build(deps): bump the minor-updates group across 1 directory with 9 updates

[dependabot]

Bumps the minor-updates group with 9 updates in the / directory:

Package	From	To
@astrojs/sitemap	3.3.1	3.5.1
@astrojs/svelte	7.0.11	7.1.0
@swup/astro	1.6.0	1.7.0
astro	5.7.5	5.13.3
overlayscrollbars	2.11.1	2.12.0
sanitize-html	2.16.0	2.17.0
@types/sanitize-html	2.15.0	2.16.0
svelte	5.28.2	5.38.5
typescript	5.8.3	5.9.2

Updates @astrojs/sitemap from 3.3.1 to 3.5.1

Release notes

Sourced from @​astrojs/sitemap's releases.

@​astrojs/sitemap@​3.5.1

Patch Changes

• #14233 896886c Thanks @​gouravkhunger! - Fixes the issue with the option lastmod where if it is defined it applies correctly to <url> entries in each sitemap-${i}.xml file but not the <sitemap> entries in the root sitemap-index.xml file.

@​astrojs/sitemap@​3.5.0

Minor Changes

• #13682 5824b32 Thanks @​gouravkhunger! - Adds a customSitemaps option to include extra sitemaps in the sitemap-index.xml file generated by Astro.

  This is useful for multi-framework setups on the same domain as your Astro site (example.com), such as a blog at example.com/blog whose sitemap is generated by another framework.

  The following example shows configuring your Astro site to include sitemaps for an externally-generated blog and help center along with the generated sitemap entries in sitemap-index.xml:

  Example:

  import { defineConfig } from 'astro/config';
  import sitemap from '@astrojs/sitemap';
  export default defineConfig({
  site: 'https://example.com',
  integrations: [
  sitemap({
  customSitemaps: [
  'https://example.com/blog/sitemap.xml',
  'https://example.com/helpcenter/sitemap.xml',
  ],
  }),
  ],
  });

  Learn more in the @astrojs/sitemap configuration documentation.

@​astrojs/sitemap@​3.4.2

Patch Changes

• #14127 2309ada Thanks @​florian-lefebvre! - Upgrades zod

@​astrojs/sitemap@​3.4.1

Patch Changes

• #13871 8a1e849 Thanks @​blimmer! - Uncaught errors in the filter method will now bubble, causing the astro build to fail.

Changelog

Sourced from @​astrojs/sitemap's changelog.

3.5.1

Patch Changes

• #14233 896886c Thanks @​gouravkhunger! - Fixes the issue with the option lastmod where if it is defined it applies correctly to <url> entries in each sitemap-${i}.xml file but not the <sitemap> entries in the root sitemap-index.xml file.

3.5.0

Minor Changes

• #13682 5824b32 Thanks @​gouravkhunger! - Adds a customSitemaps option to include extra sitemaps in the sitemap-index.xml file generated by Astro.

  This is useful for multi-framework setups on the same domain as your Astro site (example.com), such as a blog at example.com/blog whose sitemap is generated by another framework.

  The following example shows configuring your Astro site to include sitemaps for an externally-generated blog and help center along with the generated sitemap entries in sitemap-index.xml:

  Example:

  import { defineConfig } from 'astro/config';
  import sitemap from '@astrojs/sitemap';
  export default defineConfig({
  site: 'https://example.com',
  integrations: [
  sitemap({
  customSitemaps: [
  'https://example.com/blog/sitemap.xml',
  'https://example.com/helpcenter/sitemap.xml',
  ],
  }),
  ],
  });

  Learn more in the @astrojs/sitemap configuration documentation.

3.4.2

Patch Changes

• #14127 2309ada Thanks @​florian-lefebvre! - Upgrades zod

3.4.1

Patch Changes

• #13871 8a1e849 Thanks @​blimmer! - Uncaught errors in the filter method will now bubble, causing the astro build to fail.

3.4.0

... (truncated)

Commits

• d471be5 [ci] release (#14242)
• 896886c fix(@​astro/sitemap): include lastmod for sitemap entries (#14233)
• a186848 [ci] release (#14217)
• cad3cc6 [ci] format
• 5824b32 feat(@​astro/sitemap): custom sitemaps (#13682)
• c12e216 [ci] release (#14128)
• 2309ada chore: upgrade zod (#14127)
• 9cfccc7 [ci] format
• 33f2d15 chore: upgrade to Biome v2 (#13984)
• 1d628d5 [ci] release (#13873)
• Additional commits viewable in compare view

Updates @astrojs/svelte from 7.0.11 to 7.1.0

Changelog

Sourced from @​astrojs/svelte's changelog.

7.1.0

Minor Changes

• #13809 3c3b492 Thanks @​ascorbic! - Increases minimum Node.js version to 18.20.8

  Node.js 18 has now reached end-of-life and should not be used. For now, Astro will continue to support Node.js 18.20.8, which is the final LTS release of Node.js 18, as well as Node.js 20 and Node.js 22 or later. We will drop support for Node.js 18 in a future release, so we recommend upgrading to Node.js 22 as soon as possible. See Astro's Node.js support policy for more details.

  ⚠️ Important note for users of Cloudflare Pages: The current build image for Cloudflare Pages uses Node.js 18.17.1 by default, which is no longer supported by Astro. If you are using Cloudflare Pages you should override the default Node.js version to Node.js 22. This does not affect users of Cloudflare Workers, which uses Node.js 22 by default.

7.0.13

Patch Changes

• #13731 c3e80c2 Thanks @​jsparkdev! - update vite to latest version for fixing CVE

7.0.12

Patch Changes

• #13720 e1cd1ae Thanks @​florian-lefebvre! - Fixes SSR renderer type

Commits

• 3632dda [ci] release (#13840)
• 3c3b492 fix: increase minimum Node version to 18.20.8 (#13809)
• bbfaf98 fix(deps): update astro client runtimes (#13822)
• f8cec06 fix(deps): update astro client runtimes (#13748)
• bfea0fb [ci] release (#13733)
• c3e80c2 fix(vite): update vite to latest version (#13731)
• d2ab7db [ci] release (#13721)
• e1cd1ae fix: renderers types (#13720)
• 21ca490 fix(deps): update dependency vite to ^6.3.3 (#13699)
• bd5d18f fix(deps): update astro client runtimes (#13661)
• See full diff in compare view

Updates @swup/astro from 1.6.0 to 1.7.0

Release notes

Sourced from @​swup/astro's releases.

1.7.0

• Add support for replacing dynamic fragments
• Add option for native mode View Transitions
• Optimize client script when not using ignore option (@​aleclarson)

Changelog

Sourced from @​swup/astro's changelog.

1.7.0

• Add support for replacing dynamic fragments
• Add option for native mode View Transitions
• Optimize client script when not using ignore option (@​aleclarson)

Commits

• b517654 Merge pull request #40 from swup/version/automated
• df64414 Update changelog
• 49c807e Update package version
• a8f8211 Merge pull request #39 from swup/feat/native
• 5457624 Merge pull request #38 from swup/feat/fragments
• 82e3cac Document native mode
• d5d56a1 Pass along native option
• f04af0e Export fragment plugin from client script
• 0a95106 Document fragments option
• d7e7798 Include fragment plugin
• Additional commits viewable in compare view

Updates astro from 5.7.5 to 5.13.3

Release notes

Sourced from astro's releases.

astro@5.13.3

Patch Changes

• #14239 d7d93e1 Thanks @​wtchnm! - Fixes a bug where the types for the live content collections were not being generated correctly in dev mode

• #14221 eadc9dd Thanks @​delucis! - Fixes JSON schema support for content collections using the file() loader

• #14229 1a9107a Thanks @​jonmichaeldarby! - Ensures Astro.currentLocale returns the correct locale during SSG for pages that use a locale param (such as [locale].astro or [locale]/index.astro, which produce [locale].html)

astro@5.13.2

Patch Changes

• 4d16de7 Thanks @​ematipico! - Improves the detection of remote paths in the _image endpoint. Now href parameters that start with // are considered remote paths.

• Updated dependencies [4d16de7]:

  • @​astrojs/internal-helpers@​0.7.2
  • @​astrojs/markdown-remark@​6.3.6

astro@5.13.1

Patch Changes

• #14225 f2490ab Thanks @​delucis! - Fixes the experimental.chromeDevtoolsWorkspace feature.

astro@5.13.0

Minor Changes

• #14173 39911b8 Thanks @​florian-lefebvre! - Adds an experimental flag staticImportMetaEnv to disable the replacement of import.meta.env values with process.env calls and their coercion of environment variable values. This supersedes the rawEnvValues experimental flag, which is now removed.

  Astro allows you to configure a type-safe schema for your environment variables, and converts variables imported via astro:env into the expected type. This is the recommended way to use environment variables in Astro, as it allows you to easily see and manage whether your variables are public or secret, available on the client or only on the server at build time, and the data type of your values.

  However, you can still access environment variables through process.env and import.meta.env directly when needed. This was the only way to use environment variables in Astro before astro:env was added in Astro 5.0, and Astro's default handling of import.meta.env includes some logic that was only needed for earlier versions of Astro.

  The experimental.staticImportMetaEnv flag updates the behavior of import.meta.env to align with Vite's handling of environment variables and for better ease of use with Astro's current implementations and features. This will become the default behavior in Astro 6.0, and this early preview is introduced as an experimental feature.

  Currently, non-public import.meta.env environment variables are replaced by a reference to process.env. Additionally, Astro may also convert the value type of your environment variables used through import.meta.env, which can prevent access to some values such as the strings "true" (which is converted to a boolean value), and "1" (which is converted to a number).

  The experimental.staticImportMetaEnv flag simplifies Astro's default behavior, making it easier to understand and use. Astro will no longer replace any import.meta.env environment variables with a process.env call, nor will it coerce values.

  To enable this feature, add the experimental flag in your Astro config and remove rawEnvValues if it was enabled:

  // astro.config.mjs
  import { defineConfig } from "astro/config";
  export default defineConfig({
  
  experimental: {
  staticImportMetaEnv: true
  
  
  rawEnvValues: false
  
  
  }
  });

... (truncated)

Changelog

Sourced from astro's changelog.

5.13.3

Patch Changes

• #14239 d7d93e1 Thanks @​wtchnm! - Fixes a bug where the types for the live content collections were not being generated correctly in dev mode

• #14221 eadc9dd Thanks @​delucis! - Fixes JSON schema support for content collections using the file() loader

• #14229 1a9107a Thanks @​jonmichaeldarby! - Ensures Astro.currentLocale returns the correct locale during SSG for pages that use a locale param (such as [locale].astro or [locale]/index.astro, which produce [locale].html)

5.13.2

Patch Changes

• 4d16de7 Thanks @​ematipico! - Improves the detection of remote paths in the _image endpoint. Now href parameters that start with // are considered remote paths.

• Updated dependencies [4d16de7]:

  • @​astrojs/internal-helpers@​0.7.2
  • @​astrojs/markdown-remark@​6.3.6

5.13.1

Patch Changes

• #14225 f2490ab Thanks @​delucis! - Fixes the experimental.chromeDevtoolsWorkspace feature.

5.13.0

Minor Changes

• #14173 39911b8 Thanks @​florian-lefebvre! - Adds an experimental flag staticImportMetaEnv to disable the replacement of import.meta.env values with process.env calls and their coercion of environment variable values. This supersedes the rawEnvValues experimental flag, which is now removed.

  Astro allows you to configure a type-safe schema for your environment variables, and converts variables imported via astro:env into the expected type. This is the recommended way to use environment variables in Astro, as it allows you to easily see and manage whether your variables are public or secret, available on the client or only on the server at build time, and the data type of your values.

  However, you can still access environment variables through process.env and import.meta.env directly when needed. This was the only way to use environment variables in Astro before astro:env was added in Astro 5.0, and Astro's default handling of import.meta.env includes some logic that was only needed for earlier versions of Astro.

  The experimental.staticImportMetaEnv flag updates the behavior of import.meta.env to align with Vite's handling of environment variables and for better ease of use with Astro's current implementations and features. This will become the default behavior in Astro 6.0, and this early preview is introduced as an experimental feature.

  Currently, non-public import.meta.env environment variables are replaced by a reference to process.env. Additionally, Astro may also convert the value type of your environment variables used through import.meta.env, which can prevent access to some values such as the strings "true" (which is converted to a boolean value), and "1" (which is converted to a number).

  The experimental.staticImportMetaEnv flag simplifies Astro's default behavior, making it easier to understand and use. Astro will no longer replace any import.meta.env environment variables with a process.env call, nor will it coerce values.

  To enable this feature, add the experimental flag in your Astro config and remove rawEnvValues if it was enabled:

  // astro.config.mjs
  import { defineConfig } from "astro/config";
  export default defineConfig({
  
  experimental: {

... (truncated)

Commits

• d471be5 [ci] release (#14242)
• d7d93e1 fix(sync): add missing live check for generating content collections types (#...
• 682d8b8 [ci] format
• 1a9107a Properly compute currentLocale when path segment contains .html (#14229)
• eadc9dd Fix file() loader JSON schema (#14221)
• d95fbaf [ci] format
• dd481c8 chore(assets): compose source URL later (#14237)
• 9288133 [ci] release (#14232)
• 1040510 [ci] format
• 4d16de7 Merge commit from fork
• Additional commits viewable in compare view

Updates overlayscrollbars from 2.11.1 to 2.12.0

Changelog

Sourced from overlayscrollbars's changelog.

2.12.0

Improvements

• Improve accessibility when the native scrollbars can't be hidden. This can happen when the browser isn't supporting scrollbar styling & the ScrollbarsHidingPlugin is not being used. In this case the custom scrollbars aren't rendered over the native scrollbars anymore. [SimpleBar #726](Grsmto/simplebar#726)

2.11.5

Bug Fixes

• Sometimes when resizing the window, scrollbars applied to the body element werent updated accordingly.

2.11.4

Bug Fixes

• Remove scrollbars click event when its no longer required. #720

2.11.3

Improvements

• Introduce and document the new CSS Custom Properties: --os-viewport-overflow-x and --os-viewport-overflow-y which can be used to better control the overflow style of the viewport element.
• Support for the auto value for overwrites of the overflow style of the viewport.

2.11.2

Improvements

• Streamline css styles for the viewport and wrapper elements to allow overwrites of the overflow property. #718

Bug Fixes

• Initialization bridging via data-overlayscrollbars-initialize attribute conflicted with the showNativeOverlaidScrollbars: true option when initialized to the body element. #713

Commits

• b9ced78 v2.12.0
• 5dbe819 fix test
• 505c71e improve accessibility by hiding custom scrollbar when native scrollbars cant ...
• 99c1d97 Merge branch 'master' of https://github.com/KingSora/OverlayScrollbars
• ea0099e small improvements
• cb63671 changelog & package json
• 9fd1f8c fix a bug where the scrollbar size was not update on body scrollbars
• 9cb3e22 deploy
• 2f73b16 v2.11.4
• 7c59217 fix: #720
• Additional commits viewable in compare view

Updates sanitize-html from 2.16.0 to 2.17.0

Changelog

Sourced from sanitize-html's changelog.

2.17.0 (2025-05-14)

• Add preserveEscapedAttributes, allowing attributes on escaped disallowed tags to be retained. Thanks to Ben Elliot for this new option.

Commits

• 86efc06 Merge pull request #705 from apostrophecms/release-2.17.0
• c487e77 release 2.17.0
• da16903 Merge pull request #704 from apostrophecms/add-thanks-to-changelog
• 0e5d881 Update CHANGELOG
• 614e7df Merge pull request #668 from benelliott/feature/preserve-escaped-attributes-2
• 8628cea Update README.md
• f07ce9d README.md: Add warning on usage of preserveEscapedAttributes
• 27de3a8 Add test demonstrating that preserveEscapedAttributes doesn't affect behaviou...
• 3d2893e Add documentation for preserveEscapedAttributes option
• ae1dc35 Add preserveEscapedAttributes option to allow attributes on escaped disallo...
• See full diff in compare view

Updates @types/sanitize-html from 2.15.0 to 2.16.0

Commits

• See full diff in compare view

Updates svelte from 5.28.2 to 5.38.5

Release notes

Sourced from svelte's releases.

svelte@5.38.5

Patch Changes

• fix: ensure async deriveds always get dependencies from thennable (#16672)

svelte@5.38.3

Patch Changes

• fix: ensure correct order of template effect values (#16655)

• fix: allow async {@const} in more places (#16643)

• fix: properly catch top level await errors (#16619)

• perf: prune effects without dependencies (#16625)

• fix: only emit for_await_track_reactivity_loss in async mode (#16644)

svelte@5.38.2

Patch Changes

• perf: run blocks eagerly during flush instead of aborting (#16631)

• fix: don't clone non-proxies in $inspect (#16617)

• fix: avoid recursion error when tagging circular references (#16622)

svelte@5.38.1

Patch Changes

• fix: wrap abort in without_reactive_context (#16570)

• fix: add hint as a possible value for popover attribute (#16581)

• fix: skip effects inside dynamic component that is about to be destroyed (#16601)

svelte@5.38.0

Minor Changes

• feat: allow await inside @const declarations (#16542)

Patch Changes

• fix: remount at any hydration error (#16248)

• chore: emit await_reactivity_loss in for await loops (#16521)

• fix: emit snippet_invalid_export instead of undefined_export for exported snippets (#16539)

svelte@5.37.3

... (truncated)

Changelog

Sourced from svelte's changelog.

5.38.5

Patch Changes

• fix: ensure async deriveds always get dependencies from thennable (#16672)

5.38.4

Patch Changes

• fix: place instance-level snippets inside async body (#16666)

• fix: Add check for builtin custom elements in set_custom_element_data (#16592)

• fix: restore batch along with effect context (#16668)

• fix: wait until changes propagate before updating input selection state (#16649)

• fix: add "Accept-CH" as valid value for http-equiv (#16671)

5.38.3

Patch Changes

• fix: ensure correct order of template effect values (#16655)

• fix: allow async {@const} in more places (#16643)

• fix: properly catch top level await errors (#16619)

• perf: prune effects without dependencies (#16625)

• fix: only emit for_await_track_reactivity_loss in async mode (#16644)

5.38.2

Patch Changes

• perf: run blocks eagerly during flush instead of aborting (#16631)

• fix: don't clone non-proxies in $inspect (#16617)

• fix: avoid recursion error when tagging circular references (#16622)

5.38.1

Patch Changes

• fix: wrap abort in without_reactive_context (#16570)

... (truncated)

Commits

• 5314f48 Version Packages (#16673)
• 5912754 Version Packages (#16667)
• 677af57 fix: ensure async deriveds always get dependencies from thennable (#16672)
• 967431c chore(elements.d.ts): add "Accept-CH" as valid value for http-equiv (#16671)
• 0d48916 fix: cursor jumps in input two way binding (#16649)
• 6534aa0 fix: Add check for builtin custom elements in set_custom_element_data (#16592)
• 7105736 fix: restore batch along with effect context (#16668)
• 57fed6a fix: place instance-level snippets inside async body (#16666)
• e883cd0 Version Packages (#16642)
• d3cb148 perf: better effect pruning (#16625)
• Additional commits viewable in compare view

Updates typescript from 5.8.3 to 5.9.2

Release notes

Sourced from typescript's releases.

TypeScript 5.9

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

TypeScript 5.9 RC

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

• npm

TypeScript 5.9 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

• npm

Commits

• be86783 Give more specific errors for verbatimModuleSyntax (#62113)
• 22ef577 LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250714...
• d5a414c Don't use noErrorTruncation when printing types with maximumLength set (#...
• f14b5c8 Remove unused and confusing dom.iterable.d.ts file (#62037)
• 2778e84 Restore AbortSignal.abort (#62086)
• 65cb4bd LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250710...
• 9e20e03 Clear out checker-level stacks on pop (#62016)
• 87740bc Fix for Issue 61081 (#61221)
• 833a8d4 Fix Symbol completion priority and cursor positioning (#61945)
• 0018c9f LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250702...
• Additional commits viewable in compare view

Updates @types/sanitize-html from 2.15.0 to 2.16.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.