Skip to content

build(deps): bump astro from 6.2.2 to 6.3.6#198

Merged
erode-release[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/astro-6.3.6
May 20, 2026
Merged

build(deps): bump astro from 6.2.2 to 6.3.6#198
erode-release[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/astro-6.3.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 20, 2026

Copy link
Copy Markdown
Contributor

Bumps astro from 6.2.2 to 6.3.6.

Release notes

Sourced from astro's releases.

astro@6.3.6

Patch Changes

  • #16774 8f77583 Thanks @​astrobot-houston! - Fixes markdown images with empty alt text (![](https://github.com/withastro/astro/tree/HEAD/packages/astro/blob/HEAD/image.jpg)) in content collections dropping the alt attribute entirely. The alt="" attribute is now correctly preserved in the rendered HTML output, which is important for accessibility (indicating decorative images).

  • #16776 3d10b5e Thanks @​matthewp! - Fixes HMR serving stale content when components are passed as props via getStaticPaths()

  • #16784 7453860 Thanks @​ematipico! - Improved the printing of the build time if it goes over the 60 seconds.

  • #16665 3dbbcee Thanks @​Princesseuh! - Fixes remote SVG sources erroring with dangerouslyProcessSVG after the v6.3 SVG-processing gate. The default Sharp service now resolves the output format from the source up-front when it can (URL extension, data: MIME, ESM metadata), and from the actual buffer at request time when it can't, so SVG sources pass through untouched without needing to set image.dangerouslyProcessSVG: true or an explicit format="svg".

    The error message has also been updated to point at format="svg" as the simpler workaround when an SVG source is encountered without dangerouslyProcessSVG enabled.

  • #16777 1754b91 Thanks @​matthewp! - Fixes HMR serving stale content for dynamically imported components through barrel files

  • #16730 068d924 Thanks @​harshagarwalnyu! - Fixes an issue where the file() content loader did not generate a valid JSON Schema for collections whose JSON or YAML data is a top-level array instead of an object.

astro@6.3.5

Patch Changes

  • #16771 07c8805 Thanks @​ematipico! - Fixes position prop on <Image> and <Picture> components breaking Content Security Policy (CSP).

  • #16593 50924ce Thanks @​yanthomasdev! - Improves error messages with more consistent and correct writing.

  • #16757 5d661cd Thanks @​astrobot-houston! - Fixes dev server serving stale content when SSR-only modules change (e.g. .astro files outside the project root in a monorepo, or dynamically imported components).

    Previously, the astro:hmr-reload plugin returned an empty array after detecting SSR-only module changes, which prevented Vite's updateModules from propagating the invalidation to the SSR module runner. The runner's evaluated module cache stayed stale, so subsequent requests continued returning old content.

    Now the plugin returns the SSR-only modules so Vite can process them through updateModules, which properly invalidates the module runner's cache and ensures fresh content on the next request.

astro@6.3.4

Patch Changes

  • #16723 0f10bfe Thanks @​matthewp! - Adds fetchFile option to experimental.advancedRouting to customize or disable the entrypoint file

    export default defineConfig({
      experimental: {
        advancedRouting: {
          fetchFile: 'fetch.ts',
        },
      },
    });
  • #16723 0f10bfe Thanks @​matthewp! - Fixes Hono cache() middleware to follow the standard wrapper pattern

  • #16723 0f10bfe Thanks @​matthewp! - Adds App.Providers interface for typing custom context providers on Astro and ctx

... (truncated)

Changelog

Sourced from astro's changelog.

6.3.6

Patch Changes

  • #16774 8f77583 Thanks @​astrobot-houston! - Fixes markdown images with empty alt text (![](https://github.com/withastro/astro/blob/main/packages/astro/image.jpg)) in content collections dropping the alt attribute entirely. The alt="" attribute is now correctly preserved in the rendered HTML output, which is important for accessibility (indicating decorative images).

  • #16776 3d10b5e Thanks @​matthewp! - Fixes HMR serving stale content when components are passed as props via getStaticPaths()

  • #16784 7453860 Thanks @​ematipico! - Improved the printing of the build time if it goes over the 60 seconds.

  • #16665 3dbbcee Thanks @​Princesseuh! - Fixes remote SVG sources erroring with dangerouslyProcessSVG after the v6.3 SVG-processing gate. The default Sharp service now resolves the output format from the source up-front when it can (URL extension, data: MIME, ESM metadata), and from the actual buffer at request time when it can't, so SVG sources pass through untouched without needing to set image.dangerouslyProcessSVG: true or an explicit format="svg".

    The error message has also been updated to point at format="svg" as the simpler workaround when an SVG source is encountered without dangerouslyProcessSVG enabled.

  • #16777 1754b91 Thanks @​matthewp! - Fixes HMR serving stale content for dynamically imported components through barrel files

  • #16730 068d924 Thanks @​harshagarwalnyu! - Fixes an issue where the file() content loader did not generate a valid JSON Schema for collections whose JSON or YAML data is a top-level array instead of an object.

6.3.5

Patch Changes

  • #16771 07c8805 Thanks @​ematipico! - Fixes position prop on <Image> and <Picture> components breaking Content Security Policy (CSP).

  • #16593 50924ce Thanks @​yanthomasdev! - Improves error messages with more consistent and correct writing.

  • #16757 5d661cd Thanks @​astrobot-houston! - Fixes dev server serving stale content when SSR-only modules change (e.g. .astro files outside the project root in a monorepo, or dynamically imported components).

    Previously, the astro:hmr-reload plugin returned an empty array after detecting SSR-only module changes, which prevented Vite's updateModules from propagating the invalidation to the SSR module runner. The runner's evaluated module cache stayed stale, so subsequent requests continued returning old content.

    Now the plugin returns the SSR-only modules so Vite can process them through updateModules, which properly invalidates the module runner's cache and ensures fresh content on the next request.

6.3.4

Patch Changes

  • #16723 0f10bfe Thanks @​matthewp! - Adds fetchFile option to experimental.advancedRouting to customize or disable the entrypoint file

    export default defineConfig({
      experimental: {
        advancedRouting: {
          fetchFile: 'fetch.ts',
        },
      },
    });
  • #16723 0f10bfe Thanks @​matthewp! - Fixes Hono cache() middleware to follow the standard wrapper pattern

... (truncated)

Commits
  • 223a843 [ci] release (#16775)
  • e4bce73 [ci] format
  • 1754b91 Invalidate importer modules in runner cache during HMR (#16777)
  • 3d10b5e Invalidate route cache when module identity changes after HMR (#16776)
  • 7453860 fix: build times timestamp (#16784)
  • 3dbbcee fix(sharp): handle default formats differently (#16665)
  • 068d924 fix(content): generate anyOf schema for file() loader to support top-level ar...
  • 8f77583 fix(content): preserve empty alt attributes on markdown images in content col...
  • 5b4122e [ci] release (#16772)
  • 5d661cd Fix dev server serving stale content for files outside project root (#16757)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 20, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 20, 2026 21:55
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 20, 2026
@erode-release erode-release Bot enabled auto-merge (squash) May 20, 2026 21:55
@greptile-apps

greptile-apps Bot commented May 20, 2026

Copy link
Copy Markdown

Greptile Summary

This PR bumps the astro dependency from 6.2.2 to 6.3.6 in packages/web/package.json, with the corresponding package-lock.json update. All intermediate releases are patch versions containing only bug fixes and no breaking changes.

  • packages/web/package.json: Version constraint updated from ^6.2.2 to ^6.3.6.
  • package-lock.json: Resolved versions for astro, @astrojs/telemetry (3.3.1→3.3.2), @astrojs/internal-helpers (0.9.0→0.9.1), and @astrojs/markdown-remark (7.1.1→7.1.2) are updated; the dlv transitive dependency is removed from @astrojs/telemetry.

Confidence Score: 5/5

Safe to merge — this is a routine patch-only upgrade with no breaking changes and no application code modifications.

The update spans six patch releases (6.2.2 → 6.3.6), all containing bug fixes (HMR stale content, CSP regression, markdown accessibility, SVG handling). No application source files are touched and the lock file hashes are consistent with the declared versions.

No files require special attention.

Important Files Changed

Filename Overview
packages/web/package.json Bumps astro from ^6.2.2 to ^6.3.6; all intermediate releases are patch-level bug fixes with no breaking changes.
package-lock.json Lock file regenerated to reflect updated astro and companion package versions; integrity hashes updated correctly.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["packages/web/package.json\nastro 6.2.2 to 6.3.6"] --> B["package-lock.json updated"]
    B --> C["astro 6.3.6\nHMR + CSP + markdown fixes"]
    B --> D["telemetry 3.3.2\ndrops dlv dep"]
    B --> E["markdown-remark 7.1.2"]
    B --> F["internal-helpers 0.9.1"]
Loading

Reviews (3): Last reviewed commit: "build(deps): bump astro from 6.2.2 to 6...." | Re-trigger Greptile

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/astro-6.3.6 branch from 7b1b94d to b1337d9 Compare May 20, 2026 22:00
Bumps [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) from 6.2.2 to 6.3.6.
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.3.6/packages/astro)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 6.3.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/astro-6.3.6 branch from b1337d9 to d7e422b Compare May 20, 2026 22:03
@erode-release erode-release Bot merged commit dca07ca into main May 20, 2026
3 checks passed
@erode-release erode-release Bot deleted the dependabot/npm_and_yarn/astro-6.3.6 branch May 20, 2026 22:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants