fix(deps): update npm-packages [skip ci]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@astrojs/netlify (source)	^7.0.3 → ^7.0.8
ajv (source)	^8.18.0 → ^8.20.0
astro (source)	^6.0.5 → ^6.1.9
prettier (source)	3.8.1 → 3.8.3
ts-jest (source)	^29.4.6 → ^29.4.9

---

Release Notes

withastro/astro (@​astrojs/netlify)

v7.0.8

Compare Source

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0
  • @​astrojs/underscore-redirects@​1.0.3

v7.0.7

Compare Source

Patch Changes

• #​16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.3

v7.0.6

Compare Source

Patch Changes

• Updated dependencies [814406d]:
  • @​astrojs/underscore-redirects@​1.0.3

v7.0.5

Compare Source

Patch Changes

• #​16063 ccb6a9c Thanks @​matthewp! - Fixes server islands returning 404 in production when using output: 'static' (the default)

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.2

v7.0.4

Compare Source

Patch Changes

• Updated dependencies [3b8d473]:
  • @​astrojs/underscore-redirects@​1.0.2

ajv-validator/ajv (ajv)

v8.20.0

Compare Source

What's Changed

• fix: add support for node 22/24, drop node 16/21 by @​jasoniangreen in #​2580
• fix: add ES2022.RegExp for RegExpIndicesArray by @​SignpostMarv in #​2604

Full Changelog: ajv-validator/ajv@v8.19.0...v8.20.0

withastro/astro (astro)

v6.1.9

Compare Source

Patch Changes

• #​16448 99464ed Thanks @​matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

• #​16422 a3951d7 Thanks @​matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

• #​16420 e21de1d Thanks @​matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

• #​16419 f3485c3 Thanks @​matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

• #​16022 a002540 Thanks @​mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

• Updated dependencies [99464ed, f3485c3]:

  • @​astrojs/internal-helpers@​0.9.0
  • @​astrojs/markdown-remark@​7.1.1

v6.1.8

Compare Source

Patch Changes

• #​16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #​16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #​16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #​16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #​16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #​16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #​16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

v6.1.7

Compare Source

Patch Changes

• #​16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #​16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #​16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

v6.1.6

Compare Source

Patch Changes

• #​16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #​16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #​14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

v6.1.5

Compare Source

Patch Changes

• #​16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #​16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #​16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

  This change partly reverts #​16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

• #​16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

  When creating new projects, astro add cloudflare now sets compatibility_date to the current date. Previously, this date was resolved from locally installed packages, which could be unreliable in some package manager environments. Using today’s date is simpler and more reliable across environments, and is supported by workerd.

• #​16259 34df955 Thanks @​gameroman! - Removed dlv dependency

v6.1.4

Compare Source

Patch Changes

• #​16197 21f9fe2 Thanks @​SchahinRohani! - Remove unused re-exports from assets/utils barrel file to fix Vite build warning

• #​16059 6d5469e Thanks @​matthewp! - Fixes Expected 'miniflare' to be defined errors and 404 responses in dev mode when using the Cloudflare adapter and the config file changes. Instead of creating a brand new Vite server on config changes, Astro now performs a Vite in-place restart, allowing the Cloudflare adapter to reuse its existing miniflare instance across restarts.

• #​16154 7610ba4 Thanks @​Desel72! - Fixes pages with dots in their filenames (e.g. hello.world.astro) returning 404 when accessed with a trailing slash in the dev server. The trailingSlashForPath function now only forces trailingSlash: 'never' for endpoints with file extensions, allowing pages to correctly respect the user's trailingSlash config.

• #​16193 23425e2 Thanks @​matthewp! - Fixes trailingSlash: "always" producing redirect HTML instead of the actual response for extensionless endpoints during static builds

v6.1.3

Compare Source

Patch Changes

• #​16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

• #​16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

• #​16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

• #​16142 7454854 Thanks @​rururux! - Fixes HTML content being incorrectly escaped as plain text when rendering a MDX component using the AstroContainer APIs.

• #​16116 12602a9 Thanks @​riderx! - Fixes a bug where page-level CSS could leak between unrelated pages when traversing style parents across top-level route boundaries

• #​16178 a7e7567 Thanks @​matthewp! - Fixes SSR builds failing with "No matching renderer found" when a project only has injected routes and no src/pages/ directory

v6.1.2

Compare Source

Patch Changes

• #​16104 47a394d Thanks @​matthewp! - Fixes astro preview ignoring vite.preview.allowedHosts set in astro.config.mjs

• #​16047 711f837 Thanks @​matthewp! - Fixes catch-all routes incorrectly intercepting requests for static assets when using the @astrojs/node adapter in middleware mode.

• #​15981 a60cbb6 Thanks @​moktamd! - Fix Zod v4 validation error formatting to show human-readable messages instead of raw JSON

v6.1.1

Compare Source

Patch Changes

• #​16105 23d60de Thanks @​matthewp! - Fix dev toolbar audit crash when encountering the image ARIA role

• #​16089 999c875 Thanks @​martrapp! - Fixes an issue with the client router where Vue's :deep() notation was ignored in dev mode.

v6.1.0

Compare Source

Minor Changes

• #​15804 a5e7232 Thanks @​merlinnot! - Allows setting codec-specific defaults for Astro's built-in Sharp image service via image.service.config.

  You can now configure encoder-level options such as jpeg.mozjpeg, webp.effort, webp.alphaQuality, avif.effort, avif.chromaSubsampling, and png.compressionLevel when using astro/assets/services/sharp for compile-time image generation.

  These settings apply as defaults for the built-in Sharp pipeline, while per-image quality still takes precedence when set on <Image />, <Picture />, or getImage().

• #​15455 babf57f Thanks @​AhmadYasser1! - Adds fallbackRoutes to the IntegrationResolvedRoute type, exposing i18n fallback routes to integrations via the astro:routes:resolved hook for projects using fallbackType: 'rewrite'.

  This allows integrations such as the sitemap integration to properly include generated fallback routes in their output.

  {
    'astro:routes:resolved': ({ routes }) => {
      for (const route of routes) {
        for (const fallback of route.fallbackRoutes) {
          console.log(fallback.pathname) // e.g. /fr/about/
        }
      }
    }
  }

• #​15340 10a1a5a Thanks @​trueberryless! - Adds support for advanced configuration of SmartyPants in Markdown.

  You can now pass an options object to markdown.smartypants in your Astro configuration to fine-tune how punctuation, dashes, and quotes are transformed.

  This is helpful for projects that require specific typographic standards, such as "oldschool" dash handling or localized quotation marks.

  // astro.config.mjs
  export default defineConfig({
    markdown: {
      smartypants: {
        backticks: 'all',
        dashes: 'oldschool',
        ellipses: 'unspaced',
        openingQuotes: { double: '«', single: '‹' },
        closingQuotes: { double: '»', single: '›' },
        quotes: false,
      },
    },
  });

  See the retext-smartypants options for more information.

Patch Changes

• #​16025 a09f319 Thanks @​koji-1009! - Instructs the client router to skip view transition animations when the browser is already providing its own visual transition, such as a swipe gesture.

• #​16055 ccecb8f Thanks @​Gautam-Bharadwaj! - Fixes an issue where client:only components could have duplicate client:component-path attributes added in MDX in rare cases

• #​16081 44fc340 Thanks @​crazylogic03! - Fixes the emitFile() is not supported in serve mode warning that appears during astro dev when using integrations that inject before-hydration scripts (e.g. @astrojs/react)

• #​16068 31d733b Thanks @​Karthikeya1500! - Fixes the dev toolbar a11y audit incorrectly classifying menuitemradio as a non-interactive ARIA role.

• #​16080 e80ac73 Thanks @​ematipico! - Fixes experimental.queuedRendering incorrectly escaping the HTML output of .html page files, causing the page content to render as plain text instead of HTML in the browser.

• #​16048 13b9d56 Thanks @​matthewp! - Fixes a dev server crash (serverIslandNameMap.get is not a function) that occurred when navigating to a page with server:defer after first visiting a page without one, when using @astrojs/cloudflare

• #​16093 336e086 Thanks @​Snugug! - Fixes Zod meta not correctly being rendered on top-level schema when converted into JSON Schema

• #​16043 d402485 Thanks @​ematipico! - Fixes checkOrigin CSRF protection in astro dev behind a TLS-terminating reverse proxy. The dev server now reads X-Forwarded-Proto (gated on security.allowedDomains, matching production behaviour) so the constructed request origin matches the https:// origin the browser sends. Also ensures security.allowedDomains and security.checkOrigin are respected in dev.

• #​16064 ba58e0d Thanks @​ematipico! - Updates the dependency svgo to the latest, to fix a security issue.

• #​16007 2dcd8d5 Thanks @​florian-lefebvre! - Fixes a case where fonts files would unecessarily be copied several times during the build

• #​16017 b089b90 Thanks @​felmonon! - Fix the astro sync error message when getImage() is called while loading content collections.

• #​16014 fa73fbb Thanks @​matthewp! - Fixes a build error where using astro:config/client inside a <script> tag would cause Rollup to fail with "failed to resolve import virtual:astro:routes from virtual:astro:manifest"

• #​16054 f74465a Thanks @​seroperson! - Fixes an issue with the development server, where changes to the middleware weren't picked, and it required a full restart of the server.

• #​16033 198d31b Thanks @​adampage! - Fixes a bug where the the role image was incorrectly reported by audit tool bar.

• #​15935 278828c Thanks @​oliverlynch! - Fixes cached assets failing to revalidate due to redirect check mishandling Not Modified responses.

• #​16075 2c1ae85 Thanks @​florian-lefebvre! - Fixes a case where invalid URLs would be generated in development when using font families with an oblique style and angles

• #​16062 87fd6a4 Thanks @​matthewp! - Warns on dev server startup when Vite 8 is detected at the top level of the user's project, and automatically adds a "overrides": { "vite": "^7" } entry to package.json when running astro add cloudflare. This prevents a require_dist is not a function crash caused by a Vite version split between Astro (requires Vite 7) and packages like @tailwindcss/vite that hoist Vite 8.

• Updated dependencies [10a1a5a]:

  • @​astrojs/markdown-remark@​7.1.0

v6.0.8

Compare Source

Patch Changes

• #​15978 6d182fe Thanks @​seroperson! - Fixes a bug where Astro Actions didn't properly support nested object properties, causing problems when users used zod functions such as superRefine or discriminatedUnion.

• #​16011 e752170 Thanks @​matthewp! - Fixes a dev server hang on the first request when using the Cloudflare adapter

• #​15997 1fddff7 Thanks @​ematipico! - Fixes Astro.rewrite() failing when the target path contains duplicate slashes (e.g. //about). The duplicate slashes are now collapsed before URL parsing, preventing them from being interpreted as a protocol-relative URL.

v6.0.7

Compare Source

Patch Changes

• #​15950 acce5e8 Thanks @​matthewp! - Fixes a build regression in projects with multiple frontend integrations where server:defer server islands could fail at runtime when all pages are prerendered.

• #​15988 c93b4a0 Thanks @​ossaidqadri! - Fix styles from dynamically imported components not being injected on first dev server load.

• #​15968 3e7a9d5 Thanks @​chasemccoy! - Fixes renderMarkdown in custom content loaders not resolving images in markdown content. Images referenced in markdown processed by renderMarkdown are now correctly optimized, matching the behavior of the built-in glob() loader.

• #​15990 1e6017f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale would always be the default locale instead of the actual one when using a dynamic route like [locale].astro or [locale]/index.astro. It now resolves to the correct locale from the URL.

• #​15990 1e6017f Thanks @​ematipico! - Fixes an issue where visiting an invalid locale URL (e.g. /asdf/) would show the content of a dynamic [locale] page with a 404 status code, instead of showing your custom 404 page. Now, the correct 404 page is rendered when the locale in the URL doesn't match any configured locale.

• #​15960 1d84020 Thanks @​matthewp! - Fixes Cloudflare dev server islands with prerenderEnvironment: 'node' by sharing the serialized manifest encryption key across dev environments and routing server island requests through the SSR runtime.

• #​15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

  When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

v6.0.6

Compare Source

Patch Changes

• #​15965 2dca307 Thanks @​matthewp! - Fixes client hydration for components imported through Node.js subpath imports (package.json#imports, e.g. #components/*), for example when using the Cloudflare adapter in development.

• #​15770 6102ca2 Thanks @​jpc-ae! - Updates the create astro welcome message to highlight the graceful dev/preview server quit command rather than the kill process shortcut

• #​15953 7eddf22 Thanks @​Desel72! - fix(hmr): eagerly recompile on style-only change to prevent stale slots render

• #​15916 5201ed4 Thanks @​trueberryless! - Fixes InferLoaderSchema type inference for content collections defined with a loader that includes a schema

• #​15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

• #​15944 a5e1acd Thanks @​fkatsuhiro! - Fixes SSR dynamic routes with .html extension (e.g. [slug].html.astro) not working

• #​15937 d236245 Thanks @​ematipico! - Fixes an issue where HMR didn't correctly work on Windows when adding/changing/deleting routes in pages/.

• #​15931 98dfb61 Thanks @​Strernd! - Fix skew protection query params not being applied to island hydration component-url and renderer-url, and ensure query params are appended safely for asset URLs with existing search/hash parts.

• Updated dependencies []:

  • @​astrojs/markdown-remark@​7.0.1

prettier/prettier (prettier)

v3.8.3

Compare Source

v3.8.2

Compare Source

kulshekhar/ts-jest (ts-jest)

v29.4.9

Compare Source

v29.4.8

Compare Source

v29.4.7

Compare Source

Features

• support TypeScript v6 (eda517d)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: e4ad8fe

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)

• [skip ci]

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}