Skip to content

build(deps): bump the all group across 1 directory with 8 updates#27

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-34baea1807
Closed

build(deps): bump the all group across 1 directory with 8 updates#27
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-34baea1807

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2025

Copy link
Copy Markdown
Contributor

Bumps the all group with 8 updates in the / directory:

Package From To
@astrojs/sitemap 3.4.0 3.4.1
astro 5.8.0 5.9.2
lucide 0.475.0 0.513.0
nanostores 0.11.4 1.0.1
sharp 0.33.5 0.34.2
zod 3.25.30 3.25.56
@types/node 22.15.23 22.15.30
@types/react 19.1.6 19.1.7

Updates @astrojs/sitemap from 3.4.0 to 3.4.1

Release notes

Sourced from @​astrojs/sitemap's releases.

@​astrojs/sitemap@​3.4.1

Patch Changes

  • #13871 8a1e849 Thanks @​blimmer! - Uncaught errors in the filter method will now bubble, causing the astro build to fail.
Changelog

Sourced from @​astrojs/sitemap's changelog.

3.4.1

Patch Changes

  • #13871 8a1e849 Thanks @​blimmer! - Uncaught errors in the filter method will now bubble, causing the astro build to fail.
Commits

Updates astro from 5.8.0 to 5.9.2

Release notes

Sourced from astro's releases.

astro@5.9.2

Patch Changes

  • #13919 423fe60 Thanks @​ematipico! - Fixes a bug where Astro added quotes to the CSP resources.

    Only certain resources require quotes (e.g. 'self' but not https://cdn.example.com), so Astro no longer adds quotes to any resources. You must now provide the quotes yourself for resources such as 'self' when necessary:

    export default defineConfig({
      experimental: {
        csp: {
          styleDirective: {
            resources: [
    -          "self",
    +          "'self'",
              "https://cdn.example.com"
            ]
          }
        }
      }
    })
  • #13914 76c5480 Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy feature only

    Removes support for experimental Content Security Policy (CSP) when using the <ClientRouter /> component for view transitions.

    It is no longer possible to enable experimental CSP while using Astro's view transitions. Support was already unstable with the <ClientRouter /> because CSP required making its underlying implementation asynchronous. This caused breaking changes for several users and therefore, this PR removes support completely.

    If you are currently using the component for view transitions, please remove the experimental CSP flag as they cannot be used together.

    import { defineConfig } from 'astro/config';
    export default defineConfig({
    experimental: {
    
    csp: true
    }
    });

Alternatively, to continue using experimental CSP in your project, you can consider migrating to the browser native View Transition API and remove the <ClientRouter /> from your project. You may be able to achieve similar results if you are not using Astro's enhancements to the native View Transitions and Navigation APIs.

Support might be reintroduced in future releases. You can follow this experimental feature's development in the CSP RFC.

astro@5.9.1

Patch Changes

  • #13899 7a1303d Thanks @​reknih! - Fix bug where error pages would return invalid bodies if the upstream response was compressed

... (truncated)

Changelog

Sourced from astro's changelog.

5.9.2

Patch Changes

  • #13919 423fe60 Thanks @​ematipico! - Fixes a bug where Astro added quotes to the CSP resources.

    Only certain resources require quotes (e.g. 'self' but not https://cdn.example.com), so Astro no longer adds quotes to any resources. You must now provide the quotes yourself for resources such as 'self' when necessary:

    export default defineConfig({
      experimental: {
        csp: {
          styleDirective: {
            resources: [
    -          "self",
    +          "'self'",
              "https://cdn.example.com"
            ]
          }
        }
      }
    })
  • #13914 76c5480 Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy feature only

    Removes support for experimental Content Security Policy (CSP) when using the <ClientRouter /> component for view transitions.

    It is no longer possible to enable experimental CSP while using Astro's view transitions. Support was already unstable with the <ClientRouter /> because CSP required making its underlying implementation asynchronous. This caused breaking changes for several users and therefore, this PR removes support completely.

    If you are currently using the component for view transitions, please remove the experimental CSP flag as they cannot be used together.

    import { defineConfig } from 'astro/config';
    export default defineConfig({
    experimental: {
    
    csp: true
    }
    });

Alternatively, to continue using experimental CSP in your project, you can consider migrating to the browser native View Transition API and remove the <ClientRouter /> from your project. You may be able to achieve similar results if you are not using Astro's enhancements to the native View Transitions and Navigation APIs.

Support might be reintroduced in future releases. You can follow this experimental feature's development in the CSP RFC.

5.9.1

Patch Changes

... (truncated)

Commits

Updates lucide from 0.475.0 to 0.513.0

Release notes

Sourced from lucide's releases.

Version 0.513.0

What's Changed

Full Changelog: lucide-icons/lucide@0.512.0...0.513.0

Version 0.512.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.511.0...0.512.0

Version 0.511.0

What's Changed

New Contributors

... (truncated)

Commits

Updates nanostores from 0.11.4 to 1.0.1

Release notes

Sourced from nanostores's releases.

1.0.1

  • Fixed types.

1.0.0

Changelog

Sourced from nanostores's changelog.

1.0.1

  • Fixed types.

1.0.0

Commits

Updates sharp from 0.33.5 to 0.34.2

Commits
  • 6d04b7c Release v0.34.2
  • d4b30b7 Docs: Update pnpm settings documentation URLs
  • 7f03502 Docs: upgrade to latest Astro Starlight
  • 63b0a11 Tests: remove a possible race condition
  • c4d6aec Docs: Highlight that Windows ARM64 support is experimental
  • e75ae97 Ensure PDF scale-on-load optimisation uses background #4398
  • 956d72d Prerelease v0.34.2-rc.0
  • 00e66ef Bump deps
  • db3a452 Simplify 94481a9
  • d36fd50 Prefer use of bandjoin_const() and list-initialization
  • Additional commits viewable in compare view

Updates zod from 3.25.30 to 3.25.56

Release notes

Sourced from zod's releases.

v3.25.56

Commits:

  • 64bfb7001cf6f2575bf38b5e6130bc73b4b0e371 3.25.56

v3.25.55

Commits:

  • 44141ea1dbd48403f14704386119884aeda5cb27 3.25.55

v3.25.54

Commits:

  • 8ab237423cd8fdca58dc9e18f45d48d56ca2a24d fix(util): cross realm IsPlainObject check (#4627)
  • 2be1c6ad909a9d0598d9f45fedc9038213130529 Fix generic assignability issue. 3.25.54

v3.25.53

Commits:

  • a6adb148012f59d734245c637a577ed413a484e7 zod mini internals (#4631)
  • da4f92170ac838029178c4622015dbdae4a1de7c 3.25.53

v3.25.52

Commits:

  • 2954f40a4e41f61e835ba211ff084467dca1f41e Fix json (#4630)
  • 51dc6f9361851e64a925c3f4ee9364ce4da4c4e7 3.25.52
  • e479ea76ae1571064c3dade621b3af0ea2dff942 Add test cast for deferred self-recursion

v3.25.51

Commits:

  • d7ffdfa73a800ea810218431d1dd751f15d0fba4 Remove _
  • 50ef910565a14c127942442b7e09596afcfdca5f Add output type generic test
  • eb14475c3ca14562c4bf11c2111a1fbfa3d114b6 Improve docs
  • 32104c2801f01edac3fb3168017b09b6c43f3cef Improve extend docs
  • f67332f9fbcae13ce59dbb1eeb67f9c4c60bdcd9 Docs
  • 8230237b3453b02bf34b81d0bc11b40d9868cd09 Standardize string format continuability
  • c58bd9b0125881caee03a408eae88ec1dc5eb18b 3.25.51

v3.25.50

Commits:

  • 5fdece94bf1ada76e5742f2755d45d3711a8e962 fix(v4): reflect inclusive boundaries in minLength/maxLength issue objects (#4591)
  • 4897269451f0b0afeb2313389d20ffa1f22ce8b1 Restructure: mitigate excessively deep errors (#4599)
  • a88a080f0b9782a87b5732cb9cd96fc2b1a71794 Improve prototype tests
  • c7833356a3211d32ae322739a7a6f66dce52ed5f 3.25.50

v3.25.49

Commits:

... (truncated)

Commits

Updates @types/node from 22.15.23 to 22.15.30

Commits

Updates @types/react from 19.1.6 to 19.1.7

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/sitemap](https://github.com/withastro/astro/tree/HEAD/packages/integrations/sitemap) | `3.4.0` | `3.4.1` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.8.0` | `5.9.2` |
| [lucide](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide) | `0.475.0` | `0.513.0` |
| [nanostores](https://github.com/nanostores/nanostores) | `0.11.4` | `1.0.1` |
| [sharp](https://github.com/lovell/sharp) | `0.33.5` | `0.34.2` |
| [zod](https://github.com/colinhacks/zod) | `3.25.30` | `3.25.56` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.15.23` | `22.15.30` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.1.6` | `19.1.7` |



Updates `@astrojs/sitemap` from 3.4.0 to 3.4.1
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/sitemap/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/sitemap@3.4.1/packages/integrations/sitemap)

Updates `astro` from 5.8.0 to 5.9.2
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@5.9.2/packages/astro)

Updates `lucide` from 0.475.0 to 0.513.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.513.0/packages/lucide)

Updates `nanostores` from 0.11.4 to 1.0.1
- [Release notes](https://github.com/nanostores/nanostores/releases)
- [Changelog](https://github.com/nanostores/nanostores/blob/main/CHANGELOG.md)
- [Commits](nanostores/nanostores@0.11.4...1.0.1)

Updates `sharp` from 0.33.5 to 0.34.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.33.5...v0.34.2)

Updates `zod` from 3.25.30 to 3.25.56
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.30...v3.25.56)

Updates `@types/node` from 22.15.23 to 22.15.30
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/react` from 19.1.6 to 19.1.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

---
updated-dependencies:
- dependency-name: "@astrojs/sitemap"
  dependency-version: 3.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: astro
  dependency-version: 5.9.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: lucide
  dependency-version: 0.513.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: nanostores
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: sharp
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: zod
  dependency-version: 3.25.56
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: "@types/node"
  dependency-version: 22.15.30
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: "@types/react"
  dependency-version: 19.1.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 9, 2025
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2025

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 16, 2025
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/all-34baea1807 branch June 16, 2025 21:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants