📦 Update core dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@use-gesture/react (source)	10.2.10 -> 10.3.1
@webcomponents/webcomponentsjs (source)	2.6.0 -> 2.8.0
date-fns	2.27.0 -> 2.30.0
dompurify	3.0.2 -> 3.1.6
intersection-observer	0.12.0 -> 0.12.2
jss (source)	10.8.2 -> 10.10.0
jss-preset-default (source)	10.8.2 -> 10.10.0
moment (source)	2.29.4 -> 2.30.1
preact (source)	10.16.0 -> 10.23.2
react-day-picker (source)	8.0.0-beta.37 -> 8.10.1
react-jss (source)	10.8.2 -> 10.10.0
rrule (source)	2.7.2 -> 2.8.1

See all other Renovate PRs on the Dependency Dashboard

How to resolve breaking changes

This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below:

# Check out the PR branch
git checkout -b renovate/core-dependencies main
git pull https://github.com/ampproject/amphtml.git renovate/core-dependencies

# Directly make fixes and commit them
amp lint --fix # For lint errors in JS files
amp prettify --fix # For prettier errors in non-JS files
# Edit source code in case of new compiler warnings / errors

# Push the changes to the branch
git push git@github.com:ampproject/amphtml.git renovate/core-dependencies:renovate/core-dependencies

---

Release Notes

pmndrs/use-gesture (@​use-gesture/react)

v10.3.1

Compare Source

Patch Changes

• Updated dependencies [6f6f4a5]
  • @​use-gesture/core@​10.3.1

v10.3.0

Compare Source

Patch Changes

• Updated dependencies [c19ff0b]
• Updated dependencies [1ee9f42]
  • @​use-gesture/core@​10.3.0

v10.2.27

Compare Source

Patch Changes

• Updated dependencies [0dce221]
• Updated dependencies [957aee8]
• Updated dependencies [51c6cfc]
  • @​use-gesture/core@​10.2.27

v10.2.26

Compare Source

Patch Changes

• Updated dependencies [db0d934]
• Updated dependencies [43e751a]
  • @​use-gesture/core@​10.2.26

v10.2.25

Compare Source

Patch Changes

• Updated dependencies [3701753]
  • @​use-gesture/core@​10.2.25

v10.2.24

Compare Source

Patch Changes

• Updated dependencies [60aae21]
  • @​use-gesture/core@​10.2.24

v10.2.23

Compare Source

Patch Changes

• Updated dependencies [79684a0]
  • @​use-gesture/core@​10.2.23

v10.2.22

Compare Source

Patch Changes

• Updated dependencies [c6215e8]
  • @​use-gesture/core@​10.2.22

v10.2.21

Compare Source

Patch Changes

• Updated dependencies [6f4c09b]
• Updated dependencies [854f4df]
  • @​use-gesture/core@​10.2.21

v10.2.20

Compare Source

Patch Changes

• Updated dependencies [de807fd]
  • @​use-gesture/core@​10.2.20

v10.2.19

Compare Source

Patch Changes

• Updated dependencies [c7cb407]
  • @​use-gesture/core@​10.2.19

v10.2.18

Compare Source

Patch Changes

• Updated dependencies [115ee1f]
  • @​use-gesture/core@​10.2.18

v10.2.17

Compare Source

Patch Changes

• Updated dependencies [48dc6a1]
• Updated dependencies [d73ee4e]
  • @​use-gesture/core@​10.2.17

v10.2.16

Compare Source

Patch Changes

• a521a17: types: remove React types dependency on core package
• Updated dependencies [a521a17]
  • @​use-gesture/core@​10.2.16

v10.2.15

Compare Source

Patch Changes

• Updated dependencies [be1703a]
  • @​use-gesture/core@​10.2.15

v10.2.14

Compare Source

Patch Changes

• Updated dependencies [e82f1c2]
  • @​use-gesture/core@​10.2.14

v10.2.13

Compare Source

Patch Changes

• Updated dependencies [6896094]
• Updated dependencies [15724eb]
  • @​use-gesture/core@​10.2.13

v10.2.12

Compare Source

Patch Changes

• 91651b2: Fix config types
• Updated dependencies [91651b2]
  • @​use-gesture/core@​10.2.12

v10.2.11

Compare Source

Patch Changes

• Updated dependencies [670e6e2]
• Updated dependencies [5979b1a]
  • @​use-gesture/core@​10.2.11

webcomponents/polyfills (@​webcomponents/webcomponentsjs)

v2.8.0

Compare Source

• Update dependencies (#​542)
• Polyfill Element.toggleAttribute(). (#​541)

v2.7.0

Compare Source

• Polyfill addEventListener/removeEventListener event listener options,
  including {capture: boolean, once: boolean}.
  (#​469)
• Make webcomponents-loader.js compatible with the Trusted Types API
  (#​501)
• Remove an arrow function in webcomponents-loader.js.
  (#​507)

date-fns/date-fns (date-fns)

v2.30.0

Compare Source

Kudos to @​kossnocorp and @​Andarist for working on the release.

Changes

• Fixed increased build size after enabling compatibility with older browsers in the previous release. This was done by adding @​babel/runtime as a dependency. See more details.

v2.29.3

Compare Source

This release is prepared by our own @​leshakoss.

Fixed

• Fixed Ukrainian (uk) locale grammar for formatDistance.

• Improved browser compatibility by transforming the code with @babel/preset-env.

v2.29.2

Compare Source

This release is brought to you by @​nopears, @​vadimpopa and @​leshakoss.

Fixed

• Fixed sv locale abbreviated months matcher.

• Fixed uk locale abbreviated months matcher.

• Fixed a breaking change in intervalToDuration by removing a recently introduced RangeError.

v2.29.1

Compare Source

Thanks to @​fturmel for working on the release.

Fixed

• Fixed TypeScript and flow types for daysInYear constant.

v2.29.0

Compare Source

On this release worked @​tan75, @​kossnocorp, @​nopears, @​Balastrong, @​cpapazoglou, @​dovca, @​aliasgar55, @​tomchentw, @​JuanM04, @​alexandresaura, @​fturmel, @​aezell, @​andersravn, @​TiagoPortfolio, @​SukkaW, @​Zebreus, @​aviskarkc10, @​maic66, @​a-korzun, @​Mejans, @​davidspiess, @​alexgul1, @​matroskin062, @​undecaf, @​mprovenc, @​jooola and @​leshakoss.

Added

• Added intlFormatDistance function`.

• Added setDefaultOptions and getDefaultOptions functions that allow you to set default default locale, weekStartsOn and firstWeekContainsDate.

• Added roundingMethod option to roundToNearestMinutes.

• Added Swiss Italian locale (it-CH).

• Added Occitan (oc) locale. (#​2061)

• Added Belarusian Classic (be-tarask) locale.

Fixed

• Fixed Azerbaijani (az) locale for formatDistance.

• Fixed Czech (cs) locale for parse.

• Fixed TypeScript types for constants.

• Fixed long formatters in the South African English locale (en-ZA).

• Fixed a typo in the Icelandic locale (is) for format.

• Fixed weekday format for formatRelative in the Portuguese locale (pt).

• Fixed intervalToDuration being off by 1 day sometimes.

• Fixed ordinal number formatting in Italian locale (it).

• Fixed issue parsing months in Croatian (hr), Georgian (ka) and Serbian (sr and sr-Latn) locales.

Changed

• Replaced git.io links with full URLs in error messages.

• Internal: removed "v2.0.0 breaking changes" section from individual function docs

v2.28.0

Compare Source

Kudos to @​tan75, @​fturmel, @​arcanar7, @​jeffjose, @​helmut-lang, @​zrev2220, @​jooola, @​minitesh, @​cowboy-bebug, @​mesqueeb, @​JuanM04, @​zhirzh, @​damon02 and @​leshakoss for working on the release.

Added

• Added West Frisian (fy) locale.

• Added Uzbek Cyrillic locale (uz-Cyrl).

Fixed

• add the missing accent mark for Saturday in Spanish locale (es) for format.

• allowed K token to be used with a or b in parse.

cure53/DOMPurify (dompurify)

v3.1.6: DOMPurify 3.1.6

Compare Source

• Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @​kevin-mizu
• Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @​realansgar
• Fixed a minor problem with the bower file pointing to the wrong dist path
• Fixed several minor typos in docs, comments and comment blocks, thanks @​Rotzbua
• Updated several development dependencies

v3.1.5: DOMPurify 3.1.5

Compare Source

• Fixed a minor issue with the dist paths in bower.js, thanks @​HakumenNC
• Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @​kakao-bishop-cho

v3.1.4: DOMPurify 3.1.4

Compare Source

• Fixed an issue with the recently implemented isNaN checks, thanks @​tulach
• Added several new popover attributes to allow-list, thanks @​Gigabyte5671
• Fixed the tests and adjusted the test runner to cover all branches

v3.1.3: DOMPurify 3.1.3

Compare Source

• Fixed several mXSS variations found by and thanks to @​kevin-mizu & @​Ry0taK
• Added better configurability for comment scrubbing default behavior
• Added better hardening against Prototype Pollution attacks, thanks @​kevin-mizu
• Added better handling and readability of the nodeType property, thanks @​ssi02014
• Fixed some smaller issues in README and other documentation

v3.1.2: DOMPurify 3.1.2

Compare Source

• Addressed and fixed a mXSS variation found by @​kevin-mizu
• Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
• Updated tests for older Safari and Chrome versions

v3.1.1: DOMPurify 3.1.1

Compare Source

• Fixed an mXSS sanitiser bypass reported by @​icesfont
• Added new code to track element nesting depth
• Added new code to enforce a maximum nesting depth of 255
• Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

v3.1.0: DOMPurify 3.1.0

Compare Source

• Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
• Updated README to warn about happy-dom not being safe for use with DOMPurify yet
• Updated the LICENSE file to show the accurate year number
• Updated several build and test dependencies

v3.0.11: DOMPurify 3.0.11

Compare Source

• Fixed another conditional bypass caused by Processing Instructions, thanks @​Ry0taK
• Fixed the regex for HTML Custom Element detection, thanks @​AlekseySolovey3T

v3.0.10: DOMPurify 3.0.10

Compare Source

• Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @​Slonser
• Bumped up some build and test dependencies

v3.0.9: DOMPurify 3.0.9

Compare Source

• Fixed a problem with proper detection of Custom Elements, thanks @​kevin-mizu
• Refactored the hasOwnProperty logic, thanks @​ssi02014
• Removed a superfluous console.warn making HappyDom happier, thanks @​HugoPoi
• Modernized some of the demo hooks for better looks, thanks @​Steb95

v3.0.8: DOMPurify 3.0.8

Compare Source

• Fixed errors caused by conditional exports, thanks @​ssi02014
• Fixed a type error when working with custom element config, thanks @​cpmotion

v3.0.7: DOMPurify 3.0.7

Compare Source

• Added better protection against CSPP attacks, thanks @​kevin-mizu
• Updated browser versions for automated tests
• Updated Node versions for automated tests

v3.0.6: DOMPurify 3.0.6

Compare Source

• Refactored the core code-base and several utilities, thanks @​ssi02014
• Updated and fixed several sections of the README, thanks @​ssi02014
• Updated several outdated build and test dependencies

v3.0.5: DOMPurify 3.0.5

Compare Source

• Fixed a licensing issue spotted and reported by @​george-thomas-hill
• Updated several build and test dependencies

v3.0.4: DOMPurify 3.0.4

Compare Source

• Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @​leeN
• Fixed a typo with shadowrootmod which should be shadowrootmode, thanks @​masatokinugawa

v3.0.3: DOMPurify 3.0.3

Compare Source

• Added new TRUSTED_TYPES_POLICY configuration option, thanks @​dejang
• Added feDropShadow to the SVG filter allow-list, thanks @​SelfMadeSystem

GoogleChromeLabs/intersection-observer (intersection-observer)

v0.12.2

Compare Source

cssinjs/jss (jss)

v10.10.0

Compare Source

Improvements

• [jss] Added support for @​container query 1637

v10.9.2

Compare Source

Bug fixes

• [react-jss] Fix import useInsertionEffect 1627

v10.9.1

Compare Source

Bug fixes

• [jss] Update stylesheet if !important flag is set before and after the update 1612

v10.9.0

Compare Source

Bug fixes

• [jss, jss-plugin-global, jss-plugin-nested, jss-plugin-rule-value-function] Fixes a memory leak with nested function rules 1574

Improvements

• Keep classes ref when sheet and dynamicRules have not any change 1573

moment/moment (moment)

v2.30.1

Compare Source

• Release Dec 27, 2023
• Revert https://github.com/moment/moment/pull/5827, because it's breaking
  a lot of TS code.

v2.30.0

Compare Source

• Release Dec 26, 2023

preactjs/preact (preact)

v10.23.2

Compare Source

Fixes

• Fix shifting VNode children to the front (#​4472, thanks @​JoviDeCroock)

Types

• Add TypeScript support for Container.contains (#​4471, thanks @​sjoerdmulder)
• Add AriaRole types export (#​4466, thanks @​kuronijin)

Maintenance

• Bump to oxlint v0.7.0 (#​4469, thanks @​Boshen)
• General performance improvements for folks using compat (#​4459, thanks @​JoviDeCroock)
• Prepare for no-unused-vars (#​4462, thanks @​DonIsaac)

v10.23.1

Compare Source

Fixes

• Fix debug-issue in testing libraries where there might not be a DOM node (#​4454, thanks @​JoviDeCroock)

v10.23.0

Compare Source

Features

• Support ref cleanup functions (#​4436, thanks @​marvinhagemeister)

This adds support for returning a function in functional refs, example

<input
  ref={(ref) => {
    // Assign ref, do something with it
    return () => {
      // ref cleanup, when the element unmounts
      // we run the cleanup
    };
  }}
/>

Fixes

• Child-diffing should shift keyed fragmented lists (#​4448, thanks @​JoviDeCroock)
• Invalid DOM check not firing when p/a/button have a parent (#​4449, thanks @​JoviDeCroock)
• Support comments for streaming renders (#​4446, thanks @​JoviDeCroock)
• Import renderToPipeableStream in server.mjs for re-exporting (#​4440, thanks @​3846masa)

Types

• Add missing types ElementType and ComponentPropsWithoutRef (#​4433, thanks @​hamza0867)
• Add html attributes types #​4099 (#​4100, thanks @​samsam-ahmadi)

Maintenance

• Dependency maintenance (#​4431, thanks @​JoviDeCroock)
• Fix coveralls reporting on PRs (#​4430, thanks @​JoviDeCroock)

v10.22.1

Compare Source

Fixes

• Only check is connected for dom nodes (#​4409, thanks @​JoviDeCroock)
• Prevent useMemo from being too lazy with repeated renders (#​4426, thanks @​JoviDeCroock)
• Replace isConnected with parentDom.contains (#​4421, thanks @​JoviDeCroock)
• Graciously handle array shuffling (#​4413, thanks @​JoviDeCroock)
• Support popover boolean attribute (#​4393, thanks @​JoviDeCroock)

Types

• Improve React compatibility for Ref type. (#​4403, thanks @​maxbrieiev)
• Expose stream render from preact-render-to-string (#​4395, thanks @​Austaras)

Maintenance

• Prefer globalThis over window if available (#​4401, thanks @​marvinhagemeister)
• Bump lockfile version to v3 (#​4398, thanks @​rschristian)

Performance

• Improve perf by skipping some lifecycle hooks for perf (#​4366, thanks @​JoviDeCroock)
• Create hot path for unmounting a tree of context (#​4396, thanks @​JoviDeCroock)
• Migrate husky v9 (#​4390, thanks @​castrogarciajs)
• Migrate to oxlint (#​4387, thanks @​JoviDeCroock)
• Migrate to biome (#​4386, thanks @​JoviDeCroock)

v10.22.0

Compare Source

Features

• Support MathML namespace (#​4364, thanks @​rschristian)

Types

• Add popover types (#​4378, thanks @​rschristian)

Maintenance

• Skip running compressed-size builds twice (#​4377, thanks @​rschristian)
• Test types and warnings (#​4369, thanks @​rschristian)
• Bump compressed-size-action (#​4368, thanks @​rschristian)

Fixes

• Allow the same component to render many times across different phases (#​4382, thanks @​JoviDeCroock)
• Provide error for illegal nesting of and (#​4376, thanks @​rschristian)
• Disallow as a child of (#​4375, thanks @​rschristian)
• Change syntax in compat/client for IE11 support (#​4372, thanks @​rschristian)

v10.21.0

Compare Source

Features

• Debug throw on too many rerenders (#​4349, thanks @​rschristian)
• Add compat/client types (#​4345, thanks @​rschristian)

Fixes

• Expose hooks through compat's ReactCurrentDispatcher (#​4342, thanks @​rschristian)
• Respect default value (#​4341, thanks @​JoviDeCroock)
• Incorrect "missing transform-jsx-source" warning (#​4350, thanks @​rschristian)

Types

• Support ComponentChild(ren) in compat render/hydrate/createPortal (#​4346, thanks @​rschristian)
• Import and re-export PreactElement (#​3228, thanks @​henryqdineen)

Maintenance

• Add zustand and redux-toolkit to the demo. (#​3523, thanks @​MortezaMirjavadi)
• Optimise jsx runtime (#​4337, thanks @​JoviDeCroock)

v10.20.2

Compare Source

Fixes

• Check whether oldDom is present in the DOM (#​4318, thanks @​JoviDeCroock)
• Simplify the logic introduced in #​4322 & use eventClock for capture events too (#​4324, thanks @​jviide)
• Use a virtual clock instead of Date.now() for event dispatch times (#​4322, thanks @​jviide)

Types

• Add template tag JSX type (#​4334, thanks @​marvinhagemeister)

Maintenance

• Integrate the new benchmarks repo and update (#​4310, thanks @​andrewiggins)
• Some byte improvements (#​4321, thanks @​JoviDeCroock)

v10.20.1

Compare Source

Fixes

• Add special case for focusIn and focusOut (#​4316, thanks @​JoviDeCroock)

v10.20.0

Compare Source

Features

• Add isMemo to compact to allow compatibility with react-is dependant libraries (#​4302, thanks @​ziongh)

Fixes

• Fix case where shrinking a list would cause an exception (#​4312, thanks @​JoviDeCroock)

v10.19.7

Compare Source

Types

• Bring consistency to our focus-event types (#​4307, thanks @​JoviDeCroock)
• Add onScrollend listener type (#​4305, thanks @​JoviDeCroock)
• Align state updater type with Raeect (#​4306, thanks @​JoviDeCroock)

Fixes

• Revert batch commit callbacks from all components in the render queue (#​4297, thanks @​JoviDeCroock)

v10.19.6

Compare Source

tl;dr: This release contains bug fixes for incorrect ordering of unkeyed children.

Fixes

• Match null placeholders using skewed index (#​4290, thanks @​andrewiggins)
• Fix increment skew when we aren't removing the first pointer (#​4284, thanks @​JoviDeCroock)
• Fix invalid vnode internal id for text nodes (#​4291, thanks @​marvinhagemeister)
• Fix unkeyed reconciliation order in certain scenarios (#​4287, thanks @​marvinhagemeister, thanks @​JoviDeCroock)

Full Changelog: preactjs/preact@10.19.5...10.19.6

v10.19.5

Compare Source

Fixes

• Address scenario where we would crash when replacing a matched vnode with null (#​4281, thanks @​JoviDeCroock)
• Correctly restore _original (#​4280, thanks @​JoviDeCroock)
• Protect against nullish render (#​4278, thanks @​JoviDeCroock)
• Support setting translate through direct access (#​3800, thanks @​JoviDeCroock)

Types

• Add dpub aria 1.0 role JSX types (#​4276, thanks @​novari)

v10.19.4

Compare Source

Fixes

• event-listeners in safari 12.3 fix (#​4253, thanks @​JoviDeCroock)
• support passing context into pure component ([#​4269](https://redirect.github.com/prea

---

Configuration

📅 Schedule: Branch creation - "after 12am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[amp-owners-bot]

Hey @ampproject/wg-performance! These files were changed:

tsconfig.base.json

[danielrozenberg]

This PR updates core dependencies (not devDependencies) so I think we should have a thorough review here :)