Skip to content

Bump the all group across 1 directory with 18 updates#175

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-85e7d98914
Closed

Bump the all group across 1 directory with 18 updates#175
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/all-85e7d98914

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 17 updates in the / directory:

Package From To
@astrojs/node 9.5.5 11.0.0
@astrojs/react 5.0.7 6.0.0
astro 5.18.2 7.0.3
lucide-react 1.17.0 1.21.0
@types/node 24.12.4 26.0.1
@types/react 19.2.16 19.2.17
@vitejs/plugin-react 5.2.0 6.0.3
@vitest/coverage-v8 4.1.8 4.1.9
autoprefixer 10.5.0 10.5.2
esbuild 0.28.0 0.28.1
eslint 10.4.1 10.5.0
eslint-plugin-astro 1.7.0 2.1.1
happy-dom 20.9.0 20.10.6
prettier 3.8.3 3.8.4
tailwindcss 3.4.19 4.3.1
typescript-eslint 8.60.1 8.62.0
vite 7.3.5 8.1.0

Updates @astrojs/node from 9.5.5 to 11.0.0

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​11.0.0

Patch Changes

@​astrojs/node@​11.0.0-beta.2

Patch Changes

@​astrojs/node@​11.0.0-beta.1

Patch Changes

@​astrojs/node@​10.1.4

Patch Changes

  • #16985 4ecff32 Thanks @​maximslo! - Fixes the experimental.logger destination not being used for the "Server listening on..." startup message. The logger is now resolved before the server starts listening, and adapterLogger re-creates itself when the underlying logger changes so the startup message uses the correct destination.

@​astrojs/node@​10.1.3

Patch Changes

  • #16922 7dce185 Thanks @​astrobot-houston! - Fixes prerendered pages returning 404 when using build.format: 'file' or build.format: 'preserve' with the Node adapter in standalone mode.

    Previously, clean URLs like /about would fail to resolve to about.html on disk, because the static file handler only supported the default directory format (about/index.html). Now the handler correctly resolves clean URLs to .html files when the build format produces them.

@​astrojs/node@​10.1.2

Patch Changes

  • Updated dependencies [f732f3c]:
    • @​astrojs/internal-helpers@​0.10.0
Changelog

Sourced from @​astrojs/node's changelog.

11.0.0

Patch Changes

11.0.0-beta.2

Patch Changes

11.0.0-beta.1

Patch Changes

11.0.0-alpha.0

Patch Changes

10.1.4

Patch Changes

  • #16985 4ecff32 Thanks @​maximslo! - Fixes the experimental.logger destination not being used for the "Server listening on..." startup message. The logger is now resolved before the server starts listening, and adapterLogger re-creates itself when the underlying logger changes so the startup message uses the correct destination.

10.1.3

Patch Changes

  • #16922 7dce185 Thanks @​astrobot-houston! - Fixes prerendered pages returning 404 when using build.format: 'file' or build.format: 'preserve' with the Node adapter in standalone mode.

    Previously, clean URLs like /about would fail to resolve to about.html on disk, because the static file handler only supported the default directory format (about/index.html). Now the handler correctly resolves clean URLs to .html files when the build format produces them.

10.1.2

Patch Changes

  • Updated dependencies [f732f3c]:
    • @​astrojs/internal-helpers@​0.10.0

10.1.1

... (truncated)

Commits

Updates @astrojs/react from 5.0.7 to 6.0.0

Release notes

Sourced from @​astrojs/react's releases.

@​astrojs/react@​6.0.0

Major Changes

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

@​astrojs/react@​6.0.0-beta.2

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

@​astrojs/react@​6.0.0-beta.1

Patch Changes

Changelog

Sourced from @​astrojs/react's changelog.

6.0.0

Major Changes

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

6.0.0-beta.2

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

6.0.0-beta.1

Patch Changes

6.0.0-alpha.0

... (truncated)

Commits
  • f55ba4c [ci] release (#17132)
  • 0da0678 [ci] release (beta) (#17089)
  • 4585fe5 fix(integrations): Export container renderers from a dedicated export path to...
  • 08b84d6 [ci] release (beta) (#17045)
  • 75cfa52 chore: merge main into next
  • 9c2b95b Merge remote-tracking branch 'origin/main' into chore/merge-main-into-next
  • 3652d1c chore: merge main into next
  • 29ec81d chore: merge main into next
  • 8d1af3b Merge remote-tracking branch 'origin/main' into chore/merge-main-into-next
  • ad9abdb Merge branch 'main' into chore/merge-main-into-next
  • Additional commits viewable in compare view

Updates astro from 5.18.2 to 7.0.3

Release notes

Sourced from astro's releases.

astro@7.0.3

Patch Changes

  • #17189 24d2c9e Thanks @​astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

  • #16932 8f4a3db Thanks @​fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

  • #17087 fb0ab02 Thanks @​jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

astro@7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

astro@7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

astro@7.0.0

Major Changes

  • #15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

  • #16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

    Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

    This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

  • #16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

    When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

    A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

    New flag and subcommands

    • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
    • astro dev stop — Stop a running background dev server.
    • astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
    • astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.

... (truncated)

Changelog

Sourced from astro's changelog.

7.0.3

Patch Changes

  • #17189 24d2c9e Thanks @​astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

  • #16932 8f4a3db Thanks @​fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

  • #17087 fb0ab02 Thanks @​jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

7.0.0

Major Changes

  • #15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

  • #16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

    Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

    This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

  • #16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

    When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

    A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

    New flag and subcommands

    • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
    • astro dev stop — Stop a running background dev server.

... (truncated)

Commits

Updates lucide-react from 1.17.0 to 1.21.0

Release notes

Sourced from lucide-react's releases.

Version 1.21.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.20.0...1.21.0

Version 1.20.0

What's Changed

New Contributors

Full Changelog: lucide-icons/lucide@1.19.0...1.20.0

Version 1.19.0

What's Changed

... (truncated)

Commits
  • 5ff536e ci(release.yml): Fix workflow and remove version scripts in package scripts...
  • See full diff in compare view

Updates @types/node from 24.12.4 to 26.0.1

Commits

Updates @types/react from 19.2.16 to 19.2.17

Commits

Updates @vitejs/plugin-react from 5.2.0 to 6.0.3

Release notes

Sourced from @​vitejs/plugin-react's releases.

plugin-react@6.0.3

No release notes provided.

plugin-react@6.0.2

Allow all options in reactCompilerPreset (#1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

plugin-react@6.0.1

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

plugin-react@6.0.0

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:

 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})

For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:

 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [
</tr></table>

... (truncated)

Changelog

Sourced from @​vitejs/plugin-react's changelog.

6.0.3 (2026-06-23)

6.0.2 (2026-05-14)

Allow all options in reactCompilerPreset (#1189)

This is a type only change. Only compilationMode and target options were available for reactCompilerPreset.

6.0.1 (2026-03-13)

Expand @rolldown/plugin-babel peer dep range (#1146)

Expanded @rolldown/plugin-babel peer dep range to include ^0.2.0.

6.0.0 (2026-03-12)

6.0.0-beta.0 (2026-03-03)

Remove Babel Related Features (#1123)

Vite 8+ can handle React Refresh Transform by Oxc and doesn't need Babel for it. With that, there are no transform applied that requires Babel. To reduce the installation size of this plugin, babel is no longer a dependency of this plugin and the related features are removed.

If you are using Babel, you can use @rolldown/plugin-babel together with this plugin:

 import { defineConfig } from 'vite'
 import react from '@vitejs/plugin-react'
+import babel from '@rolldown/plugin-babel'
export default defineConfig({
plugins: [


react({



  babel: {



    plugins: ['@babel/plugin-proposal-throw-expressions'],



  },



}),





react(),



babel({



  plugins: ['@babel/plugin-proposal-throw-expressions'],



}),

]
})

For React compiler users, you can use reactCompilerPreset for easier setup with preconfigured filter to improve build performance:

 import { defineConfig } from 'vite'
-import react from '@vitejs/plugin-react'
+import react, { reactCompilerPreset } from '@vitejs/plugin-react'
</tr></table> 

... (truncated)

Commits
  • 640fd35 release: plugin-react@6.0.3
  • 889efb0 fix(deps): update all non-major dependencies (#1249)
  • 6c57dd4 fix(plugin-react): use '/' base in bundledDev preamble to fix non-root base p...
  • 3cc33a7 fix(deps): update react-related dependencies (#1245)
  • c0f7c7f docs: mention the Biome rule in the "Consistent components exports" section (...
  • cd80f0f fix(deps): update all non-major dependencies (#1241)
  • e38acca fix(deps): update all non-major dependencies (#1227)
  • 9a9bb26 perf(react): improve react compiler preset so that slightly more modules are ...
  • 6535b55 release: plugin-react@6.0.2
  • bf0e43b feat(react): whitelist debugging-options (#1189)
  • Additional commits viewable in compare view

Updates @vitest/coverage-v8 from 4.1.8 to 4.1.9

Release notes

Sourced from @​vitest/coverage-v8's releases.

v4.1.9

🐞 Bug Fixes

View changes on GitHub
Commits

Updates autoprefixer from 10.5.0 to 10.5.2

Release notes

Sourced from autoprefixer's releases.

10.5.2

  • Moved -webkit-fill-available before -moz-available, so Firefox will use -webkit- version which is closer to stretch.

10.5.1

Changelog

Sourced from autoprefixer's changelog.

10.5.2

  • Moved -webkit-fill-available before -moz-available, so Firefox will use -webkit- version which is closer to stretch.

10.5.1

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for autoprefixer since your current version.


Updates esbuild from 0.28.0 to 0.28.1

Release notes

Sourced from esbuild's releases.

v0.28.1

  • Disallow \ in local development server HTTP requests (GHSA-g7r4-m6w7-qqqr)

    This release fixes a security issue where HTTP requests to esbuild's local development server could traverse outside of the serve directory on Windows using a \ backslash character. It happened due to the use of Go's path.Clean() function, which only handles Unix-style / characters. HTTP requests with paths containing \ are no longer allowed.

    Thanks to @​dellalibera for reporting this issue.

  • Add integrity checks to the Deno API (GHSA-gv7w-rqvm-qjhr)

    The previous release of esbuild added integrity checks to esbuild's npm install script. This release also adds integrity checks to esbuild's Deno install script. Now esbuild's Deno API will also fail with an error if the downloaded esbuild binary contains something other than the expected content.

    Note that esbuild's Deno API installs from registry.npmjs.org by default, but allows the NPM_CONFIG_REGISTRY environment variable to override this with a custom package registry. This change means that the esbuild executable served by NPM_CONFIG_REGISTRY must now match the expected content.

    Thanks to @​sondt99 for reporting this issue.

  • Avoid inlining using and await using declarations (#4482)

    Previously esbuild's minifier sometimes incorrectly inlined using and await using declarations into subsequent uses of that declaration, which then fails to dispose of the resource correctly. This bug happened because inlining was done for let and const declarations by avoiding doing it for var declarations, which no longer worked when more declaration types were added. Here's an example:

    Description has been truncated

Bumps the all group with 17 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/node](https://github.com/withastro/astro/tree/HEAD/packages/integrations/node) | `9.5.5` | `11.0.0` |
| [@astrojs/react](https://github.com/withastro/astro/tree/HEAD/packages/integrations/react) | `5.0.7` | `6.0.0` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.18.2` | `7.0.3` |
| [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `1.17.0` | `1.21.0` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.12.4` | `26.0.1` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.2.16` | `19.2.17` |
| [@vitejs/plugin-react](https://github.com/vitejs/vite-plugin-react/tree/HEAD/packages/plugin-react) | `5.2.0` | `6.0.3` |
| [@vitest/coverage-v8](https://github.com/vitest-dev/vitest/tree/HEAD/packages/coverage-v8) | `4.1.8` | `4.1.9` |
| [autoprefixer](https://github.com/postcss/autoprefixer) | `10.5.0` | `10.5.2` |
| [esbuild](https://github.com/evanw/esbuild) | `0.28.0` | `0.28.1` |
| [eslint](https://github.com/eslint/eslint) | `10.4.1` | `10.5.0` |
| [eslint-plugin-astro](https://github.com/ota-meshi/eslint-plugin-astro) | `1.7.0` | `2.1.1` |
| [happy-dom](https://github.com/capricorn86/happy-dom) | `20.9.0` | `20.10.6` |
| [prettier](https://github.com/prettier/prettier) | `3.8.3` | `3.8.4` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `3.4.19` | `4.3.1` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.60.1` | `8.62.0` |
| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.5` | `8.1.0` |



Updates `@astrojs/node` from 9.5.5 to 11.0.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/node/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/node@11.0.0/packages/integrations/node)

Updates `@astrojs/react` from 5.0.7 to 6.0.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/react/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/react@6.0.0/packages/integrations/react)

Updates `astro` from 5.18.2 to 7.0.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.3/packages/astro)

Updates `lucide-react` from 1.17.0 to 1.21.0
- [Release notes](https://github.com/lucide-icons/lucide/releases)
- [Commits](https://github.com/lucide-icons/lucide/commits/1.21.0/packages/lucide-react)

Updates `@types/node` from 24.12.4 to 26.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/react` from 19.2.16 to 19.2.17
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `@vitejs/plugin-react` from 5.2.0 to 6.0.3
- [Release notes](https://github.com/vitejs/vite-plugin-react/releases)
- [Changelog](https://github.com/vitejs/vite-plugin-react/blob/main/packages/plugin-react/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite-plugin-react/commits/plugin-react@6.0.3/packages/plugin-react)

Updates `@vitest/coverage-v8` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/coverage-v8)

Updates `autoprefixer` from 10.5.0 to 10.5.2
- [Release notes](https://github.com/postcss/autoprefixer/releases)
- [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md)
- [Commits](postcss/autoprefixer@10.5.0...10.5.2)

Updates `esbuild` from 0.28.0 to 0.28.1
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](evanw/esbuild@v0.28.0...v0.28.1)

Updates `eslint` from 10.4.1 to 10.5.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.4.1...v10.5.0)

Updates `eslint-plugin-astro` from 1.7.0 to 2.1.1
- [Release notes](https://github.com/ota-meshi/eslint-plugin-astro/releases)
- [Changelog](https://github.com/ota-meshi/eslint-plugin-astro/blob/main/CHANGELOG.md)
- [Commits](ota-meshi/eslint-plugin-astro@v1.7.0...v2.1.1)

Updates `happy-dom` from 20.9.0 to 20.10.6
- [Release notes](https://github.com/capricorn86/happy-dom/releases)
- [Commits](capricorn86/happy-dom@v20.9.0...v20.10.6)

Updates `prettier` from 3.8.3 to 3.8.4
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.8.3...3.8.4)

Updates `tailwindcss` from 3.4.19 to 4.3.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/tailwindcss)

Updates `typescript-eslint` from 8.60.1 to 8.62.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/typescript-eslint)

Updates `vite` from 7.3.5 to 8.1.0
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.1.0/packages/vite)

Updates `vitest` from 4.1.8 to 4.1.9
- [Release notes](https://github.com/vitest-dev/vitest/releases)
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md)
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.9/packages/vitest)

---
updated-dependencies:
- dependency-name: "@astrojs/node"
  dependency-version: 11.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: "@astrojs/react"
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: astro
  dependency-version: 7.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: lucide-react
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: "@types/node"
  dependency-version: 26.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: "@types/react"
  dependency-version: 19.2.17
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: "@vitejs/plugin-react"
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: "@vitest/coverage-v8"
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: autoprefixer
  dependency-version: 10.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: esbuild
  dependency-version: 0.28.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: eslint
  dependency-version: 10.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: eslint-plugin-astro
  dependency-version: 2.1.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: happy-dom
  dependency-version: 20.10.6
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: prettier
  dependency-version: 3.8.4
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: tailwindcss
  dependency-version: 4.3.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: typescript-eslint
  dependency-version: 8.62.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: vite
  dependency-version: 8.1.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: vitest
  dependency-version: 4.1.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 26, 2026
@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/vite@8.1.0npm/astro@7.0.3npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm @typescript-eslint/eslint-plugin is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/typescript-eslint@8.62.0npm/@typescript-eslint/eslint-plugin@8.62.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@typescript-eslint/eslint-plugin@8.62.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm astro is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/astro@7.0.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/astro@7.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm happy-dom is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package-lock.jsonnpm/happy-dom@20.10.6

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/happy-dom@20.10.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@dependabot @github

dependabot Bot commented on behalf of github Jun 27, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 27, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/all-85e7d98914 branch June 27, 2026 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants