fix(deps): update astro monorepo (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@astrojs/react (source)	3.6.2 → 5.0.4
astro (source)	4.16.6 → 6.3.1

---

Release Notes

withastro/astro (@​astrojs/react)

v5.0.4

Compare Source

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

v5.0.3

Compare Source

Patch Changes

• #​16224 a2b9eeb Thanks @​fkatsuhiro! - Fix React 19 "Float" mechanism injecting into Astro islands instead of the . This PR adds a filter to @​astrojs/react to strip these auto-generated resource from the island's HTML output, ensuring valid HTML structure.

v5.0.2

Compare Source

Patch Changes

• #​15378 a8a926e Thanks @​dmgawel! - Fix React hydration errors when using conditional slot rendering

• #​15146 f771f75 Thanks @​kedarvartak! - Fixes hydration mismatch when using experimentalReactChildren

• #​14917 769265b Thanks @​sanjaiyan-dev! - Refactors to improve the performance of rendering static HTML content in React

v5.0.1

Compare Source

Patch Changes

• #​15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

v5.0.0

Compare Source

Major Changes

• #​14427 e131261 Thanks @​florian-lefebvre! - Increases minimum Node.js version to 22.12.0 - (v6 upgrade guidance)

• #​14445 ecb0b98 Thanks @​florian-lefebvre! - Astro v6.0 upgrades to Vite v7.0 as the development server and production bundler - (v6 upgrade guidance)

Minor Changes

• #​15312 72f7960 Thanks @​ocavue! - Update @vitejs/plugin-react to v5.

Patch Changes

• #​15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #​15264 11efb05 Thanks @​florian-lefebvre! - Lower the Node version requirement to allow running on Stackblitz until it supports v22

• #​15700 4e7f3e8 Thanks @​ocavue! - Improves how React components are identified when setting the include and/or exclude options in projects where multiple JSX frameworks are used together

• Updated dependencies [4ebc1e3, 4e7f3e8, a164c77, cf6ea6b, a18d727, 240c317, 745e632]:

  • @​astrojs/internal-helpers@​0.8.0

v4.4.2

Compare Source

Patch Changes

• #​14715 3d55c5d Thanks @​ascorbic! - Adds support for client hydration in getContainerRenderer()

  The getContainerRenderer() function is exported by Astro framework integrations to simplify the process of rendering framework components when using the experimental Container API inside a Vite or Vitest environment. This update adds the client hydration entrypoint to the returned object, enabling client-side interactivity for components rendered using this function. Previously this required users to manually call container.addClientRenderer() with the appropriate client renderer entrypoint.

  See the container-with-vitest demo for a usage example, and the Container API documentation for more information on using framework components with the experimental Container API.

v4.4.1

Compare Source

Patch Changes

• #​14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

v4.4.0

Compare Source

Minor Changes

• #​14386 f75f446 Thanks @​yanthomasdev! - Stabilizes the formerly experimental getActionState() and withState() functions introduced in @astrojs/react v3.4.0 used to integrate Astro Actions with React 19's useActionState() hook.

  This example calls a like action that accepts a postId and returns the number of likes. Pass this action to the withState() function to apply progressive enhancement info, and apply to useActionState() to track the result:

  import { actions } from 'astro:actions';
  import { withState } from '@​astrojs/react/actions';
  import { useActionState } from 'react';
  
  export function Like({ postId }: { postId: string }) {
    const [state, action, pending] = useActionState(
      withState(actions.like),
      0, // initial likes
    );
  
    return (
      <form action={action}>
        <input type="hidden" name="postId" value={postId} />
        <button disabled={pending}>{state} ❤️</button>
      </form>
    );
  }
  

  You can also access the state stored by useActionState() from your action handler. Call getActionState() with the API context, and optionally apply a type to the result:

  import { defineAction } from 'astro:actions';
  import { z } from 'astro:schema';
  import { getActionState } from '@​astrojs/react/actions';
  
  export const server = {
    like: defineAction({
      input: z.object({
        postId: z.string(),
      }),
      handler: async ({ postId }, ctx) => {
        const currentLikes = getActionState<number>(ctx);
        // write to database
        return currentLikes + 1;
      },
    }),
  };
  

  If you were previously using this experimental feature, you will need to update your code to use the new stable exports:

  // src/components/Form.jsx
  import { actions } from 'astro:actions';
  -import { experimental_withState } from '@​astrojs/react/actions';
  +import { withState } from '@​astrojs/react/actions';
  import { useActionState } from "react";

  // src/actions/index.ts
  import { defineAction, type SafeResult } from 'astro:actions';
  import { z } from 'astro:schema';
  -import { experimental_getActionState } from '@​astrojs/react/actions';
  +import { getActionState } from '@​astrojs/react/actions';

v4.3.1

Compare Source

Patch Changes

• #​14326 c24a8f4 Thanks @​jsparkdev! - Updates vite version to fix CVE

v4.3.0

Compare Source

Minor Changes

• #​13809 3c3b492 Thanks @​ascorbic! - Increases minimum Node.js version to 18.20.8

  Node.js 18 has now reached end-of-life and should not be used. For now, Astro will continue to support Node.js 18.20.8, which is the final LTS release of Node.js 18, as well as Node.js 20 and Node.js 22 or later. We will drop support for Node.js 18 in a future release, so we recommend upgrading to Node.js 22 as soon as possible. See Astro's Node.js support policy for more details.

  ⚠️ Important note for users of Cloudflare Pages: The current build image for Cloudflare Pages uses Node.js 18.17.1 by default, which is no longer supported by Astro. If you are using Cloudflare Pages you should override the default Node.js version to Node.js 22. This does not affect users of Cloudflare Workers, which uses Node.js 22 by default.

v4.2.7

Compare Source

Patch Changes

• #​13731 c3e80c2 Thanks @​jsparkdev! - update vite to latest version for fixing CVE

v4.2.6

Compare Source

Patch Changes

• #​13720 e1cd1ae Thanks @​florian-lefebvre! - Fixes SSR renderer type

v4.2.5

Compare Source

Patch Changes

• #​13663 a19a185 Thanks @​florian-lefebvre! - Improves type-safety of renderers

v4.2.4

Compare Source

Patch Changes

• #​13596 3752519 Thanks @​jsparkdev! - update vite to latest version to fix CVE

• #​13547 360cb91 Thanks @​jsparkdev! - Updates vite to the latest version

v4.2.3

Compare Source

Patch Changes

• #​13526 ff9d69e Thanks @​jsparkdev! - update vite to the latest version

v4.2.2

Compare Source

Patch Changes

• #​13505 a98ae5b Thanks @​ematipico! - Updates the dependency vite to the latest.

v4.2.1

Compare Source

Patch Changes

• #​13323 80926fa Thanks @​ematipico! - Updates esbuild and vite to the latest to avoid false positives audits warnings caused by esbuild.

v4.2.0

Compare Source

Minor Changes

• #​13036 3c90d8f Thanks @​artmsilva! - Adds experimental support for disabling streaming

  This is useful to support libraries that are not compatible with streaming such as some CSS-in-JS libraries. To disable streaming for all React components in your project, set experimentalDisableStreaming: true as a configuration option for @astrojs/react:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import react from '@​astrojs/react';
  
  export default defineConfig({
    integrations: [
      react({
  +      experimentalDisableStreaming: true,
      }),
    ],
  });

v4.1.6

Compare Source

Patch Changes

• #​12996 80c6801 Thanks @​bluwy! - Removes hardcoded ssr.external: ['react-dom/server', 'react-dom/client'] config that causes issues with adapters that bundle all dependencies (e.g. Cloudflare). These externals should already be inferred by default by Vite when deploying to a server environment.

• #​13011 cf30880 Thanks @​ascorbic! - Upgrades Vite

v4.1.5

Compare Source

Patch Changes

• #​12887 ea603ae Thanks @​louisescher! - Adds a warning message when multiple JSX-based UI frameworks are being used without either the include or exclude property being set on the integration.

v4.1.4

Compare Source

Patch Changes

• #​12923 c7642fb Thanks @​bluwy! - Removes react-specific entrypoints in optimizeDeps.include and rely on @vitejs/plugin-react to add

v4.1.3

Compare Source

Patch Changes

• #​12948 51ab7b5 Thanks @​bluwy! - Supports checking for React 19 components

v4.1.2

Compare Source

Patch Changes

• #​12799 739dbfb Thanks @​ascorbic! - Upgrades Vite to pin esbuild

v4.1.1

Compare Source

Patch Changes

• #​12755 391df0e Thanks @​matthewp! - Preoptimize React compiler runtime

v4.1.0

Compare Source

Minor Changes

• #​12678 97c9265 Thanks @​bskimball! - Add React 19 stable to peer dependencies

v4.0.0

Compare Source

Major Changes

• #​12524 9f44019 Thanks @​bluwy! - Updates Vite dependency to v6 to match Astro v5

Minor Changes

• #​12539 827093e Thanks @​bluwy! - Drops node 21 support

• #​12510 14feaf3 Thanks @​bholmesdev! - Changes the generated URL query param from _astroAction to _action when submitting a form using Actions. This avoids leaking the framework name into the URL bar, which may be considered a security issue.

v3.6.3

Compare Source

Patch Changes

• #​12481 8a46e80 Thanks @​marbrex! - Resolve vite peer dependency problem for strict package managers like Yarn in PnP mode.

withastro/astro (astro)

v6.3.1

Compare Source

Patch Changes

• #​16646 15fbc41 Thanks @​matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

v6.3.0

Compare Source

Minor Changes

• #​16366 d69f858 Thanks @​matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

  Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

  When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

Enabling advanced routing

// astro.config.mjs
import { defineConfig } from 'astro/config';

export default defineConfig({
  experimental: {
    advancedRouting: true,
  },
});

Two ways to build your pipeline

Astro ships two entrypoints for advanced routing: astro/fetch and astro/hono.

astro/fetch is a low-level, framework-free API built on the Web Fetch standard. You create a FetchState from the incoming request, then call handler functions in sequence. Each handler takes the state, does its work, and returns a Response (or undefined to pass through). This is the core primitive that everything else is built on:

// src/app.ts
import {
  FetchState,
  trailingSlash,
  redirects,
  actions,
  middleware,
  pages,
  i18n,
} from 'astro/fetch';

export default {
  async fetch(request: Request) {
    const state = new FetchState(request);

    // Early exits — these return a Response only when they apply.
    const slash = trailingSlash(state);
    if (slash) return slash;

    const redirect = redirects(state);
    if (redirect) return redirect;

    const action = await actions(state);
    if (action) return action;

    // Middleware wraps page rendering; i18n post-processes the response.
    const response = await middleware(state, () => pages(state));
    return i18n(state, response);
  },
};

astro/hono wraps the same handlers as Hono middleware, so you can mix Astro's pipeline with Hono's ecosystem of middleware (logger, CORS, JWT, rate limiting, etc.) using the app.use() pattern you already know:

// src/app.ts
import { Hono } from 'hono';
import { getCookie } from 'hono/cookie';
import { logger } from 'hono/logger';
import { actions, middleware, pages, i18n } from 'astro/hono';

const app = new Hono();

app.use(logger());

// Auth gate — only runs for /dashboard routes.
app.use('/dashboard/*', async (c, next) => {
  const session = getCookie(c, 'session');
  if (!session) return c.redirect('/login');
  return next();
});

app.use(actions());
app.use(middleware());
app.use(pages());
app.use(i18n());

export default app;

Both approaches give you the same power — pick whichever fits your project. If you don't need a framework, astro/fetch keeps things minimal. If you want a rich middleware ecosystem, astro/hono gets you there with one import.

For more information on enabling and using this feature in your project, see the experimental advanced routing docs. To give feedback, or to keep up with its development, see the advanced routing RFC for more information and discussion.

• #​16366 d69f858 Thanks @​matthewp! - Adds a consume() instance method to AstroCookies. This method marks the cookies as consumed and returns the Set-Cookie header values. After consumption, any subsequent set() calls will log a warning, since the headers have already been sent.

  Previously this was only available as a static method AstroCookies.consume(cookies). The static method is now deprecated but kept for backward compatibility with existing adapters.

• #​16412 ba2d2e3 Thanks @​0xbejaxer! - Add retry and error event handling for astro-island hydration import failures to reduce unrecoverable hydration errors on transient network failures.

• #​16582 885cd31 Thanks @​Princesseuh! - Adds a new image.dangerouslyProcessSVG flag to optionally enable processing SVG inputs. For security reasons, Astro will no longer rasterizes SVG image sources by default in its default image service and endpoint.

  Set image.dangerouslyProcessSVG: true to opt back into processing SVG inputs.

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    // ...
    image: {
      dangerouslyProcessSVG: true,
    },
  });

  Note that this is a breaking change for users who were previously relying on Astro's default image service to rasterize SVG inputs, but it is a necessary change to improve security and prevent potential vulnerabilities.

• #​16519 1b1c218 Thanks @​louisescher! - Adds support for redirecting URLs in remote image optimization.

  Previously, when a remote image URL meant to be optimized by Astro led to a redirect, Astro would fail silently and ignore the redirect. Now, Astro tracks up to 10 redirects for these images. If any of the redirects are not covered by a pattern in image.remotePatterns or a domain in image.domains, Astro will fail with a helpful error message.

  In the following example, the first image would be loaded successfully, while the second would lead to Astro throwing an error:

  export default defineConfig({
    image: {
      domains: ['example.com', 'cdn.example.com'],
    },
  });

  {
    /* Redirects to https://cdn.example.com/assets/image.png: */
  }
  <Image
    src="https://example.com/assets/image.png"
    width="1920"
    height="1080"
    alt="An example image."
  />;
  
  {
    /* Redirects to https://malicious.com/image.png: */
  }
  <Image
    src="https://example.com/bad-image.png"
    width="1920"
    height="1080"
    alt="An example image."
  />;

  In cases where all redirects to HTTPS hosts should be trusted, the following configuration for image.remotePatterns can be used:

  export default defineConfig({
    image: {
      remotePatterns: [
        {
          protocol: 'https',
        },
      ],
    },
  });

Patch Changes

• #​16592 9c6efc5 Thanks @​matthewp! - Escapes interpolated values in the dev server redirect HTML template, consistent with how the 404 template already handles them

• #​16585 78f305e Thanks @​web-dev0521! - Fixes z.array(z.boolean()) in form actions incorrectly coercing the string "false" to true. Boolean array elements now use the same 'true'/'false' string comparison as single z.boolean() fields, so submitting ["false", "true", "false"] correctly parses as [false, true, false].

• #​16567 12a03f2 Thanks @​matthewp! - Fixes deleted content collection entries persisting in getCollection() results during dev

• #​16595 ce9b25c Thanks @​web-dev0521! - Fixes pushDirective in the CSP runtime duplicating the new directive once per existing non-matching directive. Calling insertDirective() (or otherwise pushing a directive whose name is not yet in the list) now appends it exactly once, and a directive that merges with a later existing entry no longer leaves an unmerged copy behind.

• #​16600 94e4b7c Thanks @​web-dev0521! - Fixes Astro.preferredLocale returning the wrong value when i18n.locales mixes object-form entries ({ path, codes }) with string entries that normalize to the same locale. The first matching code in the configured locales order is now selected, matching the documented behavior.

• #​16591 cce20f7 Thanks @​matthewp! - Uses a consistent generic error message in the image endpoint across all adapters

• #​16629 f54be80 Thanks @​g-taki! - Fixes a bug where SSR responses in astro dev could crash with TypeError: this.logger.flush is not a function.

• #​16589 3740b24 Thanks @​ArmandPhilippot! - Fixes an outdated code snippet in the documentation for session storage configuration.

• Updated dependencies [354e231]:

  • @​astrojs/telemetry@​3.3.2

v6.2.2

Compare Source

Patch Changes

• #​16292 00f48ee Thanks @​p-linnane! - Fixes head metadata propagation in dev for adapters that load modules in the prerender Vite environment, such as @astrojs/cloudflare. The astro:head-metadata plugin previously only tracked the ssr environment, so maybeRenderHead() could fire inside an unrelated component's <template> element, trapping subsequent hoisted <style> blocks.

• #​16451 778865f Thanks @​maximslo! - Fixes build crash when processing animated AVIF images. Sharp now gracefully passes through unsupported image formats instead of crashing during the build.

• #​16548 7214d3e Thanks @​senutpal! - Fixes scoped styles applying to the wrong element when vite.css.transformer is set to 'lightningcss' and a selector uses a nested & inside :where(...), such as Tailwind v4's space-x-*, space-y-*, and divide-* utilities.

• #​16566 9ac96b4 Thanks @​web-dev0521! - Fixes data-astro-prefetch="tap" not triggering when clicking nested elements (e.g. <span>, <img>, <svg>) inside an anchor tag.

• #​15994 1e70d18 Thanks @​ossaidqadri! - Fix <style> compilation failure when importing Astro components via tsconfig path aliases

• #​16144 1cd6650 Thanks @​fkatsuhiro! - Fixed a regression where .html was unexpectedly stripped from dynamic route parameters on non-page routes (.ts endpoints and redirects). This caused endpoints like /some/[...id].ts returning id: 'file.html' on getStaticPaths to not serve that file because the generated route (/some/file.html) would get matched as id: file that is not part of the list returned by getStaticPaths.

• #​16415 559c0fd Thanks @​0xbejaxer! - Fix CSS traversal boundaries so pages with export const partial = true still contribute styles when imported as components by other pages.

• #​16516 17f1867 Thanks @​fkatsuhiro! - Fixes an issue where the index route would return a 404 error when using a custom base path combined with trailingSlash: 'never'. This ensures that the home page and internal rewrites are correctly matched under these configurations.

• #​16515 280ec88 Thanks @​jp-knj! - Fixes an issue where i18n.fallback pages with fallbackType: 'rewrite' were emitted with empty bodies during astro build.

• #​16565 7959798 Thanks @​enjoyandlove! - Fixes session persistence when session.delete() is the first mutation in a request (no prior get, set, has, or keys). The session was marked dirty in memory, but persistence skipped the save because #data stayed undefined, so the backing store could still return the deleted key on the next request.

• #​16527 86fd80d Thanks @​enjoyandlove! - Prevents script deduplication state from being consumed while rendering inert <template> contexts.

• #​16540 e59c637 Thanks @​ascorbic! - Skips session storage reads when no session cookie is present. Previously, calling session.get() on a request without a session cookie would initialize the storage driver and make a read that was guaranteed to miss. On network-backed drivers this added latency and resource usage to every anonymous request.

• #​16517 6ab0b3c Thanks @​adamchal! - Removes inline CSS for prerendered routes from the SSR manifest. The static HTML on disk already inlines those styles, and the SSR worker never renders prerendered routes, so the data was dead weight. Builds with many prerendered routes and build.inlineStylesheets: "always" (or "auto" with small stylesheets) will see a smaller SSR entry chunk, which reduces cold-start parse time on platforms like Cloudflare Workers.

• #​16509 d3d3557 Thanks @​cyphercodes! - Fix conditional named slot callbacks receiving arguments from Astro.slots.render().

• #​16236 c6b068e Thanks @​fkatsuhiro! - Fixes the position prop on <Image /> and <Picture /> components to correctly apply object-position styles

• #​16018 d14f47c Thanks @​felmonon! - Fix defineLiveCollection() so LiveLoader data types declared as interfaces are accepted.

v6.2.1

Compare Source

Patch Changes

• #​16531 76db01d Thanks @​rodrigosdev! - Fixes config validation for omitted integrations fields with newer Zod versions.

• #​16535 7df0fe4 Thanks @​rururux! - Fixed an issue where a warning was displayed when the server property was missing during config validation, even though it is not required.

• #​16534 5cf6c51 Thanks @​matthewp! - Fixes compatibility with Zod 4.4.0 for the server config property and error formatting

v6.2.0

Compare Source

Minor Changes

• #​16187 fe58071 Thanks @​gllmt! - Adds a waitUntil option to the RenderOptions so that adapters can forward runtime background-task hooks to Astro.

  When provided by an adapter, runtime cache providers receive context.waitUntil in
  CacheProvider.onRequest(), which allows background cache work such as stale-while-revalidate
  without blocking the response. The Cloudflare adapter now forwards
  ExecutionContext.waitUntil to this API.

• #​16290 a49637a Thanks @​ViVaLaDaniel! - Ensures that server.allowedHosts (and vite.preview.allowedHosts) configuration is respected when using astro preview with the @astrojs/cloudflare adapter. This improves security by preventing DNS rebinding attacks when previewing Cloudflare builds locally.

• #​15725 4108ec1 Thanks @​meyer! - Adds support for a new 'jsx' value for the compressHTML option. When set, whitespace is stripped using JSX whitespace rules instead of the default HTML compression strategy.

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    compressHTML: 'jsx',
  });

  In JSX, whitespaces never matter, as such, no amount of indentation, or newlines will not affect the rendered output. For instance, the following code:

  <div>
    <span>foo</span>
    <span>bar</span>
  </div>

  will be rendered as foobar, whereas with HTML whitespace rules, a space would be present between the words due to the newline and indentation between the tags.

• #​16477 28fb3e1 Thanks @​ematipico! - Adds experimental support for configurable log handlers.

  This experimental feature provides better control over Astro's logging infrastructure by allowing users to replace the default console output with custom logging implementations (e.g., structured JSON). This is particularly useful for users using on-demand rendering and wishing to connect their log aggregation services, such as Kibana, Logstash, CloudWatch, Grafana, or Loki.

  By default, Astro provides three built-in log handlers (json, node, and console), but you can also create your own.

JSON logging

JSON logging can be enabled via the CLI for the build, dev, and sync commands using the experimentalJson flag:

// astro.config.mjs
import { defineConfig, logHandlers } from 'astro/config';

export default defineConfig({
  experimental: {
    logger: logHandlers.json({
      pretty: true,
      level: 'warn',
    }),
  },
});

Custom logger

You can also create your own custom logger by implementing the correct interface:

// astro.config.mjs
import { defineConfig } from 'astro/config';

export default defineConfig({
  experimental: {
    logger: {
      entrypoint: '@​org/custom-logger',
    },
  },
});

// @​org/custom-logger.js
import type { AstroLoggerDestination, AstroLoggerMessage } from 'astro';
import { matchesLevel } from 'astor/logger';

function customLogger(level = 'info'): AstroLoggerDestination {
  return {
    write(message: AstroLoggerMessage) {
      if (matchesLevel(message.level, level)) {
        // write message somewhere
      }
    },
  };
}

export default customLogger;

For more information on enabling and using this feature in your project, see the Experimental Logger docs.

For a complete overview and to give feedback on this experimental API, see the Custom logger RFC.

• #​16333 0f7c3c8 Thanks @​florian-lefebvre! - Adds an experimental flag svgOptimizer that enables automatic optimization of your SVG components using the provided optimizer. This supersedes the svgo experimental flag, which is now removed.

  When enabled, your imported SVG files used as components will be optimized for smaller file sizes and better performance while maintaining visual quality. This can significantly reduce the size of your SVG assets by removing unnecessary metadata, comments, and redundant code.

  Astro ships with a SVGO based optimizer, but any can be used.

  To enable this feature, add the experimental flag in your Astro config and remove svgo if it was enabled:

  // astro.config.mjs
  -import { defineConfig } from "astro/config";
  +import { defineConfig, svgoOptimizer } from "astro/config";
  
  export default defineConfig({
  +  experimental: {
  +    svgOptimizer: svgoOptimizer()
  -    svgo: true
  +  }
  });

  For more information on enabling and using this feature in your project, see the experimental SVG optimization docs.

• #​16302 f6f8e80 Thanks @​florian-lefebvre! - Adds a new experimental_getFontFileURL() method to resolve font file URLs when using the Fonts API

  The fontData object exported from astro:assets was introduced to provide low-level access to font family data for advanced usage. One of the goals of this API was to be able to resolve buffers using URLs. However, it turned out to be impractical, especially during prerendering.

  Astro now exports a new experimental_getFontFileURL() helper function from astro:assets to resolve font file URLs from fontData. For example, when using satori to generate Open Graph images:

  // src/pages/og.png.ts
  
  import type { APIRoute } from "astro";
  -import { fontData } from "astro:assets";
  +import { fontData, experimental_getFontFileURL } from "astro:assets";
  -import { outDir } from "astro:config/server";
  -import { readFile } from "node:fs/promises";
  import satori from "satori";
  import { html } from "satori-html";
  import sharp from "sharp";
  
  export const GET: APIRoute = async (context) => {
    const fontPath = fontData["--font-roboto"][0]?.src[0]?.url;
  
    if (fontPath === undefined) {
      throw new Error("Cannot find the font path.");
    }
  
  -  const data = import.meta.env.DEV
  -    ? await fetch(new URL(fontPath, context.url.origin)).then(async (res) => res.arrayBuffer())
  -    : await readFile(new URL(`.${fontPath}`, outDir));
  +  const url = experimental_getFontFileURL(fontPath, context.url);
  +  const data = await fetch(url).then((res) => res.arrayBuffer());
  
    const svg = await satori(
      html`<div style="color: black;">hello, world</div>`,
      {
        width: 600,
        height: 400,
        fonts: [
          {
            name: "Roboto",
            data,
            weight: 400,
            style: "normal",
          },
        ],
      },
    );
  
    const pngBuffer = await sharp(Buffer.from(svg))
      .resize(600, 400)
      .png()
      .toBuffer();
  
    return new Response(new Uint8Array(pngBuffer), {
      headers: {
        "Content-Type": "image/png",
      },
    });
  };

  See the Fonts API documentation for more information.

Patch Changes

• #​15980 8812382 Thanks @​seroperson! - Prevents script deduplication inside <template> elements

v6.1.10

Compare Source

Patch Changes

• #​16479 1058428 Thanks @​matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

• #​16457 3d82220 Thanks @​matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

• #​16481 152700e Thanks [@​

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Berlin)

• Branch creation
  • "every 2 weeks on Monday before 7am"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[netlify]

✅ Deploy Preview for p5-codesandbox ready!

Name	Link
🔨 Latest commit	18e8521
🔍 Latest deploy log	https://app.netlify.com/projects/p5-codesandbox/deploys/6a0f533b9b1d800008ac7ed6
😎 Deploy Preview	https://deploy-preview-93--p5-codesandbox.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[cloudflare-workers-and-pages]

Deploying p5-code-sandbox with    Cloudflare Pages

Latest commit:	18e8521
Status:	🚫  Build failed.

View logs

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: @vite-pwa/astro@0.5.1
npm error Found: astro@6.3.1
npm error node_modules/astro
npm error   astro@"6.3.1" from the root project
npm error
npm error Could not resolve dependency:
npm error peer astro@"^1.6.0 || ^2.0.0 || ^3.0.0 || ^4.0.0 || ^5.0.0" from @vite-pwa/astro@0.5.1
npm error node_modules/@vite-pwa/astro
npm error   dev @vite-pwa/astro@"0.5.1" from the root project
npm error
npm error Conflicting peer dependency: astro@5.18.1
npm error node_modules/astro
npm error   peer astro@"^1.6.0 || ^2.0.0 || ^3.0.0 || ^4.0.0 || ^5.0.0" from @vite-pwa/astro@0.5.1
npm error   node_modules/@vite-pwa/astro
npm error     dev @vite-pwa/astro@"0.5.1" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2026-05-21T18_47_06_395Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2026-05-21T18_47_06_395Z-debug-0.log