Skip to content

chore(deps): bump the minors-and-patches group with 7 updates#9

Merged
marekh19 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/minors-and-patches-667fb536eb
Mar 2, 2026
Merged

chore(deps): bump the minors-and-patches group with 7 updates#9
marekh19 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/minors-and-patches-667fb536eb

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the minors-and-patches group with 7 updates:

Package From To
@astrojs/starlight 0.37.5 0.37.6
astro 5.17.1 5.18.0
mermaid 11.12.2 11.12.3
@biomejs/biome 2.3.13 2.4.4
@commitlint/cli 20.4.0 20.4.2
@commitlint/config-conventional 20.4.0 20.4.2
lint-staged 16.2.7 16.3.0

Updates @astrojs/starlight from 0.37.5 to 0.37.6

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.37.6

Patch Changes

Changelog

Sourced from @​astrojs/starlight's changelog.

0.37.6

Patch Changes

Commits

Updates astro from 5.17.1 to 5.18.0

Release notes

Sourced from astro's releases.

astro@5.18.0

Minor Changes

  • #15589 b7dd447 Thanks @​qzio! - Adds a new security.actionBodySizeLimit option to configure the maximum size of Astro Actions request bodies.

    This lets you increase the default 1 MB limit when your actions need to accept larger payloads. For example, actions that handle file uploads or large JSON payloads can now opt in to a higher limit.

    If you do not set this option, Astro continues to enforce the 1 MB default to help prevent abuse.

    // astro.config.mjs
    export default defineConfig({
      security: {
        actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
      },
    });

Patch Changes

  • #15594 efae11c Thanks @​qzio! - Fix X-Forwarded-Proto validation when allowedDomains includes both protocol and hostname fields. The protocol check no longer fails due to hostname mismatch against the hardcoded test URL.

astro@5.17.3

Patch Changes

  • #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

  • #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

astro@5.17.2

Patch Changes

  • c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies
Changelog

Sourced from astro's changelog.

5.18.0

Minor Changes

  • #15589 b7dd447 Thanks @​qzio! - Adds a new security.actionBodySizeLimit option to configure the maximum size of Astro Actions request bodies.

    This lets you increase the default 1 MB limit when your actions need to accept larger payloads. For example, actions that handle file uploads or large JSON payloads can now opt in to a higher limit.

    If you do not set this option, Astro continues to enforce the 1 MB default to help prevent abuse.

    // astro.config.mjs
    export default defineConfig({
      security: {
        actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
      },
    });

Patch Changes

  • #15594 efae11c Thanks @​qzio! - Fix X-Forwarded-Proto validation when allowedDomains includes both protocol and hostname fields. The protocol check no longer fails due to hostname mismatch against the hardcoded test URL.

5.17.3

Patch Changes

  • #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

  • #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

5.17.2

Patch Changes

  • c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies
Commits

Updates mermaid from 11.12.2 to 11.12.3

Release notes

Sourced from mermaid's releases.

mermaid@11.12.3

Patch Changes

  • Updated dependencies [7243340]:
    • @​mermaid-js/parser@​1.0.0
Commits
  • cbe7015 Merge pull request #7397 from mermaid-js/changeset-release/master
  • 69fccd2 Version Packages
  • 56ecd66 Fixed issue with hero text
  • 3735098 Merge pull request #7377 from aloisklink/chore/upgrade-to-langium-v4
  • ea46407 Update link with source
  • dc30a46 Updating the Hero on the docs side
  • 426a616 chore(dev-deps): update @​argos-ci/cypress to 6.2.2
  • 16bc9e6 chore(deps): update dependency lodash-es to v4.17.23
  • 7243340 chore(parser)!: upgrade parser to Langium v4
  • 156dc11 chore(deps): upgrade to langium 3.5.0
  • Additional commits viewable in compare view

Updates @biomejs/biome from 2.3.13 to 2.4.4

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.4

2.4.4

Patch Changes

  • #9150 6946835 Thanks @​dyc3! - Fixed #9138: Astro files containing --- in HTML content (e.g., <h1>---Hi</h1>) are now parsed correctly, both when a frontmatter block is present and when there is no frontmatter at all.

  • #9150 aa6f837 Thanks @​dyc3! - Fixed #9138: The HTML parser incorrectly failing to parse bracket characters ([ and ]) in text content (e.g. <div>[Foo]</div>).

  • #9151 c0d4b0c Thanks @​dyc3! - Fixed parsing of Svelte directive keywords (use, style) when used as plain text content in HTML/Svelte files. Previously, <p>use JavaScript</p> or <p>style it</p> would incorrectly produce a bogus element instead of proper text content.

  • #9162 7f1e060 Thanks @​dyc3! - Fixed #9161: The Vue parser now correctly handles colon attributes like xlink:href and xmlns:xlink by parsing them as single attributes instead of splitting them into separate tokens.

  • #9164 458211b Thanks @​dyc3! - Fixed #9161: The noAssignInExpressions rule no longer flags assignments in Vue v-on directives (e.g., @click="counter += 1"). Assignments in event handlers are idiomatic Vue patterns and are now skipped by the rule.

What's Changed

Full Changelog: https://github.com/biomejs/biome/compare/@​biomejs/biome@​2.4.3...@​biomejs/biome@​2.4.4

Biome CLI v2.4.3

2.4.3

Patch Changes

  • #9120 aa40fc2 Thanks @​ematipico! - Fixed #9109, where the GitHub reporter wasn't correctly enabled when biome ci runs on GitHub Actions.

  • #9128 8ca3f7f Thanks @​dyc3! - Fixed #9107: The HTML parser can now correctly parse Astro directives (client/set/class/is/server), which fixes the formatting for Astro directives.

  • #9124 f5b0e8d Thanks @​ematipico! - Fixed #8882 and #9108: The Astro frontmatter lexer now correctly identifies the closing --- fence when the frontmatter contains multi-line block comments with quote characters, strings that mix quote types (e.g. "it's"), or escaped quote characters (e.g. "\").

  • #9142 3ca066b Thanks @​THernandez03! - Fixed #9141: The noUnknownAttribute rule no longer reports closedby as an unknown attribute on <dialog> elements.

  • #9126 792013e Thanks @​ematipico! - Added missing Mocha globals to the Test domain: context, run, setup, specify, suite, suiteSetup, suiteTeardown, teardown, xcontext, xdescribe, xit, and xspecify. These are injected by Mocha's BDD and TDD interfaces and were previously flagged as undeclared variables in projects using Mocha.

  • #8855 6918c9e Thanks @​ruidosujeira! - Fixed #8840. Now the Biome CSS parser correctly parses not + scroll-state inside @container queries.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.4

Patch Changes

  • #9150 6946835 Thanks @​dyc3! - Fixed #9138: Astro files containing --- in HTML content (e.g., <h1>---Hi</h1>) are now parsed correctly, both when a frontmatter block is present and when there is no frontmatter at all.

  • #9150 aa6f837 Thanks @​dyc3! - Fixed #9138: The HTML parser incorrectly failing to parse bracket characters ([ and ]) in text content (e.g. <div>[Foo]</div>).

  • #9151 c0d4b0c Thanks @​dyc3! - Fixed parsing of Svelte directive keywords (use, style) when used as plain text content in HTML/Svelte files. Previously, <p>use JavaScript</p> or <p>style it</p> would incorrectly produce a bogus element instead of proper text content.

  • #9162 7f1e060 Thanks @​dyc3! - Fixed #9161: The Vue parser now correctly handles colon attributes like xlink:href and xmlns:xlink by parsing them as single attributes instead of splitting them into separate tokens.

  • #9164 458211b Thanks @​dyc3! - Fixed #9161: The noAssignInExpressions rule no longer flags assignments in Vue v-on directives (e.g., @click="counter += 1"). Assignments in event handlers are idiomatic Vue patterns and are now skipped by the rule.

2.4.3

Patch Changes

  • #9120 aa40fc2 Thanks @​ematipico! - Fixed #9109, where the GitHub reporter wasn't correctly enabled when biome ci runs on GitHub Actions.

  • #9128 8ca3f7f Thanks @​dyc3! - Fixed #9107: The HTML parser can now correctly parse Astro directives (client/set/class/is/server), which fixes the formatting for Astro directives.

  • #9124 f5b0e8d Thanks @​ematipico! - Fixed #8882 and #9108: The Astro frontmatter lexer now correctly identifies the closing --- fence when the frontmatter contains multi-line block comments with quote characters, strings that mix quote types (e.g. "it's"), or escaped quote characters (e.g. "\").

  • #9142 3ca066b Thanks @​THernandez03! - Fixed #9141: The noUnknownAttribute rule no longer reports closedby as an unknown attribute on <dialog> elements.

  • #9126 792013e Thanks @​ematipico! - Added missing Mocha globals to the Test domain: context, run, setup, specify, suite, suiteSetup, suiteTeardown, teardown, xcontext, xdescribe, xit, and xspecify. These are injected by Mocha's BDD and TDD interfaces and were previously flagged as undeclared variables in projects using Mocha.

  • #8855 6918c9e Thanks @​ruidosujeira! - Fixed #8840. Now the Biome CSS parser correctly parses not + scroll-state inside @container queries.

  • #9111 4fb55cf Thanks @​Jayllyz! - Slightly improved performance of noIrregularWhitespace by adding early return optimization and simplifying character detection logic.

  • #8975 086a0c5 Thanks @​FrankFMY! - Fixed #8478: useDestructuring no longer suggests destructuring when the variable has a type annotation, like const foo: string = object.foo.

2.4.2

Patch Changes

  • #9103 fc9850c Thanks @​dyc3! - Fixed #9098: useImportType no longer incorrectly flags imports used in Svelte control flow blocks ({#if}, {#each}, {#await}, {#key}) as type-only imports.

  • #9106 f4b7296 Thanks @​dyc3! - Updated rule source metadata for rules from html-eslint.

  • #8960 4a5ff40 Thanks @​abossenbroek! - Added the nursery rule noConditionalExpect. This rule disallows conditional expect() calls inside tests, which can lead to tests that silently pass when assertions never run.

    // Invalid - conditional expect may not run
    test("conditional", async ({ page }) => {
      if (someCondition) {
        await expect(page).toHaveTitle("Title");
      }

... (truncated)

Commits

Updates @commitlint/cli from 20.4.0 to 20.4.2

Release notes

Sourced from @​commitlint/cli's releases.

v20.4.2

20.4.2 (2026-02-19)

Bug Fixes

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.1...v20.4.2

v20.4.1

20.4.1 (2026-02-02)

Reverts

Chore

Full Changelog: conventional-changelog/commitlint@v20.4.0...v20.4.1

Changelog

Sourced from @​commitlint/cli's changelog.

20.4.2 (2026-02-19)

Note: Version bump only for package @​commitlint/cli

20.4.1 (2026-02-02)

Note: Version bump only for package @​commitlint/cli

Commits

Updates @commitlint/config-conventional from 20.4.0 to 20.4.2

Release notes

Sourced from @​commitlint/config-conventional's releases.

v20.4.2

20.4.2 (2026-02-19)

Bug Fixes

New Contributors

Full Changelog: conventional-changelog/commitlint@v20.4.1...v20.4.2

v20.4.1

20.4.1 (2026-02-02)

Reverts

Chore

Full Changelog: conventional-changelog/commitlint@v20.4.0...v20.4.1

Changelog

Sourced from @​commitlint/config-conventional's changelog.

20.4.2 (2026-02-19)

Note: Version bump only for package @​commitlint/config-conventional

20.4.1 (2026-02-02)

Note: Version bump only for package @​commitlint/config-conventional

Commits

Updates lint-staged from 16.2.7 to 16.3.0

Release notes

Sourced from lint-staged's releases.

v16.3.0

Minor Changes

  • #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

  • #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

  • #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.
Changelog

Sourced from lint-staged's changelog.

16.3.0

Minor Changes

  • #1698 feda37a Thanks @​iiroj! - Run external processes with tinyexec instead of nano-spawn. nano-spawn replaced execa in lint-staged version 16 to limit the amount of npm dependencies required, but caused some unknown issues related to spawning tasks. Let's hope tinyexec improves the situation.

  • #1699 1346d16 Thanks @​iiroj! - Remove pidtree as a dependency. When a task fails, its sub-processes are killed more efficiently via the process group on Unix systems, and the taskkill command on Windows.

Patch Changes

  • #1726 87467aa Thanks @​iiroj! - Incorrect brace expansions like *.{js} (nothing to expand) are detected exhaustively, instead of just a single pass.
Commits
  • 9aa2cd7 chore(changeset): release
  • 0c387bc test: make long-running task longer because of GitHub Actions slowness
  • 87467aa refactor: detect incorrect brace expansion exhaustively
  • dceabc6 ci: run npm audit in GitHub Actions
  • d0e4c2a build(deps): update dependencies
  • 93cf144 docs: add tip about lint-staged.sh
  • 9809fee test: adjust integration test logging setup for concurrency
  • cc432df feat: use tinyexec to spawn tasks
  • feda37a feat: use tinyexec for Git commands
  • e15178a docs: fix typos in example comments for environment variables (#1721)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minors-and-patches group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) | `0.37.5` | `0.37.6` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `5.17.1` | `5.18.0` |
| [mermaid](https://github.com/mermaid-js/mermaid) | `11.12.2` | `11.12.3` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.3.13` | `2.4.4` |
| [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.4.0` | `20.4.2` |
| [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.4.0` | `20.4.2` |
| [lint-staged](https://github.com/lint-staged/lint-staged) | `16.2.7` | `16.3.0` |


Updates `@astrojs/starlight` from 0.37.5 to 0.37.6
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.37.6/packages/starlight)

Updates `astro` from 5.17.1 to 5.18.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/astro@5.18.0/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@5.18.0/packages/astro)

Updates `mermaid` from 11.12.2 to 11.12.3
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.12.2...mermaid@11.12.3)

Updates `@biomejs/biome` from 2.3.13 to 2.4.4
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.4.4/packages/@biomejs/biome)

Updates `@commitlint/cli` from 20.4.0 to 20.4.2
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.4.2/@commitlint/cli)

Updates `@commitlint/config-conventional` from 20.4.0 to 20.4.2
- [Release notes](https://github.com/conventional-changelog/commitlint/releases)
- [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md)
- [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.4.2/@commitlint/config-conventional)

Updates `lint-staged` from 16.2.7 to 16.3.0
- [Release notes](https://github.com/lint-staged/lint-staged/releases)
- [Changelog](https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md)
- [Commits](lint-staged/lint-staged@v16.2.7...v16.3.0)

---
updated-dependencies:
- dependency-name: "@astrojs/starlight"
  dependency-version: 0.37.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minors-and-patches
- dependency-name: astro
  dependency-version: 5.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minors-and-patches
- dependency-name: mermaid
  dependency-version: 11.12.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minors-and-patches
- dependency-name: "@biomejs/biome"
  dependency-version: 2.4.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minors-and-patches
- dependency-name: "@commitlint/cli"
  dependency-version: 20.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minors-and-patches
- dependency-name: "@commitlint/config-conventional"
  dependency-version: 20.4.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minors-and-patches
- dependency-name: lint-staged
  dependency-version: 16.3.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minors-and-patches
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 1, 2026
@marekh19
marekh19 merged commit 02f4ca0 into main Mar 2, 2026
3 checks passed
@dependabot
dependabot Bot deleted the dependabot/npm_and_yarn/minors-and-patches-667fb536eb branch March 2, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant