Update dependency @builder.io/qwik to v1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@builder.io/qwik (source)	0.16.2 -> 1.7.3

GitHub Vulnerability Alerts

CVE-2023-1283

Code Injection in GitHub repository builderio/qwik prior to 0.21.0. The Function deserializer can be accessed using the pureServerFunction feature. This allows any Javascript code to be run by node.js.

CVE-2024-41677

Summary

A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0.

Details

Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules:

https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.ts#L1182-L1208

• If the string is an attribute value:
  • " -> "
  • & -> &
  • Other characters -> No conversion
• Otherwise:
  • < -> <
  • > -> >
  • & -> &
  • Other characters -> No conversion

It sometimes causes the situation that the final DOM tree rendered on browsers is different from what Qwik expects on server-side rendering. This may be leveraged to perform XSS attacks, and a type of the XSS is known as mXSS (mutation XSS).

PoC

A vulnerable component:

import { component$ } from "@​builder.io/qwik";
import { useLocation } from "@​builder.io/qwik-city";

export default component$(() => {
  
  // user input
  const { url } = useLocation();
  const href = url.searchParams.get("href") ?? "https://example.com";

  return (
    <div>
      <noscript>
        <a href={href}>test</a>
      </noscript>
    </div>
  );
});

If a user accesses the following URL,

http://localhost:4173/?href=</noscript><script>alert(123)</script>

then, alert(123) will be executed.

Impact

XSS

---

Release Notes

QwikDev/qwik (@​builder.io/qwik)

v1.7.3

v1.7.2

Patch Changes

• Library builds now correctly generate _fnSignal calls again. Any Qwik library that exports components should be built again. (by @​wmertens in #​6732)

• • built files are now under dist/ or lib/. All tools that respect package export maps should just work. (by @​wmertens in #​6715)
    If you have trouble with Typescript, ensure that you use moduleResolution: "Bundler" in your tsconfig.json.
  • @builder.io/qwik no longer depends on undici

• fix dev mode on windows (by @​Varixo in #​6713)

v1.7.1

Compare Source

What's Changed

There are very important bugfixes around build and development in this release and we recommend upgrading.

PRs

• fix(eslint): Fixed lint problem about the JSXNode by @​genki in https://github.com/QwikDev/qwik/pull/6637
• fix(dev): Reports what is happening when SSR dirty tasks in taskStaging. by @​genki in https://github.com/QwikDev/qwik/pull/6642
• docs: added placementpreparation.io to showcase page by @​JohnPremKumar in https://github.com/QwikDev/qwik/pull/6659
• feat: use new @​auth/qwik package by @​gioboa in https://github.com/QwikDev/qwik/pull/6658
• docs: update readme footer logo by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6668
• fix(dev): some important edge cases by @​wmertens in https://github.com/QwikDev/qwik/pull/6667
• chore: couldn't handle that joke anymore 😅 by @​shairez in https://github.com/QwikDev/qwik/pull/6671
• chore: 1.7.1 by @​wmertens in https://github.com/QwikDev/qwik/pull/6672

Full Changelog: QwikDev/qwik@v1.7.0...v1.7.1

v1.7.0

Compare Source

Notable changes

• Form errors when using dot notation have a slightly different type
• Changes to search parameters in the URL will cause routeloaders to re-run now
• Fixed several issues in dev mode

PRs merged

• chore: improve needs reproduction message by @​gioboa in https://github.com/QwikDev/qwik/pull/6618
• fix(dev): path to outside-project files by @​wmertens in https://github.com/QwikDev/qwik/pull/6624
• docs: Small grammatical corrections by @​codyroberts in https://github.com/QwikDev/qwik/pull/6630
• docs(starts): fix typo depencies by @​BuptStEve in https://github.com/QwikDev/qwik/pull/6631
• refactor: Simplify CLI starters by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6632
• docs: Fixed capitalization on "Optimizer" by @​codyroberts in https://github.com/QwikDev/qwik/pull/6645
• refactor: tiny adjustment for document testing by @​arlyxiao in https://github.com/QwikDev/qwik/pull/6647
• fix: improve new SW logic by @​gioboa in https://github.com/QwikDev/qwik/pull/6641
• fix(dev): vite base and qrl segment fixes by @​wmertens in https://github.com/QwikDev/qwik/pull/6629
• fix(qwik-city): fix redirect with search params by @​octet-stream in https://github.com/QwikDev/qwik/pull/6410
• feat(qwikcity/actions): dotnotation field-errors by @​tzdesign in https://github.com/QwikDev/qwik/pull/6568

New Contributors

• @​BuptStEve made their first contribution in https://github.com/QwikDev/qwik/pull/6631
• @​arlyxiao made their first contribution in https://github.com/QwikDev/qwik/pull/6647

Full Changelog: QwikDev/qwik@v1.6.0...v1.7.0

v1.6.0

Compare Source

What's Changed

Features

• feat(vite-imagetools): add fetch priority support by @​JerryWu1234 in https://github.com/QwikDev/qwik/pull/6538
• feat: manage assetsDir by @​gioboa in https://github.com/QwikDev/qwik/pull/6588
• feat(qwikVite): add possibility to define multiple outputs by @​KingSora in https://github.com/QwikDev/qwik/pull/6452
• feat(vite-server config): added the option to disable image dev tools for dev server by @​s-voloshynenko in https://github.com/QwikDev/qwik/pull/6427
• feat(qrl): wrap resolved funcs for scope by @​wmertens in https://github.com/QwikDev/qwik/pull/6575
• feat(core): Add support to shadow DOM for QwikLoader. by @​mhevery in https://github.com/QwikDev/qwik/pull/6547

Bug Fixes

• fix: fix up csr mode by @​gioboa in https://github.com/QwikDev/qwik/pull/6611
• fix: solve _routes issue with assetsDir by @​gioboa in https://github.com/QwikDev/qwik/pull/6612
• fix(optimizer): retain paths of QRL segments by @​wmertens in https://github.com/QwikDev/qwik/pull/6539
• fix: correct onSubmit$ / onSubmitComplete$ type signature by @​JerryWu1234 in https://github.com/QwikDev/qwik/pull/6542
• refactor: remove references to currentScript by @​mhevery in https://github.com/QwikDev/qwik/pull/6559
• chore: add API changes guards by @​shairez in https://github.com/QwikDev/qwik/pull/6562
• fix(repl): code display in repl output by @​wmertens in https://github.com/QwikDev/qwik/pull/6564
• refactor(optimizer): nicer module finding + fix dev by @​wmertens in https://github.com/QwikDev/qwik/pull/6556
• fix: moved express to dependencies section by @​thecoder93 in https://github.com/QwikDev/qwik/pull/6576
• fix: moved Fastify packages to dependencies section by @​thecoder93 in https://github.com/QwikDev/qwik/pull/6577
• fix: fix up docs build by @​gioboa in https://github.com/QwikDev/qwik/pull/6578
• fix(qrl): correct qrl loading in vite dev mode by @​wmertens in https://github.com/QwikDev/qwik/pull/6579
• fix: SW prefetch by @​gioboa in https://github.com/QwikDev/qwik/pull/6582
• refactor(server$): clean up var names by @​shairez in https://github.com/QwikDev/qwik/pull/6572
• refactor(city): clean up code by @​shairez in https://github.com/QwikDev/qwik/pull/6581
• revert: #​6522 & #​6526 by @​gioboa in https://github.com/QwikDev/qwik/pull/6583
• fix(dev): qrl parsing during dev mode by @​wmertens in https://github.com/QwikDev/qwik/pull/6584
• fix(qrl): help rollup resolve imports from qrl segments by @​wmertens in https://github.com/QwikDev/qwik/pull/6586
• fix(optimizer): make component entries more unique by @​wmertens in https://github.com/QwikDev/qwik/pull/6587
• fix(build): put optimizer in pr.new builds by @​wmertens in https://github.com/QwikDev/qwik/pull/6589
• fix(dev): qrl import and refactor parent building by @​wmertens in https://github.com/QwikDev/qwik/pull/6590
• fix(ci): make pr npm build work again by @​wmertens in https://github.com/QwikDev/qwik/pull/6591
• fix(dev): qrl loading for non-srcDir by @​wmertens in https://github.com/QwikDev/qwik/pull/6592
• fix: disable PrefetchGraph in dev mode by @​gioboa in https://github.com/QwikDev/qwik/pull/6604
• fix: disable PrefetchServiceWorker in dev mode by @​gioboa in https://github.com/QwikDev/qwik/pull/6606

Docs

• docs: fix aws logo color by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6565
• fix(docs): update valibot snippet by @​zougari47 in https://github.com/QwikDev/qwik/pull/6569
• docs: Document how to access current url from within root.tsx by @​srapport in https://github.com/QwikDev/qwik/pull/6598
• docs(state): add guidance on signals as props by @​shairez in https://github.com/QwikDev/qwik/pull/6574
• docs: fix conflicting ctrl+k shortcut by @​gioboa in https://github.com/QwikDev/qwik/pull/6554
• docs(qwik-nutshell): remove onInput$ reference to React onChange by @​maiieul in https://github.com/QwikDev/qwik/pull/6558
• docs: small grammar change by @​codyroberts in https://github.com/QwikDev/qwik/pull/6609
• docs: added an example for creating a dynamic Leaflet map by @​gimonaa in https://github.com/QwikDev/qwik/pull/6599
• docs: fix typo by @​lollyxsrinand in https://github.com/QwikDev/qwik/pull/6615
• docs(insights): location change to qwikdev by @​tzdesign in https://github.com/QwikDev/qwik/pull/6544
• docs: comment out extra sponsor component by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6555
• docs: (concepts/reactivity) added comma by @​sajebehari in https://github.com/QwikDev/qwik/pull/6533
• docs: (concepts/progressive) punctuation; removed we; removed let's by @​sajebehari in https://github.com/QwikDev/qwik/pull/6532
• docs: remove the custom portals section by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6525
• docs: update tutorial by @​sajebehari in https://github.com/QwikDev/qwik/pull/6528
• docs: (concepts/think-qwik) removed we; punctuation; grammar by @​sajebehari in https://github.com/QwikDev/qwik/pull/6530
• docs: (concepts/resumable) removed we; readability by @​sajebehari in https://github.com/QwikDev/qwik/pull/6531
• docs: improve Tauri integration by @​nevthereal in https://github.com/QwikDev/qwik/pull/6470
• docs: sw debug mode by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6536
• docs: improve debug mode docs by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6537
• chore: 1.6.0 by @​gioboa in https://github.com/QwikDev/qwik/pull/6616

New Contributors

• @​nevthereal made their first contribution in https://github.com/QwikDev/qwik/pull/6470
• @​KingSora made their first contribution in https://github.com/QwikDev/qwik/pull/6452
• @​s-voloshynenko made their first contribution in https://github.com/QwikDev/qwik/pull/6427
• @​zougari47 made their first contribution in https://github.com/QwikDev/qwik/pull/6569
• @​thecoder93 made their first contribution in https://github.com/QwikDev/qwik/pull/6576
• @​srapport made their first contribution in https://github.com/QwikDev/qwik/pull/6598
• @​gimonaa made their first contribution in https://github.com/QwikDev/qwik/pull/6599

Full Changelog: QwikDev/qwik@v1.5.7...v1.6.0

v1.5.7

Compare Source

What's Changed

• refactor(cli): updated jokes to just programming ones by @​shairez in https://github.com/QwikDev/qwik/pull/6469
• docs: fix up playground section by @​sajebehari in https://github.com/QwikDev/qwik/pull/6472
• docs: improve Posting Data section by @​sajebehari in https://github.com/QwikDev/qwik/pull/6473
• docs: improve Preview section by @​sajebehari in https://github.com/QwikDev/qwik/pull/6474
• docs: improve Review section by @​sajebehari in https://github.com/QwikDev/qwik/pull/6475
• docs: reword for readability by @​sajebehari in https://github.com/QwikDev/qwik/pull/6476
• docs: improve readability by @​sajebehari in https://github.com/QwikDev/qwik/pull/6477
• docs: improve readability by @​sajebehari in https://github.com/QwikDev/qwik/pull/6478
• docs: rewording; added punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6479
• docs: improve vDOM explanation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6480
• docs: reword; edit run on sentences by @​sajebehari in https://github.com/QwikDev/qwik/pull/6482
• docs: improve readability by @​sajebehari in https://github.com/QwikDev/qwik/pull/6481
• docs: improve faq by @​sajebehari in https://github.com/QwikDev/qwik/pull/6483
• docs: fixed grammar by @​sajebehari in https://github.com/QwikDev/qwik/pull/6484
• docs: heading change by @​sajebehari in https://github.com/QwikDev/qwik/pull/6485
• docs: added punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6486
• docs: punctuation, run on sentence fix by @​sajebehari in https://github.com/QwikDev/qwik/pull/6487
• docs: punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6488
• docs: removed we by @​sajebehari in https://github.com/QwikDev/qwik/pull/6489
• docs: added punctuation; made name plural by @​sajebehari in https://github.com/QwikDev/qwik/pull/6490
• docs: added punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6491
• docs: added punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6492
• docs: punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6508
• docs: header change by @​sajebehari in https://github.com/QwikDev/qwik/pull/6496
• docs: removed let's; added colon by @​sajebehari in https://github.com/QwikDev/qwik/pull/6504
• docs: removed we; fixed sentence structure by @​sajebehari in https://github.com/QwikDev/qwik/pull/6495
• docs: removed we by @​sajebehari in https://github.com/QwikDev/qwik/pull/6497
• docs: more concise; readability; punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6498
• docs: punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6499
• docs: punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6500
• docs: removed we by @​sajebehari in https://github.com/QwikDev/qwik/pull/6501
• docs: removed we; improved syntax by @​sajebehari in https://github.com/QwikDev/qwik/pull/6502
• docs: punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6503
• docs: punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6505
• docs: punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6506
• docs: punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6507
• docs: (qwikcity/api) removed we; improved sentence structure by @​sajebehari in https://github.com/QwikDev/qwik/pull/6520
• docs: (qwikcity/env-variables) removed we; punctuation (oxford comma :)) by @​sajebehari in https://github.com/QwikDev/qwik/pull/6519
• docs: (qwik city/overview) punctuation; removed we; parallelism by @​sajebehari in https://github.com/QwikDev/qwik/pull/6510
• docs: (qwikcity/routing) removed we; punctuation; improved readability; grammar by @​sajebehari in https://github.com/QwikDev/qwik/pull/6511
• docs: (qwikcity/pages) grammar; typo by @​sajebehari in https://github.com/QwikDev/qwik/pull/6512
• docs: (qwikcity/layout) grammar; removed we; removed let's; punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6513
• docs: (qwikcity/actions) grammar; readability; removed we; punctuation by @​sajebehari in https://github.com/QwikDev/qwik/pull/6514
• docs: (qwikcity/endpoints) grammar; readability by @​sajebehari in https://github.com/QwikDev/qwik/pull/6515
• docs: (qwikcity/middleware) grammar; typo; readability by @​sajebehari in https://github.com/QwikDev/qwik/pull/6516
• docs: (qwikcity/server$) grammar; punctuation; readability by @​sajebehari in https://github.com/QwikDev/qwik/pull/6517
• docs: (qwikcity/caching) punctuation; removed we; improved syntax by @​sajebehari in https://github.com/QwikDev/qwik/pull/6518
• docs: added reactivity best practice by @​shairez in https://github.com/QwikDev/qwik/pull/6521
• feat: use assetsDir in the qwikVite plugin by @​gioboa in https://github.com/QwikDev/qwik/pull/6522
• fix: fix up PrefetchServiceWorker with multiple Qwik containers by @​gioboa in https://github.com/QwikDev/qwik/pull/6468
• chore: v1.5.7 by @​gioboa in https://github.com/QwikDev/qwik/pull/6523
• fix: support Win environment by @​gioboa in https://github.com/QwikDev/qwik/pull/6526

New Contributors

• @​sajebehari made their first contribution in https://github.com/QwikDev/qwik/pull/6472

Full Changelog: QwikDev/qwik@v1.5.6...v1.5.7

v1.5.6

Compare Source

What's Changed

Many bugfixes and documentation updates.

We also added an API tech preview: createSignal, useConstant and createComputed$, which should be self-explanatory. Feedback welcome on Discord or in issues. We cannot guarantee the stability of these APIs yet, although they are simple enough that they probably won't need changing.

Commits

• docs: Updates useResource description in readme.md by @​greatgraphicdesign in https://github.com/QwikDev/qwik/pull/6354
• fix(starters): unicode problem by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6356
• fix(insights): fix up CSS class by @​JerryWu1234 in https://github.com/QwikDev/qwik/pull/6358
• fix: all charSet utf-8 issues by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6357
• chore: disabled strict check on package manager by @​shairez in https://github.com/QwikDev/qwik/pull/6363
• fix: utf-8 lowercase by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6365
• fix(prefetch): configure scope and give better errors by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6366
• chore: maybe fix? by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6367
• refactor(prefetch): avoid inconsistent doc generation by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6368
• chore(docs): update cloudflare compatibility flags and date by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6369
• chore: use old cf TextEncoderStream by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6373
• fix(eslint-plugin-qwik): allow loaders in routes with JSX extension by @​loriswit in https://github.com/QwikDev/qwik/pull/6374
• docs: drizzle vercel edge section by @​anxhirr in https://github.com/QwikDev/qwik/pull/6376
• fix(qwikcity): duplicated rewrite routes with multiple prefixes by @​shairez in https://github.com/QwikDev/qwik/pull/6377
• docs: added traiging process and github actions by @​shairez in https://github.com/QwikDev/qwik/pull/6379
• docs(triage.md): fix typos by @​maiieul in https://github.com/QwikDev/qwik/pull/6381
• docs: update docs for deep property of useStore to match the new default by @​Joristdh in https://github.com/QwikDev/qwik/pull/6383
• docs: added SECURITY.md by @​shairez in https://github.com/QwikDev/qwik/pull/6384
• chore: formatted auto comments on issues by @​shairez in https://github.com/QwikDev/qwik/pull/6387
• chore: added codeowners file by @​shairez in https://github.com/QwikDev/qwik/pull/6388
• docs: update TRIAGE.md by @​shairez in https://github.com/QwikDev/qwik/pull/6396
• feat: add some jokes by @​Lejla94 in https://github.com/QwikDev/qwik/pull/6400
• docs: Improved conciseness and readability by @​codyroberts in https://github.com/QwikDev/qwik/pull/6404
• docs: Update use-resource.ts by @​greatgraphicdesign in https://github.com/QwikDev/qwik/pull/6402
• feat(core): useConstant, createSignal, createComputed$ by @​wmertens in https://github.com/QwikDev/qwik/pull/6319
• docs: Grammar corrections. by @​codyroberts in https://github.com/QwikDev/qwik/pull/6413
• chore: qwik-auth v0.2.1 by @​wmertens in https://github.com/QwikDev/qwik/pull/6419
• docs(server$): RequestEvent info by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6421
• fix(qwik-city): don't crash on freezing circular refs by @​wmertens in https://github.com/QwikDev/qwik/pull/6422
• fix: Random fixes by @​wmertens in https://github.com/QwikDev/qwik/pull/6425
• docs: disable ChatGPT and Supabase by @​mhevery in https://github.com/QwikDev/qwik/pull/6212
• docs: fix minor in triage guide by @​shairez in https://github.com/QwikDev/qwik/pull/6431
• fix(qwik-auth): define basePath option by @​gioboa in https://github.com/QwikDev/qwik/pull/6435
• feat(qwik-auth): v0.2.2 by @​gioboa in https://github.com/QwikDev/qwik/pull/6436
• feat: update Auth.js starter by @​gioboa in https://github.com/QwikDev/qwik/pull/6437
• docs: site footer + banner changes by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6438
• chore(deps-dev): bump express from 4.18.3 to 4.19.2 by @​dependabot in https://github.com/QwikDev/qwik/pull/6440
• docs: improve clarity in docs overview by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6445
• docs: updating overview by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6446
• docs: add ohayo-dev-design.com to showcase page by @​Dokja620 in https://github.com/QwikDev/qwik/pull/6444
• chore(deps-dev): bump firebase-tools from 12.6.2 to 13.10.2 by @​dependabot in https://github.com/QwikDev/qwik/pull/6442
• fix(jsx-generated): simplify input type by @​maiieul in https://github.com/QwikDev/qwik/pull/6418
• docs: update documented minim node version by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6448
• ci: added ability to publish test packages by @​shairez in https://github.com/QwikDev/qwik/pull/6389
• docs: improved clarity in tutorial by @​thejackshelton-kunaico in https://github.com/QwikDev/qwik/pull/6463
• docs(props): Immutability & Signals explanation and example. by @​codyroberts in https://github.com/QwikDev/qwik/pull/6460
• fix(TextEncoderStream): emoji encoding polyfill and add tests by @​octet-stream in https://github.com/QwikDev/qwik/pull/6466
• docs: add sponsors section to homepage by @​thejackshelton in https://github.com/QwikDev/qwik/pull/6467

New Contributors

• @​loriswit made their first contribution in https://github.com/QwikDev/qwik/pull/6374
• @​anxhirr made their first contribution in https://github.com/QwikDev/qwik/pull/6376
• @​Joristdh made their first contribution in https://github.com/QwikDev/qwik/pull/6383
• @​Lejla94 made their first contribution in https://github.com/QwikDev/qwik/pull/6400
• @​dependabot made their first contribution in https://github.com/QwikDev/qwik/pull/6440
• @​Dokja620 made their first contribution in https://github.com/QwikDev/qwik/pull/6444
• @​thejackshelton-kunaico made their first contribution in https://github.com/QwikDev/qwik/pull/6463

Full Changelog: QwikDev/qwik@v1.5.5...v1.5.6

v1.5.5

Compare Source

What's Changed

• docs(store): explain arrow function vs regular function gotcha by @​maiieul in https://github.com/QwikDev/qwik/pull/6277
• docs: Update caching index.mdx verbiage and phrasing by @​Jemsco in https://github.com/QwikDev/qwik/pull/6280
• docs: Update html-attributes index.mdx verbiage and phrasing by @​Jemsco in https://github.com/QwikDev/qwik/pull/6282
• docs: Update integrations index.mdx by @​Jemsco in https://github.com/QwikDev/qwik/pull/6283
• docs: Update bootstrap index.mdx verbiage and phrasing by @​Jemsco in https://github.com/QwikDev/qwik/pull/6284
• docs: Update i18n index.mdx verbiage and phrasing by @​Jemsco in https://github.com/QwikDev/qwik/pull/6285
• docs(routes / typed-routes): add Declarative Routing by @​RumNCodeDev in https://github.com/QwikDev/qwik/pull/6287
• chore: fix Test Typo by @​ToanTrinh01 in https://github.com/QwikDev/qwik/pull/6289
• fix(plugin): csr typing by @​wmertens in https://github.com/QwikDev/qwik/pull/6292
• feat(qwikloader): emit error by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6254
• docs(polymorphism): changed hi to slot by @​tzdesign in https://github.com/QwikDev/qwik/pull/6294
• feat(Form): multi onSubmit$ handlers by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6241
• docs: Update pages.json by @​dejurin in https://github.com/QwikDev/qwik/pull/6295
• feat(server$): config argument, optional GET, ServerError by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6290
• refactor(aws): handler alias by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6240
• docs(sync$): adding note pointing to preventDefault docs by @​RumNCodeDev in https://github.com/QwikDev/qwik/pull/6296
• fix(http): ignore http2 headers by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6291
• feat: When closing over values in server$ the values should be marked as readonly by @​gitstart in https://github.com/QwikDev/qwik/pull/5238
• docs: server$ wording and link by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6297
• docs: show selected path if block scroll in view by @​RaiVaibhav in https://github.com/QwikDev/qwik/pull/6079
• docs(CONTRIBUTING): spelling fix by @​MVAodhan in https://github.com/QwikDev/qwik/pull/6299
• fix: SSG ignoring the index page when trailingSlash is false by @​JerryWu1234 in https://github.com/QwikDev/qwik/pull/6304
• docs(qwik-nutshell): more code examples for isServer by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6306
• docs: Document exposing gtag for custom events in Qwik Partytown setup by @​itssajan in https://github.com/QwikDev/qwik/pull/6303
• fix(bun): Rewrite TextEncoderStream polyfill implementation for Bun middleware by @​octet-stream in https://github.com/QwikDev/qwik/pull/6309
• refactor(qwikloader): add types and no handler qerror by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6305
• docs: Grammar correction and rewording by @​codyroberts in https://github.com/QwikDev/qwik/pull/6312
• fix(insights): lower limit to prevent timeouts by @​mhevery in https://github.com/QwikDev/qwik/pull/6313
• fix(qwik-city): enforce / on base paths by @​wmertens in https://github.com/QwikDev/qwik/pull/6301
• feat: add nonce to PrefetchServiceWorker by @​DustinJSilk in https://github.com/QwikDev/qwik/pull/6316
• docs: added going back example by @​rafalfigura in https://github.com/QwikDev/qwik/pull/6320
• docs: Fixing back-and-forth by @​rafalfigura in https://github.com/QwikDev/qwik/pull/6321
• docs: Wording and grammar corrections by @​codyroberts in https://github.com/QwikDev/qwik/pull/6325
• feat(RouteNavigate): nav(-1) history support by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6324
• chore(qwik-city/middleware): add TextEncoderStream polyfill and tests by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6310
• docs: alternative cookie delete by @​Twiggeh in https://github.com/QwikDev/qwik/pull/6331
• feat(starters): error if qwik packages aren't together by @​ToanTrinh01 in https://github.com/QwikDev/qwik/pull/6332
• docs: fixes broken link by @​greatgraphicdesign in https://github.com/QwikDev/qwik/pull/6334
• docs: Improved readability by @​codyroberts in https://github.com/QwikDev/qwik/pull/6335
• fix(qwik-city): Removed artificial recursive limiter from recursive path matching by @​gnemanja in https://github.com/QwikDev/qwik/pull/6327
• feat(vercel): no cache service-worker.js files by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6339
• fix(image-size-runtime.html): exclude SVG images from Perf: properly … by @​williamsdyyz in https://github.com/QwikDev/qwik/pull/6318
• feat(cloudflare): no-store service-worker.js by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6340
• fix: bandwidth issues for 404 resources #​6302 by @​okikio in https://github.com/QwikDev/qwik/pull/6341
• docs(contributing): Add devcontainer/cli as alternative method for local development setup by @​octet-stream in https://github.com/QwikDev/qwik/pull/6343
• fix(server$): return content type changes by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6345
• feat(qwik-city): append cookie headers to response by @​mhuretski in https://github.com/QwikDev/qwik/pull/6342
• chore: v1.5.5 by @​wmertens in https://github.com/QwikDev/qwik/pull/6349
• fix(bun): Support application builds with Bun by @​octet-stream in https://github.com/QwikDev/qwik/pull/6344

New Contributors

• @​ToanTrinh01 made their first contribution in https://github.com/QwikDev/qwik/pull/6289
• @​gitstart made their first contribution in https://github.com/QwikDev/qwik/pull/5238
• @​RaiVaibhav made their first contribution in https://github.com/QwikDev/qwik/pull/6079
• @​MVAodhan made their first contribution in https://github.com/QwikDev/qwik/pull/6299
• @​itssajan made their first contribution in https://github.com/QwikDev/qwik/pull/6303
• @​rafalfigura made their first contribution in https://github.com/QwikDev/qwik/pull/6320
• @​Twiggeh made their first contribution in https://github.com/QwikDev/qwik/pull/6331
• @​gnemanja made their first contribution in https://github.com/QwikDev/qwik/pull/6327
• @​williamsdyyz made their first contribution in https://github.com/QwikDev/qwik/pull/6318
• @​okikio made their first contribution in https://github.com/QwikDev/qwik/pull/6341
• @​mhuretski made their first contribution in https://github.com/QwikDev/qwik/pull/6342

Full Changelog: QwikDev/qwik@v1.5.4...v1.5.5

v1.5.4

Compare Source

What's Changed

• fix(types): add exports for old ts import style by @​wmertens in https://github.com/QwikDev/qwik/pull/6263

• fix(Click-to-Source ): fix windows by @​PatrickJS in https://github.com/QwikDev/qwik/pull/6261

• fix: upgrade authcore level by @​JerryWu1234 in https://github.com/QwikDev/qwik/pull/6147

• feat(qwik-city): scroll restoration any element by @​genki in https://github.com/QwikDev/qwik/pull/6258

• fix(qrl): ensure .resolved exists in all cases by @​wmertens in https://github.com/QwikDev/qwik/pull/6213

• docs: Update components/tasks index.mdx verbiage and phrasing by @​Jemsco in https://github.com/QwikDev/qwik/pull/6206

• docs: reworded documentation and fixed grammar by @​codyroberts in https://github.com/QwikDev/qwik/pull/6207

• docs: Update advanced speculative module fetching verbiage … by @​Jemsco in [https://github.com/docs: Update advanced speculative module fetching verbiage … QwikDev/qwik#6209](https://redirect.github.com/QwikDev/qw

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
qwind-starter	❌ Failed (Inspect)			Aug 6, 2024 9:36pm