Update dependency astro to v4.6.1 #93

Merged

jahanson merged 1 commit from renovate/astro-4.x-lockfile into main 2024-04-12 11:28:48 -05:00

Conversation 0 Commits 1 Files changed 1 +25 -38

smeagol-help commented 2024-04-09 20:39:47 -05:00

Collaborator

Copy link

This PR contains the following updates:

Package	Type	Update	Change
astro (source)	dependencies	minor	4.5.17 -> 4.6.1

---

Release Notes

withastro/astro (astro)

v4.6.1

Compare Source

Patch Changes

• #​10708 742866c5669a2be4f8b5a4c861cadb933c381415 Thanks @​horo-fox! - Limits parallel imports within getCollection() to prevent EMFILE errors when accessing files

• #​10755 c6d59b6fb7db20af957a8706c8159c50619235ef Thanks @​ematipico! - Fixes a case where the i18n fallback failed to correctly redirect to the index page with SSR enabled

v4.6.0

Compare Source

Minor Changes

• #​10591 39988ef8e2c4c4888543c973e06d9b9939e4ac95 Thanks @​mingjunlu! - Adds a new dev toolbar settings option to change the horizontal placement of the dev toolbar on your screen: bottom left, bottom center, or bottom right.

• #​10689 683d51a5eecafbbfbfed3910a3f1fbf0b3531b99 Thanks @​ematipico! - Deprecate support for versions of Node.js older than v18.17.1 for Node.js 18, older than v20.0.3 for Node.js 20, and the complete Node.js v19 release line.

  This change is in line with Astro's Node.js support policy.

• #​10678 2e53b5fff6d292b7acdf8c30a6ecf5e5696846a1 Thanks @​ematipico! - Adds a new experimental security option to prevent Cross-Site Request Forgery (CSRF) attacks. This feature is available only for pages rendered on demand:

  import { defineConfig } from 'astro/config';
  export default defineConfig({
    experimental: {
      security: {
        csrfProtection: {
          origin: true,
        },
      },
    },
  });
  

  Enabling this setting performs a check that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each Request.

  This experimental "origin" check is executed only for pages rendered on demand, and only for the requests POST, PATCH, DELETEandPUTwith one of the followingcontent-type` headers: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'.

  It the "origin" header doesn't match the pathname of the request, Astro will return a 403 status code and won't render the page.

• #​10193 440681e7b74511a17b152af0fd6e0e4dc4014025 Thanks @​ematipico! - Adds a new i18n routing option manual to allow you to write your own i18n middleware:

  import { defineConfig } from 'astro/config';
  // astro.config.mjs
  export default defineConfig({
    i18n: {
      locales: ['en', 'fr'],
      defaultLocale: 'fr',
      routing: 'manual',
    },
  });
  

  Adding routing: "manual" to your i18n config disables Astro's own i18n middleware and provides you with helper functions to write your own: redirectToDefaultLocale, notFound, and redirectToFallback:

  // middleware.js
  import { redirectToDefaultLocale } from 'astro:i18n';
  export const onRequest = defineMiddleware(async (context, next) => {
    if (context.url.startsWith('/about')) {
      return next();
    } else {
      return redirectToDefaultLocale(context, 302);
    }
  });
  

  Also adds a middleware function that manually creates Astro's i18n middleware. This allows you to extend Astro's i18n routing instead of completely replacing it. Run middleware in combination with your own middleware, using the sequence utility to determine the order:

  import { defineMiddleware, sequence } from 'astro:middleware';
  import { middleware } from 'astro:i18n'; // Astro's own i18n routing config
  
  export const userMiddleware = defineMiddleware();
  
  export const onRequest = sequence(
    userMiddleware,
    middleware({
      redirectToDefaultLocale: false,
      prefixDefaultLocale: true,
    })
  );
  

• #​10671 9e14a78cb05667af9821948c630786f74680090d Thanks @​fshafiee! - Adds the httpOnly, sameSite, and secure options when deleting a cookie

Patch Changes

• #​10747 994337c99f84304df1147a14504659439a9a7326 Thanks @​lilnasy! - Fixes an issue where functions could not be used as named slots.

• #​10750 7e825604ddf90c989537e07939a39dc249343897 Thanks @​OliverSpeir! - Fixes a false positive for "Invalid tabindex on non-interactive element" rule for roleless elements ( div and span ).

• #​10745 d51951ce6278d4b59deed938d65e1cb72b5102df Thanks @​lilnasy! - Fixes an issue where CLI commands could not report the reason for failure before exiting.

• #​10661 e2cd7f4291912dadd4a654bc7917856c58a72a97 Thanks @​liruifengv! - Fixed errorOverlay theme toggle bug.

• Updated dependencies [ccafa8d230f65c9302421a0ce0a0adc5824bfd55, 683d51a5eecafbbfbfed3910a3f1fbf0b3531b99]:

  • @​astrojs/markdown-remark@​5.1.0
  • @​astrojs/telemetry@​3.1.0

v4.5.18

Compare Source

Patch Changes

• #​10728 f508c4b7d54316e737f454a3777204b23636d4a0 Thanks @​ematipico! - Fixes a regression where some very specific code rendered using expressive-code was not escaped properly.

• #​10737 8a30f257b1f3618b01212a591b82ad7a63c82fbb Thanks @​lilnasy! - Fixes a regression where constructing and returning 404 responses from a middleware resulted in the dev server getting stuck in a loop.

• #​10719 b21b3ba307235510707ee9f5bd49f71473a07004 Thanks @​ematipico! - Fixes a false positive for div and span elements when running the Dev Toolbar accessibility audits.

  Those are special elements that don't have an interaction assigned by default. Instead, it is assigned through the role attribute. This means that cases like the following are now deemed correct:

  <div role="tablist"></div>
  <span role="button" onclick="" onkeydown=""></span>
  

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astro](https://astro.build) ([source](https://github.com/withastro/astro/tree/HEAD/packages/astro)) | dependencies | minor | [`4.5.17` -> `4.6.1`](https://renovatebot.com/diffs/npm/astro/4.5.17/4.6.1) | --- ### Release Notes <details> <summary>withastro/astro (astro)</summary> ### [`v4.6.1`](https://github.com/withastro/astro/blob/HEAD/packages/astro/CHANGELOG.md#461) [Compare Source](https://github.com/withastro/astro/compare/astro@4.6.0...astro@4.6.1) ##### Patch Changes - [#&#8203;10708](https://github.com/withastro/astro/pull/10708) [`742866c5669a2be4f8b5a4c861cadb933c381415`](https://github.com/withastro/astro/commit/742866c5669a2be4f8b5a4c861cadb933c381415) Thanks [@&#8203;horo-fox](https://github.com/horo-fox)! - Limits parallel imports within `getCollection()` to prevent EMFILE errors when accessing files - [#&#8203;10755](https://github.com/withastro/astro/pull/10755) [`c6d59b6fb7db20af957a8706c8159c50619235ef`](https://github.com/withastro/astro/commit/c6d59b6fb7db20af957a8706c8159c50619235ef) Thanks [@&#8203;ematipico](https://github.com/ematipico)! - Fixes a case where the i18n fallback failed to correctly redirect to the index page with SSR enabled ### [`v4.6.0`](https://github.com/withastro/astro/blob/HEAD/packages/astro/CHANGELOG.md#460) [Compare Source](https://github.com/withastro/astro/compare/astro@4.5.18...astro@4.6.0) ##### Minor Changes - [#&#8203;10591](https://github.com/withastro/astro/pull/10591) [`39988ef8e2c4c4888543c973e06d9b9939e4ac95`](https://github.com/withastro/astro/commit/39988ef8e2c4c4888543c973e06d9b9939e4ac95) Thanks [@&#8203;mingjunlu](https://github.com/mingjunlu)! - Adds a new dev toolbar settings option to change the horizontal placement of the dev toolbar on your screen: bottom left, bottom center, or bottom right. - [#&#8203;10689](https://github.com/withastro/astro/pull/10689) [`683d51a5eecafbbfbfed3910a3f1fbf0b3531b99`](https://github.com/withastro/astro/commit/683d51a5eecafbbfbfed3910a3f1fbf0b3531b99) Thanks [@&#8203;ematipico](https://github.com/ematipico)! - Deprecate support for versions of Node.js older than `v18.17.1` for Node.js 18, older than `v20.0.3` for Node.js 20, and the complete Node.js v19 release line. This change is in line with Astro's [Node.js support policy](https://docs.astro.build/en/upgrade-astro/#support). - [#&#8203;10678](https://github.com/withastro/astro/pull/10678) [`2e53b5fff6d292b7acdf8c30a6ecf5e5696846a1`](https://github.com/withastro/astro/commit/2e53b5fff6d292b7acdf8c30a6ecf5e5696846a1) Thanks [@&#8203;ematipico](https://github.com/ematipico)! - Adds a new experimental security option to prevent [Cross-Site Request Forgery (CSRF) attacks](https://owasp.org/www-community/attacks/csrf). This feature is available only for pages rendered on demand: ```js import { defineConfig } from 'astro/config'; export default defineConfig({ experimental: { security: { csrfProtection: { origin: true, }, }, }, }); ``` Enabling this setting performs a check that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each `Request`. This experimental "origin" check is executed only for pages rendered on demand, and only for the requests ` POST, `PATCH` , `DELETE`and`PUT`with one of the following`content-type\` headers: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'. It the "origin" header doesn't match the pathname of the request, Astro will return a 403 status code and won't render the page. - [#&#8203;10193](https://github.com/withastro/astro/pull/10193) [`440681e7b74511a17b152af0fd6e0e4dc4014025`](https://github.com/withastro/astro/commit/440681e7b74511a17b152af0fd6e0e4dc4014025) Thanks [@&#8203;ematipico](https://github.com/ematipico)! - Adds a new i18n routing option `manual` to allow you to write your own i18n middleware: ```js import { defineConfig } from 'astro/config'; // astro.config.mjs export default defineConfig({ i18n: { locales: ['en', 'fr'], defaultLocale: 'fr', routing: 'manual', }, }); ``` Adding `routing: "manual"` to your i18n config disables Astro's own i18n middleware and provides you with helper functions to write your own: `redirectToDefaultLocale`, `notFound`, and `redirectToFallback`: ```js // middleware.js import { redirectToDefaultLocale } from 'astro:i18n'; export const onRequest = defineMiddleware(async (context, next) => { if (context.url.startsWith('/about')) { return next(); } else { return redirectToDefaultLocale(context, 302); } }); ``` Also adds a `middleware` function that manually creates Astro's i18n middleware. This allows you to extend Astro's i18n routing instead of completely replacing it. Run `middleware` in combination with your own middleware, using the `sequence` utility to determine the order: ```js title="src/middleware.js" import { defineMiddleware, sequence } from 'astro:middleware'; import { middleware } from 'astro:i18n'; // Astro's own i18n routing config export const userMiddleware = defineMiddleware(); export const onRequest = sequence( userMiddleware, middleware({ redirectToDefaultLocale: false, prefixDefaultLocale: true, }) ); ``` - [#&#8203;10671](https://github.com/withastro/astro/pull/10671) [`9e14a78cb05667af9821948c630786f74680090d`](https://github.com/withastro/astro/commit/9e14a78cb05667af9821948c630786f74680090d) Thanks [@&#8203;fshafiee](https://github.com/fshafiee)! - Adds the `httpOnly`, `sameSite`, and `secure` options when deleting a cookie ##### Patch Changes - [#&#8203;10747](https://github.com/withastro/astro/pull/10747) [`994337c99f84304df1147a14504659439a9a7326`](https://github.com/withastro/astro/commit/994337c99f84304df1147a14504659439a9a7326) Thanks [@&#8203;lilnasy](https://github.com/lilnasy)! - Fixes an issue where functions could not be used as named slots. - [#&#8203;10750](https://github.com/withastro/astro/pull/10750) [`7e825604ddf90c989537e07939a39dc249343897`](https://github.com/withastro/astro/commit/7e825604ddf90c989537e07939a39dc249343897) Thanks [@&#8203;OliverSpeir](https://github.com/OliverSpeir)! - Fixes a false positive for "Invalid `tabindex` on non-interactive element" rule for roleless elements ( `div` and `span` ). - [#&#8203;10745](https://github.com/withastro/astro/pull/10745) [`d51951ce6278d4b59deed938d65e1cb72b5102df`](https://github.com/withastro/astro/commit/d51951ce6278d4b59deed938d65e1cb72b5102df) Thanks [@&#8203;lilnasy](https://github.com/lilnasy)! - Fixes an issue where CLI commands could not report the reason for failure before exiting. - [#&#8203;10661](https://github.com/withastro/astro/pull/10661) [`e2cd7f4291912dadd4a654bc7917856c58a72a97`](https://github.com/withastro/astro/commit/e2cd7f4291912dadd4a654bc7917856c58a72a97) Thanks [@&#8203;liruifengv](https://github.com/liruifengv)! - Fixed errorOverlay theme toggle bug. - Updated dependencies \[[`ccafa8d230f65c9302421a0ce0a0adc5824bfd55`](https://github.com/withastro/astro/commit/ccafa8d230f65c9302421a0ce0a0adc5824bfd55), [`683d51a5eecafbbfbfed3910a3f1fbf0b3531b99`](https://github.com/withastro/astro/commit/683d51a5eecafbbfbfed3910a3f1fbf0b3531b99)]: - [@&#8203;astrojs/markdown-remark](https://github.com/astrojs/markdown-remark)[@&#8203;5](https://github.com/5).1.0 - [@&#8203;astrojs/telemetry](https://github.com/astrojs/telemetry)[@&#8203;3](https://github.com/3).1.0 ### [`v4.5.18`](https://github.com/withastro/astro/blob/HEAD/packages/astro/CHANGELOG.md#4518) [Compare Source](https://github.com/withastro/astro/compare/astro@4.5.17...astro@4.5.18) ##### Patch Changes - [#&#8203;10728](https://github.com/withastro/astro/pull/10728) [`f508c4b7d54316e737f454a3777204b23636d4a0`](https://github.com/withastro/astro/commit/f508c4b7d54316e737f454a3777204b23636d4a0) Thanks [@&#8203;ematipico](https://github.com/ematipico)! - Fixes a regression where some very **specific** code rendered using `expressive-code` was not escaped properly. - [#&#8203;10737](https://github.com/withastro/astro/pull/10737) [`8a30f257b1f3618b01212a591b82ad7a63c82fbb`](https://github.com/withastro/astro/commit/8a30f257b1f3618b01212a591b82ad7a63c82fbb) Thanks [@&#8203;lilnasy](https://github.com/lilnasy)! - Fixes a regression where constructing and returning 404 responses from a middleware resulted in the dev server getting stuck in a loop. - [#&#8203;10719](https://github.com/withastro/astro/pull/10719) [`b21b3ba307235510707ee9f5bd49f71473a07004`](https://github.com/withastro/astro/commit/b21b3ba307235510707ee9f5bd49f71473a07004) Thanks [@&#8203;ematipico](https://github.com/ematipico)! - Fixes a false positive for `div` and `span` elements when running the Dev Toolbar accessibility audits. Those are special elements that don't have an interaction assigned by default. Instead, it is assigned through the `role` attribute. This means that cases like the following are now deemed correct: ```html <div role="tablist"></div> <span role="button" onclick="" onkeydown=""></span> ``` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yNzkuMyIsInVwZGF0ZWRJblZlciI6IjM3LjI4Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

smeagol-help added 1 commit 2024-04-09 20:39:47 -05:00

Update dependency astro to v4.5.18 72c7c756dd

smeagol-help force-pushed renovate/astro-4.x-lockfile from 72c7c756dd to 83751e4b37 2024-04-11 07:03:17 -05:00 Compare

smeagol-help changed title from Update dependency astro to v4.5.18 to Update dependency astro to v4.6.0 2024-04-11 07:04:39 -05:00

smeagol-help force-pushed renovate/astro-4.x-lockfile from 83751e4b37 to 6d38762cd2 2024-04-12 11:03:54 -05:00 Compare

smeagol-help changed title from Update dependency astro to v4.6.0 to Update dependency astro to v4.6.1 2024-04-12 11:04:12 -05:00

jahanson merged commit b218620497 into main 2024-04-12 11:28:48 -05:00

jahanson deleted branch renovate/astro-4.x-lockfile 2024-04-12 11:28:48 -05:00

jahanson referenced this pull request from a commit 2024-04-12 11:28:49 -05:00

Merge pull request 'Update dependency astro to v4.6.1' (#93) from renovate/astro-4.x-lockfile into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: jahanson/joehanson-dev#93

No description provided.