Skip to content

fix(deps): update all non-major dependencies #571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 15, 2025
Merged

fix(deps): update all non-major dependencies #571

merged 1 commit into from
Jun 15, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 15, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@astrojs/starlight (source) 0.34.3 -> 0.34.4 age adoption passing confidence
@lerna-lite/cli (source) ^4.3.0 -> ^4.4.1 age adoption passing confidence
@lerna-lite/publish (source) ^4.3.0 -> ^4.4.1 age adoption passing confidence
@lerna-lite/run (source) ^4.3.0 -> ^4.4.1 age adoption passing confidence
@types/node (source) ^22.15.30 -> ^22.15.31 age adoption passing confidence
@types/react (source) ^19.1.6 -> ^19.1.8 age adoption passing confidence
@types/react (source) 19.1.6 -> 19.1.8 age adoption passing confidence
astro (source) 5.9.1 -> 5.9.3 age adoption passing confidence
eslint (source) ^9.28.0 -> ^9.29.0 age adoption passing confidence
lint-staged ^16.1.0 -> ^16.1.1 age adoption passing confidence

Release Notes

withastro/starlight (@​astrojs/starlight)

v0.34.4

Compare Source

Patch Changes
lerna-lite/lerna-lite (@​lerna-lite/cli)

v4.4.1

Compare Source

Note: Version bump only for package @​lerna-lite/cli

v4.4.0

Compare Source

Features
lerna-lite/lerna-lite (@​lerna-lite/publish)

v4.4.1

Compare Source

Bug Fixes

v4.4.0

Compare Source

Features
Bug Fixes
lerna-lite/lerna-lite (@​lerna-lite/run)

v4.4.1

Compare Source

Bug Fixes

v4.4.0

Compare Source

Note: Version bump only for package @​lerna-lite/run

withastro/astro (astro)

v5.9.3

Compare Source

Patch Changes

  • #​13923 a9ac5ed Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy (CSP) only

    Changes the behavior of experimental Content Security Policy (CSP) to now serve hashes differently depending on whether or not a page is prerendered:

    • Via the <meta> element for static pages.
    • Via the Response header content-security-policy for on-demand rendered pages.

    This new strategy allows you to add CSP content that is not supported in a <meta> element (e.g. report-uri, frame-ancestors, and sandbox directives) to on-demand rendered pages.

    No change to your project code is required as this is an implementation detail. However, this will result in a different HTML output for pages that are rendered on demand. Please check your production site to verify that CSP is working as intended.

    To keep up to date with this developing feature, or to leave feedback, visit the CSP Roadmap proposal.

  • #​13926 953a249 Thanks @​ematipico! - Adds a new Astro Adapter Feature called experimentalStaticHeaders to allow your adapter to receive the Headers for rendered static pages.

    Adapters that enable support for this feature can access header values directly, affecting their handling of some Astro features such as Content Security Policy (CSP). For example, Astro will no longer serve the CSP <meta http-equiv="content-security-policy"> element in static pages to adapters with this support.

    Astro will serve the value of the header inside a map that can be retrieved from the hook astro:build:generated. Adapters can read this mapping and use their hosting headers capabilities to create a configuration file.

    A new field called experimentalRouteToHeaders will contain a map of Map<IntegrationResolvedRoute, Headers> where the Headers type contains the headers emitted by the rendered static route.

    To enable support for this experimental Astro Adapter Feature, add it to your adapterFeatures in your adapter config:

    // my-adapter.mjs
export default function createIntegration() {
  return {
    name: '@&#8203;example/my-adapter',
    hooks: {
      'astro:config:done': ({ setAdapter }) => {
        setAdapter({
          name: '@&#8203;example/my-adapter',
          serverEntrypoint: '@&#8203;example/my-adapter/server.js',
          adapterFeatures: {
            experimentalStaticHeaders: true,
          },
        });
      },
    },
  };
}

    See the Adapter API docs for more information about providing adapter features.

  • #​13697 af83b85 Thanks @​benosmac! - Fixes issues with fallback route pattern matching when i18n.routing.fallbackType is rewrite.

    • Adds conditions for route matching in generatePath when building fallback routes and checking for existing translated pages

    Now for a route to be matched it needs to be inside a named [locale] folder. This fixes an issue where route.pattern.test() incorrectly matched dynamic routes, causing the page to be skipped.

    • Adds conditions for route matching in findRouteToRewrite

    Now the requested pathname must exist in route.distURL for a dynamic route to match. This fixes an issue where route.pattern.test() incorrectly matched dynamic routes, causing the build to fail.

  • #​13924 1cd8c3b Thanks @​qw-in! - Fixes an edge case where isPrerendered was incorrectly set to false for static redirects.

  • #​13926 953a249 Thanks @​ematipico! - Fixes an issue where the experimental CSP meta element wasn't placed in the <head> element as early as possible, causing these policies to not apply to styles and scripts that came before the meta element.

v5.9.2

Compare Source

Patch Changes

  • #​13919 423fe60 Thanks @​ematipico! - Fixes a bug where Astro added quotes to the CSP resources.

    Only certain resources require quotes (e.g. 'self' but not https://cdn.example.com), so Astro no longer adds quotes to any resources. You must now provide the quotes yourself for resources such as 'self' when necessary:

    export default defineConfig({
  experimental: {
    csp: {
      styleDirective: {
        resources: [
-          "self",
+          "'self'",
          "https://cdn.example.com"
        ]
      }
    }
  }
})

  • #​13914 76c5480 Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy feature only

    Removes support for experimental Content Security Policy (CSP) when using the <ClientRouter /> component for view transitions.

    It is no longer possible to enable experimental CSP while using Astro's view transitions. Support was already unstable with the <ClientRouter /> because CSP required making its underlying implementation asynchronous. This caused breaking changes for several users and therefore, this PR removes support completely.

    If you are currently using the component for view transitions, please remove the experimental CSP flag as they cannot be used together.

    import { defineConfig } from 'astro/config';

export default defineConfig({
  experimental: {
-   csp: true
   }
});

    Alternatively, to continue using experimental CSP in your project, you can consider migrating to the browser native View Transition API and remove the <ClientRouter /> from your project. You may be able to achieve similar results if you are not using Astro's enhancements to the native View Transitions and Navigation APIs.

    Support might be reintroduced in future releases. You can follow this experimental feature's development in the CSP RFC.

eslint/eslint (eslint)

v9.29.0

Compare Source

lint-staged/lint-staged (lint-staged)

v16.1.1

Compare Source

Patch Changes

  • #​1565 3686977 Thanks @​iiroj! - Lint-staged now explicitly warns about potential data loss when using --no-stash.

  • #​1571 02299a9 Thanks @​iiroj! - Function tasks (introduced in v16.0.0) only received the staged files matching the conpmnfigured glob, instead of all staged files.

  • #​1563 bc61c74 Thanks @​iiroj! - This version fixes incorrect behavior where unstaged changes were committed when using the --no-stash option. This happened because --no-stash implied --no-hide-partially-staged, meaning unstaged changes to files which also had other staged changes were added to the commit by lint-staged; this is no longer the case.

    The previous (incorrect) behavior can still be achieved by using both options --no-stash --no-hide-partially-staged at the same time.

Configuration

📅 Schedule: Branch creation - "before 12pm on Sunday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from favna as a code owner June 15, 2025 00:26
@renovate renovate bot enabled auto-merge (squash) June 15, 2025 00:26
@renovate renovate bot merged commit 671ce0b into main Jun 15, 2025
6 checks passed
@renovate renovate bot deleted the renovate/all-minor-patch branch June 15, 2025 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

@renovate-approve-2 renovate-approve-2[bot] renovate-approve-2[bot] approved these changes

@favna favna Awaiting requested review from favna favna is a code owner

Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants