You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#1726179aa99c Thanks @astrobot-houston! - Fixes a false deprecation warning for markdown.gfm and markdown.smartypants when using the Container API
#17247f94280d Thanks @chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is 0. The generator used truthy checks instead of checking for undefined, so paginate(posts, { params: { categoryId: 0 } }) would crash even though 0 is a perfectly valid param value.
#172786f11739 Thanks @astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled
#172500b30b35 Thanks @matthewp! - Fixes the security.checkOrigin check so it is applied consistently to Astro Actions and on-demand endpoints, regardless of how the request pipeline is composed. Previously, the origin check could be skipped in the composable astro/hono pipeline depending on the order of the middleware() primitive (or when it was omitted).
#172748c3579b Thanks @astrobot-houston! - Fixes missing render() type overload for live collection entries. Previously, calling render() on a LiveDataEntry produced a TypeScript error when using only live.config.ts without a content.config.ts.
#172574208297 Thanks @astrobot-houston! - Fixes astro check failing to find @astrojs/check and typescript when astro is installed in a directory outside the project tree (e.g. pnpm virtual store)
#17272b428648 Thanks @matthewp! - Fixes island component paths so that extensionless imports (e.g. import { Counter } from '../components/Counter') resolve to the real file on disk, matching Vite's extension order and directory index resolution. This makes the include/exclude options of JSX renderer integrations (React, Preact, Solid) match components imported without a file extension, and removes the spurious React 19 "Invalid hook call" warning logged on every request in dev when include was set alongside another JSX renderer
#172792aeaa44 Thanks @astrobot-houston! - Fixes a bug where <Picture inferSize> with a remote image could fail with FailedToFetchRemoteImageDimensions when the image server rate-limits requests (e.g. HTTP 429). Remote dimensions are now resolved once per render instead of once per output format.
#172515240e26 Thanks @matthewp! - Hardens the handling of attribute rendering when using with custom elements.
#17248429bd62 Thanks @astrobot-houston! - Fixes a crash when using Astro's getViteConfig with Vitest browser mode (e.g., Storybook vitest runner). Astro now skips dev server setup inside Vitest, preventing errors.
#1726014524c0 Thanks @matthewp! - Fixes a regression where a <script> inside a component rendered through Astro.slots.render() was hoisted out of its original position instead of staying next to its component content
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
support@socket.dev.
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/astro@7.0.6. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
7.0.5→7.0.6Release Notes
withastro/astro (astro)
v7.0.6Compare Source
Patch Changes
#17261
79aa99cThanks @astrobot-houston! - Fixes a false deprecation warning formarkdown.gfmandmarkdown.smartypantswhen using the Container API#17247
f94280dThanks @chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is0. The generator used truthy checks instead of checking forundefined, sopaginate(posts, { params: { categoryId: 0 } })would crash even though0is a perfectly valid param value.#17278
6f11739Thanks @astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled#17250
0b30b35Thanks @matthewp! - Fixes thesecurity.checkOrigincheck so it is applied consistently to Astro Actions and on-demand endpoints, regardless of how the request pipeline is composed. Previously, the origin check could be skipped in the composableastro/honopipeline depending on the order of themiddleware()primitive (or when it was omitted).#17274
8c3579bThanks @astrobot-houston! - Fixes missingrender()type overload for live collection entries. Previously, callingrender()on aLiveDataEntryproduced a TypeScript error when using onlylive.config.tswithout acontent.config.ts.#17257
4208297Thanks @astrobot-houston! - Fixesastro checkfailing to find@astrojs/checkandtypescriptwhen astro is installed in a directory outside the project tree (e.g. pnpm virtual store)#17272
b428648Thanks @matthewp! - Fixes island component paths so that extensionless imports (e.g.import { Counter } from '../components/Counter') resolve to the real file on disk, matching Vite's extension order and directoryindexresolution. This makes theinclude/excludeoptions of JSX renderer integrations (React, Preact, Solid) match components imported without a file extension, and removes the spurious React 19 "Invalid hook call" warning logged on every request in dev whenincludewas set alongside another JSX renderer#17279
2aeaa44Thanks @astrobot-houston! - Fixes a bug where<Picture inferSize>with a remote image could fail withFailedToFetchRemoteImageDimensionswhen the image server rate-limits requests (e.g. HTTP 429). Remote dimensions are now resolved once per render instead of once per output format.#17251
5240e26Thanks @matthewp! - Hardens the handling of attribute rendering when using with custom elements.#17248
429bd62Thanks @astrobot-houston! - Fixes a crash when using Astro'sgetViteConfigwith Vitest browser mode (e.g., Storybook vitest runner). Astro now skips dev server setup inside Vitest, preventing errors.#17260
14524c0Thanks @matthewp! - Fixes a regression where a<script>inside a component rendered throughAstro.slots.render()was hoisted out of its original position instead of staying next to its component contentUpdated dependencies [
eb6f97e]:Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled because a matching PR was automerged previously.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.