Skip to content

chore(astro): Update dependency astro to ^5.9.2 #6130

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jun 17, 2025
Merged

chore(astro): Update dependency astro to ^5.9.2 #6130

merged 4 commits into from
Jun 17, 2025

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 15, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
astro (source) ^5.7.5 -> ^5.9.2 age adoption passing confidence

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

withastro/astro (astro)

v5.9.2

Compare Source

Patch Changes

  • #​13919 423fe60 Thanks @​ematipico! - Fixes a bug where Astro added quotes to the CSP resources.

    Only certain resources require quotes (e.g. 'self' but not https://cdn.example.com), so Astro no longer adds quotes to any resources. You must now provide the quotes yourself for resources such as 'self' when necessary:

    export default defineConfig({
  experimental: {
    csp: {
      styleDirective: {
        resources: [
-          "self",
+          "'self'",
          "https://cdn.example.com"
        ]
      }
    }
  }
})

  • #​13914 76c5480 Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy feature only

    Removes support for experimental Content Security Policy (CSP) when using the <ClientRouter /> component for view transitions.

    It is no longer possible to enable experimental CSP while using Astro's view transitions. Support was already unstable with the <ClientRouter /> because CSP required making its underlying implementation asynchronous. This caused breaking changes for several users and therefore, this PR removes support completely.

    If you are currently using the component for view transitions, please remove the experimental CSP flag as they cannot be used together.

    import { defineConfig } from 'astro/config';

export default defineConfig({
  experimental: {
-   csp: true
   }
});

    Alternatively, to continue using experimental CSP in your project, you can consider migrating to the browser native View Transition API and remove the <ClientRouter /> from your project. You may be able to achieve similar results if you are not using Astro's enhancements to the native View Transitions and Navigation APIs.

    Support might be reintroduced in future releases. You can follow this experimental feature's development in the CSP RFC.

v5.9.1

Compare Source

Patch Changes

v5.9.0

Compare Source

Minor Changes

  • #​13802 0eafe14 Thanks @​ematipico! - Adds experimental Content Security Policy (CSP) support

    CSP is an important feature to provide fine-grained control over resources that can or cannot be downloaded and executed by a document. In particular, it can help protect against cross-site scripting (XSS) attacks.

    Enabling this feature adds additional security to Astro's handling of processed and bundled scripts and styles by default, and allows you to further configure these, and additional, content types. This new experimental feature has been designed to work in every Astro rendering environment (static pages, dynamic pages and single page applications), while giving you maximum flexibility and with type-safety in mind.

    It is compatible with most of Astro's features such as client islands, and server islands, although Astro's view transitions using the <ClientRouter /> are not yet fully supported. Inline scripts are not supported out of the box, but you can provide your own hashes for external and inline scripts.

    To enable this feature, add the experimental flag in your Astro config:

    // astro.config.mjs
import { defineConfig } from 'astro/config';

export default defineConfig({
  experimental: {
    csp: true,
  },
});

    For more information on enabling and using this feature in your project, see the Experimental CSP docs.

    For a complete overview, and to give feedback on this experimental API, see the Content Security Policy RFC.

  • #​13850 1766d22 Thanks @​ascorbic! - Provides a Markdown renderer to content loaders

    When creating a content loader, you will now have access to a renderMarkdown function that allows you to render Markdown content directly within your loaders. It uses the same settings and plugins as the renderer used for Markdown files in Astro, and follows any Markdown settings you have configured in your Astro project.

    This allows you to render Markdown content from various sources, such as a CMS or other data sources, directly in your loaders without needing to preprocess the Markdown content separately.

    import type { Loader } from 'astro/loaders';
import { loadFromCMS } from './cms';

export function myLoader(settings): Loader {
  return {
    name: 'my-loader',
    async load({ renderMarkdown, store }) {
      const entries = await loadFromCMS();

      store.clear();

      for (const entry of entries) {
        // Assume each entry has a 'content' field with markdown content
        store.set(entry.id, {
          id: entry.id,
          data: entry,
          rendered: await renderMarkdown(entry.content),
        });
      }
    },
  };
}

    The return value of renderMarkdown is an object with two properties: html and metadata. These match the rendered property of content entries in content collections, so you can use them to render the content in your components or pages.

v5.8.2

Compare Source

Patch Changes

v5.8.1

Compare Source

Patch Changes

  • #​13037 de2fc9b Thanks @​nanarino! - Fixes rendering of the popover attribute when it has a boolean value

  • #​13851 45ae95a Thanks @​ascorbic! - Allows disabling default styles for responsive images

    This change adds a new image.experimentalDefaultStyles option that allows you to disable the default styles applied to responsive images.

    When using experimental responsive images, Astro applies default styles to ensure the images resize correctly. In most cases this is what you want – and they are applied with low specificity so your own styles override them. However in some cases you may want to disable these default styles entirely. This is particularly useful when using Tailwind 4, because it uses CSS cascade layers to apply styles, making it difficult to override the default styles.

    image.experimentalDefaultStyles is a boolean option that defaults to true, so you can change it in your Astro config file like this:

    export default {
  image: {
    experimentalDefaultStyles: false,
  },
  experimental: {
    responsiveImages: true,
  },
};

  • #​13858 cb1a168 Thanks @​florian-lefebvre! - Fixes the warning shown when client directives are used on Astro components

  • #​12574 da266d0 Thanks @​apatel369! - Allows using server islands in mdx files

  • #​13843 fbcfa68 Thanks @​z1haze! - Export type AstroSession to allow use in explicitly typed safe code.

v5.8.0

Compare Source

Minor Changes

  • #​13809 3c3b492 Thanks @​ascorbic! - Increases minimum Node.js version to 18.20.8

    Node.js 18 has now reached end-of-life and should not be used. For now, Astro will continue to support Node.js 18.20.8, which is the final LTS release of Node.js 18, as well as Node.js 20 and Node.js 22 or later. We will drop support for Node.js 18 in a future release, so we recommend upgrading to Node.js 22 as soon as possible. See Astro's Node.js support policy for more details.

    ⚠️ Important note for users of Cloudflare Pages: The current build image for Cloudflare Pages uses Node.js 18.17.1 by default, which is no longer supported by Astro. If you are using Cloudflare Pages you should override the default Node.js version to Node.js 22. This does not affect users of Cloudflare Workers, which uses Node.js 22 by default.

Patch Changes

v5.7.14

Compare Source

Patch Changes

v5.7.13

Compare Source

Patch Changes

v5.7.12

Compare Source

Patch Changes

  • #​13752 a079c21 Thanks @​florian-lefebvre! - Improves handling of font URLs not ending with a file extension when using the experimental fonts API

  • #​13750 7d3127d Thanks @​martrapp! - Allows the ClientRouter to open new tabs or windows when submitting forms by clicking while holding the Cmd, Ctrl, or Shift key.

  • #​13765 d874fe0 Thanks @​florian-lefebvre! - Fixes a case where font sources with relative protocol URLs would fail when using the experimental fonts API

  • #​13640 5e582e7 Thanks @​florian-lefebvre! - Allows inferring weight and style when using the local provider of the experimental fonts API

    If you want Astro to infer those properties directly from your local font files, leave them undefined:

    {
  // No weight specified: infer
  style: 'normal'; // Do not infer
}

v5.7.11

Compare Source

Patch Changes

v5.7.10

Compare Source

Patch Changes

v5.7.9

Compare Source

Patch Changes

v5.7.8

Compare Source

Patch Changes

v5.7.7

Compare Source

Patch Changes

v5.7.6

Compare Source

Patch Changes

  • #​13703 659904b Thanks @​ascorbic! - Fixes a bug where empty fallbacks could not be provided when using the experimental fonts API

  • #​13680 18e1b97 Thanks @​florian-lefebvre! - Improves the UnsupportedExternalRedirect error message to include more details such as the concerned destination

  • #​13703 659904b Thanks @​ascorbic! - Simplifies styles for experimental responsive images

    ⚠️ BREAKING CHANGE FOR EXPERIMENTAL RESPONSIVE IMAGES ONLY ⚠️

    The generated styles for image layouts are now simpler and easier to override. Previously the responsive image component used CSS to set the size and aspect ratio of the images, but this is no longer needed. Now the styles just include object-fit and object-position for all images, and sets max-width: 100% for constrained images and width: 100% for full-width images.

    This is an implementation change only, and most users will see no change. However, it may affect any custom styles you have added to your responsive images. Please check your rendered images to determine whether any change to your CSS is needed.

    The styles now use the :where() pseudo-class, which has a specificity of 0, meaning that it is easy to override with your own styles. You can now be sure that your own classes will always override the applied styles, as will global styles on img.

    An exception is Tailwind 4, which uses cascade layers, meaning the rules are always lower specificity. Astro supports browsers that do not support cascade layers, so we cannot use this. If you need to override the styles using Tailwind 4, you must use !important classes. Do check if this is needed though: there may be a layout that is more appropriate for your use case.

  • #​13703 659904b Thanks @​ascorbic! - Adds warnings about using local font files in the publicDir when the experimental fonts API is enabled.

  • #​13703 659904b Thanks @​ascorbic! - Renames experimental responsive image layout option from "responsive" to "constrained"

    ⚠️ BREAKING CHANGE FOR EXPERIMENTAL RESPONSIVE IMAGES ONLY ⚠️

    The layout option called "responsive" is renamed to "constrained" to better reflect its behavior.

    The previous name was causing confusion, because it is also the name of the feature. The responsive layout option is specifically for images that are displayed at the requested size, unless they do not fit the width of their container, at which point they would be scaled down to fit. They do not get scaled beyond the intrinsic size of the source image, or the width prop if provided.

    It became clear from user feedback that many people (understandably) thought that they needed to set layout to responsive if they wanted to use responsive images. They then struggled with overriding styles to make the image scale up for full-width hero images, for example, when they should have been using full-width layout. Renaming the layout to constrained should make it clearer that this layout is for when you want to constrain the maximum size of the image, but allow it to scale-down.

Upgrading

If you set a default image.experimentalLayout in your astro.config.mjs, or set it on a per-image basis using the layout prop, you will need to change all occurences to constrained:

// astro.config.mjs
export default {
  image: {
-    experimentalLayout: 'responsive',
+    experimentalLayout: 'constrained',
  },
}

Configuration

📅 Schedule: Branch creation - "before 7am on the first day of the week" in timezone GMT, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jun 15, 2025
@renovate renovate bot requested review from aeliox and wobsoriano as code owners June 15, 2025 05:30
@vercel Vercel
Copy link

vercel bot commented Jun 15, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
clerk-js-sandbox ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 17, 2025 7:29am

@renovate renovate bot requested review from a team as code owners June 15, 2025 05:30
@renovate renovate bot enabled auto-merge (squash) June 15, 2025 05:30
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jun 15, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: af30056

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Jun 15, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Jun 15, 2025
edited
Loading

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@6130

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@6130

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@6130

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@6130

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@6130

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@6130

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@6130

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@6130

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@6130

@clerk/express

npm i https://pkg.pr.new/@clerk/express@6130

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@6130

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@6130

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@6130

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@6130

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@6130

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@6130

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@6130

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@6130

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@6130

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@6130

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@6130

@clerk/types

npm i https://pkg.pr.new/@clerk/types@6130

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@6130

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@6130

commit: af30056

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jun 16, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@renovate renovate bot merged commit 0fa28c4 into main Jun 17, 2025
37 checks passed
@renovate renovate bot deleted the renovate/astro-dev-minor branch June 17, 2025 07:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@panteliselef panteliselef panteliselef approved these changes

@aeliox aeliox Awaiting requested review from aeliox aeliox is a code owner

@wobsoriano wobsoriano Awaiting requested review from wobsoriano wobsoriano is a code owner

Assignees
No one assigned
Labels
astro dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@panteliselef @clerk-cookie