fix(deps): update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@canonical/cookie-policy	3.5.0 -> 3.6.5					dependencies	minor
autoprefixer	10.4.19 -> 10.4.20					dependencies	patch
black (changelog)	==24.3.0 -> ==24.10.0						minor
cachetools	==5.3.3 -> ==5.5.1						minor
canonicalwebteam.blog	==6.4.2 -> ==6.4.4						patch
canonicalwebteam.discourse	==5.6.1 -> ==5.7.3						minor
canonicalwebteam.image-template	==1.3.1 -> ==1.4.2						minor
canonicalwebteam.search	==2.1.0 -> ==2.1.1						patch
codecov/codecov-action	v3 -> v5					action	major
concurrently	8.2.2 -> 9.1.2					dependencies	major
flake8 (changelog)	==7.0.0 -> ==7.1.1						minor
node	20 -> 22					stage	major
postcss (source)	8.4.38 -> 8.5.1					dependencies	minor
prettier (source)	3.2.5 -> 3.4.2					dependencies	minor
sass	1.75.0 -> 1.83.4					dependencies	minor
stylelint (source)	16.3.1 -> 16.13.2					dependencies	minor
stylelint-config-recommended-scss	14.0.0 -> 14.1.0					dependencies	minor
stylelint-prettier	5.0.0 -> 5.0.2					dependencies	patch
ubuntu	22.04 -> 24.04					github-runner	major
ubuntu	jammy -> noble					final	major
ubuntu	jammy -> noble					stage	major
vanilla-framework (source)	4.14.0 -> 4.20.0					dependencies	minor

---

Release Notes

canonical/cookie-policy (@​canonical/cookie-policy)

v3.6.5

Compare Source

v3.6.4: 3.6.4

Compare Source

What's Changed in cookie-policy v3.6.2

🐛 Fixes

• Fixes bug where 'essential' cookie was not being set properly by @​petesfrench in https://github.com/canonical/cookie-policy/pull/178

Full Changelog: canonical/cookie-policy@3.6.3...v3.6.4

v3.6.3

Compare Source

What's Changed in cookie-policy v3.6.3

🐛 Fixes

• Release to npm when a new release is published by @​samhotep in https://github.com/canonical/cookie-policy/pull/175

Full Changelog: canonical/cookie-policy@3.6.2...v3.6.3

v3.6.2

Compare Source

What's Changed in cookie-policy v3.6.2

🐛 Fixes

• Consent mode will now load as soon as the script is loaded by @​samhotep in https://github.com/canonical/cookie-policy/pull/174

Full Changelog: canonical/cookie-policy@3.6.1...v3.6.2

v3.6.1

Compare Source

What's Changed in cookie-policy v3.6.1

🐛 Fixes

• Insert google consent mode scripts into active session by @​samhotep in https://github.com/canonical/cookie-policy/pull/172

Full Changelog: canonical/cookie-policy@3.6.0...v3.6.1

v3.6.0

Compare Source

What's Changed in cookie-policy v3.6.0

🚀 Features

• Added support for google consent mode by @​samhotep in https://github.com/canonical/cookie-policy/pull/171

New Contributors

• @​samhotep made their first contribution in https://github.com/canonical/cookie-policy/pull/171

Full Changelog: canonical/cookie-policy@3.5.0...v3.6.0

postcss/autoprefixer (autoprefixer)

v10.4.20

Compare Source

• Fixed fit-content prefix for Firefox.

psf/black (black)

v24.10.0

Compare Source

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13
  mypyc-compiled wheels. (#​4436) (#​4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory
  safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please
  use Python 3.12.6 or Python 3.12.4 instead. (#​4447)
• Black no longer supports running with Python 3.8 (#​4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions.
  (#​4453)
• Fix skipping Jupyter cells with unknown %% magic (#​4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#​4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#​4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#​4450) (#​4449)
• blackd now requires a newer version of aiohttp. (#​4451)

Output

• Added Python target version information on parse error (#​4378)
• Add information about Black version to internal error messages (#​4457)

v24.8.0

Compare Source

Stable style

• Fix crash when # fmt: off is used before a closing parenthesis or bracket. (#​4363)

Packaging

• Packaging metadata updated: docs are explictly linked, the issue tracker is now also
  linked. This improves the PyPI listing for Black. (#​4345)

Parser

• Fix regression where Black failed to parse a multiline f-string containing another
  multiline string (#​4339)
• Fix regression where Black failed to parse an escaped single quote inside an f-string
  (#​4401)
• Fix bug with Black incorrectly parsing empty lines with a backslash (#​4343)
• Fix bugs with Black's tokenizer not handling \{ inside f-strings very well (#​4422)
• Fix incorrect line numbers in the tokenizer for certain tokens within f-strings
  (#​4423)

Performance

• Improve performance when a large directory is listed in .gitignore (#​4415)

Blackd

• Fix blackd (and all extras installs) for docker container (#​4357)

v24.4.2

Compare Source

This is a bugfix release to fix two regressions in the new f-string parser introduced in
24.4.1.

Parser

• Fix regression where certain complex f-strings failed to parse (#​4332)

Performance

• Fix bad performance on certain complex string literals (#​4331)

v24.4.1

Compare Source

Highlights

• Add support for the new Python 3.12 f-string syntax introduced by PEP 701 (#​3822)

Stable style

• Fix crash involving indented dummy functions containing newlines (#​4318)

Parser

• Add support for type parameter defaults, a new syntactic feature added to Python 3.13
  by PEP 696 (#​4327)

Integrations

• Github Action now works even when git archive is skipped (#​4313)

v24.4.0

Compare Source

Stable style

• Fix unwanted crashes caused by AST equivalency check (#​4290)

Preview style

• if guards in case blocks are now wrapped in parentheses when the line is too long.
  (#​4269)
• Stop moving multiline strings to a new line unless inside brackets (#​4289)

Integrations

• Add a new option use_pyproject to the GitHub Action psf/black. This will read the
  Black version from pyproject.toml. (#​4294)

tkem/cachetools (cachetools)

v5.5.1

Compare Source

===================

• Add documentation regarding caching of exceptions.

• Officially support Python 3.13.

• Update CI environment.

v5.5.0

Compare Source

===================

• TTLCache.expire() returns iterable of expired (key, value)
  pairs.

• TLRUCache.expire() returns iterable of expired (key, value)
  pairs.

• Documentation improvements.

• Update CI environment.

v5.4.0

Compare Source

===================

• Add the keys.typedmethodkey decorator.

• Deprecate MRUCache class.

• Deprecate @func.mru_cache decorator.

• Update CI environment.

canonical/canonicalwebteam.discourse (canonicalwebteam.discourse)

v5.7.3: : Read href from masked links in metadata

Compare Source

Changes

chore: Bump version to 5.7.3 (#​198)
Read href instead of string from masked links (#​197)

This release was made possible by the following contributors:

@​britneywwc

v5.7.2

Compare Source

Changes

Add sort by functionality to takeovers 'cooked' content (#​196)

This release was made possible by the following contributors:

@​carkod

v5.7.1

Compare Source

Changes

Add limit and offset to allow pagination for engage pages and takeovers (#​193)

This release was made possible by the following contributors:

@​carkod

codecov/codecov-action (codecov/codecov-action)

v5

Compare Source

What's Changed

• Fix typo in README by @​tserg in https://github.com/codecov/codecov-action/pull/1747
• Th/add commands by @​thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1745
• use correct audience when requesting oidc token by @​juho9000 in https://github.com/codecov/codecov-action/pull/1744
• build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1742
• build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by @​app/dependabot in https://github.com/codecov/codecov-action/pull/1743
• chore(deps): bump wrapper to 0.0.32 by @​thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1740
• feat: add disable-telem feature by @​thomasrockhu-codecov in https://github.com/codecov/codecov-action/pull/1739
• fix: remove erroneous linebreak in readme by @​Vampire in https://github.com/codecov/codecov-action/pull/1734

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0

v4

Compare Source

open-cli-tools/concurrently (concurrently)

v9.1.2

Compare Source

What's Changed

• Add ability to have custom logger by @​mwood23 in https://github.com/open-cli-tools/concurrently/pull/522

New Contributors

• @​mwood23 made their first contribution in https://github.com/open-cli-tools/concurrently/pull/522

Full Changelog: open-cli-tools/concurrently@v9.1.1...v9.1.2

v9.1.1

Compare Source

What's Changed

• fix: support Deno's JSON with comments configuration by @​mahtaran in https://github.com/open-cli-tools/concurrently/pull/523

Full Changelog: open-cli-tools/concurrently@v9.1.0...v9.1.1

v9.1.0

Compare Source

What's Changed

• Remove signal event listeners on finish by @​gustavohenke in https://github.com/open-cli-tools/concurrently/pull/512
• Add support for Deno shortcuts and wildcards by @​mahtaran in https://github.com/open-cli-tools/concurrently/pull/508
• bin: show help when no args are passed by @​gustavohenke in https://github.com/open-cli-tools/concurrently/pull/513

New Contributors

• @​mahtaran made their first contribution in https://github.com/open-cli-tools/concurrently/pull/508

Full Changelog: open-cli-tools/concurrently@v9.0.1...v9.1.0

v9.0.1

Compare Source

What's Changed

• Don't set up more than 1 abort signal listener by @​gustavohenke in https://github.com/open-cli-tools/concurrently/pull/503

Full Changelog: open-cli-tools/concurrently@v9.0.0...v9.0.1

v9.0.0

Compare Source

pycqa/flake8 (flake8)

v7.1.1

Compare Source

v7.1.0

Compare Source

nodejs/node (node)

v22.13.1: 2025-01-21, Version 22.13.1 'Jod' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2025-23083 - src,loader,permission: throw on InternalWorker use when permission model is enabled (High)
• CVE-2025-23085 - src: fix HTTP2 mem leak on premature close and ERR_PROTO (Medium)
• CVE-2025-23084 - path: fix path traversal in normalize() on Windows (Medium)

Dependency update:

• CVE-2025-22150 - Use of Insufficiently Random Values in undici fetch() (Medium)

Commits

• [520da342e0] - (CVE-2025-22150) deps: update undici to v6.21.1 (Matteo Collina) nodejs-private/node-private#662
• [99f217369f] - (CVE-2025-23084) path: fix path traversal in normalize() on Windows (Tobias Nießen) nodejs-private/node-private#555
• [984f735e35] - (CVE-2025-23085) src: fix HTTP2 mem leak on premature close and ERR_PROTO (RafaelGSS) nodejs-private/node-private#650
• [2446870618] - (CVE-2025-23083) src,loader,permission: throw on InternalWorker use (RafaelGSS) nodejs-private/node-private#651

v22.13.0: 2025-01-07, Version 22.13.0 'Jod' (LTS), @​ruyadorno

Compare Source

Notable Changes

Stabilize Permission Model

Upgrades the Permission Model status from Active Development to Stable.

Contributed by Rafael Gonzaga #​56201

Graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable

Following the merge of Curve25519 into the Web Cryptography API Editor's Draft the Ed25519 and X25519 algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use.

Contributed by (Filip Skokan) #​56142

Other Notable Changes

• [05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #​54630
• [a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #​55604
• [ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
• [f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
• [34c68827af] - doc: move typescript support to active development (Marco Ippolito) #​55536
• [dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #​56132
• [5263086169] - (SEMVER-MINOR) doc: add report version and history section (Chengzhong Wu) #​56130
• [8cb3c2018d] - (SEMVER-MINOR) doc: sort --report-exclude alphabetically (Rafael Gonzaga) #​55788
• [55239a48b6] - (SEMVER-MINOR) doc,lib,src,test: unflag sqlite module (Colin Ihrig) #​55890
• [7cbe3de1d8] - (SEMVER-MINOR) module: only emit require(esm) warning under --trace-require-module (Joyee Cheung) #​56194
• [6575b76042] - (SEMVER-MINOR) module: add module.stripTypeScriptTypes (Marco Ippolito) #​55282
• [bacfe6d5c9] - (SEMVER-MINOR) net: support blocklist in net.connect (theanarkh) #​56075
• [b47888d390] - (SEMVER-MINOR) net: support blocklist for net.Server (theanarkh) #​56079
• [566f0a1d25] - (SEMVER-MINOR) net: add SocketAddress.parse (James M Snell) #​56076
• [ed7eab1421] - (SEMVER-MINOR) net: add net.BlockList.isBlockList(value) (James M Snell) #​56078
• [ea4891856d] - (SEMVER-MINOR) process: deprecate features.{ipv6,uv} and features.tls_* (René) #​55545
• [01eb308f26] - (SEMVER-MINOR) report: fix typos in report keys and bump the version (Yuan-Ming Hsu) #​56068
• [97c38352d0] - (SEMVER-MINOR) sqlite: aggregate constants in a single property (Edigleysson Silva (Edy)) #​56213
• [b4041e554a] - (SEMVER-MINOR) sqlite: add StatementSync.prototype.iterate method (tpoisseau) #​54213
• [2e3ca1bbdd] - (SEMVER-MINOR) src: add cli option to preserve env vars on diagnostic reports (Rafael Gonzaga) #​55697
• [bcfe9c80fc] - (SEMVER-MINOR) util: add sourcemap support to getCallSites (Marco Ippolito) #​55589

Commits

• [e9024779c0] - assert: make Maps be partially compared in partialDeepStrictEqual (Giovanni Bucci) #​56195
• [4c13d8e587] - assert: make partialDeepStrictEqual work with ArrayBuffers (Giovanni Bucci) #​56098
• [a4fa31a86e] - assert: optimize partial comparison of two Sets (Antoine du Hamel) #​55970
• [05d6227a88] - (SEMVER-MINOR) assert: add partialDeepStrictEqual (Giovanni Bucci) #​54630
• [5e1321abd7] - buffer: document concat zero-fill (Duncan) #​55562
• [be5ba7c648] - build: set DESTCPU correctly for 'make binary' on loongarch64 (吴小白) #​56271
• [38cf37ee2d] - build: fix missing fp16 dependency in d8 builds (Joyee Cheung) #​56266
• [dbb7557455] - build: add major release action (Rafael Gonzaga) #​56199
• [27cc90f3be] - build: fix C string encoding for PRODUCT_DIR_ABS (Anna Henningsen) #​56111
• [376561c2b4] - build: use variable for simdutf path (Shelley Vohr) #​56196
• [126ae15000] - build: allow overriding clang usage (Shelley Vohr) #​56016
• [97bb8f7c76] - build: remove defaults for create-release-proposal (Rafael Gonzaga) #​56042
• [a8fb1a06f3] - build: set node_arch to target_cpu in GN (Shelley Vohr) #​55967
• [9f48ca27f1] - build: use variable for crypto dep path (Shelley Vohr) #​55928
• [e47ccd2287] - build: fix GN build for sqlite (Cheng) #​55912
• [8d70b99a5a] - build: compile bundled simdutf conditionally (Jakub Jirutka) #​55886
• [826fd35242] - build: compile bundled simdjson conditionally (Jakub Jirutka) #​55886
• [1015b22085] - build: compile bundled ada conditionally (Jakub Jirutka) #​55886
• [77e2869ca6] - build: use glob for dependencies of out/Makefile (Richard Lau) #​55789
• [a933103499] - (SEMVER-MINOR) cli: implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #​55604
• [72e8e0684e] - crypto: graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #​56142
• [fe2b344ddb] - crypto: ensure CryptoKey usages and algorithm are cached objects (Filip Skokan) #​56108
• [9ee9f524a7] - crypto: allow non-multiple of 8 in SubtleCrypto.deriveBits (Filip Skokan) #​55296
• [76f242d993] - deps: update nghttp3 to 1.6.0 (Node.js GitHub Bot) #​56258
• [c7ff2ea6b5] - deps: update simdutf to 5.6.4 (Node.js GitHub Bot) #​56255
• [04230be1ef] - deps: update libuv to 1.49.2 (Luigi Pinca) #​56224
• [88589b85b7] - deps: update c-ares to v1.34.4 (Node.js GitHub Bot) #​56256
• [5c2e0618f3] - deps: define V8_PRESERVE_MOST as no-op on Windows (Stefan Stojanovic) #​56238
• [9f8f3c9658] - deps: update sqlite to 3.47.2 (Node.js GitHub Bot) #​56178
• [17b6931d3b] - deps: update ngtcp2 to 1.9.1 (Node.js GitHub Bot) #​56095
• [22b453b619] - deps: upgrade npm to 10.9.2 (npm team) #​56135
• [d7eb41b382] - deps: update sqlite to 3.47.1 (Node.js GitHub Bot) #​56094
• [669c722aa9] - deps: update zlib to 1.3.0.1-motley-82a5fec (Node.js GitHub Bot) #​55980
• [f61a0454d2] - deps: update corepack to 0.30.0 (Node.js GitHub Bot) #​55977
• [d98bf0b891] - deps: update ngtcp2 to 1.9.0 (Node.js GitHub Bot) #​55975
• [fc362624bf] - deps: update simdutf to 5.6.3 (Node.js GitHub Bot) #​55973
• [f61dcc4df4] - deps: upgrade npm to 10.9.1 (npm team) #​55951
• [bfe7982491] - deps: update zlib to 1.3.0.1-motley-7e2e4d7 (Node.js GitHub Bot) #​54432
• [d714367ef8] - deps: update simdjson to 3.10.1 (Node.js GitHub Bot) #​54678
• [ccc9b105ec] - deps: update simdutf to 5.6.2 (Node.js GitHub Bot) #​55889
• [ba9d5397de] - (SEMVER-MINOR) dgram: support blocklist in udp (theanarkh) #​56087
• [7ddbf94849] - dgram: check udp buffer size to avoid fd leak (theanarkh) #​56084
• [360d68de0f] - doc: fix color contrast issue in light mode (Rich Trott) #​56272
• [f6d0c01303] - doc: stabilize util.styleText (Rafael Gonzaga) #​56265
• [9436c3c949] - doc: clarify util.aborted resource usage (Kunal Kumar) #​55780
• [b1cec2cef9] - doc: add esm examples to node:repl (Alfredo González) #​55432
• [d6a84cf781] - doc: add esm examples to node:readline (Alfredo González) #​55335
• [a11ac1c0f2] - doc: fix 'which' to 'that' and add commas (Selveter Senitro) #​56216
• [5331df7911] - doc: fix winget config path (Alex Yang) #​56233
• [7a8071b43c] - doc: add esm examples to node:tls (Alfredo González) #​56229
• [7d8c1e72d5] - doc: add esm examples to node:perf_hooks (Alfredo González) #​55257
• [ea53c4b1ae] - doc: sea.getRawAsset(key) always returns an ArrayBuffer (沈鸿飞) #​56206
• [7a94100a3e] - doc: update announce documentation for releases (Rafael Gonzaga) #​56200
• [44c4e57e32] - doc: update blog link to /vulnerability (Rafael Gonzaga) #​56198
• [5e5b4b0cbd] - doc: call out import.meta is only supported in ES modules (Anton Kastritskii) #​56186
• [a83de32d35] - doc: add ambassador message - benefits of Node.js (Michael Dawson) #​56085
• [bb880dd21a] - doc: fix incorrect link to style guide (Yuan-Ming Hsu) #​56181
• [39ce902e58] - doc: fix c++ addon hello world sample (Edigleysson Silva (Edy)) #​56172
• [19c72c4acc] - doc: update blog release-post link (Ruy Adorno) #​56123
• [b667cc4669] - doc: fix module.md headings (Chengzhong Wu) #​56131
• [34c68827af] - doc: move typescript support to active development (Marco Ippolito) #​55536
• [c4a97d810b] - doc: mention -a flag for the release script (Ruy Adorno) #​56124
• [dd14b80350] - doc: add LJHarb to collaborators (Jordan Harband) #​56132
• [2feb0781ed] - doc: add create-release-action to process (Rafael Gonzaga) #​55993
• [71f6263942] - doc: rename file to advocacy-ambassador-program.md (Tobias Nießen) #​56046
• [8efa240500] - doc: remove unused import from sample code (Blended Bram) #​55570
• [e64cef8bf4] - doc: add FAQ to releases section (Rafael Gonzaga) #​55992
• [4bb0f30f92] - doc: move history entry to class description (Luigi Pinca) #​55991
• [6d02bd6873] - doc: add history entry for textEncoder.encodeInto() (Luigi Pinca) #​55990
• [e239382ed8] - doc: improve GN build documentation a bit (Shelley Vohr) #​55968
• [78b6aef6bc] - doc: fix deprecation codes (Filip Skokan) #​56018
• [474bf80a44] - doc: remove confusing and outdated sentence (Luigi Pinca) [#&Redirect conjure-up.io instead of cloud-init.io #82

---

Configuration

📅 Schedule: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[webteam-app]

Demo

Jenkins

demos.haus

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 58.51%. Comparing base (043a8fb) to head (5df1cec).
Report is 40 commits behind head on main.

❗ Current head 5df1cec differs from pull request most recent head 9c89c83

Please upload reports for the commit 9c89c83 to get more accurate results.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #526   +/-   ##
=======================================
  Coverage   58.51%   58.51%           
=======================================
  Files           6        6           
  Lines         188      188           
=======================================
  Hits          110      110           
  Misses         78       78           

Flag	Coverage Δ
python	58.51% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.