chore(deps): update devdependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@11ty/eleventy (source)	^1.0.1 -> ^2.0.0
@babel/core (source)	7.19.0 -> 7.24.5
@badeball/cypress-cucumber-preprocessor	15.1.4 -> 20.0.5
@chanzuckerberg/axe-storybook-testing	7.1.0 -> 8.0.2
@commitlint/cli (source)	17.6.1 -> 19.3.0
@commitlint/config-conventional (source)	17.6.1 -> 19.2.2
@ember/optional-features	2.0.0 -> 2.1.0
@ember/test-helpers	^2.6.0 -> ^3.0.0
@percy/cli (source)	1.24.0 -> 1.28.6
@percy/storybook	4.3.6 -> 5.0.3
@web/dev-server (source)	0.2.1 -> 0.4.5
@web/dev-server-esbuild (source)	1.0.1 -> 1.0.2
@web/dev-server-rollup (source)	0.5.0 -> 0.6.3
@web/dev-server-storybook (source)	0.7.0 -> 2.0.3
@web/storybook-prebuilt	0.1.34 -> 0.1.37
@web/test-runner (source)	0.18.0 -> 0.18.2
@web/test-runner-browserstack (source)	0.7.0 -> 0.7.1
ava (source)	5.3.1 -> 6.1.3
babel-loader	^8.2.3 -> ^9.0.0
c8	8.0.1 -> 9.1.0
chromatic (source)	6.17.3 -> 11.3.2
cypress (source)	12.15.0 -> 13.9.0
ember-auto-import (source)	2.4.2 -> 2.7.2
ember-cli (source)	~4.7.0 -> ~5.8.0
ember-cli-app-version	^5.0.0 -> ^6.0.0
ember-cli-babel	^7.26.11 -> ^8.0.0
ember-cli-dependency-checker	3.3.1 -> 3.3.2
ember-cli-htmlbars	6.1.1 -> 6.3.0
ember-data (source)	~4.7.0 -> ~5.3.0
ember-page-title (source)	^7.0.0 -> ^8.0.0
ember-qunit	^5.1.5 -> ^8.0.0
ember-resolver	^8.0.3 -> ^11.0.0
ember-source (source)	~4.7.0 -> ~5.8.0
ember-template-lint	^4.2.0 -> ^6.0.0
ember-truth-helpers	^3.0.0 -> ^4.0.0
eslint (source)	8.39.0 -> 9.2.0
eslint (source)	^8.0.0 -> ^9.0.0
eslint-config-prettier	^8.4.0 -> ^9.0.0
eslint-plugin-ember	^11.0.0 -> ^12.0.0
eslint-plugin-jsdoc	43.1.1 -> 48.2.4
eslint-plugin-prettier	^4.0.0 -> ^5.0.0
eslint-plugin-qunit	^7.2.0 -> ^8.0.0
esmock	2.6.0 -> 2.6.5
husky	8.0.3 -> 9.0.11
prettier (source)	^2.5.1 -> ^3.0.0
qunit (source)	2.19.1 -> 2.20.1
qunit-dom	^2.0.0 -> ^3.0.0
sinon (source)	17.0.1 -> 18.0.0
start-server-and-test	2.0.0 -> 2.0.3
stylelint (source)	15.6.1 -> 16.5.0
stylelint-config-standard	33.0.0 -> 36.0.0

---

Release Notes

11ty/eleventy (@​11ty/eleventy)

v2.0.1: Eleventy v2.0.1: a Bug Fix Release

Compare Source

Eleventy v2.0.1 is now available! You can try it out in your project now:

npm install @​11ty/eleventy@latest

• Read more about project versus global installation.

New to Eleventy?

Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output.

• Build a blog from scratch in 6 minutes with Eleventy
• Watch The State of Eleventy in Two Minutes
• Read more about Eleventy’s project goals.

Features and Fixes

• Fixed: this.eleventy in JavaScript template functions #​2790
• Fixed: lodash security audits #​2877
• Fixed: pagination targets with object bracket notation #​2851
• Fixed: 11ty.js templates were too aggressively cached on watch/serve #​2839 #​2838
• Fixed: Handlebars partials were too aggressively cached on watch/serve #​2799
• Fixed: Configuration reload fixes #​2864 #​2869 #​2867
• New: Serverless pagination now works with Arrays and Objects #​2853 #​2544 Learn more: https://www.11ty.dev/docs/plugins/serverless/#dynamic-slugs-to-subset-your-pagination
• Typo fixes by @​deining in #​2845

Housekeeping

• Full milestone/issue list: https://github.com/11ty/eleventy/milestone/43?closed=1
• Full changelog: 11ty/eleventy@v2.0.0...v2.0.1

Thank You Notes

This project would not be possible without our lovely community. Thank you to everyone that built something with Eleventy (×684 authors on our web site!), wrote a blog post about Eleventy, contributed code, wrote a plugins, helped with documentation, asked questions, answered questions, braved The Leaderboards, participated on Discord, filed issues, attended (or organized!) a meetup, said a kind word on social media ❤️.

• A huge thank you to Netlify, especially: @​biilmann, Chris Bach, Lauren Sell (alum), and Claire Knight, without whom this release would not have been possible.
• 🏆 A special thanks to @​pdehaan for their tireless contributions on the Eleventy Issue tracker.
• Yet more thanks to the all star Discord Moderators and Meetup Coordinators @​BenDMyers, @​clottman, @​dleatherman, @​darthmall, @​nachtfunke, @​siakaramalegos and @​5t3ph.
• All of our supporters on Open Collective ❤️
• Contribute on Open Collective
• How else can you contribute to Eleventy?

Open Collective Supporters

• Gold Sponsors: Sanity.io, Nordhealth, CloudCannon, Transloadit
• Silver Sponsors: Unabridged Software, PQINA, Bejamas, Nathan Smith, Monarch Air Group, Getform.io, Mercury Jets, OCEG
• Backers: Tyler Gaw, Ariel Salminen, Peter deHaan, Melanie Sumner, Ben Nash, Alejandro Rodríguez, Mat Marquis, Philip Borenstein, Jérôme Coupé, Nicolas Hoizey, Mike Aparicio, Ben Myers, Katie Sylor-Miller, Mark Buskbjerg, mortendk, Aaron Hans, Lauris Consulting, John Meyerhofer, Todd Libby, shawn j sandy, Luke Bonaccorsi, Higby, Jenn Schiffer, Dimitrios Grammatikogiannis, Devin Clark, Eric Bailey, Manuel Matuzovic, Tim Giles, Kyosuke Nakamura, Rob Sterlini, Horacio Gonzalez, Hans Gerwitz, Makoto Kawasaki, Josh Crain, Richard Hemmer, Nick Nisi, John SJ Anderson, Ryan Swaney, Alistair Shepherd, Ivo Herrmann, Flaki, Angelique Weger, John Hall, Scott McCracken, James Steinbach, Miriam Suzanne, Bentley Davis, Ara Abcarians, vince falconi, Martin Schneider, Stephanie Eckles, Frontend Weekly Tokyo, Dorin Vancea, Chris Burnell, Ximenav Vf., Rich Holman, Kasper Storgaard, Kevin Healy, Greg Gibson, Michelle Barker, Alesandro Ortiz, David A. Herron, Paul Robert Lloyd, Andrea Vaghi, Bryan Robinson, Ashur Cabrera, Raymond Camden, John Meguerian, Joe Lamyman, Dan Ryan, Sam, Brett Nelson, Paul Welsh, Ingo Steinke, Noel Forte, Melanie Richards, Marco Zehe, Wes Ruvalcaba, Luc Poupard, Entle Web Solutions, Ken Hawkins, Fershad Irani, Nikita Dubko, Aaron Gustafson, Chris, Christian Miles, Benjamin Geese, Marcus Relacion, Netin nopeustesti, Raphael Höser, Cthos, Sia Karamalegos, Jon Kuperman, Saneef Ansari, Michel van der Kroef, Flemming Meyer, Colin Fahrion, Dan Burzo, Dan Ott, Mobilemall.pk, Cheap VPS, David Darnes, Jon Roobottom, Dana Byerly, Oisín Quinn, Renkaatsopivasti, Windesol Sähkön Kilpailutus, Luke Mitchell, SignpostMarv, THE PADDING, Bob Monsour, Richmond Insulation, Patrick Byrne, zapscribbles, Frank Reding, quinnanya, Cory Birdsong, Aram ZS, Andy Stevenson, Robin Rendle, HelppoHinta.fi, Tanner Dolby, jpoehnelt, xdesro, Alex Zappa, Richmond Concrete, Alexander Wunschik, Tom, CelineDesign, Nic Chan, Duc Lam, Stephen Bell, Robert Haselbacher, Lene, Brett DeWoody, alistairtweedie, Meta Tier List, Iva Tech, Daniel Saunders, Josh Vickerson, Dan Urbanowicz, dan leatherman, Jens Grochtdreis, CBD Review, Eric Gallager, Softermii, Eric Carlisle, Claus Conrad, Anna E. Cook, David Luhr, Matt Obee, Kiekkotorni - Nikotiinipussit

v2.0.0: Eleventy v2.0.0: Now with twice as many Possums

Compare Source

🚨 The full release notes are available on The Eleventy Blog: Eleventy v2.0.0 or you can watch me talk about v2.0 on YouTube.

Eleventy v2.0.0 is now available! You can try it out now:

### Local project
npm install @​11ty/eleventy@latest

### Global install
npm install @​11ty/eleventy@latest -g

• Read more about local versus global installation.
• Watch a short video about 2.0 on YouTube.

New to Eleventy?

Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output. Watch The State of Eleventy in Two Minutes or read more about Eleventy’s project goals.

The Big Features

Smaller, More Secure

• ✅ Dependencies decreased by 32.1%: 211 modules (311 in v1.0.2)
• ✅ node_modules file weight decreased by 77.8%: 34.3 MB (155 MB in v1.0.2)
• ✅ 30.5% faster npm install time

Faster Builds

• Improved build performance (tested on a sample 500 page site against v1.0.2) using:
  • Liquid: ✅ 18.18% faster
  • Nunjucks: ✅ 17.74% faster
  • Markdown (with Liquid): ✅ 17.95% faster
  • JavaScript (11ty.js): ✅ 8.33% faster
• --incremental for incremental builds #​108
  • Smarter incremental builds with support for layout dependencies, registered dependencies on custom templates, dependencies in pagination data or eleventyImport #​975
• --ignore-initial command line option to skip the first build (best paired with --incremental)
• Use emulated passthrough copy to serve passthrough files directly without triggering a build (will still work with live reload) #​2456

Plugins

• Support for WebC, the new single file format for web components
• Eleventy Edge will render Eleventy templates in an Edge Function for dynamic content (bundled with Eleventy)
• Eleventy Dev Server replaces Browsersync, adds support for DOM-diffing live reloads. #​1305 (bundled with Eleventy)
• Render Plugin will render any template syntax inside other files (bundled with Eleventy)
• Internationalization (i18n) Plugin makes it easy to create localized sites (bundled with Eleventy)
• HTML <base> Plugin makes it easy to deploy your site to any folder path without changing any content (works great with the path prefix feature) (bundled with Eleventy)
• Support for the Vite plugin

And more…

• Support for aliasing to an existing template language #​2248
  • This unlocks TypeScript or JSX in Eleventy when you use esbuild-register and alias 11ty.ts or 11ty.tsx to 11ty.js.
• Event arguments unlock new plugin abilities: dir (input/output/includes/data/layouts locations),
  outputMode (where the templates are going: fs, json, ndjson), runMode (build, watch, or serve), or results for the processed Eleventy output.
• Memory usage improvements to Pagination

Breaking Changes

⚠️ Rather than review this list, it’d be faster to use the eleventy-upgrade-helper plugin, which runs a suite of tests to see whether or not you need to worry about these breaking changes in your project: https://github.com/11ty/eleventy-upgrade-help

• Bump minimum Node version to Node 14+ #​2336
• Disable indented code blocks in Markdown by default #​2438
• Both .git and nested node_modules folders are ignored by default (previously we ignored node_modules/**, now **/node_modules/**) #​2436
• Dates will now be stripped from the parent directory for page.fileSlug when the file name is index.*. e.g. YYYY-MM-DD-myslug/index.md has a page.fileSlug of myslug when previously it was YYYY-MM-DD-myslug #​1947 #​2111
• Dots in global data file names should be preserved in key name for data cascade #​1242 #​1912
• Removes deprecated in v1.0 (and undocumented) renderData feature (use Computed Data instead) #​2356
• Removes pre-processing global JSON data files with a template language #​2728
• Removes --passthroughall command line flag #​2682
• Major dependency bumps:
  • liquidjs from v9 to v10 Release notes #​2678
  • luxon from v2 to v3 [Release notes](https://togithub.com/moment/luxon/blob/master/CHANGELOG.md#300-2022-0

---

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/core-js-bundle@3.11.0	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	package-lock.json
Install scripts	npm/playwright@1.25.2	Install script: install Source: node install.js	packages/muon/package-lock.json packages/muon/package.json
Install scripts	npm/esbuild@0.12.29	Install script: postinstall Source: node install.js	orphan: npm/esbuild@0.12.29

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/core-js-bundle@3.11.0
• @SocketSecurity ignore npm/playwright@1.25.2
• @SocketSecurity ignore npm/esbuild@0.12.29