Skip to content

Bump the javascript-dependencies group with 2 updates#89

Merged
shenanigansd merged 1 commit intomainfrom
dependabot/npm_and_yarn/javascript-dependencies-84a00363c7
Apr 1, 2026
Merged

Bump the javascript-dependencies group with 2 updates#89
shenanigansd merged 1 commit intomainfrom
dependabot/npm_and_yarn/javascript-dependencies-84a00363c7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps the javascript-dependencies group with 2 updates: astro and @biomejs/biome.

Updates astro from 6.0.3 to 6.0.8

Release notes

Sourced from astro's releases.

astro@6.0.8

Patch Changes

  • #15978 6d182fe Thanks @​seroperson! - Fixes a bug where Astro Actions didn't properly support nested object properties, causing problems when users used zod functions such as superRefine or discriminatedUnion.

  • #16011 e752170 Thanks @​matthewp! - Fixes a dev server hang on the first request when using the Cloudflare adapter

  • #15997 1fddff7 Thanks @​ematipico! - Fixes Astro.rewrite() failing when the target path contains duplicate slashes (e.g. //about). The duplicate slashes are now collapsed before URL parsing, preventing them from being interpreted as a protocol-relative URL.

astro@6.0.7

Patch Changes

  • #15950 acce5e8 Thanks @​matthewp! - Fixes a build regression in projects with multiple frontend integrations where server:defer server islands could fail at runtime when all pages are prerendered.

  • #15988 c93b4a0 Thanks @​ossaidqadri! - Fix styles from dynamically imported components not being injected on first dev server load.

  • #15968 3e7a9d5 Thanks @​chasemccoy! - Fixes renderMarkdown in custom content loaders not resolving images in markdown content. Images referenced in markdown processed by renderMarkdown are now correctly optimized, matching the behavior of the built-in glob() loader.

  • #15990 1e6017f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale would always be the default locale instead of the actual one when using a dynamic route like [locale].astro or [locale]/index.astro. It now resolves to the correct locale from the URL.

  • #15990 1e6017f Thanks @​ematipico! - Fixes an issue where visiting an invalid locale URL (e.g. /asdf/) would show the content of a dynamic [locale] page with a 404 status code, instead of showing your custom 404 page. Now, the correct 404 page is rendered when the locale in the URL doesn't match any configured locale.

  • #15960 1d84020 Thanks @​matthewp! - Fixes Cloudflare dev server islands with prerenderEnvironment: 'node' by sharing the serialized manifest encryption key across dev environments and routing server island requests through the SSR runtime.

  • #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

    When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

astro@6.0.6

Patch Changes

  • #15965 2dca307 Thanks @​matthewp! - Fixes client hydration for components imported through Node.js subpath imports (package.json#imports, e.g. #components/*), for example when using the Cloudflare adapter in development.

  • #15770 6102ca2 Thanks @​jpc-ae! - Updates the create astro welcome message to highlight the graceful dev/preview server quit command rather than the kill process shortcut

  • #15953 7eddf22 Thanks @​Desel72! - fix(hmr): eagerly recompile on style-only change to prevent stale slots render

  • #15916 5201ed4 Thanks @​trueberryless! - Fixes InferLoaderSchema type inference for content collections defined with a loader that includes a schema

  • #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

  • #15944 a5e1acd Thanks @​fkatsuhiro! - Fixes SSR dynamic routes with .html extension (e.g. [slug].html.astro) not working

  • #15937 d236245 Thanks @​ematipico! - Fixes an issue where HMR didn't correctly work on Windows when adding/changing/deleting routes in pages/.

  • #15931 98dfb61 Thanks @​Strernd! - Fix skew protection query params not being applied to island hydration component-url and renderer-url, and ensure query params are appended safely for asset URLs with existing search/hash parts.

  • Updated dependencies []:

    • @​astrojs/markdown-remark@​7.0.1

... (truncated)

Changelog

Sourced from astro's changelog.

6.0.8

Patch Changes

  • #15978 6d182fe Thanks @​seroperson! - Fixes a bug where Astro Actions didn't properly support nested object properties, causing problems when users used zod functions such as superRefine or discriminatedUnion.

  • #16011 e752170 Thanks @​matthewp! - Fixes a dev server hang on the first request when using the Cloudflare adapter

  • #15997 1fddff7 Thanks @​ematipico! - Fixes Astro.rewrite() failing when the target path contains duplicate slashes (e.g. //about). The duplicate slashes are now collapsed before URL parsing, preventing them from being interpreted as a protocol-relative URL.

6.0.7

Patch Changes

  • #15950 acce5e8 Thanks @​matthewp! - Fixes a build regression in projects with multiple frontend integrations where server:defer server islands could fail at runtime when all pages are prerendered.

  • #15988 c93b4a0 Thanks @​ossaidqadri! - Fix styles from dynamically imported components not being injected on first dev server load.

  • #15968 3e7a9d5 Thanks @​chasemccoy! - Fixes renderMarkdown in custom content loaders not resolving images in markdown content. Images referenced in markdown processed by renderMarkdown are now correctly optimized, matching the behavior of the built-in glob() loader.

  • #15990 1e6017f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale would always be the default locale instead of the actual one when using a dynamic route like [locale].astro or [locale]/index.astro. It now resolves to the correct locale from the URL.

  • #15990 1e6017f Thanks @​ematipico! - Fixes an issue where visiting an invalid locale URL (e.g. /asdf/) would show the content of a dynamic [locale] page with a 404 status code, instead of showing your custom 404 page. Now, the correct 404 page is rendered when the locale in the URL doesn't match any configured locale.

  • #15960 1d84020 Thanks @​matthewp! - Fixes Cloudflare dev server islands with prerenderEnvironment: 'node' by sharing the serialized manifest encryption key across dev environments and routing server island requests through the SSR runtime.

  • #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

    When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

6.0.6

Patch Changes

  • #15965 2dca307 Thanks @​matthewp! - Fixes client hydration for components imported through Node.js subpath imports (package.json#imports, e.g. #components/*), for example when using the Cloudflare adapter in development.

  • #15770 6102ca2 Thanks @​jpc-ae! - Updates the create astro welcome message to highlight the graceful dev/preview server quit command rather than the kill process shortcut

  • #15953 7eddf22 Thanks @​Desel72! - fix(hmr): eagerly recompile on style-only change to prevent stale slots render

  • #15916 5201ed4 Thanks @​trueberryless! - Fixes InferLoaderSchema type inference for content collections defined with a loader that includes a schema

  • #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

  • #15944 a5e1acd Thanks @​fkatsuhiro! - Fixes SSR dynamic routes with .html extension (e.g. [slug].html.astro) not working

  • #15937 d236245 Thanks @​ematipico! - Fixes an issue where HMR didn't correctly work on Windows when adding/changing/deleting routes in pages/.

  • #15931 98dfb61 Thanks @​Strernd! - Fix skew protection query params not being applied to island hydration component-url and renderer-url, and ensure query params are appended safely for asset URLs with existing search/hash parts.

... (truncated)

Commits
  • b47897c [ci] release (#15998)
  • e752170 fix(css): skip dev-css virtual modules in ensureModulesLoaded to prevent Clou...
  • 6d182fe fix(actions): support for nested objects in form (#15978)
  • 1fddff7 fix(rewrite): collapse leading slashes when doing a redirect (#15997)
  • 878791f [ci] release (#15985)
  • 3e7a9d5 fix(content-layer): populate imagePaths in renderMarkdown metadata (#15968)
  • acce5e8 Preserve renderers for discovered server islands (#15950)
  • 1e6017f Refactor/unit tests part2 (#15990)
  • 4741b09 test: actions, params and csrf to unit test (#15984)
  • c93b4a0 Inject styles from dynamically imported components on first dev server load (...
  • Additional commits viewable in compare view

Updates @biomejs/biome from 2.4.6 to 2.4.8

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.8

2.4.8

Patch Changes

  • #9488 bc709f6 Thanks @​mvanhorn! - Fixed #9463: the "Biome found a configuration file outside of the current working directory" diagnostic now includes the configuration file path and the working directory, giving users actionable information to debug the issue.

  • #9527 2f8bf80 Thanks @​mdm317! - Fixed #8959: Fixed TypeScript arrow function formatting when a comment appears after =>.

  • #9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleUpdateWithoutWhere to prevent accidental full-table updates when using Drizzle ORM without a .where() clause.

  • #9531 1302740 Thanks @​ematipico! - Fixed #9187: Astro frontmatter containing regex literals with quotes (/'/, /"/) or dashes (/---/) no longer causes parse errors.

  • #9535 b630d93 Thanks @​leno23! - Fixed #9524: remove extra space before > when bracketSameLine is true and the self-closing slash is absent in HTML formatter.

  • #9537 81e6306 Thanks @​ematipico! - Fixed #9238: The HTML parser no longer incorrectly reports --- inside element content (e.g. <td>---</td>) as an "Unexpected value or character" error.

  • #9532 4b64145 Thanks @​ematipico! - Fixed #9117: biome check --write no longer falsely reports Svelte and Vue files as changed when html.formatter.indentScriptAndStyle is enabled and the files are already correctly formatted.

  • #9528 61451ef Thanks @​ematipico! - Fixed #9341: Fixed an LSP crash that could corrupt file content when saving with format-on-save enabled.

  • #9538 794f79c Thanks @​ematipico! - Fixed #9279: The rule noSubstr now detects .substr() and .substring() calls in all expression contexts, including variable declarations, function arguments, return statements, and arrow function bodies.

  • #9462 c23272c Thanks @​ematipico! - Fixed #9370: The resolver now correctly prioritizes more specific exports patterns over less specific ones. Previously, a pattern like "./*" could match before "./features/*", causing resolution failures for packages with overlapping subpath patterns.

  • #9515 f85c069 Thanks @​shivamtiwari3! - Fixed #9506 and #9479: Biome no longer reports false parse errors on <script type="speculationrules"> and <script type="application/ld+json"> tags. These script types contain non-JavaScript content and are now correctly skipped by the embedded language detector.

  • #9514 7fe43c8 Thanks @​ematipico! - Fixed #6964: Biome now correctly resolves the .gitignore file relative to vcs.root when configured. Previously, the vcs.root setting was ignored and Biome always looked for the ignore file in the workspace directory.

  • #9521 af39936 Thanks @​ematipico! - Fixed #9483. Now the rule noRedeclare doesn't panic when it encounters constructor overloads.

  • #9490 60cf024 Thanks @​willfarrell! - Added support for modern CSS properties, pseudo-classes, and pseudo-elements.

    New known properties: dynamic-range-limit, overlay, reading-flow, reading-order, scroll-marker-group, scroll-target-group.

    New pseudo-elements: ::checkmark, ::column, ::picker, ::picker-icon, ::scroll-button, ::scroll-marker, ::scroll-marker-group.

    New pseudo-classes: :active-view-transition-type, :has-slotted, :target-after, :target-before, :target-current.

  • #9526 4d42823 Thanks @​ematipico! - Fixed #9358 and #9375. Now attributes that have text expressions such as class={buttonClass()} are correctly tracked in Svelte files.

  • #9520 61f53ee Thanks @​ematipico! - Fixed #9519. Now noUnusedVariables doesn't flag variables that are used as typeof type.

  • #9487 331dc0d Thanks @​mvanhorn! - Fixed #9477: source.fixAll.biome no longer sorts imports when source.organizeImports.biome is disabled in editor settings. The organize imports action is now excluded from the fix-all pass unless explicitly requested.

  • #9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleDeleteWithoutWhere to prevent accidental full-table deletes when using Drizzle ORM without a .where() clause.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.8

Patch Changes

  • #9488 bc709f6 Thanks @​mvanhorn! - Fixed #9463: the "Biome found a configuration file outside of the current working directory" diagnostic now includes the configuration file path and the working directory, giving users actionable information to debug the issue.

  • #9527 2f8bf80 Thanks @​mdm317! - Fixed #8959: Fixed TypeScript arrow function formatting when a comment appears after =>.

  • #9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleUpdateWithoutWhere to prevent accidental full-table updates when using Drizzle ORM without a .where() clause.

  • #9531 1302740 Thanks @​ematipico! - Fixed #9187: Astro frontmatter containing regex literals with quotes (/'/, /"/) or dashes (/---/) no longer causes parse errors.

  • #9535 b630d93 Thanks @​leno23! - Fixed #9524: remove extra space before > when bracketSameLine is true and the self-closing slash is absent in HTML formatter.

  • #9537 81e6306 Thanks @​ematipico! - Fixed #9238: The HTML parser no longer incorrectly reports --- inside element content (e.g. <td>---</td>) as an "Unexpected value or character" error.

  • #9532 4b64145 Thanks @​ematipico! - Fixed #9117: biome check --write no longer falsely reports Svelte and Vue files as changed when html.formatter.indentScriptAndStyle is enabled and the files are already correctly formatted.

  • #9528 61451ef Thanks @​ematipico! - Fixed #9341: Fixed an LSP crash that could corrupt file content when saving with format-on-save enabled.

  • #9538 794f79c Thanks @​ematipico! - Fixed #9279: The rule noSubstr now detects .substr() and .substring() calls in all expression contexts, including variable declarations, function arguments, return statements, and arrow function bodies.

  • #9462 c23272c Thanks @​ematipico! - Fixed #9370: The resolver now correctly prioritizes more specific exports patterns over less specific ones. Previously, a pattern like "./*" could match before "./features/*", causing resolution failures for packages with overlapping subpath patterns.

  • #9515 f85c069 Thanks @​shivamtiwari3! - Fixed #9506 and #9479: Biome no longer reports false parse errors on <script type="speculationrules"> and <script type="application/ld+json"> tags. These script types contain non-JavaScript content and are now correctly skipped by the embedded language detector.

  • #9514 7fe43c8 Thanks @​ematipico! - Fixed #6964: Biome now correctly resolves the .gitignore file relative to vcs.root when configured. Previously, the vcs.root setting was ignored and Biome always looked for the ignore file in the workspace directory.

  • #9521 af39936 Thanks @​ematipico! - Fixed #9483. Now the rule noRedeclare doesn't panic when it encounters constructor overloads.

  • #9490 60cf024 Thanks @​willfarrell! - Added support for modern CSS properties, pseudo-classes, and pseudo-elements.

    New known properties: dynamic-range-limit, overlay, reading-flow, reading-order, scroll-marker-group, scroll-target-group.

    New pseudo-elements: ::checkmark, ::column, ::picker, ::picker-icon, ::scroll-button, ::scroll-marker, ::scroll-marker-group.

    New pseudo-classes: :active-view-transition-type, :has-slotted, :target-after, :target-before, :target-current.

  • #9526 4d42823 Thanks @​ematipico! - Fixed #9358 and #9375. Now attributes that have text expressions such as class={buttonClass()} are correctly tracked in Svelte files.

  • #9520 61f53ee Thanks @​ematipico! - Fixed #9519. Now noUnusedVariables doesn't flag variables that are used as typeof type.

  • #9487 331dc0d Thanks @​mvanhorn! - Fixed #9477: source.fixAll.biome no longer sorts imports when source.organizeImports.biome is disabled in editor settings. The organize imports action is now excluded from the fix-all pass unless explicitly requested.

  • #9525 e7b3b10 Thanks @​ViniciusDev26! - Added the rule noDrizzleDeleteWithoutWhere to prevent accidental full-table deletes when using Drizzle ORM without a .where() clause.

2.4.7

Patch Changes

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the javascript-dependencies group with 2 updates
4d38cda 
Bumps the javascript-dependencies group with 2 updates: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) and [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome).


Updates `astro` from 6.0.3 to 6.0.8
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.0.8/packages/astro)

Updates `@biomejs/biome` from 2.4.6 to 2.4.8
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.8/packages/@biomejs/biome)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 6.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: javascript-dependencies
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.8
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: javascript-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026
@dependabot dependabot bot requested a review from shenanigansd as a code owner April 1, 2026 00:40
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 1, 2026
@shenanigansd shenanigansd merged commit cf58da6 into main Apr 1, 2026
4 checks passed
@shenanigansd shenanigansd deleted the dependabot/npm_and_yarn/javascript-dependencies-84a00363c7 branch April 1, 2026 01:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@shenanigansd shenanigansd Awaiting requested review from shenanigansd shenanigansd is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shenanigansd