Skip to content

[Docs Site] Bump astro from 5.8.0 to 5.9.2 #22974

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[Docs Site] Bump astro from 5.8.0 to 5.9.2 #22974

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 9, 2025
edited
Loading

Bumps astro from 5.8.0 to 5.9.2.

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

  • #13919 423fe60 Thanks @​ematipico! - Fixes a bug where Astro added quotes to the CSP resources.

    Only certain resources require quotes (e.g. 'self' but not https://cdn.example.com), so Astro no longer adds quotes to any resources. You must now provide the quotes yourself for resources such as 'self' when necessary:

    export default defineConfig({
  experimental: {
    csp: {
      styleDirective: {
        resources: [
-          "self",
+          "'self'",
          "https://cdn.example.com"
        ]
      }
    }
  }
})

  • #13914 76c5480 Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy feature only

    Removes support for experimental Content Security Policy (CSP) when using the <ClientRouter /> component for view transitions.

    It is no longer possible to enable experimental CSP while using Astro's view transitions. Support was already unstable with the <ClientRouter /> because CSP required making its underlying implementation asynchronous. This caused breaking changes for several users and therefore, this PR removes support completely.

    If you are currently using the component for view transitions, please remove the experimental CSP flag as they cannot be used together.

    import { defineConfig } from 'astro/config';
export default defineConfig({
experimental: {

csp: true
}
});

Alternatively, to continue using experimental CSP in your project, you can consider migrating to the browser native View Transition API and remove the <ClientRouter /> from your project. You may be able to achieve similar results if you are not using Astro's enhancements to the native View Transitions and Navigation APIs.

Support might be reintroduced in future releases. You can follow this experimental feature's development in the CSP RFC.

[email protected]

Patch Changes

  • #13899 7a1303d Thanks @​reknih! - Fix bug where error pages would return invalid bodies if the upstream response was compressed

... (truncated)

Changelog

Sourced from astro's changelog.

5.9.2

Patch Changes

  • #13919 423fe60 Thanks @​ematipico! - Fixes a bug where Astro added quotes to the CSP resources.

    Only certain resources require quotes (e.g. 'self' but not https://cdn.example.com), so Astro no longer adds quotes to any resources. You must now provide the quotes yourself for resources such as 'self' when necessary:

    export default defineConfig({
  experimental: {
    csp: {
      styleDirective: {
        resources: [
-          "self",
+          "'self'",
          "https://cdn.example.com"
        ]
      }
    }
  }
})

  • #13914 76c5480 Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy feature only

    Removes support for experimental Content Security Policy (CSP) when using the <ClientRouter /> component for view transitions.

    It is no longer possible to enable experimental CSP while using Astro's view transitions. Support was already unstable with the <ClientRouter /> because CSP required making its underlying implementation asynchronous. This caused breaking changes for several users and therefore, this PR removes support completely.

    If you are currently using the component for view transitions, please remove the experimental CSP flag as they cannot be used together.

    import { defineConfig } from 'astro/config';
export default defineConfig({
experimental: {

csp: true
}
});

Alternatively, to continue using experimental CSP in your project, you can consider migrating to the browser native View Transition API and remove the <ClientRouter /> from your project. You may be able to achieve similar results if you are not using Astro's enhancements to the native View Transitions and Navigation APIs.

Support might be reintroduced in future releases. You can follow this experimental feature's development in the CSP RFC.

5.9.1

Patch Changes

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from KianNH June 9, 2025 21:02
@dependabot dependabot bot requested a review from a team as a code owner June 9, 2025 21:02
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 9, 2025

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 9, 2025
@dependabot dependabot bot mentioned this pull request Jun 9, 2025
Closed
windsurf-bot[bot]
windsurf-bot bot reviewed Jun 9, 2025
View reviewed changes
Copy link
Contributor

@windsurf-bot windsurf-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file skipped due to size limits:
  • package-lock.json

💡 To request another review, post a new comment with "/windsurf-review".

@github-actions github-actions bot added the size/s label Jun 9, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Jun 9, 2025
edited
Loading

Preview URL: https://3f258f4b.preview.developers.cloudflare.com
Preview Branch URL: https://dependabot-npm-and-yarn-astro-5-9-2.preview.developers.cloudflare.com

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/astro-5.9.2 branch 3 times, most recently from 4baa5a6 to aa4a3e1 Compare June 10, 2025 13:33
@KianNH KianNH enabled auto-merge (squash) June 11, 2025 14:23
@dependabot
[Docs Site] Bump astro from 5.8.0 to 5.9.2
3f258f4 
Bumps [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) from 5.8.0 to 5.9.2.
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/[email protected]/packages/astro)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 5.9.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/astro-5.9.2 branch from aa4a3e1 to 3f258f4 Compare June 11, 2025 14:24
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 13, 2025

Superseded by #23032.

@dependabot dependabot bot closed this Jun 13, 2025
auto-merge was automatically disabled June 13, 2025 20:31

Pull request was closed

@dependabot dependabot bot deleted the dependabot/npm_and_yarn/astro-5.9.2 branch June 13, 2025 20:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KianNH KianNH Awaiting requested review from KianNH

1 more reviewer

@windsurf-bot windsurf-bot[bot] windsurf-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@pedrosousa pedrosousa

@dcpena dcpena

@haleycode haleycode

@KianNH KianNH

@patriciasantaana patriciasantaana

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@pedrosousa @dcpena @haleycode @KianNH @patriciasantaana