Skip to content

chore(deps)(deps): bump the astro group across 1 directory with 5 updates#96

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/Docs/astro-b1567e85a9
Open

chore(deps)(deps): bump the astro group across 1 directory with 5 updates#96
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/Docs/astro-b1567e85a9

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Bumps the astro group with 5 updates in the /Docs directory:

Package From To
astro 5.16.11 5.18.0
astro-d2 0.8.1 0.9.0
astro-expressive-code 0.41.6 0.41.7
astro-favicons 3.1.5 3.1.6
astro-minify-html-swc 0.1.10 0.1.11

Updates astro from 5.16.11 to 5.18.0

Release notes

Sourced from astro's releases.

astro@5.18.0

Minor Changes

  • #15589 b7dd447 Thanks @​qzio! - Adds a new security.actionBodySizeLimit option to configure the maximum size of Astro Actions request bodies.

    This lets you increase the default 1 MB limit when your actions need to accept larger payloads. For example, actions that handle file uploads or large JSON payloads can now opt in to a higher limit.

    If you do not set this option, Astro continues to enforce the 1 MB default to help prevent abuse.

    // astro.config.mjs
export default defineConfig({
  security: {
    actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
  },
});

Patch Changes

  • #15594 efae11c Thanks @​qzio! - Fix X-Forwarded-Proto validation when allowedDomains includes both protocol and hostname fields. The protocol check no longer fails due to hostname mismatch against the hardcoded test URL.

astro@5.17.3

Patch Changes

  • #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

  • #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

astro@5.17.2

Patch Changes

  • c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies
Changelog

Sourced from astro's changelog.

5.18.0

Minor Changes

  • #15589 b7dd447 Thanks @​qzio! - Adds a new security.actionBodySizeLimit option to configure the maximum size of Astro Actions request bodies.

    This lets you increase the default 1 MB limit when your actions need to accept larger payloads. For example, actions that handle file uploads or large JSON payloads can now opt in to a higher limit.

    If you do not set this option, Astro continues to enforce the 1 MB default to help prevent abuse.

    // astro.config.mjs
export default defineConfig({
  security: {
    actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
  },
});

Patch Changes

  • #15594 efae11c Thanks @​qzio! - Fix X-Forwarded-Proto validation when allowedDomains includes both protocol and hostname fields. The protocol check no longer fails due to hostname mismatch against the hardcoded test URL.

5.17.3

Patch Changes

  • #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

  • #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

5.17.2

Patch Changes

  • c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies

5.17.1

Patch Changes

  • #15334 d715f1f Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

    Removes the getFontBuffer() helper function exported from astro:assets when using the experimental Fonts API

    This experimental feature introduced in v15.6.13 ended up causing significant memory usage during build. This feature has been removed and will be reintroduced after further exploration and testing.

    If you were relying on this function, you can replicate the previous behavior manually:

    • On prerendered routes, read the file using node:fs
    • On server rendered routes, fetch files using URLs from fontData and context.url

... (truncated)

Commits

Updates astro-d2 from 0.8.1 to 0.9.0

Changelog

Sourced from astro-d2's changelog.

0.9.0

Minor Changes

  • #49 68bfe04 Thanks @​HiDeoo! - Adds new inline attribute to override the global inline configuration for a specific diagram.

  • #49 68bfe04 Thanks @​HiDeoo! - Adds support for customizing the semibold font in diagrams.

  • #49 68bfe04 Thanks @​HiDeoo! - Adds experimental support for using D2.js to render diagrams.

    By default, the integration requires the D2 binary to be installed on the system to generate diagrams. Enabling this option allows generating diagrams using D2.js, a JavaScript wrapper around D2 to run it through WebAssembly.

    To enable this feature, add the experimental flag in your Astro D2 integration configuration:

    astroD2({
  experimental: {
    useD2js: true,
  },
})
Commits

Updates astro-expressive-code from 0.41.6 to 0.41.7

Release notes

Sourced from astro-expressive-code's releases.

astro-expressive-code@0.41.7

Patch Changes

  • 0599626: Prevents the frames plugin from treating Twoslash // @filename directives as filename comments. This keeps multi-file Twoslash code blocks intact. Thank you for the report, @​Adammatthiesen!
  • Updated dependencies [0599626]
    • rehype-expressive-code@0.41.7
Changelog

Sourced from astro-expressive-code's changelog.

0.41.7

Patch Changes

  • 0599626: Prevents the frames plugin from treating Twoslash // @filename directives as filename comments. This keeps multi-file Twoslash code blocks intact. Thank you for the report, @​Adammatthiesen!
  • Updated dependencies [0599626]
    • rehype-expressive-code@0.41.7
Commits

Updates astro-favicons from 3.1.5 to 3.1.6

Release notes

Sourced from astro-favicons's releases.

v3.1.6

No significant changes

    View changes on GitHub

What's Changed

New Contributors

Full Changelog: ACP-CODE/astro-favicons@v3.1.5...v3.1.6

Commits
  • 6d30e66 Bump version from 3.1.5 to 3.1.6
  • c8f33bb Merge pull request #83 from jwundrak/call-next-once
  • ab1c85f Call next() only once in middleware
  • 6c82ed2 Merge pull request #82 from ACP-CODE/dependabot/npm_and_yarn/npm_and_yarn-e80...
  • 7e0488d Bump svgo in the npm_and_yarn group across 1 directory
  • e73bba7 Merge pull request #81 from ACP-CODE/dependabot/npm_and_yarn/npm_and_yarn-b29...
  • c2d6f72 Bump rollup in the npm_and_yarn group across 1 directory
  • 32e3663 Merge pull request #80 from ACP-CODE/dependabot/npm_and_yarn/npm_and_yarn-cd6...
  • f925f4c Bump devalue in the npm_and_yarn group across 1 directory
  • e4f3882 Merge pull request #79 from ACP-CODE/dependabot/npm_and_yarn/npm_and_yarn-b83...
  • Additional commits viewable in compare view

Updates astro-minify-html-swc from 0.1.10 to 0.1.11

Release notes

Sourced from astro-minify-html-swc's releases.

v0.1.11

0.1.11 (2026-03-09)

Bug Fixes

Changelog

Sourced from astro-minify-html-swc's changelog.

0.1.11 (2026-03-09)

Bug Fixes

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps)(deps): bump the astro group across 1 directory with 5 upd…
bedac64 
…ates

Bumps the astro group with 5 updates in the /Docs directory:

| Package | From | To |
| --- | --- | --- |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.16.11` | `5.18.0` |
| [astro-d2](https://github.com/HiDeoo/astro-d2/tree/HEAD/packages/astro-d2) | `0.8.1` | `0.9.0` |
| [astro-expressive-code](https://github.com/expressive-code/expressive-code/tree/HEAD/packages/astro-expressive-code) | `0.41.6` | `0.41.7` |
| [astro-favicons](https://github.com/ACP-CODE/astro-favicons) | `3.1.5` | `3.1.6` |
| [astro-minify-html-swc](https://github.com/ocavue/astro-minify-html-swc) | `0.1.10` | `0.1.11` |



Updates `astro` from 5.16.11 to 5.18.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/astro@5.18.0/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@5.18.0/packages/astro)

Updates `astro-d2` from 0.8.1 to 0.9.0
- [Release notes](https://github.com/HiDeoo/astro-d2/releases)
- [Changelog](https://github.com/HiDeoo/astro-d2/blob/main/packages/astro-d2/CHANGELOG.md)
- [Commits](https://github.com/HiDeoo/astro-d2/commits/astro-d2@0.9.0/packages/astro-d2)

Updates `astro-expressive-code` from 0.41.6 to 0.41.7
- [Release notes](https://github.com/expressive-code/expressive-code/releases)
- [Changelog](https://github.com/expressive-code/expressive-code/blob/main/packages/astro-expressive-code/CHANGELOG.md)
- [Commits](https://github.com/expressive-code/expressive-code/commits/astro-expressive-code@0.41.7/packages/astro-expressive-code)

Updates `astro-favicons` from 3.1.5 to 3.1.6
- [Release notes](https://github.com/ACP-CODE/astro-favicons/releases)
- [Commits](ACP-CODE/astro-favicons@v3.1.5...v3.1.6)

Updates `astro-minify-html-swc` from 0.1.10 to 0.1.11
- [Release notes](https://github.com/ocavue/astro-minify-html-swc/releases)
- [Changelog](https://github.com/ocavue/astro-minify-html-swc/blob/master/CHANGELOG.md)
- [Commits](ocavue/astro-minify-html-swc@v0.1.10...v0.1.11)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 5.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: astro
- dependency-name: astro-d2
  dependency-version: 0.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: astro
- dependency-name: astro-expressive-code
  dependency-version: 0.41.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: astro
- dependency-name: astro-favicons
  dependency-version: 3.1.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: astro
- dependency-name: astro-minify-html-swc
  dependency-version: 0.1.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: astro
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies documentation Improvements or additions to documentation labels Mar 9, 2026
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 9, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@kilo-code-bot
Copy link

kilo-code-bot bot commented Mar 9, 2026

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (2 files)
  • Docs/package.json - Dependency version bumps for Astro ecosystem packages
  • Docs/pnpm-lock.yaml - Lock file synchronized with dependency updates
Review Notes

This PR contains routine dependency updates:

Package Old Version New Version Type
astro ^5.16.11 ^5.18.0 Minor
astro-d2 ^0.8.1 ^0.9.0 Minor
astro-expressive-code ^0.41.6 ^0.41.7 Patch
astro-favicons ^3.1.5 ^3.1.6 Patch
astro-minify-html-swc ^0.1.10 ^0.1.11 Patch

Observations:

  • All version bumps are within the same major version (backward compatible)
  • Lock file is properly synchronized
  • SonarQube Quality Gate passed (0 new issues)
  • No breaking changes expected based on semver versioning

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies documentation Improvements or additions to documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants