chore(deps): bump the npm_and_yarn group across 5 directories with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 1 update in the /docs directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/astro directory: astro.
Bumps the npm_and_yarn group with 1 update in the /examples/astro-arktype directory: astro.
Bumps the npm_and_yarn group with 2 updates in the /examples/astro-valibot directory: astro and valibot.
Bumps the npm_and_yarn group with 1 update in the /examples/nextjs directory: next.

Updates next from 15.3.1 to 15.5.15

Release notes

Sourced from next's releases.

v15.5.15

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summary-of-cve-2026-23869

v15.5.14

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• feat(next/image): add lru disk cache and images.maximumDiskCacheSize (#91660)
• Fix(pages-router): restore Content-Length and ETag for /_next/data/ JSON responses (#90304)

Credits

Huge thanks to @​styfle and @​lllomh for helping!

v15.5.13

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• fix: patch http-proxy to prevent request smuggling in rewrites (See: CVE-2026-29057)

Credits

Huge thanks to @​ztanner for helping!

Commits

• 412eb90 v15.5.15
• cb90de9 [15.x] Avoid consuming cyclic models multiple times (#74)
• fffef9e Fix CI for glibc linux builds
• d7b012d v15.5.14
• 2b05251 [backport] feat(next/image): add lru disk cache and `images.maximumDiskCacheS...
• f88cee9 Backport: Fix(pages-router): restore Content-Length and ETag for /_next/data/...
• cfd5f53 v15.5.13
• 15f2891 [backport]: fix: patch http-proxy to prevent request smuggling in rewrites (#...
• d23f41c v15.5.12
• 8e75765 fix unlock in publish-native
• Additional commits viewable in compare view

Updates astro from 5.18.1 to 6.1.8

Release notes

Sourced from astro's releases.

astro@6.1.8

Patch Changes

• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

astro@6.1.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

astro@6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

astro@6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

  This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

• #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.8

Patch Changes

• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

6.1.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

... (truncated)

Commits

• 63c5c85 [ci] release (#16356)
• 71c93ca [ci] format
• 5a84551 Improves Vue scoped style handling in DEV mode during client router navigatio...
• ba2dbf1 refactor(astro): correct Fixture type signatures in test-utils (#16380)
• 217c5b3 perf(core): cache crawl result (#16381)
• 6e5bc17 chore: absorb tests into others (#16365)
• dc8a01d chore: reduce fixtures by merging them (#16364)
• bb0ff91 refactor(astro): migrate error tests to typescript (#16377)
• a6866a7 fix(core): clean chunk name (#16367)
• 811015d chore: remove lone fixtures (#16363)
• Additional commits viewable in compare view

Updates astro from 5.18.1 to 6.1.8

Release notes

Sourced from astro's releases.

astro@6.1.8

Patch Changes

• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

astro@6.1.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

astro@6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

astro@6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

  This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

• #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.8

Patch Changes

• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

6.1.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

... (truncated)

Commits

• 63c5c85 [ci] release (#16356)
• 71c93ca [ci] format
• 5a84551 Improves Vue scoped style handling in DEV mode during client router navigatio...
• ba2dbf1 refactor(astro): correct Fixture type signatures in test-utils (#16380)
• 217c5b3 perf(core): cache crawl result (#16381)
• 6e5bc17 chore: absorb tests into others (#16365)
• dc8a01d chore: reduce fixtures by merging them (#16364)
• bb0ff91 refactor(astro): migrate error tests to typescript (#16377)
• a6866a7 fix(core): clean chunk name (#16367)
• 811015d chore: remove lone fixtures (#16363)
• Additional commits viewable in compare view

Updates astro from 5.18.1 to 6.1.8

Release notes

Sourced from astro's releases.

astro@6.1.8

Patch Changes

• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

astro@6.1.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

astro@6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

astro@6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

  This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

• #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.8

Patch Changes

• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

6.1.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

... (truncated)

Commits

• 63c5c85 [ci] release (#16356)
• 71c93ca [ci] format
• 5a84551 Improves Vue scoped style handling in DEV mode during client router navigatio...
• ba2dbf1 refactor(astro): correct Fixture type signatures in test-utils (#16380)
• 217c5b3 perf(core): cache crawl result (#16381)
• 6e5bc17 chore: absorb tests into others (#16365)
• dc8a01d chore: reduce fixtures by merging them (#16364)
• bb0ff91 refactor(astro): migrate error tests to typescript (#16377)
• a6866a7 fix(core): clean chunk name (#16367)
• 811015d chore: remove lone fixtures (#16363)
• Additional commits viewable in compare view

Updates valibot from 1.0.0 to 1.2.0

Release notes

Sourced from valibot's releases.

v1.2.0

Many thanks to @​EskiMojo14, @​makenowjust, @​ysknsid25 and @​jacekwilczynski for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

• Add toBigint, toBoolean, toDate, toNumber and toString transformation actions (pull request #1212)
• Add examples action to add example values to a schema (pull request #1199)
• Add getExamples method to extract example values from a schema (pull request #1199)
• Add isbn validation action to validate ISBN-10 and ISBN-13 strings (pull request #1097)
• Add exports for RawCheckAddIssue, RawCheckContext, RawCheckIssueInfo, RawTransformAddIssue, RawTransformContext and RawTransformIssueInfo types for better developer experience with rawCheck and rawTransform actions (pull request #1359)
• Change build step to tsdown
• Fix ReDoS vulnerability in EMOJI_REGEX used by emoji action

v1.2.0 (to-json-schema)

Many thanks to @​cruzdanilo and @​Xiot for contributing to this release.

• Add support for title, description and examples in metadata action (pull request #1189)
• Add new override configurations to override default behaviour of JSON Schema conversion (pull request #1197)
• Add storage for global definitions with addGlobalDefs and getGlobalDefs (pull request #1197)
• Add new toJsonSchemaDefs function to convert Valibot schema definitions to JSON Schema definitions (pull request #1197)

v1.1.0

Many thanks to @​EltonLobo07, @​sacrosanctic, @​muningis, @​EskiMojo14, @​MOZGIII, @​vktrl and @​jasperteo for contributing to this release.

Read the release notes on our website for a quick overview of the most exciting new features in this release.

• Add message method to overwrite local error message configuration of a schema (pull request #1103)
• Add summarize method to summarize issues into a pretty-printable multi-line string (pull request #1158)
• Add getTitle, getDescription and getMetadata methods to extract metadata of a schema (pull request #1154)
• Add minEntries and maxEntries validation action to validate number of object entries (pull request #1100)
• Add entries and notEntries validation action to validate number of object entries (pull request #1156)
• Add parseJson and stringifyJson transformation action to parse and stringify JSON (pull request #1137)
• Add flavor transformation action to flavor the output type of a schema (pull request #950)
• Add support for bigints to multipleOf validation action (pull request #1164)
• Change implementation of variant and variantAsync schema to improve performance by aborting validation of discriminators early (pull request #1110)
• Change name of NanoIDAction and NanoIDIssue interface to NanoIdAction and NanoIdIssue (pull request #1171)
• Fix internal MarkOptio...

  Description has been truncated

[dependabot]

Superseded by #6.