chore(deps): update dependency @builder.io/qwik to v1.7.3 [security] #22

renovate-bot · 2024-08-13T14:52:05Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@builder.io/qwik (source)	`1.4.3` -> `1.7.3`

GitHub Vulnerability Alerts

CVE-2024-41677

Summary

A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0.

Details

Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules:

https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.ts#L1182-L1208

If the string is an attribute value:
- " -> "
- & -> &
- Other characters -> No conversion
Otherwise:
- < -> <
- > -> >
- & -> &
- Other characters -> No conversion

It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS).

PoC

A vulnerable component:

import { component$ } from "@&#8203;builder.io/qwik";
import { useLocation } from "@&#8203;builder.io/qwik-city";

export default component$(() => {
  
  // user input
  const { url } = useLocation();
  const href = url.searchParams.get("href") ?? "https://example.com";

  return (
    <div>
      <noscript>
        <a href={href}>test</a>
      </noscript>
    </div>
  );
});

If a user accesses the following URL,

http://localhost:4173/?href=</noscript><script>alert(123)</script>

then, alert(123) will be executed.

Impact

XSS

Release Notes

QwikDev/qwik (@builder.io/qwik)

`v1.7.3`

`v1.7.2`

Patch Changes

Library builds now correctly generate _fnSignal calls again. Any Qwik library that exports components should be built again. (by @wmertens in #6732)
- built files are now under dist/ or lib/. All tools that respect package export maps should just work. (by @wmertens in #6715)
  If you have trouble with Typescript, ensure that you use moduleResolution: "Bundler" in your tsconfig.json.
- @builder.io/qwik no longer depends on undici
fix dev mode on windows (by @Varixo in #6713)

`v1.7.1`

Compare Source

What's Changed

There are very important bugfixes around build and development in this release and we recommend upgrading.

PRs

fix(eslint): Fixed lint problem about the JSXNode by @genki in https://github.com/QwikDev/qwik/pull/6637
fix(dev): Reports what is happening when SSR dirty tasks in taskStaging. by @genki in https://github.com/QwikDev/qwik/pull/6642
docs: added placementpreparation.io to showcase page by @JohnPremKumar in https://github.com/QwikDev/qwik/pull/6659
feat: use new @auth/qwik package by @gioboa in https://github.com/QwikDev/qwik/pull/6658
docs: update readme footer logo by @thejackshelton in https://github.com/QwikDev/qwik/pull/6668
fix(dev): some important edge cases by @wmertens in https://github.com/QwikDev/qwik/pull/6667
chore: couldn't handle that joke anymore 😅 by @shairez in https://github.com/QwikDev/qwik/pull/6671
chore: 1.7.1 by @wmertens in https://github.com/QwikDev/qwik/pull/6672

Full Changelog: QwikDev/qwik@v1.7.0...v1.7.1

`v1.7.0`

Compare Source

Notable changes

Form errors when using dot notation have a slightly different type
Changes to search parameters in the URL will cause routeloaders to re-run now
Fixed several issues in dev mode

What's Changed

Features

feat(vite-imagetools): add fetch priority support by @JerryWu1234 in https://github.com/QwikDev/qwik/pull/6538
feat: manage assetsDir by @gioboa in https://github.com/QwikDev/qwik/pull/6588
feat(qwikVite): add possibility to define multiple outputs by @KingSora in https://github.com/QwikDev/qwik/pull/6452
feat(vite-server config): added the option to disable image dev tools for dev server by @s-voloshynenko in https://github.com/QwikDev/qwik/pull/6427
feat(qrl): wrap resolved funcs for scope by @wmertens in https://github.com/QwikDev/qwik/pull/6575
feat(core): Add support to shadow DOM for QwikLoader. by @mhevery in https://github.com/QwikDev/qwik/pull/6547

Bug Fixes

fix: fix up csr mode by @gioboa in https://github.com/QwikDev/qwik/pull/6611
fix: solve _routes issue with assetsDir by @gioboa in https://github.com/QwikDev/qwik/pull/6612
fix(optimizer): retain paths of QRL segments by @wmertens in https://github.com/QwikDev/qwik/pull/6539
fix: correct onSubmit$ / onSubmitComplete$ type signature by @JerryWu1234 in https://github.com/QwikDev/qwik/pull/6542
refactor: remove references to currentScript by @mhevery in https://github.com/QwikDev/qwik/pull/6559
chore: add API changes guards by @shairez in https://github.com/QwikDev/qwik/pull/6562
fix(repl): code display in repl output by @wmertens in https://github.com/QwikDev/qwik/pull/6564
refactor(optimizer): nicer module finding + fix dev by @wmertens in https://github.com/QwikDev/qwik/pull/6556
fix: moved express to dependencies section by @thecoder93 in https://github.com/QwikDev/qwik/pull/6576
fix: moved Fastify packages to dependencies section by @thecoder93 in https://github.com/QwikDev/qwik/pull/6577
fix: fix up docs build by @gioboa in https://github.com/QwikDev/qwik/pull/6578
fix(qrl): correct qrl loading in vite dev mode by @wmertens in https://github.com/QwikDev/qwik/pull/6579
fix: SW prefetch by @gioboa in https://github.com/QwikDev/qwik/pull/6582
refactor(server$): clean up var names by @shairez in https://github.com/QwikDev/qwik/pull/6572
refactor(city): clean up code by @shairez in https://github.com/QwikDev/qwik/pull/6581
revert: #6522 & #6526 by @gioboa in https://github.com/QwikDev/qwik/pull/6583
fix(dev): qrl parsing during dev mode by @wmertens in https://github.com/QwikDev/qwik/pull/6584
fix(qrl): help rollup resolve imports from qrl segments by @wmertens in https://github.com/QwikDev/qwik/pull/6586
fix(optimizer): make component entries more unique by @wmertens in https://github.com/QwikDev/qwik/pull/6587
fix(build): put optimizer in pr.new builds by @wmertens in https://github.com/QwikDev/qwik/pull/6589
fix(dev): qrl import and refactor parent building by @wmertens in https://github.com/QwikDev/qwik/pull/6590
fix(ci): make pr npm build work again by @wmertens in https://github.com/QwikDev/qwik/pull/6591
fix(dev): qrl loading for non-srcDir by @wmertens in https://github.com/QwikDev/qwik/pull/6592
fix: disable PrefetchGraph in dev mode by @gioboa in https://github.com/QwikDev/qwik/pull/6604
fix: disable PrefetchServiceWorker in dev mode by @gioboa in https://github.com/QwikDev/qwik/pull/6606

Docs

docs: fix aws logo color by @thejackshelton in https://github.com/QwikDev/qwik/pull/6565
fix(docs): update valibot snippet by @zougari47 in https://github.com/QwikDev/qwik/pull/6569
docs: Document how to access current url from within root.tsx by @srapport in https://github.com/QwikDev/qwik/pull/6598
docs(state): add guidance on signals as props by @shairez in https://github.com/QwikDev/qwik/pull/6574
docs: fix conflicting ctrl+k shortcut by @gioboa in https://github.com/QwikDev/qwik/pull/6554
docs(qwik-nutshell): remove onInput$ reference to React onChange by @maiieul in https://github.com/QwikDev/qwik/pull/6558
docs: small grammar change by @codyroberts in https://github.com/QwikDev/qwik/pull/6609
docs: added an example for creating a dynamic Leaflet map by @gimonaa in https://github.com/QwikDev/qwik/pull/6599
docs: fix typo by @lollyxsrinand in https://github.com/QwikDev/qwik/pull/6615
docs(insights): location change to qwikdev by @tzdesign in https://github.com/QwikDev/qwik/pull/6544
docs: comment out extra sponsor component by @thejackshelton in https://github.com/QwikDev/qwik/pull/6555
docs: (concepts/reactivity) added comma by @sajebehari in https://github.com/QwikDev/qwik/pull/6533
docs: (concepts/progressive) punctuation; removed we; removed let's by @sajebehari in https://github.com/QwikDev/qwik/pull/6532
docs: remove the custom portals section by @thejackshelton in https://github.com/QwikDev/qwik/pull/6525
docs: update tutorial by @sajebehari in https://github.com/QwikDev/qwik/pull/6528
docs: (concepts/think-qwik) removed we; punctuation; grammar by @sajebehari in https://github.com/QwikDev/qwik/pull/6530
docs: (concepts/resumable) removed we; readability by @sajebehari in https://github.com/QwikDev/qwik/pull/6531
docs: improve Tauri integration by @nevthereal in https://github.com/QwikDev/qwik/pull/6470
docs: sw debug mode by @thejackshelton in https://github.com/QwikDev/qwik/pull/6536
docs: improve debug mode docs by @thejackshelton in https://github.com/QwikDev/qwik/pull/6537
chore: 1.6.0 by @gioboa in https://github.com/QwikDev/qwik/pull/6616

New Contributors

@nevthereal made their first contribution in https://github.com/QwikDev/qwik/pull/6470
@KingSora made their first contribution in https://github.com/QwikDev/qwik/pull/6452
@s-voloshynenko made their first contribution in https://github.com/QwikDev/qwik/pull/6427
@zougari47 made their first contribution in https://github.com/QwikDev/qwik/pull/6569
@thecoder93 made their first contribution in https://github.com/QwikDev/qwik/pull/6576
@srapport made their first contribution in https://github.com/QwikDev/qwik/pull/6598
@gimonaa made their first contribution in https://github.com/QwikDev/qwik/pull/6599

Full Changelog: QwikDev/qwik@v1.5.7...v1.6.0

`v1.5.7`

Compare Source

What's Changed

refactor(cli): updated jokes to just programming ones by @shairez in https://github.com/QwikDev/qwik/pull/6469
docs: fix up playground section by @sajebehari in https://github.com/QwikDev/qwik/pull/6472
docs: improve Posting Data section by @sajebehari in https://github.com/QwikDev/qwik/pull/6473
docs: improve Preview section by @sajebehari in https://github.com/QwikDev/qwik/pull/6474
docs: improve Review section by @sajebehari in https://github.com/QwikDev/qwik/pull/6475
docs: reword for readability by @sajebehari in https://github.com/QwikDev/qwik/pull/6476
docs: improve readability by @sajebehari in https://github.com/QwikDev/qwik/pull/6477
docs: improve readability by @sajebehari in https://github.com/QwikDev/qwik/pull/6478
docs: rewording; added punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6479
docs: improve vDOM explanation by @sajebehari in https://github.com/QwikDev/qwik/pull/6480
docs: reword; edit run on sentences by @sajebehari in https://github.com/QwikDev/qwik/pull/6482
docs: improve readability by @sajebehari in https://github.com/QwikDev/qwik/pull/6481
docs: improve faq by @sajebehari in https://github.com/QwikDev/qwik/pull/6483
docs: fixed grammar by @sajebehari in https://github.com/QwikDev/qwik/pull/6484
docs: heading change by @sajebehari in https://github.com/QwikDev/qwik/pull/6485
docs: added punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6486
docs: punctuation, run on sentence fix by @sajebehari in https://github.com/QwikDev/qwik/pull/6487
docs: punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6488
docs: removed we by @sajebehari in https://github.com/QwikDev/qwik/pull/6489
docs: added punctuation; made name plural by @sajebehari in https://github.com/QwikDev/qwik/pull/6490
docs: added punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6491
docs: added punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6492
docs: punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6508
docs: header change by @sajebehari in https://github.com/QwikDev/qwik/pull/6496
docs: removed let's; added colon by @sajebehari in https://github.com/QwikDev/qwik/pull/6504
docs: removed we; fixed sentence structure by @sajebehari in https://github.com/QwikDev/qwik/pull/6495
docs: removed we by @sajebehari in https://github.com/QwikDev/qwik/pull/6497
docs: more concise; readability; punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6498
docs: punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6499
docs: punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6500
docs: removed we by @sajebehari in https://github.com/QwikDev/qwik/pull/6501
docs: removed we; improved syntax by @sajebehari in https://github.com/QwikDev/qwik/pull/6502
docs: punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6503
docs: punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6505
docs: punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6506
docs: punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6507
docs: (qwikcity/api) removed we; improved sentence structure by @sajebehari in https://github.com/QwikDev/qwik/pull/6520
docs: (qwikcity/env-variables) removed we; punctuation (oxford comma :)) by @sajebehari in https://github.com/QwikDev/qwik/pull/6519
docs: (qwik city/overview) punctuation; removed we; parallelism by @sajebehari in https://github.com/QwikDev/qwik/pull/6510
docs: (qwikcity/routing) removed we; punctuation; improved readability; grammar by @sajebehari in https://github.com/QwikDev/qwik/pull/6511
docs: (qwikcity/pages) grammar; typo by @sajebehari in https://github.com/QwikDev/qwik/pull/6512
docs: (qwikcity/layout) grammar; removed we; removed let's; punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6513
docs: (qwikcity/actions) grammar; readability; removed we; punctuation by @sajebehari in https://github.com/QwikDev/qwik/pull/6514
docs: (qwikcity/endpoints) grammar; readability by @sajebehari in https://github.com/QwikDev/qwik/pull/6515
docs: (qwikcity/middleware) grammar; typo; readability by @sajebehari in https://github.com/QwikDev/qwik/pull/6516
docs: (qwikcity/server$) grammar; punctuation; readability by @sajebehari in https://github.com/QwikDev/qwik/pull/6517
docs: (qwikcity/caching) punctuation; removed we; improved syntax by @sajebehari in https://github.com/QwikDev/qwik/pull/6518
docs: added reactivity best practice by @shairez in https://github.com/QwikDev/qwik/pull/6521
feat: use assetsDir in the qwikVite plugin by @gioboa in https://github.com/QwikDev/qwik/pull/6522
fix: fix up PrefetchServiceWorker with multiple Qwik containers by @gioboa in https://github.com/QwikDev/qwik/pull/6468
chore: v1.5.7 by @gioboa in https://github.com/QwikDev/qwik/pull/6523
fix: support Win environment by @gioboa in https://github.com/QwikDev/qwik/pull/6526

New Contributors

@sajebehari made their first contribution in https://github.com/QwikDev/qwik/pull/6472

Full Changelog: QwikDev/qwik@v1.5.6...v1.5.7

`v1.5.6`

Compare Source

What's Changed

Many bugfixes and documentation updates.

We also added an API tech preview: createSignal, useConstant and createComputed$, which should be self-explanatory. Feedback welcome on Discord or in issues. We cannot guarantee the stability of these APIs yet, although they are simple enough that they probably won't need changing.

Commits

docs: Updates useResource description in readme.md by @greatgraphicdesign in https://github.com/QwikDev/qwik/pull/6354
fix(starters): unicode problem by @PatrickJS in https://github.com/QwikDev/qwik/pull/6356
fix(insights): fix up CSS class by @JerryWu1234 in https://github.com/QwikDev/qwik/pull/6358
fix: all charSet utf-8 issues by @PatrickJS in https://github.com/QwikDev/qwik/pull/6357
chore: disabled strict check on package manager by @shairez in https://github.com/QwikDev/qwik/pull/6363
fix: utf-8 lowercase by @PatrickJS in https://github.com/QwikDev/qwik/pull/6365
fix(prefetch): configure scope and give better errors by @PatrickJS in https://github.com/QwikDev/qwik/pull/6366
chore: maybe fix? by @PatrickJS in https://github.com/QwikDev/qwik/pull/6367
refactor(prefetch): avoid inconsistent doc generation by @PatrickJS in https://github.com/QwikDev/qwik/pull/6368
chore(docs): update cloudflare compatibility flags and date by @PatrickJS in https://github.com/QwikDev/qwik/pull/6369
chore: use old cf TextEncoderStream by @PatrickJS in https://github.com/QwikDev/qwik/pull/6373
fix(eslint-plugin-qwik): allow loaders in routes with JSX extension by @loriswit in https://github.com/QwikDev/qwik/pull/6374
docs: drizzle vercel edge section by @anxhirr in https://github.com/QwikDev/qwik/pull/6376
fix(qwikcity): duplicated rewrite routes with multiple prefixes by @shairez in https://github.com/QwikDev/qwik/pull/6377
docs: added traiging process and github actions by @shairez in https://github.com/QwikDev/qwik/pull/6379
docs(triage.md): fix typos by @maiieul in https://github.com/QwikDev/qwik/pull/6381
docs: update docs for deep property of useStore to match the new default by @Joristdh in https://github.com/QwikDev/qwik/pull/6383
docs: added SECURITY.md by @shairez in https://github.com/QwikDev/qwik/pull/6384
chore: formatted auto comments on issues by @shairez in https://github.com/QwikDev/qwik/pull/6387
chore: added codeowners file by @shairez in https://github.com/QwikDev/qwik/pull/6388
docs: update TRIAGE.md by @shairez in https://github.com/QwikDev/qwik/pull/6396
feat: add some jokes by @Lejla94 in https://github.com/QwikDev/qwik/pull/6400
docs: Improved conciseness and readability by @codyroberts in https://github.com/QwikDev/qwik/pull/6404
docs: Update use-resource.ts by @greatgraphicdesign in https://github.com/QwikDev/qwik/pull/6402
feat(core): useConstant, createSignal, createComputed$ by @wmertens in https://github.com/QwikDev/qwik/pull/6319
docs: Grammar corrections. by @codyroberts in https://github.com/QwikDev/qwik/pull/6413
chore: qwik-auth v0.2.1 by @wmertens in https://github.com/QwikDev/qwik/pull/6419
docs(server$): RequestEvent info by @PatrickJS in https://github.com/QwikDev/qwik/pull/6421
fix(qwik-city): don't crash on freezing circular refs by @wmertens in https://github.com/QwikDev/qwik/pull/6422
fix: Random fixes by @wmertens in https://github.com/QwikDev/qwik/pull/6425
docs: disable ChatGPT and Supabase by @mhevery in https://github.com/QwikDev/qwik/pull/6212
docs: fix minor in triage guide by @shairez in https://github.com/QwikDev/qwik/pull/6431
fix(qwik-auth): define basePath option by @gioboa in https://github.com/QwikDev/qwik/pull/6435
feat(qwik-auth): v0.2.2 by @gioboa in https://github.com/QwikDev/qwik/pull/6436
feat: update Auth.js starter by @gioboa in https://github.com/QwikDev/qwik/pull/6437
docs: site footer + banner changes by @thejackshelton in https://github.com/QwikDev/qwik/pull/6438
chore(deps-dev): bump express from 4.18.3 to 4.19.2 by @dependabot in https://github.com/QwikDev/qwik/pull/6440
docs: improve clarity in docs overview by @thejackshelton in https://github.com/QwikDev/qwik/pull/6445
docs: updating overview by @thejackshelton in https://github.com/QwikDev/qwik/pull/6446
docs: add ohayo-dev-design.com to showcase page by @Dokja620 in https://github.com/QwikDev/qwik/pull/6444
chore(deps-dev): bump firebase-tools from 12.6.2 to 13.10.2 by @dependabot in https://github.com/QwikDev/qwik/pull/6442
fix(jsx-generated): simplify input type by @maiieul in https://github.com/QwikDev/qwik/pull/6418
docs: update documented minim node version by @thejackshelton in https://github.com/QwikDev/qwik/pull/6448
ci: added ability to publish test packages by @shairez in https://github.com/QwikDev/qwik/pull/6389
docs: improved clarity in tutorial by @thejackshelton-kunaico in https://github.com/QwikDev/qwik/pull/6463
docs(props): Immutability & Signals explanation and example. by @codyroberts in https://github.com/QwikDev/qwik/pull/6460
fix(TextEncoderStream): emoji encoding polyfill and add tests by @octet-stream in https://github.com/QwikDev/qwik/pull/6466
docs: add sponsors section to homepage by @thejackshelton in https://github.com/QwikDev/qwik/pull/6467

New Contributors

@loriswit made their first contribution in https://github.com/QwikDev/qwik/pull/6374
@anxhirr made their first contribution in https://github.com/QwikDev/qwik/pull/6376
@Joristdh made their first contribution in https://github.com/QwikDev/qwik/pull/6383
@Lejla94 made their first contribution in https://github.com/QwikDev/qwik/pull/6400
@dependabot made their first contribution in https://github.com/QwikDev/qwik/pull/6440
@Dokja620 made their first contribution in https://github.com/QwikDev/qwik/pull/6444
@thejackshelton-kunaico made their first contribution in https://github.com/QwikDev/qwik/pull/6463

Full Changelog: QwikDev/qwik@v1.5.5...v1.5.6

`v1.5.5`

Compare Source

What's Changed

docs(store): explain arrow function vs regular function gotcha by @maiieul in https://github.com/QwikDev/qwik/pull/6277
docs: Update caching index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6280
docs: Update html-attributes index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6282
docs: Update integrations index.mdx by @Jemsco in https://github.com/QwikDev/qwik/pull/6283
docs: Update bootstrap index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6284
docs: Update i18n index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6285
docs(routes / typed-routes): add Declarative Routing by @RumNCodeDev in https://github.com/QwikDev/qwik/pull/6287
chore: fix Test Typo by @ToanTrinh01 in https://github.com/QwikDev/qwik/pull/6289
fix(plugin): csr typing by @wmertens in https://github.com/QwikDev/qwik/pull/6292
feat(qwikloader): emit error by @PatrickJS in https://github.com/QwikDev/qwik/pull/6254
docs(polymorphism): changed hi to slot by @tzdesign in https://github.com/QwikDev/qwik/pull/6294
feat(Form): multi onSubmit$ handlers by @PatrickJS in https://github.com/QwikDev/qwik/pull/6241
docs: Update pages.json by @dejurin in https://github.com/QwikDev/qwik/pull/6295
feat(server$): config argument, optional GET, ServerError by @PatrickJS in https://github.com/QwikDev/qwik/pull/6290
refactor(aws): handler alias by @PatrickJS in https://github.com/QwikDev/qwik/pull/6240
docs(sync$): adding note pointing to preventDefault docs by @RumNCodeDev in https://github.com/QwikDev/qwik/pull/6296
fix(http): ignore http2 headers by @PatrickJS in https://github.com/QwikDev/qwik/pull/6291
feat: When closing over values in server$ the values should be marked as readonly by @gitstart in https://github.com/QwikDev/qwik/pull/5238
docs: server$ wording and link by @PatrickJS in https://github.com/QwikDev/qwik/pull/6297
docs: show selected path if block scroll in view by @RaiVaibhav in https://github.com/QwikDev/qwik/pull/6079
docs(CONTRIBUTING): spelling fix by @MVAodhan in https://github.com/QwikDev/qwik/pull/6299
fix: SSG ignoring the index page when trailingSlash is false by @JerryWu1234 in https://github.com/QwikDev/qwik/pull/6304
docs(qwik-nutshell): more code examples for isServer by @PatrickJS in https://github.com/QwikDev/qwik/pull/6306
docs: Document exposing gtag for custom events in Qwik Partytown setup by @itssajan in https://github.com/QwikDev/qwik/pull/6303
fix(bun): Rewrite TextEncoderStream polyfill implementation for Bun middleware by @octet-stream in https://github.com/QwikDev/qwik/pull/6309
refactor(qwikloader): add types and no handler qerror by @PatrickJS in https://github.com/QwikDev/qwik/pull/6305
docs: Grammar correction and rewording by @codyroberts in https://github.com/QwikDev/qwik/pull/6312
fix(insights): lower limit to prevent timeouts by @mhevery in https://github.com/QwikDev/qwik/pull/6313
fix(qwik-city): enforce / on base paths by @wmertens in https://github.com/QwikDev/qwik/pull/6301
feat: add nonce to PrefetchServiceWorker by @DustinJSilk in https://github.com/QwikDev/qwik/pull/6316
docs: added going back example by @rafalfigura in https://github.com/QwikDev/qwik/pull/6320
docs: Fixing back-and-forth by @rafalfigura in https://github.com/QwikDev/qwik/pull/6321
docs: Wording and grammar corrections by @codyroberts in https://github.com/QwikDev/qwik/pull/6325
feat(RouteNavigate): nav(-1) history support by @PatrickJS in https://github.com/QwikDev/qwik/pull/6324
chore(qwik-city/middleware): add TextEncoderStream polyfill and tests by @PatrickJS in https://github.com/QwikDev/qwik/pull/6310
docs: alternative cookie delete by @Twiggeh in https://github.com/QwikDev/qwik/pull/6331
feat(starters): error if qwik packages aren't together by @ToanTrinh01 in https://github.com/QwikDev/qwik/pull/6332
docs: fixes broken link by @greatgraphicdesign in https://github.com/QwikDev/qwik/pull/6334
docs: Improved readability by @codyroberts in https://github.com/QwikDev/qwik/pull/6335
fix(qwik-city): Removed artificial recursive limiter from recursive path matching by @gnemanja in https://github.com/QwikDev/qwik/pull/6327
feat(vercel): no cache service-worker.js files by @PatrickJS in https://github.com/QwikDev/qwik/pull/6339
fix(image-size-runtime.html): exclude SVG images from Perf: properly … by @williamsdyyz in https://github.com/QwikDev/qwik/pull/6318
feat(cloudflare): no-store service-worker.js by @PatrickJS in https://github.com/QwikDev/qwik/pull/6340
fix: bandwidth issues for 404 resources #6302 by @okikio in https://github.com/QwikDev/qwik/pull/6341
docs(contributing): Add devcontainer/cli as alternative method for local development setup by @octet-stream in https://github.com/QwikDev/qwik/pull/6343
fix(server$): return content type changes by @PatrickJS in https://github.com/QwikDev/qwik/pull/6345
feat(qwik-city): append cookie headers to response by @mhuretski in https://github.com/QwikDev/qwik/pull/6342
chore: v1.5.5 by @wmertens in https://github.com/QwikDev/qwik/pull/6349
fix(bun): Support application builds with Bun by @octet-stream in https://github.com/QwikDev/qwik/pull/6344

New Contributors

@ToanTrinh01 made their first contribution in https://github.com/QwikDev/qwik/pull/6289
@gitstart made their first contribution in https://github.com/QwikDev/qwik/pull/5238
@RaiVaibhav made their first contribution in https://github.com/QwikDev/qwik/pull/6079
@MVAodhan made their first contribution in https://github.com/QwikDev/qwik/pull/6299
@itssajan made their first contribution in https://github.com/QwikDev/qwik/pull/6303
@rafalfigura made their first contribution in https://github.com/QwikDev/qwik/pull/6320
@Twiggeh made their first contribution in https://github.com/QwikDev/qwik/pull/6331
@gnemanja made their first contribution in https://github.com/QwikDev/qwik/pull/6327
@williamsdyyz made their first contribution in https://github.com/QwikDev/qwik/pull/6318
@okikio made their first contribution in https://github.com/QwikDev/qwik/pull/6341
@mhuretski made their first contribution in https://github.com/QwikDev/qwik/pull/6342

Full Changelog: QwikDev/qwik@v1.5.4...v1.5.5

`v1.5.4`

Compare Source

What's Changed

fix(types): add exports for old ts import style by @wmertens in https://github.com/QwikDev/qwik/pull/6263
fix(Click-to-Source ): fix windows by @PatrickJS in https://github.com/QwikDev/qwik/pull/6261
fix: upgrade authcore level by @JerryWu1234 in https://github.com/QwikDev/qwik/pull/6147
feat(qwik-city): scroll restoration any element by @genki in https://github.com/QwikDev/qwik/pull/6258
fix(qrl): ensure .resolved exists in all cases by @wmertens in https://github.com/QwikDev/qwik/pull/6213
docs: Update components/tasks index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6206
docs: reworded documentation and fixed grammar by @codyroberts in https://github.com/QwikDev/qwik/pull/6207
docs: Update advanced speculative module fetching verbiage … by @Jemsco in https://github.com/QwikDev/qwik/pull/6209
docs: Update advanced modules prefetching index.mdx verbiage by @Jemsco in https://github.com/QwikDev/qwik/pull/6210
docs: Update components/events index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6216
docs: Update components/context index.mdx verbiage by @Jemsco in https://github.com/QwikDev/qwik/pull/6217
docs: Update components/slots index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6218
docs: Update components/rendering index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6219
docs: add missing import by @krisantuswanandi in https://github.com/QwikDev/qwik/pull/6225
fix(vite.config): Duplicate Export by @PatrickJS in https://github.com/QwikDev/qwik/pull/6227
fix(vite.config): error only when dupe by @PatrickJS in https://github.com/QwikDev/qwik/pull/6228
docs(routing): plugin by @PatrickJS in https://github.com/QwikDev/qwik/pull/6229
docs(plugin): qwik plugin and vite plugin by @PatrickJS in https://github.com/QwikDev/qwik/pull/6231
docs(sidebar): save scroll position, wider, and prefetch by @PatrickJS in https://github.com/QwikDev/qwik/pull/6234
fix(starters/empty): avoid p element gotchas by @PatrickJS in https://github.com/QwikDev/qwik/pull/6236
docs: Update components/styles index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6245
docs: advanced dollar by @gparlakov in https://github.com/QwikDev/qwik/pull/6244
docs: advanced/dollar correct button by @gparlakov in https://github.com/QwikDev/qwik/pull/6243
docs: Update qwikcity index.mdx verbiage and phrasing by @Jemsco in https://github.com/QwikDev/qwik/pull/6248
docs: Update components/overview index.mdx to add export default by @Jemsco in https://github.com/QwikDev/qwik/pull/6250
docs: Update getting-started index.mdx to add export default by @Jemsco in https://github.com/QwikDev/qwik/pull/6251
docs: Update authjs index.mdx add environment vars for node by @Jemsco in https://github.com/QwikDev/qwik/pull/6253
docs: Update components/tasks index.mdx useVisibleTask$ by @Jemsco in https://github.com/QwikDev/qwik/pull/6255
docs: Update server index.mdx define server inside onclick by [@&#

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

sourcery-ai

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, renovate-bot!). We assume it knows what it's doing!

sourcery-ai bot reviewed Aug 13, 2024

View reviewed changes

renovate-bot force-pushed the renovate/npm-builder.io-qwik-vulnerability branch from 6081938 to 3e04cca Compare August 28, 2024 07:09

chore(deps): update dependency @builder.io/qwik to v1.7.3 [security]

263d363

renovate-bot force-pushed the renovate/npm-builder.io-qwik-vulnerability branch from 3e04cca to 263d363 Compare October 9, 2024 11:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update dependency @builder.io/qwik to v1.7.3 [security] #22

chore(deps): update dependency @builder.io/qwik to v1.7.3 [security] #22

renovate-bot commented Aug 13, 2024 •

edited

Loading

sourcery-ai bot left a comment

chore(deps): update dependency @builder.io/qwik to v1.7.3 [security] #22

Are you sure you want to change the base?

chore(deps): update dependency @builder.io/qwik to v1.7.3 [security] #22

Conversation

renovate-bot commented Aug 13, 2024 • edited Loading

GitHub Vulnerability Alerts

Summary

Details

PoC

Impact

Release Notes

Patch Changes

What's Changed

PRs

Notable changes

PRs merged

New Contributors

What's Changed

Features

Bug Fixes

Docs

New Contributors

What's Changed

New Contributors

What's Changed

Commits

New Contributors

What's Changed

New Contributors

What's Changed

Configuration

sourcery-ai bot left a comment

Choose a reason for hiding this comment

renovate-bot commented Aug 13, 2024 •

edited

Loading