chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@astrojs/react (source)	3.6.0 -> 3.6.2
@babel/core (source)	7.24.9 -> 7.25.2
@babel/preset-env (source)	7.24.8 -> 7.25.3
@std-uritemplate/std-uritemplate	1.0.3 -> 1.0.5
@types/node (source)	20.14.11 -> 20.15.0
@typescript-eslint/eslint-plugin (source)	7.16.1 -> 7.18.0
@typescript-eslint/parser (source)	7.16.1 -> 7.18.0
astro (source)	4.12.2 -> 4.14.2
debug	4.3.5 -> 4.3.6
esbuild	0.23.0 -> 0.23.1
husky	9.1.1 -> 9.1.4
lint-staged	15.2.7 -> 15.2.9
mdx-bundler	10.0.2 -> 10.0.3
pnpm (source)	9.5.0 -> 9.7.1
ts-jest (source)	29.2.3 -> 29.2.4
turbo (source)	2.0.9 -> 2.0.14
typescript (source)	5.5.3 -> 5.5.4
vite (source)	5.3.4 -> 5.4.1

---

Release Notes

withastro/astro (@​astrojs/react)

v3.6.2

Compare Source

Patch Changes

• #​11624 7adb350 Thanks @​bluwy! - Prevents throwing errors when checking if a component is a React component in runtime

v3.6.1

Compare Source

Patch Changes

• #​11571 1c3265a Thanks @​bholmesdev! - BREAKING CHANGE to the experimental Actions API only. Install the latest @astrojs/react integration as well if you're using React 19 features.

  Make .safe() the default return value for actions. This means { data, error } will be returned when calling an action directly. If you prefer to get the data while allowing errors to throw, chain the .orThrow() modifier.

  import { actions } from 'astro:actions';
  
  // Before
  const { data, error } = await actions.like.safe();
  // After
  const { data, error } = await actions.like();
  
  // Before
  const newLikes = await actions.like();
  // After
  const newLikes = await actions.like.orThrow();

babel/babel (@​babel/core)

v7.25.2

Compare Source

🐛 Bug Fix

• babel-core, babel-traverse
  • #​16695 Ensure that requeueComputedKeyAndDecorators is available (@​nicolo-ribaudo)

std-uritemplate/std-uritemplate (@​std-uritemplate/std-uritemplate)

v1.0.5

Compare Source

v1.0.4

Compare Source

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v7.18.0

Compare Source

🩹 Fixes

• eslint-plugin: [no-unnecessary-type-assertion] prevent runtime error when asserting a variable declared in default TS lib

• eslint-plugin: [unbound-method] report on destructuring in function parameters

• eslint-plugin: [no-duplicate-type-constituents] shouldn't report on error types

• eslint-plugin: [strict-boolean-expressions] support branded booleans

❤️ Thank You

• auvred
• Oliver Salzburg
• Vinccool96
• Yukihiro Hasegawa

You can read about our versioning strategy and releases on our website.

v7.17.0

Compare Source

🚀 Features

• eslint-plugin: backport no-unsafe-function type, no-wrapper-object-types from v8 to v7

• eslint-plugin: [return-await] add option to report in error-handling scenarios only, and deprecate "never"

🩹 Fixes

• eslint-plugin: [no-floating-promises] check top-level type assertions (and more)

• eslint-plugin: [strict-boolean-expressions] consider assertion function argument a boolean context

• eslint-plugin: [no-unnecessary-condition] false positive on optional private field

❤️ Thank You

• Armano
• Josh Goldberg ✨
• Kirk Waiblinger
• StyleShit

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v7.18.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v7.17.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

withastro/astro (astro)

v4.14.2

Compare Source

Patch Changes

• #​11733 391324d Thanks @​bluwy! - Reverts back to yargs-parser package for CLI argument parsing

v4.14.1

Compare Source

Patch Changes

• #​11725 6c1560f Thanks @​ascorbic! - Prevents content layer importing node builtins in runtime

• #​11692 35af73a Thanks @​matthewp! - Prevent errant HTML from crashing server islands

  When an HTML minifier strips away the server island comment, the script can't correctly know where the end of the fallback content is. This makes it so that it simply doesn't remove any DOM in that scenario. This means the fallback isn't removed, but it also doesn't crash the browser.

• #​11727 3c2f93b Thanks @​florian-lefebvre! - Fixes a type issue when using the Content Layer in dev

v4.14.0

Compare Source

Minor Changes

• #​11657 a23c69d Thanks @​bluwy! - Deprecates the option for route-generating files to export a dynamic value for prerender. Only static values are now supported (e.g. export const prerender = true or = false). This allows for better treeshaking and bundling configuration in the future.

  Adds a new "astro:route:setup" hook to the Integrations API to allow you to dynamically set options for a route at build or request time through an integration, such as enabling on-demand server rendering.

  To migrate from a dynamic export to the new hook, update or remove any dynamic prerender exports from individual routing files:

  // src/pages/blog/[slug].astro
  - export const prerender = import.meta.env.PRERENDER

  Instead, create an integration with the "astro:route:setup" hook and update the route's prerender option:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { loadEnv } from 'vite';
  
  export default defineConfig({
    integrations: [setPrerender()],
  });
  
  function setPrerender() {
    const { PRERENDER } = loadEnv(process.env.NODE_ENV, process.cwd(), '');
  
    return {
      name: 'set-prerender',
      hooks: {
        'astro:route:setup': ({ route }) => {
          if (route.component.endsWith('/blog/[slug].astro')) {
            route.prerender = PRERENDER;
          }
        },
      },
    };
  }

• #​11360 a79a8b0 Thanks @​ascorbic! - Adds a new injectTypes() utility to the Integration API and refactors how type generation works

  Use injectTypes() in the astro:config:done hook to inject types into your user's project by adding a new a *.d.ts file.

  The filename property will be used to generate a file at /.astro/integrations/<normalized_integration_name>/<normalized_filename>.d.ts and must end with ".d.ts".

  The content property will create the body of the file, and must be valid TypeScript.

  Additionally, injectTypes() returns a URL to the normalized path so you can overwrite its content later on, or manipulate it in any way you want.

  // my-integration/index.js
  export default {
    name: 'my-integration',
    'astro:config:done': ({ injectTypes }) => {
      injectTypes({
        filename: 'types.d.ts',
        content: "declare module 'virtual:my-integration' {}",
      });
    },
  };

  Codegen has been refactored. Although src/env.d.ts will continue to work as is, we recommend you update it:

  - /// <reference types="astro/client" />
  + /// <reference path="../.astro/types.d.ts" />
  - /// <reference path="../.astro/env.d.ts" />
  - /// <reference path="../.astro/actions.d.ts" />

• #​11605 d3d99fb Thanks @​jcayzac! - Adds a new property meta to Astro's built-in <Code /> component.

  This allows you to provide a value for Shiki's meta attribute to pass options to transformers.

  The following example passes an option to highlight lines 1 and 3 to Shiki's tranformerMetaHighlight:

v4.13.4

Compare Source

Patch Changes

• #​11678 34da907 Thanks @​ematipico! - Fixes a case where omitting a semicolon and line ending with carriage return - CRLF - in the prerender option could throw an error.

• #​11535 932bd2e Thanks @​matthewp! - Encrypt server island props

  Server island props are now encrypted with a key generated at build-time. This is intended to prevent accidentally leaking secrets caused by exposing secrets through prop-passing. This is not intended to allow a server island to be trusted to skip authentication, or to protect against any other vulnerabilities other than secret leakage.

  See the RFC for an explanation: https://github.com/withastro/roadmap/blob/server-islands/proposals/server-islands.md#props-serialization

• #​11655 dc0a297 Thanks @​billy-le! - Fixes Astro Actions input validation when using default values with a form input.

• #​11689 c7bda4c Thanks @​ematipico! - Fixes an issue in the Astro actions, where the size of the generated cookie was exceeding the size permitted by the Set-Cookie header.

v4.13.3

Compare Source

Patch Changes

• #​11653 32be549 Thanks @​florian-lefebvre! - Updates astro:env docs to reflect current developments and usage guidance

• #​11658 13b912a Thanks @​bholmesdev! - Fixes orThrow() type when calling an Action without an input validator.

• #​11603 f31d466 Thanks @​bholmesdev! - Improves user experience when render an Action result from a form POST request:

  • Removes "Confirm post resubmission?" dialog when refreshing a result.
  • Removes the ?_astroAction=NAME flag when a result is rendered.

  Also improves the DX of directing to a new route on success. Actions will now redirect to the route specified in your action string on success, and redirect back to the previous page on error. This follows the routing convention of established backend frameworks like Laravel.

  For example, say you want to redirect to a /success route when actions.signup succeeds. You can add /success to your action string like so:

  <form method="POST" action={'/success' + actions.signup}></form>

  • On success, Astro will redirect to /success.
  • On error, Astro will redirect back to the current page.

  You can retrieve the action result from either page using the Astro.getActionResult() function.

Note on security

This uses a temporary cookie to forward the action result to the next page. The cookie will be deleted when that page is rendered.

⚠ The action result is not encrypted. In general, we recommend returning minimal data from an action handler to a) avoid leaking sensitive information, and b) avoid unexpected render issues once the temporary cookie is deleted. For example, a login function may return a user's session id to retrieve from your Astro frontmatter, rather than the entire user object.

v4.13.2

Compare Source

Patch Changes

• #​11648 589d351 Thanks @​bholmesdev! - Fixes unexpected error when refreshing a POST request from a form using Actions.

• #​11600 09ec2ca Thanks @​ArmandPhilippot! - Deprecates getEntryBySlug and getDataEntryById functions exported by astro:content in favor of getEntry.

• #​11593 81d7150 Thanks @​bholmesdev! - Adds support for Date(), Map(), and Set() from action results. See devalue for a complete list of supported values.

  Also fixes serialization exceptions when deploying Actions with edge middleware on Netlify and Vercel.

• #​11617 196092a Thanks @​abubakriz! - Fix toolbar audit incorrectly flagging images as above the fold.

• #​11634 2716f52 Thanks @​bholmesdev! - Fixes internal server error when calling an Astro Action without arguments on Vercel.

• #​11628 9aaf58c Thanks @​madbook! - Ensures consistent CSS chunk hashes across different environments

v4.13.1

Compare Source

Patch Changes

• #​11584 a65ffe3 Thanks @​bholmesdev! - Removes async local storage dependency from Astro Actions. This allows Actions to run in Cloudflare and Stackblitz without opt-in flags or other configuration.

  This also introduces a new convention for calling actions from server code. Instead of calling actions directly, you must wrap function calls with the new Astro.callAction() utility.

  callAction() is meant to trigger an action from server code. getActionResult() usage with form submissions remains unchanged.

v4.13.0

Compare Source

Minor Changes

• #​11507 a62345f Thanks @​ematipico! - Adds color-coding to the console output during the build to highlight slow pages.

  Pages that take more than 500 milliseconds to render will have their build time logged in red. This change can help you discover pages of your site that are not performant and may need attention.

• #​11379 e5e2d3e Thanks @​alexanderniebuhr! - The experimental.contentCollectionJsonSchema feature introduced behind a flag in v4.5.0 is no longer experimental and is available for general use.

  If you are working with collections of type data, Astro will now auto-generate JSON schema files for your editor to get IntelliSense and type-checking. A separate file will be created for each data collection in your project based on your collections defined in src/content/config.ts using a library called zod-to-json-schema.

  This feature requires you to manually set your schema's file path as the value for $schema in each data entry file of the collection:

  {
    "$schema": "../../../.astro/collections/authors.schema.json",
    "name": "Armand",
    "skills": ["Astro", "Starlight"]
  }

  Alternatively, you can set this value in your editor settings. For example, to set this value in VSCode's json.schemas setting, provide the path of files to match and the location of your JSON schema:

  {
    "json.schemas": [
      {
        "fileMatch": ["/src/content/authors/**"],
        "url": "./.astro/collections/authors.schema.json"
      }
    ]
  }

  If you were previously using this feature, please remove the experimental flag from your Astro config:

  import { defineConfig } from 'astro'
  
  export default defineConfig({
  -  experimental: {
  -    contentCollectionJsonSchema: true
  -  }
  })

  If you have been waiting for stabilization before using JSON Schema generation for content collections, you can now do so.

  Please see the content collections guide for more about this feature.

• #​11542 45ad326 Thanks @​ematipico! - The experimental.rewriting feature introduced behind a flag in v4.8.0 is no longer experimental and is available for general use.

  Astro.rewrite() and context.rewrite() allow you to render a different page without changing the URL in the browser. Unlike using a redirect, your visitor is kept on the original page they visited.

  Rewrites can be useful for showing the same content at multiple paths (e.g. /products/shoes/men/ and /products/men/shoes/) without needing to maintain two identical source files.

  Rewrites are supported in Astro pages, endpoints, and middleware.

  Return Astro.rewrite() in the frontmatter of a .astro page component to display a different page's content, such as fallback localized content:

v4.12.3

Compare Source

Patch Changes

• #​11509 dfbca06 Thanks @​bluwy! - Excludes hoisted scripts and styles from Astro components imported with ?url or ?raw

• #​11561 904f1e5 Thanks @​ArmandPhilippot! - Uses the correct pageSize default in page.size JSDoc comment

• #​11571 1c3265a Thanks @​bholmesdev! - BREAKING CHANGE to the experimental Actions API only. Install the latest @astrojs/react integration as well if you're using React 19 features.

  Make .safe() the default return value for actions. This means { data, error } will be returned when calling an action directly. If you prefer to get the data while allowing errors to throw, chain the .orThrow() modifier.

  import { actions } from 'astro:actions';
  
  // Before
  const { data, error } = await actions.like.safe();
  // After
  const { data, error } = await actions.like();
  
  // Before
  const newLikes = await actions.like();
  // After
  const newLikes = await actions.like.orThrow();

debug-js/debug (debug)

v4.3.6

Compare Source

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in https://github.com/debug-js/debug/pull/969

New Contributors

• @​bluwy made their first contribution in https://github.com/debug-js/debug/pull/969

Full Changelog: debug-js/debug@4.3.5...4.3.6

evanw/esbuild (esbuild)

v0.23.1

Compare Source

• Allow using the node: import prefix with es* targets (#​3821)

  The node: prefix on imports is an alternate way to import built-in node modules. For example, import fs from "fs" can also be written import fs from "node:fs". This only works with certain newer versions of node, so esbuild removes it when you target older versions of node such as with --target=node14 so that your code still works. With the way esbuild's platform-specific feature compatibility table works, this was added by saying that only newer versions of node support this feature. However, that means that a target such as --target=node18,es2022 removes the node: prefix because none of the es* targets are known to support this feature. This release adds the support for the node: flag to esbuild's internal compatibility table for es* to allow you to use compound targets like this:

  // Original code
  import fs from 'node:fs'
  fs.open
  
  // Old output (with --bundle --format=esm --platform=node --target=node18,es2022)
  import fs from "fs";
  fs.open;
  
  // New output (with --bundle --format=esm --platform=node --target=node18,es2022)
  import fs from "node:fs";
  fs.open;

• Fix a panic when using the CLI with invalid build flags if --analyze is present (#​3834)

  Previously esbuild's CLI could crash if it was invoked with flags that aren't valid for a "build" API call and the --analyze flag is present. This was caused by esbuild's internals attempting to add a Go plugin (which is how --analyze is implemented) to a null build object. The panic has been fixed in this release.

• Fix incorrect location of certain error messages (#​3845)

  This release fixes a regression that caused certain errors relating to variable declarations to be reported at an incorrect location. The regression was introduced in version 0.18.7 of esbuild.

• Print comments before case clauses in switch statements (#​3838)

  With this release, esbuild will attempt to print comments that come before case clauses in switch statements. This is similar to what esbuild already does for comments inside of certain types of expressions. Note that these types of comments are not printed if minification is enabled (specifically whitespace minification).

• Fix a memory leak with pluginData (#​3825)

  With this release, the build context's internal pluginData cache will now be cleared when starting a new build. This should fix a leak of memory from plugins that return pluginData objects from onResolve and/or onLoad callbacks.

typicode/husky (husky)

v9.1.4

Compare Source

v9.1.3

Compare Source

• fix: better handle space in PATH

v9.1.2

Compare Source

lint-staged/lint-staged (lint-staged)

v15.2.9

Compare Source

Patch Changes

• #​1463 b69ce2d Thanks @​iiroj! - Set the maximum number of event listeners to the number of tasks. This should silence the console warning MaxListenersExceededWarning: Possible EventEmitter memory leak detected.

v15.2.8

Compare Source

Patch Changes

• f0480f0 Thanks @​iiroj! - In the previous version the native git rev-parse --show-toplevel command was taken into use for resolving the current git repo root. This version switched the --show-toplevel flag with --show-cdup, because on Git installed via MSYS2 the former was returning absolute paths that do not work with Node.js child_process. The new flag returns a path relative to the working directory, avoiding the issue.

  The GitHub Actions workflow has been updated to install Git via MSYS2, to ensure better future compatibility; using the default Git binary in the GitHub Actions runner was working correctly even with MSYS2.

kentcdodds/mdx-bundler (mdx-bundler)

v10.0.3

Compare Source

Bug Fixes

• build: default NODE_ENV to production (#​232) (aa5b349)

pnpm/pnpm (pnpm)

v9.7.1

Compare Source

v9.7.0: pnpm 9.7

Compare Source

Minor Changes

• Added pnpm version management. If the manage-package-manager-versions setting is set to true, pnpm will switch to the version specified in the packageManager field of package.json #​8363. This is the same field used by Corepack. Example:

  {
    "packageManager": "pnpm@9.3.0"
  }

• Added the ability to apply patch to all versions #​8337.

  If the key of pnpm.patchedDependencies is a package name without a version (e.g. pkg), pnpm will attempt to apply the patch to all versions of the package. Failures will be skipped. If there's only one version of pkg installed, pnpm patch pkg and subsequent pnpm patch-commit $edit_dir will create an entry named pkg in pnpm.patchedDependencies. And pnpm will attempt to apply this patch to other versions of pkg in the future.

• Change the default edit dir location when running pnpm patch from a temporary directory to node_modules/.pnpm_patches/pkg[@​version] to allow the code editor to open the edit dir in the same file tree as the main project #​8379.

• Substitute environment variables in config keys #​6679.

Patch Changes

• pnpm install should run node-gyp rebuild if the project has a binding.gyp file even if the project doesn't have an install script #​8293.
• Print warnings to stderr #​8342.
• Peer dependencies of optional peer dependencies should be automatically installed #​8323.

Platinum Sponsors

Gold Sponsors

Our Silver Sponsors

v9.6.0: pnpm 9.6

Compare Source

Minor Changes

• Support specifying node version (via pnpm.executionEnv.nodeVersion in package.json) for running lifecycle scripts per each package in a workspace #​6720.
• Overrides now support the catalogs: protocol #​8303.

Patch Changes

• The pnpm deploy command now supports the catalog: protocol #​8298.
• The pnpm outdated command now supports the catalog: protocol #​8304.
• Correct the error message when trying to run pnpm patch without node_modules/.modules.yaml #​8257.
• Silent reporting fixed with the pnpm exec command #​7608.
• Add registries information to the calculation of dlx cache hash #​8299.

Platinum Sponsors

Gold Sponsors

config help if that's undesired. If you want to rebase/retry this PR, check this box This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 30cd1a9

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR