thanks @​unvalley)
• oxlint violation of react/iframe-missing-sandbox (#​4533, thanks @​DonIsaac)

v10.24.3

Compare Source

Fixes

• We should not always set to hydration when suspending (#​4529, thanks @​JoviDeCroock)
• refactor: Warn on NaN in dep arrays instead of throwing (#​4527, thanks @​rschristian)

Performance

• Context consumer unmounting perf (#​4526, thanks @​JoviDeCroock)

Maintenance

• ci: Fix PR reporter (#​4531, thanks @​rschristian)
• ci: Remove saucelabs (#​4530, thanks @​rschristian)
• ci: Ensure paths-filter action works on push events (#​4528, thanks @​rschristian)
• ci: Unify workflows into singular pipeline (#​4520, thanks @​rschristian)

v10.24.2

Compare Source

Performance

• Improve performance and reduce memory allocation (#​4521, thanks @​JoviDeCroock)

Types

• Re-export types for events and event handlers (#​4512, thanks @​jose-torres-marin)

Maintenance

• Merge upload actions to fix usage in v4 (#​4515, thanks @​rschristian)
• Update Tachometer reporter glob to support subdirs (#​4519, thanks @​rschristian)
• Fix download artifact regexp (#​4517, thanks @​rschristian)
• Switch to regexp for download-artifact action (#​4516, thanks @​rschristian)
• Bump upload/download-artifact action versions (#​4511, thanks @​rschristian)

v10.24.1

Compare Source

Fixes

• Prevent debug crash when analyzing hydration mismatches (#​4507, thanks @​JoviDeCroock)

Types

• Correct some missing & incorrect SVG types (#​4505, thanks @​rschristian)
• Remove incorrect spellCheck type (#​4497, thanks @​rschristian)
• React props with children didn't allow for multiple children (#​4493, thanks @​hesxenon)

Maintenance

• Bump to oxlint v0.9.6 (#​4503, thanks @​Boshen)

v10.24.0

Compare Source

Features

• Warn our user for hydration mismatches (#​4490, thanks @​JoviDeCroock)

Fixes

• Avoid setting value for progress with nullish value (#​4492, thanks @​JoviDeCroock)
• Fix skewedIndex becoming outrageously big and document tradeoffs of our decisions (#​4483, thanks @​JoviDeCroock)

Types

• AnyComponent type to support classes (#​4479, thanks @​rschristian)

Maintenance

• Fix typo in comment (#​4494, thanks @​rburgst)
• Update fake compat version (#​4488, thanks @​rschristian)
• Remove impossible branch (#​4491, thanks @​JoviDeCroock)
• Golf down diffChildren (#​4485, thanks @​JoviDeCroock)
• Get rid of eager unmounting (#​4484, thanks @​JoviDeCroock)

v10.23.2

Compare Source

Fixes

• Fix shifting VNode children to the front (#​4472, thanks @​JoviDeCroock)

Types

• Add TypeScript support for Container.contains (#​4471, thanks @​sjoerdmulder)
• Add AriaRole types export (#​4466, thanks @​kuronijin)

Maintenance

• Bump to oxlint v0.7.0 (#​4469, thanks @​Boshen)
• General performance improvements for folks using compat (#​4459, thanks @​JoviDeCroock)
• Prepare for no-unused-vars (#​4462, thanks @​DonIsaac)

v10.23.1

Compare Source

Fixes

• Fix debug-issue in testing libraries where there might not be a DOM node (#​4454, thanks @​JoviDeCroock)

v10.23.0

Compare Source

Features

• Support ref cleanup functions (#​4436, thanks @​marvinhagemeister)

This adds support for returning a function in functional refs, example

<input
  ref={(ref) => {
    // Assign ref, do something with it
    return () => {
      // ref cleanup, when the element unmounts
      // we run the cleanup
    };
  }}
/>

Fixes

• Child-diffing should shift keyed fragmented lists (#​4448, thanks @​JoviDeCroock)
• Invalid DOM check not firing when p/a/button have a parent (#​4449, thanks @​JoviDeCroock)
• Support comments for streaming renders ([#&

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.