fix(deps): update dependency astro to v5.9.2

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
astro (source)	5.7.12 -> 5.9.2

---

Release Notes

withastro/astro (astro)

v5.9.2

Compare Source

Patch Changes

• #​13919 423fe60 Thanks @​ematipico! - Fixes a bug where Astro added quotes to the CSP resources.

  Only certain resources require quotes (e.g. 'self' but not https://cdn.example.com), so Astro no longer adds quotes to any resources. You must now provide the quotes yourself for resources such as 'self' when necessary:

  export default defineConfig({
    experimental: {
      csp: {
        styleDirective: {
          resources: [
  -          "self",
  +          "'self'",
            "https://cdn.example.com"
          ]
        }
      }
    }
  })

• #​13914 76c5480 Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy feature only

  Removes support for experimental Content Security Policy (CSP) when using the <ClientRouter /> component for view transitions.

  It is no longer possible to enable experimental CSP while using Astro's view transitions. Support was already unstable with the <ClientRouter /> because CSP required making its underlying implementation asynchronous. This caused breaking changes for several users and therefore, this PR removes support completely.

  If you are currently using the component for view transitions, please remove the experimental CSP flag as they cannot be used together.

  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    experimental: {
  -   csp: true
     }
  });

  Alternatively, to continue using experimental CSP in your project, you can consider migrating to the browser native View Transition API and remove the <ClientRouter /> from your project. You may be able to achieve similar results if you are not using Astro's enhancements to the native View Transitions and Navigation APIs.

  Support might be reintroduced in future releases. You can follow this experimental feature's development in the CSP RFC.

v5.9.1

Compare Source

Patch Changes

• #​13899 7a1303d Thanks @​reknih! - Fix bug where error pages would return invalid bodies if the upstream response was compressed

• #​13902 051bc30 Thanks @​arHSM! - Fixes a bug where vite virtual module ids were incorrectly added in the dev server

• #​13905 81f71ca Thanks @​jsparkdev! - Fixes wrong contents in CSP meta tag.

• #​13907 8246bcc Thanks @​martrapp! - Fixes a bug that caused view transition names to be lost.

• #​13901 37fa0a2 Thanks @​ansg191! - fix fallback not being removed when server island is rendered

v5.9.0

Compare Source

Minor Changes

• #​13802 0eafe14 Thanks @​ematipico! - Adds experimental Content Security Policy (CSP) support

  CSP is an important feature to provide fine-grained control over resources that can or cannot be downloaded and executed by a document. In particular, it can help protect against cross-site scripting (XSS) attacks.

  Enabling this feature adds additional security to Astro's handling of processed and bundled scripts and styles by default, and allows you to further configure these, and additional, content types. This new experimental feature has been designed to work in every Astro rendering environment (static pages, dynamic pages and single page applications), while giving you maximum flexibility and with type-safety in mind.

  It is compatible with most of Astro's features such as client islands, and server islands, although Astro's view transitions using the <ClientRouter /> are not yet fully supported. Inline scripts are not supported out of the box, but you can provide your own hashes for external and inline scripts.

  To enable this feature, add the experimental flag in your Astro config:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    experimental: {
      csp: true,
    },
  });

  For more information on enabling and using this feature in your project, see the Experimental CSP docs.

  For a complete overview, and to give feedback on this experimental API, see the Content Security Policy RFC.

• #​13850 1766d22 Thanks @​ascorbic! - Provides a Markdown renderer to content loaders

  When creating a content loader, you will now have access to a renderMarkdown function that allows you to render Markdown content directly within your loaders. It uses the same settings and plugins as the renderer used for Markdown files in Astro, and follows any Markdown settings you have configured in your Astro project.

  This allows you to render Markdown content from various sources, such as a CMS or other data sources, directly in your loaders without needing to preprocess the Markdown content separately.

  import type { Loader } from 'astro/loaders';
  import { loadFromCMS } from './cms';
  
  export function myLoader(settings): Loader {
    return {
      name: 'my-loader',
      async load({ renderMarkdown, store }) {
        const entries = await loadFromCMS();
  
        store.clear();
  
        for (const entry of entries) {
          // Assume each entry has a 'content' field with markdown content
          store.set(entry.id, {
            id: entry.id,
            data: entry,
            rendered: await renderMarkdown(entry.content),
          });
        }
      },
    };
  }

  The return value of renderMarkdown is an object with two properties: html and metadata. These match the rendered property of content entries in content collections, so you can use them to render the content in your components or pages.

v5.8.2

Compare Source

Patch Changes

• #​13877 5a7797f Thanks @​yuhang-dong! - Fixes a bug that caused Astro.rewrite to fail when used in sequenced middleware

• #​13872 442b841 Thanks @​isVivek99! - Fixes rendering of the download attribute when it has a boolean value

v5.8.1

Compare Source

Patch Changes

• #​13037 de2fc9b Thanks @​nanarino! - Fixes rendering of the popover attribute when it has a boolean value

• #​13851 45ae95a Thanks @​ascorbic! - Allows disabling default styles for responsive images

  This change adds a new image.experimentalDefaultStyles option that allows you to disable the default styles applied to responsive images.

  When using experimental responsive images, Astro applies default styles to ensure the images resize correctly. In most cases this is what you want – and they are applied with low specificity so your own styles override them. However in some cases you may want to disable these default styles entirely. This is particularly useful when using Tailwind 4, because it uses CSS cascade layers to apply styles, making it difficult to override the default styles.

  image.experimentalDefaultStyles is a boolean option that defaults to true, so you can change it in your Astro config file like this:

  export default {
    image: {
      experimentalDefaultStyles: false,
    },
    experimental: {
      responsiveImages: true,
    },
  };

• #​13858 cb1a168 Thanks @​florian-lefebvre! - Fixes the warning shown when client directives are used on Astro components

• #​12574 da266d0 Thanks @​apatel369! - Allows using server islands in mdx files

• #​13843 fbcfa68 Thanks @​z1haze! - Export type AstroSession to allow use in explicitly typed safe code.

v5.8.0

Compare Source

Minor Changes

• #​13809 3c3b492 Thanks @​ascorbic! - Increases minimum Node.js version to 18.20.8

  Node.js 18 has now reached end-of-life and should not be used. For now, Astro will continue to support Node.js 18.20.8, which is the final LTS release of Node.js 18, as well as Node.js 20 and Node.js 22 or later. We will drop support for Node.js 18 in a future release, so we recommend upgrading to Node.js 22 as soon as possible. See Astro's Node.js support policy for more details.

  ⚠️ Important note for users of Cloudflare Pages: The current build image for Cloudflare Pages uses Node.js 18.17.1 by default, which is no longer supported by Astro. If you are using Cloudflare Pages you should override the default Node.js version to Node.js 22. This does not affect users of Cloudflare Workers, which uses Node.js 22 by default.

Patch Changes

• Updated dependencies [3c3b492]:
  • @​astrojs/telemetry@​3.3.0
  • @​astrojs/markdown-remark@​6.3.2

v5.7.14

Compare Source

Patch Changes

• #​13773 3aa5337 Thanks @​sijad! - Ignores lightningcss unsupported pseudo-class warning.

• #​13833 5a6d2ae Thanks @​ascorbic! - Fixes an issue where session modules would fail to resolve in Node.js < 20.6

• #​13383 f7f712c Thanks @​Haberkamp! - Stop toolbar settings from overflowing

• #​13794 85b19d8 Thanks @​alexcarpenter! - Exclude pre tags from a11y-no-noninteractive-tabindex audit check.

• #​13373 50ef568 Thanks @​jpwienekus! - Fixes a bug where highlights and tooltips render over the audit list window.

• #​13769 e9fc456 Thanks @​romanstetsyk! - Expand ActionError codes to include all IANA-registered HTTP error codes.

• #​13668 866285a Thanks @​sapphi-red! - Replaces internal CSS chunking behavior for Astro components' scoped styles to use Vite's cssScopeTo feature. The feature is a port of Astro's implementation so this should not change the behavior.

v5.7.13

Compare Source

Patch Changes

• #​13761 a2e8463 Thanks @​jp-knj! - Adds new content collections errors

• #​13788 7d0b7ac Thanks @​florian-lefebvre! - Fixes a case where an error would not be thrown when using the <Font /> component from the experimental fonts API without adding fonts in the Astro config

• #​13784 d7a1889 Thanks @​florian-lefebvre! - Fixes the experimental fonts API to correctly take config.base, config.build.assets and config.build.assetsPrefix into account

• #​13777 a56b8ea Thanks @​L4Ph! - Fixed an issue where looping GIF animation would stop when converted to WebP

• #​13566 0489d8f Thanks @​TheOtterlord! - Fix build errors being ignored when build.concurrency > 1

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4fdc371

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cloudflare-workers-and-pages]

Deploying dpkit with    Cloudflare Pages

Latest commit:	4fdc371
Status:	🚫  Build failed.

View logs

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (5.9.2). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.