Bump the dependencies group with 4 updates #54

dependabot · 2025-11-30T06:10:34Z

Bumps the dependencies group with 4 updates: astro, htmlhint, @astrojs/check and prettier.

Updates astro from 5.15.9 to 5.16.3

Release notes

astro@5.16.3

Patch Changes

#14889 4bceeb0 Thanks @florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

#14929 e0f277d Thanks @matthewp! - Fixes authentication bypass via double URL encoding in middleware

Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

astro@5.16.2

Patch Changes

#14876 b43dc7f Thanks @florian-lefebvre! - Fixes a vite warning log during builds when using npm

#14884 10273e0 Thanks @florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

astro@5.16.1

Patch Changes

#14769 b43ee71 Thanks @adriandlam! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit

#14761 345eb22 Thanks @ooga! - Updates button attributes types to allow command and commandfor

#14866 65e214b Thanks @GameRoMan! - Fixes Astro.glob to be correctly marked as deprecated

#14894 1ad9a5b Thanks @delucis! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as happy-dom or jsdom

#14782 abed929 Thanks @florian-lefebvre! - Improves syncing

astro@5.16.0

Minor Changes
#13880 1a2ed01 Thanks @azat-io! - Adds experimental SVGO optimization support for SVG assets

Astro now supports automatic SVG optimization using SVGO during build time. This experimental feature helps reduce SVG file sizes while maintaining visual quality, improving your site's performance.

To enable SVG optimization with default settings, add the following to your astro.config.mjs:
import { defineConfig } from 'astro/config';
export default defineConfig({
experimental: {
svgo: true,
},
});
To customize optimization, pass a SVGO configuration object:

... (truncated)

Changelog

Sourced from astro's changelog.

5.16.3

Patch Changes

#14889 4bceeb0 Thanks @florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

#14929 e0f277d Thanks @matthewp! - Fixes authentication bypass via double URL encoding in middleware

Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

5.16.2

Patch Changes

#14876 b43dc7f Thanks @florian-lefebvre! - Fixes a vite warning log during builds when using npm

#14884 10273e0 Thanks @florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

5.16.1

Patch Changes

#14769 b43ee71 Thanks @adriandlam! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit

#14761 345eb22 Thanks @ooga! - Updates button attributes types to allow command and commandfor

#14866 65e214b Thanks @GameRoMan! - Fixes Astro.glob to be correctly marked as deprecated

#14894 1ad9a5b Thanks @delucis! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as happy-dom or jsdom

#14782 abed929 Thanks @florian-lefebvre! - Improves syncing

5.16.0

Minor Changes
#13880 1a2ed01 Thanks @azat-io! - Adds experimental SVGO optimization support for SVG assets

Astro now supports automatic SVG optimization using SVGO during build time. This experimental feature helps reduce SVG file sizes while maintaining visual quality, improving your site's performance.

To enable SVG optimization with default settings, add the following to your astro.config.mjs:
import { defineConfig } from 'astro/config';
export default defineConfig({
experimental: {
svgo: true,
},
});

... (truncated)

Commits

33333e8 [ci] release (#14922)
aa58d05 [ci] format
e0f277d fix: prevent authentication bypass via double URL encoding in middleware (#14...
4bceeb0 fix: actions infer symbol (#14889)
e82358c [ci] release (#14918)
0a2fe43 [ci] format
b43dc7f fix(astro): assets vite build log (#14876)
10273e0 fix: 404 status in ssr (#14884)
6751a2e chore(cli): classes (#14897)
09bbdbb [ci] release (#14845)
Additional commits viewable in compare view

Updates htmlhint from 1.7.1 to 1.8.0

Release notes

Sourced from htmlhint's releases.

v1.8.0

Feat: Add support for disabling rules via HTML comments #1767

Feat: Add ‘allow-non-blocking’ option to head-script-disabled rule #1765

Commits

cf46892 Release v1.8.0 (#1770)
ae0a3a8 chore(deps): bump the github-actions group with 2 updates (#1769)
3347fc4 chore(deps): bump the dependencies group in /website with 2 updates (#1768)
3218808 Add support for disabling rules via HTML comments (#1767)
7e70a23 Add 'allow-non-blocking' option to head-script-disabled rule (#1765)
8113cc4 chore(deps): bump node-sarif-builder in the dependencies group (#1766)
82664ad chore(deps): bump astro from 5.15.8 to 5.15.9 in /website (#1764)
9c59b38 chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 (#1763)
9916314 chore(deps): bump node-sarif-builder in the dependencies group (#1762)
3098968 chore(deps): bump the github-actions group with 2 updates (#1761)
Additional commits viewable in compare view

Updates @astrojs/check from 0.9.5 to 0.9.6

Release notes

Sourced from @astrojs/check's releases.

@astrojs/check@0.9.6

Patch Changes

#14740 abfed97 Thanks @ArmandPhilippot! - Fixes link targets in documentation following repository relocation.

Updated dependencies [abfed97]:

@astrojs/language-server@2.16.1

Changelog

Sourced from @astrojs/check's changelog.

0.9.6

Patch Changes

#14740 abfed97 Thanks @ArmandPhilippot! - Fixes link targets in documentation following repository relocation.

Updated dependencies [abfed97]:

@astrojs/language-server@2.16.1

Commits

7523a1f [ci] release (#14907)
abfed97 fix: replace withastro/language-tools mentions (#14740)
f3bc8b2 fix: binary path
b35983b fix(check): make the binary work in dev mode
372b7c3 feat(language-tools): Match monorepo coding style and cleanup
820a866 Update from language-tools
474f300 fix: tsconfig
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @astrojs/check since your current version.

Updates prettier from 3.6.2 to 3.7.3

Release notes

Sourced from prettier's releases.

3.7.3

What's Changed

Fix prettier.getFileInfo() change that breaks VSCode extension by @fisker in prettier/prettier#18375

🔗 Changelog

3.7.2

What's Changed

Fix string print when switching quotes by @fisker in prettier/prettier#18351

Preserve quote for embedded HTML attribute values by @kovsu in prettier/prettier#18352

Fix comment in empty type literal by @fisker in prettier/prettier#18364

🔗 Changelog

3.7.1

Fix performance regression in doc printer (#18342 by @fisker)

🔗 Changelog

3.7.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.7.3

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#18375 by @fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

3.7.2

diff

JavaScript: Fix string print when switching quotes (#18351 by @fisker)
// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")
// Prettier 3.7.1
console.log('A descriptor\'s .kind must be "method" or "field".');
// Prettier 3.7.2
console.log('A descriptor\'s .kind must be "method" or "field".');
JavaScript: Preserve quote for embedded HTML attribute values (#18352 by @kovsu)
// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;
// Prettier 3.7.1
const html = /* HTML */ &lt;div class=${styles.banner}&gt;&lt;/div&gt;;
// Prettier 3.7.2
const html = /* HTML */ &lt;div class=&quot;${styles.banner}&quot;&gt;&lt;/div&gt;;
TypeScript: Fix comment in empty type literal (#18364 by @fisker)
// Input
export type XXX = {
  // tbd
};
// Prettier 3.7.1
</tr></table>

... (truncated)

Commits

fdfa670 Release 3.7.3
2dce3ec Fix typo
27d6c64 Revert previous change to getFileInfo (#18375)
f4a7afa Add types for config related functions (#18376)
9266e3e Add resolved test cases (#18358)
3bfc014 Bump Prettier dependency to 3.7.2
081b846 Clean changelog_unreleased
03384c9 Release 3.7.2
514e51a Release @prettier/plugin-hermes & @prettier/plugin-oxc v0.1.2
29a11ae Fix comment in empty type literal (#18364)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 4 updates: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro), [htmlhint](https://github.com/htmlhint/HTMLHint), [@astrojs/check](https://github.com/withastro/astro/tree/HEAD/packages/language-tools/astro-check) and [prettier](https://github.com/prettier/prettier). Updates `astro` from 5.15.9 to 5.16.3 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/astro@5.16.3/packages/astro) Updates `htmlhint` from 1.7.1 to 1.8.0 - [Release notes](https://github.com/htmlhint/HTMLHint/releases) - [Commits](htmlhint/HTMLHint@v1.7.1...v1.8.0) Updates `@astrojs/check` from 0.9.5 to 0.9.6 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/language-tools/astro-check/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/check@0.9.6/packages/language-tools/astro-check) Updates `prettier` from 3.6.2 to 3.7.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.6.2...3.7.3) --- updated-dependencies: - dependency-name: astro dependency-version: 5.16.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: htmlhint dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: "@astrojs/check" dependency-version: 0.9.6 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: prettier dependency-version: 3.7.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

…ps://github.com/htmlhint/htmlhint-playground into dependabot/npm_and_yarn/dependencies-270908bc8d

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 30, 2025

dependabot bot requested a review from coliff as a code owner November 30, 2025 06:10

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 30, 2025

dependabot bot had a problem deploying to github-pages November 30, 2025 06:11 Failure

dependabot bot force-pushed the dependabot/npm_and_yarn/dependencies-270908bc8d branch from 1ab83db to 55aeb92 Compare November 30, 2025 06:13

dependabot bot had a problem deploying to github-pages November 30, 2025 06:14 Failure

coliff added 2 commits November 30, 2025 15:14

Merge branch 'dependabot/npm_and_yarn/dependencies-270908bc8d' of htt…

7e8494b

…ps://github.com/htmlhint/htmlhint-playground into dependabot/npm_and_yarn/dependencies-270908bc8d

Update build.yml

172f7b8

coliff had a problem deploying to github-pages November 30, 2025 06:15 — with GitHub Actions Failure

coliff approved these changes Nov 30, 2025

View reviewed changes

coliff merged commit 8f041d1 into main Nov 30, 2025
4 of 6 checks passed

coliff deleted the dependabot/npm_and_yarn/dependencies-270908bc8d branch November 30, 2025 06:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the dependencies group with 4 updates #54

Bump the dependencies group with 4 updates #54

Uh oh!

dependabot bot commented on behalf of github Nov 30, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Bump the dependencies group with 4 updates #54

Bump the dependencies group with 4 updates #54

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 30, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

astro@5.16.3

Patch Changes

astro@5.16.2

Patch Changes

astro@5.16.1

Patch Changes

astro@5.16.0

Minor Changes

5.16.3

Patch Changes

5.16.2

Patch Changes

5.16.1

Patch Changes

5.16.0

Minor Changes

v1.8.0

@​astrojs/check@​0.9.6

Patch Changes

0.9.6

Patch Changes

3.7.3

What's Changed

3.7.2

What's Changed

3.7.1

3.7.0

3.7.3

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#18375 by @​fisker)

3.7.2

JavaScript: Fix string print when switching quotes (#18351 by @​fisker)

JavaScript: Preserve quote for embedded HTML attribute values (#18352 by @​kovsu)

TypeScript: Fix comment in empty type literal (#18364 by @​fisker)

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Nov 30, 2025 •

edited

Loading

`@astrojs/check@0`.9.6

API: Fix `prettier.getFileInfo()` change that breaks VSCode extension (#18375 by `@fisker`)

JavaScript: Fix string print when switching quotes (#18351 by `@fisker`)

JavaScript: Preserve quote for embedded HTML attribute values (#18352 by `@kovsu`)

TypeScript: Fix comment in empty type literal (#18364 by `@fisker`)