build(deps): Bump the patch-minor group with 9 updates

[dependabot]

Bumps the patch-minor group with 9 updates:

Package	From	To
@astrojs/db	0.18.1	0.18.2
@astrojs/mdx	4.3.8	4.3.9
@astrojs/react	4.4.0	4.4.1
astro	5.15.1	5.15.3
dayjs	1.11.18	1.11.19
@biomejs/biome	2.3.1	2.3.2
@types/node	24.9.1	24.10.0
html-validate	10.2.1	10.3.0
sass	1.93.2	1.93.3

Updates @astrojs/db from 0.18.1 to 0.18.2

Release notes

Sourced from @​astrojs/db's releases.

@​astrojs/db@​0.18.2

Patch Changes

• #14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

Changelog

Sourced from @​astrojs/db's changelog.

0.18.2

Patch Changes

• #14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

Commits

• eb8aa77 [ci] release (#14630)
• e3175d9 Update vite (#14621)
• dacebaf fix(deps): update all non-major dependencies (#14624)
• See full diff in compare view

Updates @astrojs/mdx from 4.3.8 to 4.3.9

Release notes

Sourced from @​astrojs/mdx's releases.

@​astrojs/mdx@​4.3.9

Patch Changes

• #14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

Changelog

Sourced from @​astrojs/mdx's changelog.

4.3.9

Patch Changes

• #14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

Commits

• See full diff in compare view

Updates @astrojs/react from 4.4.0 to 4.4.1

Release notes

Sourced from @​astrojs/react's releases.

@​astrojs/react@​4.4.1

Patch Changes

• #14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

Changelog

Sourced from @​astrojs/react's changelog.

4.4.1

Patch Changes

• #14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

Commits

• eb8aa77 [ci] release (#14630)
• e3175d9 Update vite (#14621)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​astrojs/react since your current version.

Updates astro from 5.15.1 to 5.15.3

Release notes

Sourced from astro's releases.

astro@5.15.3

Patch Changes

• #14627 b368de0 Thanks @​matthewp! - Fixes skew protection support for images and font URLs

  Adapter-level query parameters (assetQueryParams) are now applied to all image and font asset URLs, including:

  • Dynamic optimized images via /_image endpoint
  • Static optimized image files
  • Font preload tags and font requests when using the experimental Fonts API

• #14631 3ad33f9 Thanks @​KurtGokhan! - Adds the astro/jsx-dev-runtime export as an alias for astro/jsx-runtime

astro@5.15.2

Patch Changes

• #14623 c5fe295 Thanks @​delucis! - Fixes a leak of server runtime code when importing SVGs in client-side code. Previously, when importing an SVG file in client code, Astro could end up adding code for rendering SVGs on the server to the client bundle.

• #14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

Changelog

Sourced from astro's changelog.

5.15.3

Patch Changes

• #14627 b368de0 Thanks @​matthewp! - Fixes skew protection support for images and font URLs

  Adapter-level query parameters (assetQueryParams) are now applied to all image and font asset URLs, including:

  • Dynamic optimized images via /_image endpoint
  • Static optimized image files
  • Font preload tags and font requests when using the experimental Fonts API

• #14631 3ad33f9 Thanks @​KurtGokhan! - Adds the astro/jsx-dev-runtime export as an alias for astro/jsx-runtime

5.15.2

Patch Changes

• #14623 c5fe295 Thanks @​delucis! - Fixes a leak of server runtime code when importing SVGs in client-side code. Previously, when importing an SVG file in client code, Astro could end up adding code for rendering SVGs on the server to the client bundle.

• #14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

Commits

• 7bf7195 [ci] release (#14633)
• f657183 Merge language tools into monorepo (#14584)
• 5c4ed67 [ci] format
• b368de0 Add support for skew protect for images and fonts (#14627)
• ab486f3 feat: typecheck components
• a50bbf5 Merge branch 'main' into merge-language-tools
• a335d65 [ci] format
• 3ad33f9 fix: add jsx-dev-runtime as an alias for jsx-runtime (#14631)
• eb8aa77 [ci] release (#14630)
• e3175d9 Update vite (#14621)
• Additional commits viewable in compare view

Updates dayjs from 1.11.18 to 1.11.19

Release notes

Sourced from dayjs's releases.

v1.11.19

1.11.19 (2025-10-31)

Bug Fixes

• added usage warnings for diff + updated unit tests (#2948) (269a7a9)
• dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)
• replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)
• Updated Belarusian locale with relative time (#2656) (1d8746c)

Changelog

Sourced from dayjs's changelog.

1.11.19 (2025-10-31)

Bug Fixes

• added usage warnings for diff + updated unit tests (#2948) (269a7a9)
• dont instantiate regexes within ar locale functions to avoid performance overhead (#2898) (af5e9f0)
• replace italian locale "un' ora fa" with "un'ora fa", add tests for it (#2930) (9e9f76c)
• Updated Belarusian locale with relative time (#2656) (1d8746c)

Commits

• 02b7a5c chore(release): 1.11.19 [skip ci]
• 37193be Merge pull request #2950 from iamkun/dev
• 2db920b chore: update doc
• 4f72974 chore: update doc
• 0b36a07 chore: update doc
• 269a7a9 fix: added usage warnings for diff + updated unit tests (#2948)
• 9e3132e chore: update doc
• 84201e6 chore: update doc
• 80401e3 chore: update readme
• 88ad3fd test: Add unit test for Belarusian locale (#2934)
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.3.1 to 2.3.2

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.2

2.3.2

Patch Changes

• #7859 c600618 Thanks @​Netail! - Added the nursery rule noIncrementDecrement, disallows the usage of the unary operators ++ and --.

• #7901 0d17b05 Thanks @​ematipico! - Fixed #7837, where Biome couldn't properly parse text expressions that contained nested curly brackets. This was breaking parsing in Astro and Svelte files.

• #7874 e617d36 Thanks @​Bertie690! - Fixed #7230: noUselessStringConcat no longer emits false positives for multi-line strings with leading + operators.

  Previously, the rule did not check for leading newlines on the + operator, emitting false positives if one occurred at the start of a line.
  Notably, formatting with operatorLinebreak="before" would move the + operators to the start of lines automatically, resulting in spurious errors whenever a multi-line string was used.

  Now, the rule correctly detects and ignores multi-line concatenations with leading operators as well, working regardless of the setting of operatorLinebreak.

  Example

  // The following code used to error if the `+` operators were at the start of lines (as opposed to the end).
  // Now, the rule correctly recognizes this as a stylistic concatenation and ignores it.
  const reallyLongStringThatShouldNotError =
    "Lorem ipsum dolor sit amet consectetur adipiscing elit." +
    "Quisque faucibus ex sapien vitae pellentesque sem placerat." +
    "In id cursus mi pretium tellus duis convallis." +
    "Tempus leo eu aenean sed diam urna tempor. Pulvinar vivamus fringilla";

• #7786 33ffcd5 Thanks @​daivinhtran! - Fixed #7601: Properly match Grit plugin's code snippet with only one child.

• #7901 0d17b05 Thanks @​ematipico! - Fixed #7837, where Biome Language Server panicked when opening HTML-ish files when the experimental full support is enabled.

What's Changed

• fix(lint): noUselessStringConcat now correctly detects leading concatenation operators from operatorLinebreak=before by @​Bertie690 in biomejs/biome#7874
• chore(deps): update rust crate globset to 0.4.18 by @​renovate[bot] in biomejs/biome#7883
• chore(deps): update rust crate ignore to 0.4.24 by @​renovate[bot] in biomejs/biome#7884
• chore(deps): update rust crate proc-macro2 to 1.0.103 by @​renovate[bot] in biomejs/biome#7885
• chore(deps): update rust crate tikv-jemallocator to 0.6.1 by @​renovate[bot] in biomejs/biome#7886
• fix(lint): extend matcher for GritCodeSnippet to cover edge case by @​daivinhtran in biomejs/biome#7786
• feat(js): update Boa to v0.21.0 by @​Gumichocopengin8 in biomejs/biome#7888
• chore(deps): update dependency eslint to v9.38.0 by @​renovate[bot] in biomejs/biome#7890
• chore(deps): update rust crate indexmap to 2.12.0 by @​renovate[bot] in biomejs/biome#7891
• chore(deps): update github-actions - autoclosed by @​renovate[bot] in biomejs/biome#7892
• chore(deps): update rust crate rayon to 1.11.0 by @​renovate[bot] in biomejs/biome#7894
• chore(deps): update rust crate regex to 1.12.2 by @​renovate[bot] in biomejs/biome#7895
• chore(deps): update rust crate tokio to 1.48.0 by @​renovate[bot] in biomejs/biome#7896
• fix(core): text expression parsing and LSP file opening by @​ematipico in biomejs/biome#7901

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.2

Patch Changes

• #7859 c600618 Thanks @​Netail! - Added the nursery rule noIncrementDecrement, disallows the usage of the unary operators ++ and --.

• #7901 0d17b05 Thanks @​ematipico! - Fixed #7837, where Biome couldn't properly parse text expressions that contained nested curly brackets. This was breaking parsing in Astro and Svelte files.

• #7874 e617d36 Thanks @​Bertie690! - Fixed #7230: noUselessStringConcat no longer emits false positives for multi-line strings with leading + operators.

  Previously, the rule did not check for leading newlines on the + operator, emitting false positives if one occurred at the start of a line.
  Notably, formatting with operatorLinebreak="before" would move the + operators to the start of lines automatically, resulting in spurious errors whenever a multi-line string was used.

  Now, the rule correctly detects and ignores multi-line concatenations with leading operators as well, working regardless of the setting of operatorLinebreak.

  Example

  // The following code used to error if the `+` operators were at the start of lines (as opposed to the end).
  // Now, the rule correctly recognizes this as a stylistic concatenation and ignores it.
  const reallyLongStringThatShouldNotError =
    "Lorem ipsum dolor sit amet consectetur adipiscing elit." +
    "Quisque faucibus ex sapien vitae pellentesque sem placerat." +
    "In id cursus mi pretium tellus duis convallis." +
    "Tempus leo eu aenean sed diam urna tempor. Pulvinar vivamus fringilla";

• #7786 33ffcd5 Thanks @​daivinhtran! - Fixed #7601: Properly match Grit plugin's code snippet with only one child.

• #7901 0d17b05 Thanks @​ematipico! - Fixed #7837, where Biome Language Server panicked when opening HTML-ish files when the experimental full support is enabled.

Commits

• 6d95a67 ci: release (#7887)
• c600618 feat(lint): implement noIncrementDecrement (#7859)
• See full diff in compare view

Updates @types/node from 24.9.1 to 24.10.0

Commits

• See full diff in compare view

Updates html-validate from 10.2.1 to 10.3.0

Release notes

Sourced from html-validate's releases.

v10.3.0

10.3.0 (2025-11-02)

Features

• html5: allow <button> as first child of <select> (3de8a0f), closes #321
• html5: allow <option> to have child content (6056325), closes #321
• html5: support <selectedcontent> element (d3d2c22), closes #321
• html5: support hidden="until-found" (baa033f), closes #322
• meta: permittedOrder can take a selector list for elements with equal order requirement (b3f92c2)
• parse <title> content as literal characters instead of HTML elements (3399ab5), closes #326

Bug Fixes

• html5: allow blocking attribute on <link rel="expect"> (5bbabc4), closes #327
• html5: disallow blocking attribute on <link rel="preload"> and <link rel="modulepreload"> (0a17e50)
• html5: let <selectedcontent> fulfill the accessible text content requirement of <button> elements (d1dff73), closes #321
• rules: ignore omitted type attribute on <button> when used as first child of <select> (1476960), closes #321

Changelog

Sourced from html-validate's changelog.

10.3.0 (2025-11-02)

Features

• html5: allow <button> as first child of <select> (3de8a0f), closes #321
• html5: allow <option> to have child content (6056325), closes #321
• html5: support <selectedcontent> element (d3d2c22), closes #321
• html5: support hidden="until-found" (baa033f), closes #322
• meta: permittedOrder can take a selector list for elements with equal order requirement (b3f92c2)
• parse <title> content as literal characters instead of HTML elements (3399ab5), closes #326

Bug Fixes

• html5: allow blocking attribute on <link rel="expect"> (5bbabc4), closes #327
• html5: disallow blocking attribute on <link rel="preload"> and <link rel="modulepreload"> (0a17e50)
• html5: let <selectedcontent> fulfill the accessible text content requirement of <button> elements (d1dff73), closes #321
• rules: ignore omitted type attribute on <button> when used as first child of <select> (1476960), closes #321

Commits

• 99637f2 chore(release): 10.3.0
• 8fbc4af Merge branch 'bugfix/link-blocking' into 'master'
• 0a17e50 fix(html5): disallow blocking attribute on \<link rel="preload"> and `<lin...
• 5bbabc4 fix(html5): allow blocking attribute on \<link rel="expect">
• 0b6c61a Merge branch 'feature/hidden-until-found' into 'master'
• baa033f feat(html5): support hidden="until-found"
• 046de95 Merge branch 'feature/custom-select' into 'master'
• acb874f test: test against example from mdn
• 6056325 feat(html5): allow \<option> to have child content
• 3de8a0f feat(html5): allow \<button> as first child of \<select>
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitLab CI/CD](https://www.npmjs.com/~GitLab CI/CD), a new releaser for html-validate since your current version.

Updates sass from 1.93.2 to 1.93.3

Release notes

Sourced from sass's releases.

Dart Sass 1.93.3

To install Sass 1.93.3, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Fix a performance regression that was introduced in 1.92.0.

See the full changelog for changes in earlier releases.

Changelog

Sourced from sass's changelog.

1.93.3

• Fix a performance regression that was introduced in 1.92.0.

Commits

• 4e5bd25 Stop holding onto stack traces for every CSS declaration (#2666)
• 65b77ee Bump analyzer, protobuf, protoc_plugin and dartdoc (#2660)
• e61936c Bump actions/setup-node from 4 to 6 (#2661)
• b5f4c67 Bump actions/setup-node from 5 to 6 in /.github/util/initialize (#2662)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for eva-town ready!

Name	Link
🔨 Latest commit	21838dc
🔍 Latest deploy log	https://app.netlify.com/projects/eva-town/deploys/690861f8910cce00080d8089
😎 Deploy Preview	https://deploy-preview-652--eva-town.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 99 Accessibility: 100 Best Practices: 100 SEO: 100 PWA: 70 View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.