Skip to content

Bump the npm-dependencies group with 5 updates#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-1755293dd2
Open

Bump the npm-dependencies group with 5 updates#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-dependencies-1755293dd2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-dependencies group with 5 updates:

Package From To
astro 7.0.5 7.0.7
prettier 3.9.4 3.9.5
typescript 6.0.3 7.0.2
typescript-eslint 8.62.1 8.63.0
wrangler 4.107.0 4.109.0

Updates astro from 7.0.5 to 7.0.7

Release notes

Sourced from astro's releases.

astro@7.0.7

Patch Changes

  • #17318 23a4120 Thanks @​astrobot-houston! - Fixes CSS module scoped-name hash mismatch in astro dev when using vite.css.transformer: 'lightningcss' with content collections. Previously, a component importing a CSS module and rendered via content collection render() would get different class name hashes in the element and the injected <style> tag, causing styles not to apply.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server memory leak which caused Node.js to emit warnings in the console.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server crash when a .html or /index.html suffixed request (such as those netlify dev probes as pretty-URL fallbacks) matched a dynamic endpoint route, causing a TypeError: Missing parameter error

  • #17325 cebc404 Thanks @​astrobot-houston! - Fixes a bug where CSS @import rules could end up mid-stylesheet after inline CSS chunks were merged during build, causing browsers to silently ignore them

  • #17323 4298883 Thanks @​ematipico! - Fixes a build regression that could leave unresolved preload markers in inlined scripts with external dynamic imports

  • Updated dependencies [4298883, 4298883]:

    • @​astrojs/telemetry@​3.3.3

astro@7.0.6

Patch Changes

  • #17261 79aa99c Thanks @​astrobot-houston! - Fixes a false deprecation warning for markdown.gfm and markdown.smartypants when using the Container API

  • #17247 f94280d Thanks @​chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is 0. The generator used truthy checks instead of checking for undefined, so paginate(posts, { params: { categoryId: 0 } }) would crash even though 0 is a perfectly valid param value.

  • #17278 6f11739 Thanks @​astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled

  • #17250 0b30b35 Thanks @​matthewp! - Fixes the security.checkOrigin check so it is applied consistently to Astro Actions and on-demand endpoints, regardless of how the request pipeline is composed. Previously, the origin check could be skipped in the composable astro/hono pipeline depending on the order of the middleware() primitive (or when it was omitted).

  • #17274 8c3579b Thanks @​astrobot-houston! - Fixes missing render() type overload for live collection entries. Previously, calling render() on a LiveDataEntry produced a TypeScript error when using only live.config.ts without a content.config.ts.

  • #17257 4208297 Thanks @​astrobot-houston! - Fixes astro check failing to find @astrojs/check and typescript when astro is installed in a directory outside the project tree (e.g. pnpm virtual store)

  • #17272 b428648 Thanks @​matthewp! - Fixes island component paths so that extensionless imports (e.g. import { Counter } from '../components/Counter') resolve to the real file on disk, matching Vite's extension order and directory index resolution. This makes the include/exclude options of JSX renderer integrations (React, Preact, Solid) match components imported without a file extension, and removes the spurious React 19 "Invalid hook call" warning logged on every request in dev when include was set alongside another JSX renderer

  • #17279 2aeaa44 Thanks @​astrobot-houston! - Fixes a bug where <Picture inferSize> with a remote image could fail with FailedToFetchRemoteImageDimensions when the image server rate-limits requests (e.g. HTTP 429). Remote dimensions are now resolved once per render instead of once per output format.

  • #17251 5240e26 Thanks @​matthewp! - Hardens the handling of attribute rendering when using with custom elements.

  • #17248 429bd62 Thanks @​astrobot-houston! - Fixes a crash when using Astro's getViteConfig with Vitest browser mode (e.g., Storybook vitest runner). Astro now skips dev server setup inside Vitest, preventing errors.

  • #17260 14524c0 Thanks @​matthewp! - Fixes a regression where a <script> inside a component rendered through Astro.slots.render() was hoisted out of its original position instead of staying next to its component content

  • Updated dependencies [eb6f97e]:

    • @​astrojs/internal-helpers@​0.10.1
    • @​astrojs/markdown-remark@​7.2.1
    • @​astrojs/markdown-satteri@​0.3.3
Changelog

Sourced from astro's changelog.

7.0.7

Patch Changes

  • #17318 23a4120 Thanks @​astrobot-houston! - Fixes CSS module scoped-name hash mismatch in astro dev when using vite.css.transformer: 'lightningcss' with content collections. Previously, a component importing a CSS module and rendered via content collection render() would get different class name hashes in the element and the injected <style> tag, causing styles not to apply.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server memory leak which caused Node.js to emit warnings in the console.

  • #17323 4298883 Thanks @​ematipico! - Fixes a dev server crash when a .html or /index.html suffixed request (such as those netlify dev probes as pretty-URL fallbacks) matched a dynamic endpoint route, causing a TypeError: Missing parameter error

  • #17325 cebc404 Thanks @​astrobot-houston! - Fixes a bug where CSS @import rules could end up mid-stylesheet after inline CSS chunks were merged during build, causing browsers to silently ignore them

  • #17323 4298883 Thanks @​ematipico! - Fixes a build regression that could leave unresolved preload markers in inlined scripts with external dynamic imports

  • Updated dependencies [4298883, 4298883]:

    • @​astrojs/telemetry@​3.3.3

7.0.6

Patch Changes

  • #17261 79aa99c Thanks @​astrobot-houston! - Fixes a false deprecation warning for markdown.gfm and markdown.smartypants when using the Container API

  • #17247 f94280d Thanks @​chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is 0. The generator used truthy checks instead of checking for undefined, so paginate(posts, { params: { categoryId: 0 } }) would crash even though 0 is a perfectly valid param value.

  • #17278 6f11739 Thanks @​astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled

  • #17250 0b30b35 Thanks @​matthewp! - Fixes the security.checkOrigin check so it is applied consistently to Astro Actions and on-demand endpoints, regardless of how the request pipeline is composed. Previously, the origin check could be skipped in the composable astro/hono pipeline depending on the order of the middleware() primitive (or when it was omitted).

  • #17274 8c3579b Thanks @​astrobot-houston! - Fixes missing render() type overload for live collection entries. Previously, calling render() on a LiveDataEntry produced a TypeScript error when using only live.config.ts without a content.config.ts.

  • #17257 4208297 Thanks @​astrobot-houston! - Fixes astro check failing to find @astrojs/check and typescript when astro is installed in a directory outside the project tree (e.g. pnpm virtual store)

  • #17272 b428648 Thanks @​matthewp! - Fixes island component paths so that extensionless imports (e.g. import { Counter } from '../components/Counter') resolve to the real file on disk, matching Vite's extension order and directory index resolution. This makes the include/exclude options of JSX renderer integrations (React, Preact, Solid) match components imported without a file extension, and removes the spurious React 19 "Invalid hook call" warning logged on every request in dev when include was set alongside another JSX renderer

  • #17279 2aeaa44 Thanks @​astrobot-houston! - Fixes a bug where <Picture inferSize> with a remote image could fail with FailedToFetchRemoteImageDimensions when the image server rate-limits requests (e.g. HTTP 429). Remote dimensions are now resolved once per render instead of once per output format.

  • #17251 5240e26 Thanks @​matthewp! - Hardens the handling of attribute rendering when using with custom elements.

  • #17248 429bd62 Thanks @​astrobot-houston! - Fixes a crash when using Astro's getViteConfig with Vitest browser mode (e.g., Storybook vitest runner). Astro now skips dev server setup inside Vitest, preventing errors.

  • #17260 14524c0 Thanks @​matthewp! - Fixes a regression where a <script> inside a component rendered through Astro.slots.render() was hoisted out of its original position instead of staying next to its component content

  • Updated dependencies [eb6f97e]:

    • @​astrojs/internal-helpers@​0.10.1
    • @​astrojs/markdown-remark@​7.2.1
    • @​astrojs/markdown-satteri@​0.3.3
Commits

Updates prettier from 3.9.4 to 3.9.5

Release notes

Sourced from prettier's releases.

3.9.5

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.9.5

diff

Markdown: Cap ordered list mark at 999,999,999 (#19351 by @​tats-u)

CommonMark parsers only support ordered list item numbers up to 999,999,999.

With this change, Prettier now caps the ordered list item number at 999,999,999 to ensure that the output is correctly parsed as an ordered list by CommonMark parsers. Numbers larger than 999,999,999 are not parsed as list item numbers and are left unchanged in the output:

<!-- Input -->
999999998. text
999999998. text
999999998. text
999999998. text
1234567890123456789012) text
<!-- Prettier 3.9.4 -->
999999998. text
999999999. text
1000000000. text
1000000001. text
1234567890123456789012) text
<!-- Prettier 3.9.5 -->
999999998. text
999999999. text
999999999. text
999999999. text
1234567890123456789012) text

Markdown: Avoid corrupting empty link with title (#19487 by @​andersk)

Do not remove <> from an inline link or image with an empty URL and a title, as this removal would change its interpretation.

<!-- Input -->
[link](https://github.com/prettier/prettier/blob/main/<> "title")
<!-- Prettier 3.9.4 -->
[link](https://github.com/prettier/prettier/blob/main/ "title")
<!-- Prettier 3.9.5 -->
</tr></table>

... (truncated)

Commits

Updates typescript from 6.0.3 to 7.0.2

Commits
Maintainer changes

This version was pushed to npm by microsoft1es, a new releaser for typescript since your current version.


Updates typescript-eslint from 8.62.1 to 8.63.0

Release notes

Sourced from typescript-eslint's releases.

v8.63.0

8.63.0 (2026-07-06)

🚀 Features

  • eslint-plugin: [no-misused-promises] detect async usage of a sync dispose usage (#12426)

🩹 Fixes

  • eslint-plugin: [method-signature-style] suggest converting readonly function properties instead of emitting invalid syntax (#12447, #12446)
  • eslint-plugin: [no-unnecessary-type-assertion] handle optional-chained calls to overloaded functions (#12491, #12485)
  • eslint-plugin: [no-base-to-string] don't flag a shadowed String() call (#12492)
  • scope-manager: export ClassStaticBlockScope (#12460)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.63.0 (2026-07-06)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates wrangler from 4.107.0 to 4.109.0

Release notes

Sourced from wrangler's releases.

wrangler@4.109.0

Minor Changes

  • #14489 e3f0cd6 Thanks @​edmundhung! - Add listDurableObjectIds() to createTestHarness Worker handles

    Tests using createTestHarness can now list persisted Durable Object instance IDs for a Durable Object binding. This helps integration tests discover objects created by app behavior without adding test-only endpoints.

  • #14465 2fedb1f Thanks @​vaishnav-mk! - Add rollback support when terminating Workflow instances

    WorkflowInstance.terminate({ rollback: true }) now runs registered rollback handlers before marking a local Workflow instance as terminated. Wrangler also supports this via wrangler workflows instances terminate --rollback, including local mode.

    The rollback option is only sent for terminate operations and is rejected by the Local Explorer API for pause, resume, and restart actions.

  • #14511 17d2fc1 Thanks @​juleslemee! - Add wrangler turnstile widget commands for managing Turnstile widgets

    You can now create, list, inspect, update, and delete Turnstile widgets from the CLI:

    wrangler turnstile widget create <name> --domain example.com --mode managed
    wrangler turnstile widget list
    wrangler turnstile widget get <sitekey>
    wrangler turnstile widget update <sitekey> --name "Renamed"
    wrangler turnstile widget delete <sitekey>
    

    All five subcommands accept --json for machine-readable output (get prints a formatted view by default; the rest print a short human summary). --domain accepts comma-separated values, e.g. --domain a.com,b.com. delete --json requires --skip-confirmation/-y to keep output pipeable.

    create prints the sitekey, the secret, and the canonical challenges.cloudflare.com/turnstile/v0/siteverify endpoint for backend verification. The hint is backend-agnostic; it doesn't assume Workers. The secret is redacted from list and update output but remains available via get for retrieval later. delete prompts for confirmation; pass --skip-confirmation/-y to bypass.

    The OAuth flow now requests the challenge-widgets.write scope (the existing Bach-derived scope for Turnstile widget CRUD). Existing OAuth sessions need to run wrangler login again to pick it up. API token users need a token with the Account.Turnstile:Edit permission.

Patch Changes

  • #14596 8511ddf Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260706.1 1.20260708.1
    @​cloudflare/workers-types ^5.20260706.1 ^5.20260708.1
  • #14604 9f74a5f Thanks @​vaishnav-mk! - Improve the deploy error for cron-triggered Workflows on free plans

    Wrangler now explains that Workflow schedules require a paid Workers plan instead of showing only the generic Workflows API request failure.

  • #14616 c782e2a Thanks @​penalosa! - Fix wrangler deploy aborting in CI for autoconfigured projects

    A recent change guarded non-interactive deploys against overwriting a same-named Worker whenever there was no config file naming it. This was too broad: a plain wrangler deploy run in CI without a config file (for example an autoconfigured project whose generated config PR has not been merged) would fail with "A Worker named ... already exists in your account", even though re-deploying to that Worker is the intended behaviour.

... (truncated)

Commits
  • 774c09e Version Packages (#14603)
  • 2fedb1f Support workflow terminate rollback (#14465)
  • c782e2a [wrangler] Restrict name-ownership guard to Pages-to-Workers delegation (#14616)
  • 17d2fc1 [wrangler] Add turnstile widget CLI commands (#14511)
  • 315c77c chore: use catalog for workerd dependency (#14607)
  • 9f74a5f Workflows: Improve scheduled Workflows free-plan deploy error (#14604)
  • 394b8ae Fix wrangler linting (failing because of deprecated detectAgenticEnvironment ...
  • dbf024e Enable @typescript-eslint/no-deprecated linting rule for wrangler (#14579)
  • e3f0cd6 feat(wrangler): list durable object ids in test harness (#14489)
  • 8511ddf Bump the workerd-and-workers-types group with 2 updates (#14596)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `7.0.5` | `7.0.7` |
| [prettier](https://github.com/prettier/prettier) | `3.9.4` | `3.9.5` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.3` | `7.0.2` |
| [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.62.1` | `8.63.0` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.107.0` | `4.109.0` |


Updates `astro` from 7.0.5 to 7.0.7
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.7/packages/astro)

Updates `prettier` from 3.9.4 to 3.9.5
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](prettier/prettier@3.9.4...3.9.5)

Updates `typescript` from 6.0.3 to 7.0.2
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](https://github.com/microsoft/TypeScript/commits)

Updates `typescript-eslint` from 8.62.1 to 8.63.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.63.0/packages/typescript-eslint)

Updates `wrangler` from 4.107.0 to 4.109.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.109.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 7.0.7
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: prettier
  dependency-version: 3.9.5
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
- dependency-name: typescript
  dependency-version: 7.0.2
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: npm-dependencies
- dependency-name: typescript-eslint
  dependency-version: 8.63.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
- dependency-name: wrangler
  dependency-version: 4.109.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 9, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 9, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
proofline-website e7c49b1 Jul 09 2026, 05:25 PM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants