Bump the npm_and_yarn group across 11 directories with 4 updates by dependabot[bot] · Pull Request #206 · Subhan-Haider/Codiner-Softwar

dependabot · 2026-05-15T03:10:25Z

Bumps the npm_and_yarn group with 1 update in the /community-templates/astro-multi-framework directory: astro.
Bumps the npm_and_yarn group with 1 update in the /community-templates/capacitor-vue-ts directory: vite.
Bumps the npm_and_yarn group with 1 update in the /community-templates/docker-nextjs-lowdb directory: next.
Bumps the npm_and_yarn group with 1 update in the /community-templates/nextjs-official directory: next.
Bumps the npm_and_yarn group with 1 update in the /community-templates/portal-mini-store directory: next.
Bumps the npm_and_yarn group with 1 update in the /e2e-tests/fixtures/import-app/astro directory: vite.
Bumps the npm_and_yarn group with 1 update in the /e2e-tests/fixtures/import-app/minimal directory: vite.
Bumps the npm_and_yarn group with 1 update in the /e2e-tests/fixtures/import-app/minimal-with-ai-rules directory: vite.
Bumps the npm_and_yarn group with 1 update in the /e2e-tests/fixtures/import-app/select-component directory: vite.
Bumps the npm_and_yarn group with 1 update in the /packages/@codiner-sh/nextjs-webpack-component-tagger directory: fast-uri.
Bumps the npm_and_yarn group with 1 update in the /packages/@codiner-sh/react-vite-component-tagger directory: vite.

Updates astro from 4.16.19 to 6.3.3

Release notes

Sourced from astro's releases.

astro@6.3.3

Patch Changes

#16737 bd84f33 Thanks @matthewp! - Fixes a reflected XSS vulnerability where slot names on hydrated components were not HTML-escaped in SSR output

astro@6.3.2

Patch Changes

#16675 11d4592 Thanks @ascorbic! - Fixes a regression where Astro.cache was undefined when experimental.cache was not configured.

The previous documented behavior is for Astro.cache to always be defined as a no-op shim: cache.set() warns once, cache.invalidate() throws and cache.enabled can be used to gate. This allows library and user code can call cache methods without conditional checks. The cache provider registration was being gated at the call site on experimental.cache being configured, which meant the disabled shim branch inside the provider was unreachable and the Astro.cache getter was never attached to the context.

#16691 0f0a4ce Thanks @matthewp! - Fixes HTMLElement is not defined error during HMR when using components with client-side scripts (e.g. Starlight <Tabs>) and the Cloudflare adapter

#16562 07529ec Thanks @matthewp! - Fixes non-prerendered routes failing when a dynamic prerendered route exists in the same project with prerenderEnvironment: 'node'

#16638 272185b Thanks @ematipico! - Fixes a bug where the Astro compiler wasn't freed at the end of the build. After the fix, the memory used by the compiler is now correctly freed at the end of the build.

#16544 d365c97 Thanks @matthewp! - Tightens isRemotePath() to reject control characters after a leading slash and fixes the dev image endpoint origin check

#16685 889e748 Thanks @farrosfr! - Improve validation messages for security.csp.directives when script-src or style-src are incorrectly placed in the directives array.

#16605 772f13a Thanks @rururux! - Fixes assetsPrefix not being available on build from astro:config/server.

#16556 f38dec7 Thanks @matthewp! - Rejects double-encoded URL paths with a 400 response instead of silently falling back to partial decoding

#16659 38bcb25 Thanks @jsparkdev! - Fixes & characters appearing as raw entity strings (e.g. &[#38](https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/38);) in <meta> tags when viewed in link previews or raw HTML.

Updated dependencies [d365c97, 9256345]:

@astrojs/internal-helpers@0.9.1

@astrojs/markdown-remark@7.1.2

astro@6.3.1

Patch Changes

#16646 15fbc41 Thanks @matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

astro@6.3.0

Minor Changes
#16366 d69f858 Thanks @matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

Enabling advanced routing
// astro.config.mjs

... (truncated)

Changelog

Sourced from astro's changelog.

6.3.3

Patch Changes

#16737 bd84f33 Thanks @matthewp! - Fixes a reflected XSS vulnerability where slot names on hydrated components were not HTML-escaped in SSR output

6.3.2

Patch Changes

#16675 11d4592 Thanks @ascorbic! - Fixes a regression where Astro.cache was undefined when experimental.cache was not configured.

The previous documented behavior is for Astro.cache to always be defined as a no-op shim: cache.set() warns once, cache.invalidate() throws and cache.enabled can be used to gate. This allows library and user code can call cache methods without conditional checks. The cache provider registration was being gated at the call site on experimental.cache being configured, which meant the disabled shim branch inside the provider was unreachable and the Astro.cache getter was never attached to the context.

#16691 0f0a4ce Thanks @matthewp! - Fixes HTMLElement is not defined error during HMR when using components with client-side scripts (e.g. Starlight <Tabs>) and the Cloudflare adapter

#16562 07529ec Thanks @matthewp! - Fixes non-prerendered routes failing when a dynamic prerendered route exists in the same project with prerenderEnvironment: 'node'

#16638 272185b Thanks @ematipico! - Fixes a bug where the Astro compiler wasn't freed at the end of the build. After the fix, the memory used by the compiler is now correctly freed at the end of the build.

#16544 d365c97 Thanks @matthewp! - Tightens isRemotePath() to reject control characters after a leading slash and fixes the dev image endpoint origin check

#16685 889e748 Thanks @farrosfr! - Improve validation messages for security.csp.directives when script-src or style-src are incorrectly placed in the directives array.

#16605 772f13a Thanks @rururux! - Fixes assetsPrefix not being available on build from astro:config/server.

#16556 f38dec7 Thanks @matthewp! - Rejects double-encoded URL paths with a 400 response instead of silently falling back to partial decoding

#16659 38bcb25 Thanks @jsparkdev! - Fixes & characters appearing as raw entity strings (e.g. &[#38](https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/38);) in <meta> tags when viewed in link previews or raw HTML.

Updated dependencies [d365c97, 9256345]:

@astrojs/internal-helpers@0.9.1

@astrojs/markdown-remark@7.1.2

6.3.1

Patch Changes

#16646 15fbc41 Thanks @matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

6.3.0

Minor Changes

#16366 d69f858 Thanks @matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

... (truncated)

Commits

5ec95d0 [ci] release (#16736)
bce5c34 [ci] format
bd84f33 fix(security): escape slot names in hydration template attributes to prevent ...
42e7eec refactor: fix flaky view-transitions e2e test (#16735)
33b54c4 [ci] format
0f868b0 chore: remove redundant server assertions (#16721)
e345bcd [ci] release (#16653)
04fdbb2 Update pnpm to v11 (#16716)
772f13a fix(astro): correctly export build.assetsPrefix from astro:config/server ...
d1c258a test: isolate fixture cache dirs for shared fixtures (#16689)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for astro since your current version.

Updates vite from 4.5.14 to 8.0.13

Release notes

Sourced from vite's releases.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.13 (2026-05-14)

Features

bundled-dev: add lazy bundling support (#21406) (4f0949f)

optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)

update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

build: copy public directory after building same environment with write=false (#22328) (158e8ae)

css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)

css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)

make isBundled per environment (#22257) (a576326)

ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

remove irrelevant commits from changelog (#22430) (6ea3838)

update changelog (#22413) (fcdc87c)

8.0.12 (2026-05-11)

Features

update rolldown to 1.0.0 (#22401) (cf0ff41)

Bug Fixes

deps: update all non-major dependencies (#22420) (2be6000)

module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#22369) (f5a22e6)

refer to rolldownOptions instead of deprecated rollupOptions in messages (#22400) (b675c7b)

worker: apply build.target to worker bundle (#22404) (3c93fde)

worker: forward define to worker bundle transform (#22408) (d4838a0)

Miscellaneous Chores

deps: update dependency eslint-plugin-n to v18 (#22423) (2fe7bd2)

deps: update rolldown-related dependencies (#22421) (66b9eb3)

8.0.11 (2026-05-07)

Features

update rolldown to 1.0.0-rc.18 (#22360) (3f80524)

Bug Fixes

deps: update all non-major dependencies (#22334) (672c962)

deps: update all non-major dependencies (#22382) (5c0cfcb)

glob: align hmr matcher options with glob enumeration (#22306) (30028f9)

make separate object instance for each environment (#22276) (7c2aa3b)

... (truncated)

Commits

a46f11a release: v8.0.13
d9b18e0 fix(ssr): avoid rewriting labels that collide with imports (#22451)
4f0949f feat(bundled-dev): add lazy bundling support (#21406)
158e8ae fix(build): copy public directory after building same environment with `write...
47071ce feat(optimizer): improve the esbuild plugin converter to pass some properties...
8e59c97 fix(css): keep deprecated name/originalFileName in synthetic `assetFileNa...
a576326 fix: make isBundled per environment (#22257)
8c766a6 feat: update rolldown to 1.0.1 (#22444)
b7edcb7 fix(css): await sass/less/styl worker disposal on teardown (fix #22274) (#22275)
fcdc87c chore: update changelog (#22413)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for vite since your current version.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates next from 14.2.35 to 16.2.6

Release notes

Sourced from next's releases.

v16.2.6

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces

GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input

GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API

GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting

GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Core Changes

fix: preserve HTTP access fallbacks during prerender recovery (#92231)

Fix fallback route params case in app-page handler (#91737)

Fix invalid HTML response for route-level RSC requests in deployment adapter (#91541)

Patch setHeader for direct route handlers (#93101)

Include deployment id in cacheHandlers keys (#93453)

Fix double-encoding of URL pathname parts in client param parsing (#93491)

v16.2.5

[!NOTE] This release contains security fixes and backported bug fixes. It does not include all pending features/changes on canary.

Security Fixes

The following advisories have been addressed:

High:

GHSA-8h8q-6873-q5fj: Denial of Service with Server Components

GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes

GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components

GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection

GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades

... (truncated)

Commits

ee6e79b v16.2.6
afa053d Turbopack: Match proxy matchers with webpack implementation (#93594)
97a154e Turbopack: Fix middleware matcher suffix (#93590)
83899bc [backport] Disable build caches for production/staging/force-preview deploys ...
7b222b9 [backport][test] Pin package manager to patch versions (#93595)
a8dc24f [backport] Turbopack: more strict vergen setup (#93587)
766148f v16.2.5
0dd9483 fix: add explicit checks for RSC header (#83) (#98)
d166096 fix proxy matching for segment prefetch URLs (#89) (#96)
9d50c0b Strip next-resume header from incoming requests (#92)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for next since your current version.

Updates vite from 6.3.5 to 6.4.2

Release notes

Sourced from vite's releases.

v8.0.13

Please refer to CHANGELOG.md for details.

v8.0.12

Please refer to CHANGELOG.md for details.

v8.0.11

Please refer to CHANGELOG.md for details.

v8.0.10

Please refer to CHANGELOG.md for details.

v8.0.9

Please refer to CHANGELOG.md for details.

v8.0.8

Please refer to CHANGELOG.md for details.

v8.0.7

Please refer to CHANGELOG.md for details.

v8.0.6

Please refer to CHANGELOG.md for details.

v8.0.5

Please refer to CHANGELOG.md for details.

v8.0.4

Please refer to CHANGELOG.md for details.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.13 (2026-05-14)

Features

bundled-dev: add lazy bundling support (#21406) (4f0949f)

optimizer: improve the esbuild plugin converter to pass some properties of build result to onEnd (#22357) (47071ce)

update rolldown to 1.0.1 (#22444) (8c766a6)

Bug Fixes

build: copy public directory after building same environment with write=false (#22328) (158e8ae)

css: await sass/less/styl worker disposal on teardown (fix #22274) (#22275) (b7edcb7)

css: keep deprecated name/originalFileName in synthetic assetFileNames call (#22439) (8e59c97)

make isBundled per environment (#22257) (a576326)

ssr: avoid rewriting labels that collide with imports (#22451) (d9b18e0)

Miscellaneous Chores

remove irrelevant commits from changelog (#22430) (6ea3838)

update changelog (#22413) (fcdc87c)

8.0.12 (2026-05-11)

Features

update rolldown to 1.0.0 (#22401) (cf0ff41)

Bug Fixes

deps: update all non-major dependencies (#22420) (2be6000)

module-runner: prevent partial-exports race on concurrent imports of in-flight invalidated re-export chains (#22369) (f5a22e6)

refer to rolldownOptions instead of deprecated rollupOptions in messages (#22400) (b675c7b)

worker: apply build.target to worker bundle (#22404) (3c93fde)

worker: forward define to worker bundle transform (#22408) (d4838a0)

Miscellaneous Chores

deps: update dependency eslint-plugin-n to v18 (#22423) (2fe7bd2)

deps: update rolldown-related dependencies (#22421) (66b9eb3)

8.0.11 (2026-05-07)

Features

update rolldown to 1.0.0-rc.18 (#22360) (3f80524)

Bug Fixes

deps: update all non-major dependencies (#22334) (672c962)

Description has been truncated

Bumps the npm_and_yarn group with 1 update in the /community-templates/astro-multi-framework directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). Bumps the npm_and_yarn group with 1 update in the /community-templates/capacitor-vue-ts directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /community-templates/docker-nextjs-lowdb directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /community-templates/nextjs-official directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /community-templates/portal-mini-store directory: [next](https://github.com/vercel/next.js). Bumps the npm_and_yarn group with 1 update in the /e2e-tests/fixtures/import-app/astro directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /e2e-tests/fixtures/import-app/minimal directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /e2e-tests/fixtures/import-app/minimal-with-ai-rules directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /e2e-tests/fixtures/import-app/select-component directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Bumps the npm_and_yarn group with 1 update in the /packages/@codiner-sh/nextjs-webpack-component-tagger directory: [fast-uri](https://github.com/fastify/fast-uri). Bumps the npm_and_yarn group with 1 update in the /packages/@codiner-sh/react-vite-component-tagger directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite). Updates `astro` from 4.16.19 to 6.3.3 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/astro@6.3.3/packages/astro) Updates `vite` from 4.5.14 to 8.0.13 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `next` from 14.2.35 to 16.2.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v14.2.35...v16.2.6) Updates `vite` from 6.3.5 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite) Updates `vite` from 6.3.5 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite) Updates `vite` from 6.3.5 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite) Updates `vite` from 6.3.5 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite) Updates `fast-uri` from 3.0.6 to 3.1.2 - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](fastify/fast-uri@v3.0.6...v3.1.2) Updates `vite` from 5.4.19 to 6.4.2 - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v8.0.13/packages/vite) --- updated-dependencies: - dependency-name: astro dependency-version: 6.3.3 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 8.0.13 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: next dependency-version: 16.2.6 dependency-type: direct:production dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect dependency-group: npm_and_yarn - dependency-name: vite dependency-version: 6.4.2 dependency-type: direct:development dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2026-05-15T03:10:28Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
codiner-software	Error		May 15, 2026 3:10am

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 15, 2026

dependabot Bot requested a review from Subhan-Haider as a code owner May 15, 2026 03:10

vercel Bot had a problem deploying to Preview May 15, 2026 03:10 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the npm_and_yarn group across 11 directories with 4 updates#206

Bump the npm_and_yarn group across 11 directories with 4 updates#206
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/community-templates/astro-multi-framework/npm_and_yarn-645e74ed8b

dependabot Bot commented on behalf of github May 15, 2026

Enabling advanced routing

Uh oh!

vercel Bot commented May 15, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 15, 2026

astro@6.3.3

Patch Changes

astro@6.3.2

Patch Changes

astro@6.3.1

Patch Changes

astro@6.3.0

Minor Changes

Enabling advanced routing

6.3.3

Patch Changes

6.3.2

Patch Changes

6.3.1

Patch Changes

6.3.0

Minor Changes

v8.0.13

v8.0.12

v8.0.11

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

plugin-legacy@8.0.2

create-vite@8.0.1

v8.0.1

8.0.13 (2026-05-14)

Features

Bug Fixes

Miscellaneous Chores

8.0.12 (2026-05-11)

Features

Bug Fixes

Miscellaneous Chores

8.0.11 (2026-05-07)

Features

Bug Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

v16.2.6

Security Fixes

Core Changes

v16.2.5

Security Fixes

v8.0.13

v8.0.12

v8.0.11

v8.0.10

v8.0.9

v8.0.8

v8.0.7

v8.0.6

v8.0.5

v8.0.4

create-vite@8.0.3

v8.0.3

create-vite@8.0.2

v8.0.2

plugin-legacy@8.0.2

create-vite@8.0.1

v8.0.1

8.0.13 (2026-05-14)

vercel Bot commented May 15, 2026 •

edited

Loading