fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@builder.io/qwik (source)	^1.4.4 -> ^1.4.5					dependencies	patch
@types/node (source)	^20.11.17 -> ^20.11.19					devDependencies	patch
@types/react (source)	^18.2.55 -> ^18.2.56					devDependencies	patch
@vue/shared (source)	^3.4.18 -> ^3.4.19					dependencies	patch
browserslist	^4.22.3 -> ^4.23.0					dependencies	minor
core-js (source)	^3.35.1 -> ^3.36.0					dependencies	minor
dotenv	^16.4.2 -> ^16.4.4					devDependencies	patch
dotenv-expand	^11.0.3 -> ^11.0.6					devDependencies	patch
miniflare (source)	^3.20240129.1 -> ^3.20240129.3					devDependencies	patch
pnpm (source)	8.15.1 -> 8.15.3					packageManager	patch
postcss-import	^16.0.0 -> ^16.0.1					devDependencies	patch
preact (source)	^10.19.4 -> ^10.19.5					dependencies	patch
sass	^1.70.0 -> ^1.71.0					devDependencies	minor
solid-js (source)	^1.8.14 -> ^1.8.15					dependencies	patch
svelte (source)	^4.2.10 -> ^4.2.11					devDependencies	patch
terser (source)	^5.27.0 -> ^5.27.1					devDependencies	patch
tj-actions/changed-files	v42.0.2 -> v42.0.4					action	patch
vite (source)	^5.1.1 -> ^5.1.3					devDependencies	patch
vite-plugin-solid	^2.9.1 -> ^2.10.1					devDependencies	minor
vitepress (source)	1.0.0-rc.42 -> 1.0.0-rc.43					devDependencies	patch
vitest (source)	^1.2.2 -> ^1.3.0					devDependencies	minor
vue (source)	^3.4.18 -> ^3.4.19					dependencies	patch
vue (source)	^3.4.18 -> ^3.4.19					devDependencies	patch

---

Release Notes

BuilderIO/qwik (@​builder.io/qwik)

v1.4.5

Compare Source

What's Changed

• docs: Fix broken Markdown on Astro Docs page by @​LorisSigrist in https://github.com/BuilderIO/qwik/pull/5830
• fix: qwik-react peer version by @​wmertens in https://github.com/BuilderIO/qwik/pull/5831
• docs: update index.mdx to account for bun start crash on win by @​codethinki in https://github.com/BuilderIO/qwik/pull/5834
• docs(speculative-module-fetching): remove that it doesn't work in preview because it does by @​maiieul in https://github.com/BuilderIO/qwik/pull/5836
• fix(qwik-city): don't cache errors by @​wmertens in https://github.com/BuilderIO/qwik/pull/5839
• docs(showcase): added Sasthya Seba - Healthcare service provider. by @​iamriajul in https://github.com/BuilderIO/qwik/pull/5838
• chore: Update 🐼 PandaCSS integration dev dependenc by @​mrhoodz in https://github.com/BuilderIO/qwik/pull/5842
• fix(ssr): task sorting during SSR by @​wmertens in https://github.com/BuilderIO/qwik/pull/5847
• chore: 1.4.5 by @​wmertens in https://github.com/BuilderIO/qwik/pull/5848

New Contributors

• @​LorisSigrist made their first contribution in https://github.com/BuilderIO/qwik/pull/5830
• @​codethinki made their first contribution in https://github.com/BuilderIO/qwik/pull/5834

Full Changelog: QwikDev/qwik@v1.4.4...v1.4.5

vuejs/core (@​vue/shared)

v3.4.19

Compare Source

Bug Fixes

• deps: pin lru-cache to avoid hashing error (b8be990), closes #​10300
• hydration: fix css vars hydration mismatch false positive on non-root nodes (995d2fd), closes #​10317 #​10325
• runtime-dom: should not trigger transition when v-show value is falsy (#​10311) (e509639)

Features

Note: this warning is categorized as a feature but released in a patch because it does not affect public APIs.

• dx: warn users when computed is self-triggering (#​10299) (f7ba97f)

Performance Improvements

• runtime: improve getType() GC and speed (#​10327) (603a1e1)

browserslist/browserslist (browserslist)

v4.23.0

Compare Source

• Added BROWSERSLIST_ROOT_PATH (by @​teleclimber).

zloirock/core-js (core-js)

v3.36.0

Compare Source

• ArrayBuffer.prototype.transfer and friends proposal:
  • Built-ins:
    • ArrayBuffer.prototype.detached
    • ArrayBuffer.prototype.transfer
    • ArrayBuffer.prototype.transferToFixedLength
  • Moved to stable ES, Febrary 2024 TC39 meeting
  • Added es. namespace modules, /es/ and /stable/ namespaces entries
• Uint8Array to / from base64 and hex proposal:
  • Methods:
    • Uint8Array.fromBase64
    • Uint8Array.fromHex
    • Uint8Array.prototype.toBase64
    • Uint8Array.prototype.toHex
  • Moved to stage 3, Febrary 2024 TC39 meeting
  • Added /actual/ namespace entries
  • Skipped adding new methods of writing to existing arrays to clarification some moments
• Promise.try proposal has been resurrected and moved to stage 2, Febrary 2024 TC39 meeting
• Added an entry point for the new TC39 proposals stage - core-js/stage/2.7 - still empty
• Fixed regression in Set.prototype.intersection feature detection
• Fixed a missed check in Array.prototype.{ indexOf, lastIndexOf, includes }, #​1325, thanks @​minseok-choe
• Fixed a missed check in Array.prototype.{ reduce, reduceRight }, #​1327, thanks @​minseok-choe
• Fixed Array.from and some other methods with proxy targets, #​1322, thanks @​minseok-choe
• Fixed dependencies loading for modules from ArrayBuffer.prototype.transfer and friends proposal in some specific cases in IE10-
• Dropped context workaround from collection static methods entries since with current methods semantic it's no longer required
• Added instance methods polyfills to entries of collections static methods that produce collection instances
• Added missed Date.prototype.toJSON to JSON.stringify entries dependencies
• Added debugging info in some missed cases
• Compat data improvements:
  • { Map, Object }.groupBy, Promise.withResolvers, ArrayBuffer.prototype.transfer and friends marked as supported from Safari 17.4
  • New Set methods fixed and marked as supported from V8 ~ Chrome 123
  • Added Deno 1.40 compat data mapping
  • Symbol.metadata marked as supported from Deno 1.40.4
  • Updated Electron 30 compat data mapping

motdotla/dotenv (dotenv)

v16.4.4

Compare Source

Changed

• 🐞 Replaced chaining operator ?. with old school && (fixing node 12 failures) #​812

v16.4.3

Compare Source

Changed

• Fixed processing of multiple files in options.path #​805

motdotla/dotenv-expand (dotenv-expand)

v11.0.6

Compare Source

Changed

• Fix .nyc_output in .npmignore

v11.0.5

Compare Source

Changed

• 🐞 fix recursive expansion when expansion key is sourced from process.env (#​121)

v11.0.4

Compare Source

Changed

• 🐞 fix recursive expansion when expansion keys in reverse order (#​118)

cloudflare/workers-sdk (miniflare)

v3.20240129.3

Compare Source

Minor Changes

• #​4795 027f9719 Thanks @​mrbbot! - feat: pass Miniflare instance as argument to custom service binding handlers

  This change adds a new Miniflare-typed parameter to function-valued service binding handlers. This provides easy access to the correct bindings when re-using service functions across instances.

  import assert from "node:assert";
  import { Miniflare, Response } from "miniflare";
  
  const mf = new Miniflare({
  	serviceBindings: {
  		SERVICE(request, instance) {
  			assert(instance === mf);
  			return new Response();
  		},
  	},
  });

• #​4795 027f9719 Thanks @​mrbbot! - feat: allow URLs to be passed in hyperdrives

  Previously, the hyperdrives option only accepted strings as connection strings. This change allows URL objects to be passed too.

• #​4795 027f9719 Thanks @​mrbbot! - feat: add support for custom root paths

  Miniflare has lots of file-path-valued options (e.g. scriptPath, kvPersist, textBlobBindings). Previously, these were always resolved relative to the current working directory before being used. This change adds a new rootPath shared, and per-worker option for customising this behaviour. Instead of resolving relative to the current working directory, Miniflare will now resolve path-valued options relative to the closest rootPath option. Paths are still resolved relative to the current working directory if no rootPaths are defined. Worker-level rootPaths are themselves resolved relative to the shared rootPath if defined.

  import { Miniflare } from "miniflare";
  
  const mf1 = new Miniflare({
  	scriptPath: "index.mjs",
  });
  
  const mf2 = new Miniflare({
  	rootPath: "a/b",
  	scriptPath: "c/index.mjs",
  });
  
  const mf3 = new Miniflare({
  	rootPath: "/a/b",
  	workers: [
  		{
  			name: "1",
  			rootPath: "c",
  			scriptPath: "index.mjs",
  		},
  		{
  			name: "2",
  			scriptPath: "index.mjs",
  		},
  	],
  });

• #​4795 027f9719 Thanks @​mrbbot! - feat: allow easy binding to current worker

  Previously, if you wanted to create a service binding to the current Worker, you'd need to know the Worker's name. This is usually possible, but can get tricky when dealing with many Workers. This change adds a new kCurrentWorker symbol that can be used instead of a Worker name in serviceBindings. kCurrentWorker always points to the Worker with the binding.

  import { kCurrentWorker, Miniflare } from "miniflare";
  
  const mf = new Miniflare({
  	serviceBindings: {
  		SELF: kCurrentWorker,
  	},
  	modules: true,
  	script: `export default {
      fetch(request, env, ctx) {
        const { pathname } = new URL(request.url);
        if (pathname === "/recurse") {
          return env.SELF.fetch("http://placeholder");
        }
        return new Response("body");
      }
    }`,
  });
  
  const response = await mf.dispatchFetch("http://placeholder/recurse");
  console.log(await response.text()); // body

Patch Changes

• #​4954 7723ac17 Thanks @​mrbbot! - fix: allow relative scriptPath/modulesRoots to break out of current working directory

  Previously, Miniflare would resolve relative scriptPaths against moduleRoot multiple times resulting in incorrect paths and module names. This would lead to can't use ".." to break out of starting directory workerd errors. This change ensures Miniflare uses scriptPath as is, and only resolves it relative to modulesRoot when computing module names. Note this bug didn't affect service workers. This allows you to reference a modules scriptPath outside the working directory with something like:

  const mf = new Miniflare({
  	modules: true,
  	modulesRoot: "..",
  	scriptPath: "../worker.mjs",
  });

  Fixes #​4721

• #​4795 027f9719 Thanks @​mrbbot! - fix: return non-WebSocket responses for failed WebSocket upgrading fetch()es

  Previously, Miniflare's fetch() would throw an error if the Upgrade: websocket header was set, and a non-WebSocket response was returned from the origin. This change ensures the non-WebSocket response is returned from fetch() instead, with webSocket set to null. This allows the caller to handle the response as they see fit.

• #​4795 027f9719 Thanks @​mrbbot! - fix: ensure MiniflareOptions, WorkerOptions, and SharedOptions types are correct

  Miniflare uses Zod for validating options. Previously, Miniflare inferred *Options from the output types of its Zod schemas, rather than the input types. In most cases, these were the same. However, the hyperdrives option has different input/output types, preventing these from being type checked correctly.

v3.20240129.2

Compare Source

Patch Changes

• #​4950 05360e43 Thanks @​petebacondarwin! - fix: ensure we do not rewrite external Origin headers in wrangler dev

  In https://github.com/cloudflare/workers-sdk/pull/4812 we tried to fix the Origin headers to match the Host header but were overzealous and rewrote Origin headers for external origins (outside of the proxy server's origin).

  This is now fixed, and moreover we rewrite any headers that refer to the proxy server on the request with the configured host and vice versa on the response.

  This should ensure that CORS is not broken in browsers when a different host is being simulated based on routes in the Wrangler configuration.

pnpm/pnpm (pnpm)

v8.15.3

Compare Source

Patch Changes

• Remove vulnerable "ip" package from the dependencies #​7652.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v8.15.2

Compare Source

Patch Changes

• When purging multiple node_modules directories, pnpm will no longer print multiple prompts simultaneously.
• Don't print an unnecessary warning when adding new dependencies to a project that uses hoisted node_modules.
• Linking globally the command of a package that has no name in package.json #​4761.
• Installation should work with lockfile created by pnpm v9.0.0-alpha.4

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

postcss/postcss-import (postcss-import)

v16.0.1

Compare Source

• Fix crash when handling some @imports with media conditions (#​557, #​558)

preactjs/preact (preact)

v10.19.5

Compare Source

Fixes

• Address scenario where we would crash when replacing a matched vnode with null (#​4281, thanks @​JoviDeCroock)
• Correctly restore _original (#​4280, thanks @​JoviDeCroock)
• Protect against nullish render (#​4278, thanks @​JoviDeCroock)
• Support setting translate through direct access (#​3800, thanks @​JoviDeCroock)

Types

• Add dpub aria 1.0 role JSX types (#​4276, thanks @​novari)

sass/dart-sass (sass)

v1.71.0

Compare Source

For more information about pkg: importers, see the
announcement on the Sass blog.

Command-Line Interface

• Add a --pkg-importer flag to enable built-in pkg: importers. Currently
  this only supports the Node.js package resolution algorithm, via
  --pkg-importer=node. For example, @use "pkg:bootstrap" will load
  node_modules/bootstrap/scss/bootstrap.scss.

JavaScript API

• Add a NodePackageImporter importer that can be passed to the importers
  option. This loads files using the pkg: URL scheme according to the Node.js
  package resolution algorithm. For example, @use "pkg:bootstrap" will load
  node_modules/bootstrap/scss/bootstrap.scss. The constructor takes a single
  optional argument, which indicates the base directory to use when locating
  node_modules directories. It defaults to
  path.dirname(require.main.filename).

Dart API

• Add a NodePackageImporter importer that can be passed to the importers
  option. This loads files using the pkg: URL scheme according to the Node.js
  package resolution algorithm. For example, @use "pkg:bootstrap" will load
  node_modules/bootstrap/scss/bootstrap.scss. The constructor takes a single
  argument, which indicates the base directory to use when locating
  node_modules directories.

sveltejs/svelte (svelte)

v4.2.11

Compare Source

Patch Changes

• fix: check that component wasn't instantiated in connectedCallback (#​10466)

terser/terser (terser)

v5.27.1

Compare Source

• Fixed case where collapse_vars inlines await expressions into non-async functions.

tj-actions/changed-files (tj-actions/changed-files)

v42.0.4

Compare Source

What's Changed

• Upgraded to v42.0.3 by @​tj-actions-bot in https://github.com/tj-actions/changed-files/pull/1939
• chore: update formatting by @​jackton1 in https://github.com/tj-actions/changed-files/pull/1940

Full Changelog: tj-actions/changed-files@v42...v42.0.4

v42.0.3

Compare Source

What's Changed

• Upgraded to v42.0.2 by @​tj-actions-bot in https://github.com/tj-actions/changed-files/pull/1886
• chore(deps): update dependency @​types/uuid to v9.0.8 by @​renovate in https://github.com/tj-actions/changed-files/pull/1887
• chore(deps): update dependency @​types/node to v20.11.7 by @​renovate in https://github.com/tj-actions/changed-files/pull/1888
• chore(deps): update dependency @​types/node to v20.11.8 by @​renovate in https://github.com/tj-actions/changed-files/pull/1889
• chore(deps): lock file maintenance by @​renovate in https://github.com/tj-actions/changed-files/pull/1890
• chore(deps): update dependency @​types/node to v20.11.9 by @​renovate in https://github.com/tj-actions/changed-files/pull/1892
• chore: fix broken matrix example links by @​levenleven in https://github.com/tj-actions/changed-files/pull/1891
• chore(deps): update dependency @​types/node to v20.11.10 by @​renovate in https://github.com/tj-actions/changed-files/pull/1895
• Updated README.md by @​tj-actions-bot in https://github.com/tj-actions/changed-files/pull/1894
• docs: add levenleven as a contributor for doc by @​allcontributors in https://github.com/tj-actions/changed-files/pull/1893
• Updated README.md by @​tj-actions-bot in https://github.com/tj-actions/changed-files/pull/1896
• chore(deps): lock file maintenance by @​renovate in https://github.com/tj-actions/changed-files/pull/1897
• chore(deps): update typescript-eslint monorepo to v6.20.0 by @​renovate in https://github.com/tj-actions/changed-files/pull/1898
• chore: update test by @​jackton1 in [https://github.com/chore: update test tj-actions/changed-files#1899](https://togi

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[patak-dev]

Pushed a bump to the max bundle size (+10kb, from 165kb to 175kb) as we are hitting the limit after this PR.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.