fix(deps): update studiocms dependencies#1539
Merged
Merged
Conversation
🦋 Changeset detectedLatest commit: 3062137 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
Allure Test Report for this PR:✅ Allure Report | History |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
create-studiocms
effectify
studiocms
@studiocms/auth0
@studiocms/blog
@studiocms/cloudinary-image-service
@studiocms/devapps
@studiocms/discord
@studiocms/github
@studiocms/google
@studiocms/html
@studiocms/markdoc
@studiocms/markdown-remark
@studiocms/md
@studiocms/mdx
@studiocms/s3-storage
@studiocms/upgrade
@studiocms/wysiwyg
@withstudiocms/api-spec
@withstudiocms/auth-kit
@withstudiocms/cli-kit
@withstudiocms/component-registry
@withstudiocms/config-utils
@withstudiocms/effect
@withstudiocms/internal_helpers
@withstudiocms/kysely
@withstudiocms/sdk
@withstudiocms/template-lang
commit: |
a15a2de to
d357244
Compare
185a9b4 to
0c62d3a
Compare
3ada17f to
ad39028
Compare
1da8066 to
08c8a3a
Compare
79b1aaf to
c09ce50
Compare
5edd950 to
0492b0f
Compare
7ed4881 to
196558e
Compare
80d1957 to
72ccf29
Compare
13e1abd to
c24c6da
Compare
5b976c2 to
026752f
Compare
1b4aa7f to
0aac2d9
Compare
a4685ce to
dae509b
Compare
333f60d to
4369391
Compare
4369391 to
f61c277
Compare
f61c277 to
4408465
Compare
Contributor
Author
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
Adammatthiesen
approved these changes
Jul 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^1.2.74→^1.2.89^1.2.2→^1.3.3^1.3.3→^1.3.4^1.43.6→^1.44.0^3.3.3→^3.4.11^7.1.0→^7.4.2^6.2.1→^6.2.3^0.5.2→^0.5.3^1.2.0→^1.4.0^5.1.0→^5.3.0Release Notes
nanostores/i18n (@nanostores/i18n)
v1.3.3Compare Source
v1.3.2Compare Source
v1.3.1Compare Source
loadTranslationshelper (by @lunarW1TCH).v1.3.0Compare Source
loadTranslationshelper (by @lunarW1TCH).nanostores/persistent (@nanostores/persistent)
v1.3.4Compare Source
persistentBooleancross tab synchronization (by @dettogatto).ajaxorg/ace-builds (ace-builds)
v1.44.0Compare Source
Features
rawborrow operator in keyword list (#5942) (93581d6)Bug Fixes
modetype to accept bothSyntaxModeandstringacross definitions and implementations (#5925) (a6b1cb1)1.43.6 (2026-01-23)
Bug Fixes
1.43.5 (2025-12-02)
1.43.4 (2025-10-17)
Bug Fixes
1.43.3 (2025-09-02)
Bug Fixes
1.43.2 (2025-07-15)
Features
1.43.1 (2025-07-02)
Bug Fixes
1.42.1 (2025-06-20)
Features
cure53/DOMPurify (dompurify)
v3.4.11: DOMPurify 3.4.11Compare Source
setConfig, thanks @trace37labsnpm auditosv-scannersuppression list as no vulnerable dependencies are left for nowv3.4.10: DOMPurify 3.4.10Compare Source
types.tsSAFE_FOR_TEMPLATESscrubbing into single shared pathtextContentbeforeinnerHTMLnpm run bench) with a--comparemodedemos/folder so every demo runs again, and added a SVG-via-<img>demotest:happydomscripts in the READMEv3.4.9: DOMPurify 3.4.9Compare Source
IN_PLACEsanitization, thanks @mozfreddybIN_PLACEand Trusted Types related usagev3.4.8: DOMPurify 3.4.8Compare Source
v3.4.7: DOMPurify 3.4.7Compare Source
IN_PLACE, thanks @GameZoneHackerv3.4.6: DOMPurify 3.4.6Compare Source
IN_PLACEmode, thanks @offset & @BankdeIN_PLACEand Shadow DOM sanitization, thanks @offset & @BankdeIN_PLACEand general DOM Clobbering attacksv3.4.5: DOMPurify 3.4.5Compare Source
selectedcontentadded in 3.4.4, thanks @KabirAcharyaNote that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.
v3.4.4: DOMPurify 3.4.4Compare Source
selectedcontentelement to default allow-list, thanks @lukewarlowcommandandcommandforattributes to default allowed-list, thanks @lukewarlowIN_PLACEoperations, thanks @DEMON1A🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨
v3.4.3: DOMPurify 3.4.3Compare Source
v3.4.2: DOMPurify 3.4.2Compare Source
ADD_ATTRcallback, thanks @nelstromv3.4.1: DOMPurify 3.4.1Compare Source
font-face,color-profile,missing-glyph,font-face-src,font-face-uri,font-face-format,font-face-name) under permissiveCUSTOM_ELEMENT_HANDLINGannotation-xmlcheck that allowed mixed-case variants to bypass the basic-custom-element exclusion in XHTML modeSANITIZE_NAMED_PROPSrepeatedly prefixing already-prefixedidandnamevalues on subsequent sanitizationIN_PLACEroot-node check to explicitly guard against non-stringnodeName(DOM-clobbering robustness)slotentry from the default HTML attribute allow-listSANITIZE_NAMED_PROPS, and a negative-control assertion ensuring the invariants actually fireSAFE_FOR_TEMPLATESgreedy scrub, hook-added attribute handling)3.xand2.xmaintenance branchesv3.4.0: DOMPurify 3.4.0Compare Source
Most relevant changes:
FORBID_TAGSnot winning overADD_TAGS, thanks @kodareef5ADD_ATTR/ADD_TAGSfunction leaking into subsequent array-based calls, thanks @1Jesper1SAFE_FOR_TEMPLATESscrub inRETURN_DOMpath, thanks @bencalifCUSTOM_ELEMENT_HANDLING, thanks @trace37labsADD_TAGSfunction form bypassingFORBID_TAGS, thanks @eddieranADD_ATTRpredicates skipping URI validation, thanks @christos-ethUSE_PROFILESprototype pollution, thanks @christos-ethPublished Advisories are here:
https://github.com/cure53/DOMPurify/security/advisories?state=published
krisk/Fuse (fuse.js)
v7.4.2Compare Source
v7.4.1Compare Source
v7.4.0Compare Source
v7.3.0Compare Source
Features
Bug Fixes
v7.2.0Compare Source
Features
Fuse.use()for runtime plugin registration (8546a9b)Performance
removeAllfor O(n) bulk removes instead of O(n*k) (8546a9b)limitis set (8546a9b)Bug Fixes
panva/jose (jose)
v6.2.3Compare Source
Refactor
v6.2.2Compare Source
Fixes
unjs/magicast (magicast)
v0.5.3Compare Source
🚀 Features
View changes on GitHub
nanostores/nanostores (nanostores)
v1.4.0Compare Source
batchto run one re-render on many stores changes (by @psd-coder).listenKeys(by @ifo123).getPaththrowing onnullintermediate values (by @chatman-media).listenKeyson the whole set changes (by @LeSingh1).computedcache oncleanStores(by @ATOM00blue).v1.3.0Compare Source
globalThis.nanostoresGlobalto sync stores in JS bundles (by @afurm).GoogleChrome/web-vitals (web-vitals)
v5.3.0Compare Source
getFirstHiddenTimePolyfill(#729)
(#731)
interactionTargetsetting for INP(#744)
v5.2.0Compare Source
filter()[0]withfind()for better performance (#658)queueMicrotaskfor microtask scheduling (#660)LargestContentfulPaint.idas fallback when element is removed from DOM (#676)onLCPwhen attached late (#697)whenIdleOrHidden(#707)includeProcessedEventEntriesoption (#714)Configuration
📅 Schedule: (UTC)
* 0-3 * * 1)🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.