Skip to content

build(deps): bump the all group across 1 directory with 9 updates#28

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-541bea960e
Closed

build(deps): bump the all group across 1 directory with 9 updates#28
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-541bea960e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2025

Copy link
Copy Markdown
Contributor

Bumps the all group with 9 updates in the / directory:

Package From To
@astrojs/sitemap 3.4.0 3.4.1
astro 5.8.0 5.9.3
lucide 0.475.0 0.515.0
nanostores 0.11.4 1.0.1
sharp 0.33.5 0.34.2
zod 3.25.30 3.25.65
zod-validation-error 3.4.1 3.5.1
@types/node 22.15.23 24.0.3
@types/react 19.1.6 19.1.8

Updates @astrojs/sitemap from 3.4.0 to 3.4.1

Release notes

Sourced from @​astrojs/sitemap's releases.

@​astrojs/sitemap@​3.4.1

Patch Changes

  • #13871 8a1e849 Thanks @​blimmer! - Uncaught errors in the filter method will now bubble, causing the astro build to fail.
Changelog

Sourced from @​astrojs/sitemap's changelog.

3.4.1

Patch Changes

  • #13871 8a1e849 Thanks @​blimmer! - Uncaught errors in the filter method will now bubble, causing the astro build to fail.
Commits

Updates astro from 5.8.0 to 5.9.3

Release notes

Sourced from astro's releases.

astro@5.9.3

Patch Changes

  • #13923 a9ac5ed Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy (CSP) only

    Changes the behavior of experimental Content Security Policy (CSP) to now serve hashes differently depending on whether or not a page is prerendered:

    • Via the <meta> element for static pages.
    • Via the Response header content-security-policy for on-demand rendered pages.

    This new strategy allows you to add CSP content that is not supported in a <meta> element (e.g. report-uri, frame-ancestors, and sandbox directives) to on-demand rendered pages.

    No change to your project code is required as this is an implementation detail. However, this will result in a different HTML output for pages that are rendered on demand. Please check your production site to verify that CSP is working as intended.

    To keep up to date with this developing feature, or to leave feedback, visit the CSP Roadmap proposal.

  • #13926 953a249 Thanks @​ematipico! - Adds a new Astro Adapter Feature called experimentalStaticHeaders to allow your adapter to receive the Headers for rendered static pages.

    Adapters that enable support for this feature can access header values directly, affecting their handling of some Astro features such as Content Security Policy (CSP). For example, Astro will no longer serve the CSP <meta http-equiv="content-security-policy"> element in static pages to adapters with this support.

    Astro will serve the value of the header inside a map that can be retrieved from the hook astro:build:generated. Adapters can read this mapping and use their hosting headers capabilities to create a configuration file.

    A new field called experimentalRouteToHeaders will contain a map of Map<IntegrationResolvedRoute, Headers> where the Headers type contains the headers emitted by the rendered static route.

    To enable support for this experimental Astro Adapter Feature, add it to your adapterFeatures in your adapter config:

    // my-adapter.mjs
    export default function createIntegration() {
      return {
        name: '@example/my-adapter',
        hooks: {
          'astro:config:done': ({ setAdapter }) => {
            setAdapter({
              name: '@example/my-adapter',
              serverEntrypoint: '@example/my-adapter/server.js',
              adapterFeatures: {
                experimentalStaticHeaders: true,
              },
            });
          },
        },
      };
    }

    See the Adapter API docs for more information about providing adapter features.

  • #13697 af83b85 Thanks @​benosmac! - Fixes issues with fallback route pattern matching when i18n.routing.fallbackType is rewrite.

... (truncated)

Changelog

Sourced from astro's changelog.

5.9.3

Patch Changes

  • #13923 a9ac5ed Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy (CSP) only

    Changes the behavior of experimental Content Security Policy (CSP) to now serve hashes differently depending on whether or not a page is prerendered:

    • Via the <meta> element for static pages.
    • Via the Response header content-security-policy for on-demand rendered pages.

    This new strategy allows you to add CSP content that is not supported in a <meta> element (e.g. report-uri, frame-ancestors, and sandbox directives) to on-demand rendered pages.

    No change to your project code is required as this is an implementation detail. However, this will result in a different HTML output for pages that are rendered on demand. Please check your production site to verify that CSP is working as intended.

    To keep up to date with this developing feature, or to leave feedback, visit the CSP Roadmap proposal.

  • #13926 953a249 Thanks @​ematipico! - Adds a new Astro Adapter Feature called experimentalStaticHeaders to allow your adapter to receive the Headers for rendered static pages.

    Adapters that enable support for this feature can access header values directly, affecting their handling of some Astro features such as Content Security Policy (CSP). For example, Astro will no longer serve the CSP <meta http-equiv="content-security-policy"> element in static pages to adapters with this support.

    Astro will serve the value of the header inside a map that can be retrieved from the hook astro:build:generated. Adapters can read this mapping and use their hosting headers capabilities to create a configuration file.

    A new field called experimentalRouteToHeaders will contain a map of Map<IntegrationResolvedRoute, Headers> where the Headers type contains the headers emitted by the rendered static route.

    To enable support for this experimental Astro Adapter Feature, add it to your adapterFeatures in your adapter config:

    // my-adapter.mjs
    export default function createIntegration() {
      return {
        name: '@example/my-adapter',
        hooks: {
          'astro:config:done': ({ setAdapter }) => {
            setAdapter({
              name: '@example/my-adapter',
              serverEntrypoint: '@example/my-adapter/server.js',
              adapterFeatures: {
                experimentalStaticHeaders: true,
              },
            });
          },
        },
      };
    }

    See the Adapter API docs for more information about providing adapter features.

  • #13697 af83b85 Thanks @​benosmac! - Fixes issues with fallback route pattern matching when i18n.routing.fallbackType is rewrite.

... (truncated)

Commits

Updates lucide from 0.475.0 to 0.515.0

Release notes

Sourced from lucide's releases.

Version 0.515.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.514.0...0.515.0

Version 0.514.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@0.513.0...0.514.0

Version 0.513.0

What's Changed

Full Changelog: lucide-icons/lucide@0.512.0...0.513.0

Version 0.512.0

What's Changed

New Contributors

... (truncated)

Commits

Updates nanostores from 0.11.4 to 1.0.1

Release notes

Sourced from nanostores's releases.

1.0.1

  • Fixed types.

1.0.0

Changelog

Sourced from nanostores's changelog.

1.0.1

  • Fixed types.

1.0.0

Commits

Updates sharp from 0.33.5 to 0.34.2

Commits
  • 6d04b7c Release v0.34.2
  • d4b30b7 Docs: Update pnpm settings documentation URLs
  • 7f03502 Docs: upgrade to latest Astro Starlight
  • 63b0a11 Tests: remove a possible race condition
  • c4d6aec Docs: Highlight that Windows ARM64 support is experimental
  • e75ae97 Ensure PDF scale-on-load optimisation uses background #4398
  • 956d72d Prerelease v0.34.2-rc.0
  • 00e66ef Bump deps
  • db3a452 Simplify 94481a9
  • d36fd50 Prefer use of bandjoin_const() and list-initialization
  • Additional commits viewable in compare view

Updates zod from 3.25.30 to 3.25.65

Release notes

Sourced from zod's releases.

v3.25.65

Commits:

  • 65309948ebcf926ee0570315b6254e06f59d01dd Clean up ecosystem
  • 131fdbd4ea63abf8d4788855c106e51ef7e83077 fix(docs): Use array as argument of templateLiteral (#4701)
  • ed648b132d55a12094b01e1abeae8a6d29b88364 chore: remove deprecated @​types/chalk (#4685)
  • 12dd4890e2310ca798dd4193f15372efc2cfd84b Add catchall to zod-mini
  • fcb722ae09e6190c87f082db4be556c151dea8b7 Add uuid to changelog
  • 8c74035ee6bcf27ab4b4398708b379713cc3eeee 3.25.65

v3.25.64

Commits:

  • b142ea8fbb9e41f8251a36ba687b90a316f65fa4 Fix $strip
  • b6e59c37a0a463f90e91453a4d6b2b3db8cdbc53 Check for existence of Error.captureStackTrace
  • 0c686afdc95a324330a60315c59189fa09d8c497 Remove type from mime issue path
  • af88d743a7f6b8c1f5a2d43e3282c976833eeee7 Fix test

v3.25.63

Commits:

  • 7ed0c3694d324f5c02d5b224e7e3163d2fd84c52 Allow hours-only offsets. Normalize. (#4676)
  • 112fff6b7866f909583cd6f62c43fb639420b069 Fix iso tests
  • 6176dcb570186c4945223fa83bcf3221cbfa1af5 Improve ISO second handling (#4680)
  • 8e20a2018df854734a09e81e3dfbe598c42911e3 Use consistent variable names for IP examples (#4679)
  • 29e4973b065476b09f69e83c9e9ff4c6908c8a8c refactor: remove unnecessary assertion (#4672)
  • c626fe100eb79fd95e557d8091a111306ecb6045 chore: update husky from v7 to v9 (#4682)
  • f350a693aec24a5b70a37992df3b9e7ea36525b2 3.25.63

v3.25.62

Commits:

  • c568dea33ac42382070580687410ee47e83609c4 Drop | undefined from json schema types
  • 1614fd891b40cc9d23b249abad528e38ca718065 3.25.62

v3.25.61

Commits:

  • 1c2ad877120566adc9db3a8d99c1a575bc58d216 Loose signature for index signature shapes
  • afa7e672f4be0fc37ec9d35d281221ceb153baba 3.25.61
  • 82b43fa9ff832b80e249b944fefb8177827136e6 Fix test

v3.25.60

  • no changes

v3.25.59

Commits:

  • aec5c4ad036cb7a2ccbda744486f48c4047316dd Fix formatting
  • d3389cbfa1888ac45634a185d4aaa2df7de0aef5 refactor: change if in else to else if (#4664)

... (truncated)

Commits

Updates zod-validation-error from 3.4.1 to 3.5.1

Release notes

Sourced from zod-validation-error's releases.

v3.5.1

Patch Changes

  • e7713d5: Add compatibility with older node versions and module-resolution strategies + improve docs

v3.5.0

Minor Changes

  • bf72012: Add support for zod v4
Changelog

Sourced from zod-validation-error's changelog.

3.5.1

Patch Changes

  • e7713d5: Add compatibility with older node versions and module-resolution strategies + improve docs

3.5.0

Minor Changes

  • bf72012: Add support for zod v4
Commits
  • bfcdba7 chore: version packages (#520)
  • e7713d5 chore: add changeset (#519)
  • 7ba16c6 feat: promote v4 docs as the main docs (#515)
  • 663e49b feat: improve docs for zod v4 (#514)
  • c12c480 chore: add Nikos Tsompanides as a contributor (#513)
  • 2652daa feat: compatibility with older node versions and module-resolution strategies...
  • c03168d chore: bump zod from 3.25.62 to 3.25.63 (#511)
  • 737ae88 chore: version packages (#510)
  • 191bd47 chore: bump zod from 3.25.50 to 3.25.62 (#509)
  • bf72012 feat: add support for zod v4, incurring a significant API refactor (#501)
  • Additional commits viewable in compare view

Updates @types/node from 22.15.23 to 24.0.3

Commits

Updates @types/react from 19.1.6 to 19.1.8

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/sitemap](https://github.com/withastro/astro/tree/HEAD/packages/integrations/sitemap) | `3.4.0` | `3.4.1` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.8.0` | `5.9.3` |
| [lucide](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide) | `0.475.0` | `0.515.0` |
| [nanostores](https://github.com/nanostores/nanostores) | `0.11.4` | `1.0.1` |
| [sharp](https://github.com/lovell/sharp) | `0.33.5` | `0.34.2` |
| [zod](https://github.com/colinhacks/zod) | `3.25.30` | `3.25.65` |
| [zod-validation-error](https://github.com/causaly/zod-validation-error) | `3.4.1` | `3.5.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `22.15.23` | `24.0.3` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.1.6` | `19.1.8` |



Updates `@astrojs/sitemap` from 3.4.0 to 3.4.1
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/sitemap/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/sitemap@3.4.1/packages/integrations/sitemap)

Updates `astro` from 5.8.0 to 5.9.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@5.9.3/packages/astro)

Updates `lucide` from 0.475.0 to 0.515.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/0.515.0/packages/lucide)

Updates `nanostores` from 0.11.4 to 1.0.1
- [Release notes](https://github.com/nanostores/nanostores/releases)
- [Changelog](https://github.com/nanostores/nanostores/blob/main/CHANGELOG.md)
- [Commits](nanostores/nanostores@0.11.4...1.0.1)

Updates `sharp` from 0.33.5 to 0.34.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.33.5...v0.34.2)

Updates `zod` from 3.25.30 to 3.25.65
- [Release notes](https://github.com/colinhacks/zod/releases)
- [Commits](colinhacks/zod@v3.25.30...v3.25.65)

Updates `zod-validation-error` from 3.4.1 to 3.5.1
- [Release notes](https://github.com/causaly/zod-validation-error/releases)
- [Changelog](https://github.com/causaly/zod-validation-error/blob/main/CHANGELOG.md)
- [Commits](causaly/zod-validation-error@v3.4.1...v3.5.1)

Updates `@types/node` from 22.15.23 to 24.0.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/react` from 19.1.6 to 19.1.8
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

---
updated-dependencies:
- dependency-name: "@astrojs/sitemap"
  dependency-version: 3.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: astro
  dependency-version: 5.9.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: lucide
  dependency-version: 0.515.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: nanostores
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: sharp
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: zod
  dependency-version: 3.25.65
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: zod-validation-error
  dependency-version: 3.5.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: "@types/node"
  dependency-version: 24.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: "@types/react"
  dependency-version: 19.1.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 16, 2025
@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2025

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 23, 2025
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/all-541bea960e branch June 23, 2025 21:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants