github-starred/gitea-mirror
2
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-05-23 08:01:19 -05:00
Code Issues 140 Packages Projects Releases 100 Wiki Activity

[PR #288] [CLOSED] build(deps): bump the npm_and_yarn group across 2 directories with 4 updates #2920

New Issue
Closed
opened 2026-05-17 19:23:33 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-17 19:23:33 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/RayLabsHQ/gitea-mirror/pull/288
Author: @dependabot[bot]
Created: 5/16/2026
Status: Closed

Base: mainHead: dependabot/npm_and_yarn/npm_and_yarn-3015429894

📝 Commits (1)

  • 7b30d16 build(deps): bump the npm_and_yarn group across 2 directories with 4 updates

📊 Changes

3 files changed (+468 additions, -129 deletions)

View changed files

📝 package.json (+2 -2)
📝 www/package.json (+1 -1)
📝 www/pnpm-lock.yaml (+465 -126)

📄 Description

Bumps the npm_and_yarn group with 2 updates in the / directory: @astrojs/node and better-auth.
Bumps the npm_and_yarn group with 2 updates in the /www directory: astro and devalue.

Updates @astrojs/node from 10.0.1 to 10.0.5

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​10.0.5

Patch Changes

  • #16319 940afd5 Thanks @​matthewp! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. If-Match mismatch) now return the correct status code without far-future cache directives.
Changelog

Sourced from @​astrojs/node's changelog.

10.0.5

Patch Changes

  • #16319 940afd5 Thanks @​matthewp! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. If-Match mismatch) now return the correct status code without far-future cache directives.

10.0.4

Patch Changes

  • #16002 846f27f Thanks @​buley! - Fixes file descriptor leaks from read streams that were not destroyed on client disconnect or read errors

  • #15941 f41584a Thanks @​ematipico! - Fixes an infinite loop in resolveClientDir() when the server entry point is bundled with esbuild or similar tools. The function now throws a descriptive error instead of hanging indefinitely when the expected server directory segment is not found in the file path.

10.0.3

Patch Changes

  • #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

    When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

10.0.2

Patch Changes

Commits

Updates better-auth from 1.5.5 to 1.6.2

Release notes

Sourced from better-auth's releases.

v1.6.2

better-auth

Breaking Changes

  • Prevented unverified TOTP enrollment from blocking sign-in (#8711)

Migration: Schema migration required.

Add the verified column to the twoFactor table, then regenerate/apply your ORM migration.

  • Prisma: run npx auth@latest generate, then npx prisma migrate dev (or npx prisma db push) and npx prisma generate.
  • Drizzle: run npx auth@latest generate, then npx drizzle-kit generate and npx drizzle-kit migrate.

Existing rows do not need a backfill because the column defaults to true.

Features

  • Included enabled 2FA methods in sign-in redirect response (#8772)

Bug Fixes

  • Fixed OAuth state verification against cookie-stored nonce to prevent CSRF (#8949)
  • Fixed infinite router refresh loops in nextCookies() by replacing cookie probe with header-based RSC detection (#9059)
  • Fixed cross-provider account collision in link-social callback (#8983)
  • Included RelayState in signed SAML AuthnRequests (#9058)

For detailed changes, see CHANGELOG

@better-auth/oauth-provider

Bug Fixes

  • Fixed multi-valued query params collapsing through prompt redirects (#9060)
  • Rejected skip_consent at schema level in dynamic client registration (#8998)

For detailed changes, see CHANGELOG

@better-auth/sso

Bug Fixes

  • Fixed SAMLResponse decoding failures caused by line-wrapped base64 (#8968)

For detailed changes, see CHANGELOG

Contributors

Thanks to everyone who contributed to this release:

@​aarmful, @​cyphercodes, @​dvanmali, @​gustavovalverde, @​jaydeep-pipaliya, @​ping-maxwell

... (truncated)

Changelog

Sourced from better-auth's changelog.

1.6.2

Patch Changes

  • #8949 9deb793 Thanks @​ping-maxwell! - security: verify OAuth state parameter against cookie-stored nonce to prevent CSRF on cookie-backed flows

  • #8983 2cbcb9b Thanks @​jaydeep-pipaliya! - fix(oauth2): prevent cross-provider account collision in link-social callback

    The link-social callback used findAccount(accountId) which matched by account ID across all providers. When two providers return the same numeric ID (e.g. both Google and GitHub assign 99999), the lookup could match the wrong provider's account, causing a spurious account_already_linked_to_different_user error or silently updating the wrong account's tokens.

    Replaced with findAccountByProviderId(accountId, providerId) to scope the lookup to the correct provider, matching the pattern already used in the generic OAuth plugin.

  • #9059 b20fa42 Thanks @​gustavovalverde! - fix(next-js): replace cookie probe with header-based RSC detection in nextCookies() to prevent infinite router refresh loops and eliminate leaked __better-auth-cookie-store cookie. Also fix two-factor enrollment flows to set the new session cookie before deleting the old session.

  • #9058 608d8c3 Thanks @​gustavovalverde! - fix(sso): include RelayState in signed SAML AuthnRequests per SAML 2.0 Bindings §3.4.4.1

    • RelayState is now passed to samlify's ServiceProvider constructor so it is included in the redirect binding signature. Previously it was appended after the signature, causing spec-compliant IdPs to reject signed AuthnRequests.
    • authnRequestsSigned: true without a private key now throws instead of silently sending unsigned requests.

  • #8772 8409843 Thanks @​aarmful! - feat(two-factor): include enabled 2fa methods in sign-in redirect response

    The 2FA sign-in redirect now returns twoFactorMethods (e.g. ["totp", "otp"]) so frontends can render the correct verification UI without guessing. The onTwoFactorRedirect client callback receives twoFactorMethods as a context parameter.

    • TOTP is included only when the user has a verified TOTP secret and TOTP is not disabled in config.
    • OTP is included when otpOptions.sendOTP is configured.
    • Unverified TOTP enrollments are excluded from the methods list.

  • #8711 e78a7b1 Thanks @​aarmful! - fix(two-factor): prevent unverified TOTP enrollment from gating sign-in

    Adds a verified boolean column to the twoFactor table that tracks whether a TOTP secret has been confirmed by the user.

    • First-time enrollment: enableTwoFactor creates the row with verified: false. The row is promoted to verified: true only after verifyTOTP succeeds with a valid code.
    • Re-enrollment (calling enableTwoFactor when TOTP is already verified): the new row preserves verified: true, so the user is never locked out of sign-in while rotating their TOTP secret.
    • Sign-in: verifyTOTP rejects rows where verified === false, preventing abandoned enrollments from blocking authentication. Backup codes and OTP are unaffected and work as fallbacks during unfinished enrollment.

    Migration: The new column defaults to true, so existing twoFactor rows are treated as verified. No data migration is required. skipVerificationOnEnable: true is also unaffected — the row is created as verified: true in that mode.

  • Updated dependencies []:

    • @​better-auth/core@​1.6.2
    • @​better-auth/drizzle-adapter@​1.6.2
    • @​better-auth/kysely-adapter@​1.6.2
    • @​better-auth/memory-adapter@​1.6.2
    • @​better-auth/mongo-adapter@​1.6.2
    • @​better-auth/prisma-adapter@​1.6.2
    • @​better-auth/telemetry@​1.6.2

1.6.1

Patch Changes

... (truncated)

Commits
  • 700d298 chore: version packages (#9052)
  • b20fa42 fix(next-js): replace cookie probe with header-based RSC detection in nextCoo...
  • 2cbcb9b fix(oauth2): prevent cross-provider account collision in link-social callback...
  • 9deb793 fix: cookie store strategy should verify oauth state (#8949)
  • 8409843 feat(two-factor): include enabled 2fa methods in sign-in redirect response (#...
  • e78a7b1 fix(two-factor): prevent unverified TOTP enrollment from gating sign-in (#8711)
  • 85bb710 chore: version packages (#9018)
  • 7495830 fix(api): restore getSession accessibility in generic Auth<O> context (#9017)
  • 2e537df fix: endpoint instrumentation to always use route template (#9023)
  • f61ad1c fix: use INVALID_PASSWORD for all checkPassword failures (#8902)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for better-auth since your current version.


Updates astro from 6.1.6 to 6.1.10

Release notes

Sourced from astro's releases.

astro@6.1.10

Patch Changes

  • #16479 1058428 Thanks @​matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

  • #16457 3d82220 Thanks @​matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

  • #16481 152700e Thanks @​matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap during astro dev caused by the browser mis-resolving a relative sourceMappingURL from the /@id/ URL prefix

  • #16480 1bcb43b Thanks @​matthewp! - Fixes an unnecessary full page reload on first navigation during dev

astro@6.1.9

Patch Changes

  • #16448 99464ed Thanks @​matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

  • #16422 a3951d7 Thanks @​matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

  • #16420 e21de1d Thanks @​matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

  • #16419 f3485c3 Thanks @​matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

  • #16022 a002540 Thanks @​mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

  • Updated dependencies [99464ed, f3485c3]:

    • @​astrojs/internal-helpers@​0.9.0
    • @​astrojs/markdown-remark@​7.1.1

astro@6.1.8

Patch Changes

  • #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

  • #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

  • #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

  • #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

  • #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

  • #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

  • #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

  • Updated dependencies [e0b240e]:

    • @​astrojs/telemetry@​3.3.1

astro@6.1.7

Patch Changes

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.10

Patch Changes

  • #16479 1058428 Thanks @​matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

  • #16457 3d82220 Thanks @​matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

  • #16481 152700e Thanks @​matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap during astro dev caused by the browser mis-resolving a relative sourceMappingURL from the /@id/ URL prefix

  • #16480 1bcb43b Thanks @​matthewp! - Fixes an unnecessary full page reload on first navigation during dev

6.1.9

Patch Changes

  • #16448 99464ed Thanks @​matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

  • #16422 a3951d7 Thanks @​matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

  • #16420 e21de1d Thanks @​matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

  • #16419 f3485c3 Thanks @​matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

  • #16022 a002540 Thanks @​mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

  • Updated dependencies [99464ed, f3485c3]:

    • @​astrojs/internal-helpers@​0.9.0
    • @​astrojs/markdown-remark@​7.1.1

6.1.8

Patch Changes

  • #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

  • #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

  • #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

  • #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

  • #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

  • #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

  • #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

  • Updated dependencies [e0b240e]:

    • @​astrojs/telemetry@​3.3.1

... (truncated)

Commits
  • c1f2e4f [ci] release (#16467)
  • 345fb9e chore: fix flaky dev toolbar render time test (#16500)
  • 5120ecd [ci] format
  • 3d82220 Add AEAD context binding to server island encryption (#16457)
  • 1bcb43b Prebundle dev toolbar entrypoint in client environment (#16480)
  • 93101cc [ci] format
  • 152700e fix: strip sourceMappingURL from dev toolbar entrypoint during dep optimizati...
  • bc83041 refactor(astro): migrate test utils to typescript (#16492)
  • 5c543c5 refactor(astro): add internal entry points for test (#16473)
  • 1058428 Suppress content config warning for projects without content collections (#16...
  • Additional commits viewable in compare view

Updates devalue from 5.6.4 to 5.8.1

Release notes

Sourced from devalue's releases.

v5.8.1

Patch Changes

  • 206ca67: fix: force sparse arrays to allocate sparsely

v5.8.0

Minor Changes

  • c5115b0: feat: add stringifyAsync for async serialization

v5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

v5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values
Changelog

Sourced from devalue's changelog.

5.8.1

Patch Changes

  • 206ca67: fix: force sparse arrays to allocate sparsely

5.8.0

Minor Changes

  • c5115b0: feat: add stringifyAsync for async serialization

5.7.1

Patch Changes

  • 8becc7c: fix: handle regexes consistently in uneval's value and reference formats

5.7.0

Minor Changes

  • df2e284: feat: use native alternatives to encode/decode base64
  • 498656e: feat: add DataView support
  • a210130: feat: whitelist Float16Array
  • df2e284: feat: simplify TypedArray slices

Patch Changes

  • 5590634: fix: get uneval type handling up to parity with stringify
  • 57f73fc: fix: correctly support boxed bigints and sentinel values
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/RayLabsHQ/gitea-mirror/pull/288 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 5/16/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/npm_and_yarn-3015429894` --- ### 📝 Commits (1) - [`7b30d16`](https://github.com/RayLabsHQ/gitea-mirror/commit/7b30d16766ad3b8c78a2a35df8afa38306e4c2d0) build(deps): bump the npm_and_yarn group across 2 directories with 4 updates ### 📊 Changes **3 files changed** (+468 additions, -129 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+2 -2) 📝 `www/package.json` (+1 -1) 📝 `www/pnpm-lock.yaml` (+465 -126) </details> ### 📄 Description Bumps the npm_and_yarn group with 2 updates in the / directory: [@astrojs/node](https://github.com/withastro/astro/tree/HEAD/packages/integrations/node) and [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth). Bumps the npm_and_yarn group with 2 updates in the /www directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) and [devalue](https://github.com/sveltejs/devalue). Updates `@astrojs/node` from 10.0.1 to 10.0.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/withastro/astro/releases">@​astrojs/node's releases</a>.</em></p> <blockquote> <h2><code>@​astrojs/node</code><a href="https://github.com/10"><code>@​10</code></a>.0.5</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/withastro/astro/pull/16319">#16319</a> <a href="https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee"><code>940afd5</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. <code>If-Match</code> mismatch) now return the correct status code without far-future cache directives.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/withastro/astro/blob/main/packages/integrations/node/CHANGELOG.md">@​astrojs/node's changelog</a>.</em></p> <blockquote> <h2>10.0.5</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/withastro/astro/pull/16319">#16319</a> <a href="https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee"><code>940afd5</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. <code>If-Match</code> mismatch) now return the correct status code without far-future cache directives.</li> </ul> <h2>10.0.4</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16002">#16002</a> <a href="https://github.com/withastro/astro/commit/846f27f4be8508f728d237e93fcac7c6ec8227b2"><code>846f27f</code></a> Thanks <a href="https://github.com/buley"><code>@​buley</code></a>! - Fixes file descriptor leaks from read streams that were not destroyed on client disconnect or read errors</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/15941">#15941</a> <a href="https://github.com/withastro/astro/commit/f41584ad8af1d9edfa22153fb65005b2e9529d73"><code>f41584a</code></a> Thanks <a href="https://github.com/ematipico"><code>@​ematipico</code></a>! - Fixes an infinite loop in <code>resolveClientDir()</code> when the server entry point is bundled with esbuild or similar tools. The function now throws a descriptive error instead of hanging indefinitely when the expected server directory segment is not found in the file path.</p> </li> </ul> <h2>10.0.3</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/15735">#15735</a> <a href="https://github.com/withastro/astro/commit/9685e2d5ef132ca113144c1714163511a93fd29e"><code>9685e2d</code></a> Thanks <a href="https://github.com/fa-sharp"><code>@​fa-sharp</code></a>! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.</p> <p>When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling <code>next()</code>, causing a memory leak warning. This fix makes sure to run the cleanup before calling <code>next()</code>.</p> </li> </ul> <h2>10.0.2</h2> <h3>Patch Changes</h3> <ul> <li><a href="https://redirect.github.com/withastro/astro/pull/15934">#15934</a> <a href="https://github.com/withastro/astro/commit/6f8f0bc4e22e958ccc2164acb1aa8cce21c43148"><code>6f8f0bc</code></a> Thanks <a href="https://github.com/ematipico"><code>@​ematipico</code></a>! - Updates the Astro <code>peerDependencies#astro</code> to be <code>6.0.0</code>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/withastro/astro/commit/eca29c17853b16fe2d05d1ecc7629b85bd30bfc2"><code>eca29c1</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16314">#16314</a>)</li> <li><a href="https://github.com/withastro/astro/commit/940afd53040a14e924606b3218a8619c1e2674ee"><code>940afd5</code></a> Fix static asset error responses including immutable cache headers (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16319">#16319</a>)</li> <li><a href="https://github.com/withastro/astro/commit/fab9c005403e4c807e469461556385bea1a44840"><code>fab9c00</code></a> chore: upgrade biome (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16246">#16246</a>)</li> <li><a href="https://github.com/withastro/astro/commit/711f837cfa3374a458f1f91e08bc388e7c0e12e6"><code>711f837</code></a> Prevent static assets from being caught by catch-all routes (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16047">#16047</a>)</li> <li><a href="https://github.com/withastro/astro/commit/88fcc98e58455167afa0233163680b833812b69d"><code>88fcc98</code></a> fix integrations links across docs (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16098">#16098</a>)</li> <li><a href="https://github.com/withastro/astro/commit/4a6ff2a40f5aaa844afc5ac2710b129e1d6ca7d5"><code>4a6ff2a</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16020">#16020</a>)</li> <li><a href="https://github.com/withastro/astro/commit/b9e96da0fd6bef9230f9fe60887e99cdfb561dd7"><code>b9e96da</code></a> fix(deps): update dependency vitest to v4 (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15372">#15372</a>)</li> <li><a href="https://github.com/withastro/astro/commit/846f27f4be8508f728d237e93fcac7c6ec8227b2"><code>846f27f</code></a> fix: destroy read streams to prevent file descriptor leaks (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/16002">#16002</a>)</li> <li><a href="https://github.com/withastro/astro/commit/f41584ad8af1d9edfa22153fb65005b2e9529d73"><code>f41584a</code></a> fix(node): recursion fs loop (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15941">#15941</a>)</li> <li><a href="https://github.com/withastro/astro/commit/878791fa7d5a8fb515e21e4ceec7693dbfe2e037"><code>878791f</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/integrations/node/issues/15985">#15985</a>)</li> <li>Additional commits viewable in <a href="https://github.com/withastro/astro/commits/@astrojs/node@10.0.5/packages/integrations/node">compare view</a></li> </ul> </details> <br /> Updates `better-auth` from 1.5.5 to 1.6.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/better-auth/better-auth/releases">better-auth's releases</a>.</em></p> <blockquote> <h2>v1.6.2</h2> <h2><code>better-auth</code></h2> <h3>❗ Breaking Changes</h3> <ul> <li>Prevented unverified TOTP enrollment from blocking sign-in (<a href="https://redirect.github.com/better-auth/better-auth/pull/8711">#8711</a>)</li> </ul> <blockquote> <p><strong>Migration:</strong> Schema migration required.</p> <p>Add the <code>verified</code> column to the <code>twoFactor</code> table, then regenerate/apply your ORM migration.</p> <ul> <li>Prisma: run <code>npx auth@latest generate</code>, then <code>npx prisma migrate dev</code> (or <code>npx prisma db push</code>) and <code>npx prisma generate</code>.</li> <li>Drizzle: run <code>npx auth@latest generate</code>, then <code>npx drizzle-kit generate</code> and <code>npx drizzle-kit migrate</code>.</li> </ul> </blockquote> <blockquote> <p>Existing rows do not need a backfill because the column defaults to <code>true</code>.</p> </blockquote> <h3>Features</h3> <ul> <li>Included enabled 2FA methods in sign-in redirect response (<a href="https://redirect.github.com/better-auth/better-auth/pull/8772">#8772</a>)</li> </ul> <h3>Bug Fixes</h3> <ul> <li>Fixed OAuth state verification against cookie-stored nonce to prevent CSRF (<a href="https://redirect.github.com/better-auth/better-auth/pull/8949">#8949</a>)</li> <li>Fixed infinite router refresh loops in <code>nextCookies()</code> by replacing cookie probe with header-based RSC detection (<a href="https://redirect.github.com/better-auth/better-auth/pull/9059">#9059</a>)</li> <li>Fixed cross-provider account collision in link-social callback (<a href="https://redirect.github.com/better-auth/better-auth/pull/8983">#8983</a>)</li> <li>Included <code>RelayState</code> in signed SAML AuthnRequests (<a href="https://redirect.github.com/better-auth/better-auth/pull/9058">#9058</a>)</li> </ul> <p>For detailed changes, see <a href="https://github.com/better-auth/better-auth/blob/3c12c2043a0be4bbc4438f32e115c381550edce3/packages/better-auth/CHANGELOG.md"><code>CHANGELOG</code></a></p> <h2><code>@better-auth/oauth-provider</code></h2> <h3>Bug Fixes</h3> <ul> <li>Fixed multi-valued query params collapsing through prompt redirects (<a href="https://redirect.github.com/better-auth/better-auth/pull/9060">#9060</a>)</li> <li>Rejected <code>skip_consent</code> at schema level in dynamic client registration (<a href="https://redirect.github.com/better-auth/better-auth/pull/8998">#8998</a>)</li> </ul> <p>For detailed changes, see <a href="https://github.com/better-auth/better-auth/blob/3c12c2043a0be4bbc4438f32e115c381550edce3/packages/oauth-provider/CHANGELOG.md"><code>CHANGELOG</code></a></p> <h2><code>@better-auth/sso</code></h2> <h3>Bug Fixes</h3> <ul> <li>Fixed SAMLResponse decoding failures caused by line-wrapped base64 (<a href="https://redirect.github.com/better-auth/better-auth/pull/8968">#8968</a>)</li> </ul> <p>For detailed changes, see <a href="https://github.com/better-auth/better-auth/blob/3c12c2043a0be4bbc4438f32e115c381550edce3/packages/sso/CHANGELOG.md"><code>CHANGELOG</code></a></p> <h2>Contributors</h2> <p>Thanks to everyone who contributed to this release:</p> <p><a href="https://github.com/aarmful"><code>@​aarmful</code></a>, <a href="https://github.com/cyphercodes"><code>@​cyphercodes</code></a>, <a href="https://github.com/dvanmali"><code>@​dvanmali</code></a>, <a href="https://github.com/gustavovalverde"><code>@​gustavovalverde</code></a>, <a href="https://github.com/jaydeep-pipaliya"><code>@​jaydeep-pipaliya</code></a>, <a href="https://github.com/ping-maxwell"><code>@​ping-maxwell</code></a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/better-auth/better-auth/blob/main/packages/better-auth/CHANGELOG.md">better-auth's changelog</a>.</em></p> <blockquote> <h2>1.6.2</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/better-auth/better-auth/pull/8949">#8949</a> <a href="https://github.com/better-auth/better-auth/commit/9deb7936aba7931f2db4b460141f476508f11bfd"><code>9deb793</code></a> Thanks <a href="https://github.com/ping-maxwell"><code>@​ping-maxwell</code></a>! - security: verify OAuth state parameter against cookie-stored nonce to prevent CSRF on cookie-backed flows</p> </li> <li> <p><a href="https://redirect.github.com/better-auth/better-auth/pull/8983">#8983</a> <a href="https://github.com/better-auth/better-auth/commit/2cbcb9baacdd8e6fa1ed605e9b788f8922f0a8c2"><code>2cbcb9b</code></a> Thanks <a href="https://github.com/jaydeep-pipaliya"><code>@​jaydeep-pipaliya</code></a>! - fix(oauth2): prevent cross-provider account collision in link-social callback</p> <p>The link-social callback used <code>findAccount(accountId)</code> which matched by account ID across all providers. When two providers return the same numeric ID (e.g. both Google and GitHub assign <code>99999</code>), the lookup could match the wrong provider's account, causing a spurious <code>account_already_linked_to_different_user</code> error or silently updating the wrong account's tokens.</p> <p>Replaced with <code>findAccountByProviderId(accountId, providerId)</code> to scope the lookup to the correct provider, matching the pattern already used in the generic OAuth plugin.</p> </li> <li> <p><a href="https://redirect.github.com/better-auth/better-auth/pull/9059">#9059</a> <a href="https://github.com/better-auth/better-auth/commit/b20fa424c379396f0b86f94fbac1604e4a17fe19"><code>b20fa42</code></a> Thanks <a href="https://github.com/gustavovalverde"><code>@​gustavovalverde</code></a>! - fix(next-js): replace cookie probe with header-based RSC detection in <code>nextCookies()</code> to prevent infinite router refresh loops and eliminate leaked <code>__better-auth-cookie-store</code> cookie. Also fix two-factor enrollment flows to set the new session cookie before deleting the old session.</p> </li> <li> <p><a href="https://redirect.github.com/better-auth/better-auth/pull/9058">#9058</a> <a href="https://github.com/better-auth/better-auth/commit/608d8c3082c2d6e52c6ca6a8f38348619869b1ae"><code>608d8c3</code></a> Thanks <a href="https://github.com/gustavovalverde"><code>@​gustavovalverde</code></a>! - fix(sso): include RelayState in signed SAML AuthnRequests per SAML 2.0 Bindings §3.4.4.1</p> <ul> <li>RelayState is now passed to samlify's ServiceProvider constructor so it is included in the redirect binding signature. Previously it was appended after the signature, causing spec-compliant IdPs to reject signed AuthnRequests.</li> <li><code>authnRequestsSigned: true</code> without a private key now throws instead of silently sending unsigned requests.</li> </ul> </li> <li> <p><a href="https://redirect.github.com/better-auth/better-auth/pull/8772">#8772</a> <a href="https://github.com/better-auth/better-auth/commit/84098432ad8432fe33b3134d933e574259f3430a"><code>8409843</code></a> Thanks <a href="https://github.com/aarmful"><code>@​aarmful</code></a>! - feat(two-factor): include enabled 2fa methods in sign-in redirect response</p> <p>The 2FA sign-in redirect now returns <code>twoFactorMethods</code> (e.g. <code>[&quot;totp&quot;, &quot;otp&quot;]</code>) so frontends can render the correct verification UI without guessing. The <code>onTwoFactorRedirect</code> client callback receives <code>twoFactorMethods</code> as a context parameter.</p> <ul> <li>TOTP is included only when the user has a verified TOTP secret and TOTP is not disabled in config.</li> <li>OTP is included when <code>otpOptions.sendOTP</code> is configured.</li> <li>Unverified TOTP enrollments are excluded from the methods list.</li> </ul> </li> <li> <p><a href="https://redirect.github.com/better-auth/better-auth/pull/8711">#8711</a> <a href="https://github.com/better-auth/better-auth/commit/e78a7b120d56b7320cc8d818270e20057963a7b2"><code>e78a7b1</code></a> Thanks <a href="https://github.com/aarmful"><code>@​aarmful</code></a>! - fix(two-factor): prevent unverified TOTP enrollment from gating sign-in</p> <p>Adds a <code>verified</code> boolean column to the <code>twoFactor</code> table that tracks whether a TOTP secret has been confirmed by the user.</p> <ul> <li><strong>First-time enrollment:</strong> <code>enableTwoFactor</code> creates the row with <code>verified: false</code>. The row is promoted to <code>verified: true</code> only after <code>verifyTOTP</code> succeeds with a valid code.</li> <li><strong>Re-enrollment</strong> (calling <code>enableTwoFactor</code> when TOTP is already verified): the new row preserves <code>verified: true</code>, so the user is never locked out of sign-in while rotating their TOTP secret.</li> <li><strong>Sign-in:</strong> <code>verifyTOTP</code> rejects rows where <code>verified === false</code>, preventing abandoned enrollments from blocking authentication. Backup codes and OTP are unaffected and work as fallbacks during unfinished enrollment.</li> </ul> <p><strong>Migration:</strong> The new column defaults to <code>true</code>, so existing <code>twoFactor</code> rows are treated as verified. No data migration is required. <code>skipVerificationOnEnable: true</code> is also unaffected — the row is created as <code>verified: true</code> in that mode.</p> </li> <li> <p>Updated dependencies []:</p> <ul> <li><code>@​better-auth/core</code><a href="https://github.com/1"><code>@​1</code></a>.6.2</li> <li><code>@​better-auth/drizzle-adapter</code><a href="https://github.com/1"><code>@​1</code></a>.6.2</li> <li><code>@​better-auth/kysely-adapter</code><a href="https://github.com/1"><code>@​1</code></a>.6.2</li> <li><code>@​better-auth/memory-adapter</code><a href="https://github.com/1"><code>@​1</code></a>.6.2</li> <li><code>@​better-auth/mongo-adapter</code><a href="https://github.com/1"><code>@​1</code></a>.6.2</li> <li><code>@​better-auth/prisma-adapter</code><a href="https://github.com/1"><code>@​1</code></a>.6.2</li> <li><code>@​better-auth/telemetry</code><a href="https://github.com/1"><code>@​1</code></a>.6.2</li> </ul> </li> </ul> <h2>1.6.1</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/better-auth/better-auth/pull/9023">#9023</a> <a href="https://github.com/better-auth/better-auth/commit/2e537df5f7f2a4263f52cce74d7a64a0a947792b"><code>2e537df</code></a> Thanks <a href="https://github.com/jonathansamines"><code>@​jonathansamines</code></a>! - Update endpoint instrumentation to always use endpoint routes</p> </li> <li> <p><a href="https://redirect.github.com/better-auth/better-auth/pull/8902">#8902</a> <a href="https://github.com/better-auth/better-auth/commit/f61ad1cab7360e4460e6450904e97498298a79d5"><code>f61ad1c</code></a> Thanks <a href="https://github.com/ping-maxwell"><code>@​ping-maxwell</code></a>! - use <code>INVALID_PASSWORD</code> for all <code>checkPassword</code> failures</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/better-auth/better-auth/commit/700d298e1e6df7d6f381b6fa8456cc32aacf0b57"><code>700d298</code></a> chore: version packages (<a href="https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth/issues/9052">#9052</a>)</li> <li><a href="https://github.com/better-auth/better-auth/commit/b20fa424c379396f0b86f94fbac1604e4a17fe19"><code>b20fa42</code></a> fix(next-js): replace cookie probe with header-based RSC detection in nextCoo...</li> <li><a href="https://github.com/better-auth/better-auth/commit/2cbcb9baacdd8e6fa1ed605e9b788f8922f0a8c2"><code>2cbcb9b</code></a> fix(oauth2): prevent cross-provider account collision in link-social callback...</li> <li><a href="https://github.com/better-auth/better-auth/commit/9deb7936aba7931f2db4b460141f476508f11bfd"><code>9deb793</code></a> fix: cookie store strategy should verify oauth state (<a href="https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth/issues/8949">#8949</a>)</li> <li><a href="https://github.com/better-auth/better-auth/commit/84098432ad8432fe33b3134d933e574259f3430a"><code>8409843</code></a> feat(two-factor): include enabled 2fa methods in sign-in redirect response (#...</li> <li><a href="https://github.com/better-auth/better-auth/commit/e78a7b120d56b7320cc8d818270e20057963a7b2"><code>e78a7b1</code></a> fix(two-factor): prevent unverified TOTP enrollment from gating sign-in (<a href="https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth/issues/8711">#8711</a>)</li> <li><a href="https://github.com/better-auth/better-auth/commit/85bb710edcd3102d7165d0ca592aa2fcc40a84be"><code>85bb710</code></a> chore: version packages (<a href="https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth/issues/9018">#9018</a>)</li> <li><a href="https://github.com/better-auth/better-auth/commit/749583065958e8a310badaa5ea3acc8382dc0ca2"><code>7495830</code></a> fix(api): restore getSession accessibility in generic Auth&lt;O&gt; context (<a href="https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth/issues/9017">#9017</a>)</li> <li><a href="https://github.com/better-auth/better-auth/commit/2e537df5f7f2a4263f52cce74d7a64a0a947792b"><code>2e537df</code></a> fix: endpoint instrumentation to always use route template (<a href="https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth/issues/9023">#9023</a>)</li> <li><a href="https://github.com/better-auth/better-auth/commit/f61ad1cab7360e4460e6450904e97498298a79d5"><code>f61ad1c</code></a> fix: use <code>INVALID_PASSWORD</code> for all <code>checkPassword</code> failures (<a href="https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth/issues/8902">#8902</a>)</li> <li>Additional commits viewable in <a href="https://github.com/better-auth/better-auth/commits/better-auth@1.6.2/packages/better-auth">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~GitHub%20Actions">GitHub Actions</a>, a new releaser for better-auth since your current version.</p> </details> <br /> Updates `astro` from 6.1.6 to 6.1.10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/withastro/astro/releases">astro's releases</a>.</em></p> <blockquote> <h2>astro@6.1.10</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16479">#16479</a> <a href="https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934"><code>1058428</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes a spurious <code>[WARN] [content] Content config not loaded</code> warning during <code>astro dev</code> for projects that don't use content collections</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16457">#16457</a> <a href="https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd"><code>3d82220</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16481">#16481</a> <a href="https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f"><code>152700e</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes a spurious 404 request for a dev toolbar sourcemap during <code>astro dev</code> caused by the browser mis-resolving a relative <code>sourceMappingURL</code> from the <code>/@id/</code> URL prefix</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16480">#16480</a> <a href="https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a"><code>1bcb43b</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes an unnecessary full page reload on first navigation during dev</p> </li> </ul> <h2>astro@6.1.9</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16448">#16448</a> <a href="https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd"><code>99464ed</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Updates vite, picomatch, and unstorage to latest patch versions</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16422">#16422</a> <a href="https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715"><code>a3951d7</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Hardens <code>astro-island</code> export resolution and hydration error handling for malformed component metadata</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16420">#16420</a> <a href="https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490"><code>e21de1d</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16419">#16419</a> <a href="https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d"><code>f3485c3</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16022">#16022</a> <a href="https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe"><code>a002540</code></a> Thanks <a href="https://github.com/mathieumaf"><code>@​mathieumaf</code></a>! - Fixes an issue where i18n domains would return 404 when <code>trailingSlash</code> is set to <code>never</code>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd"><code>99464ed</code></a>, <a href="https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d"><code>f3485c3</code></a>]:</p> <ul> <li><code>@​astrojs/internal-helpers</code><a href="https://github.com/0"><code>@​0</code></a>.9.0</li> <li><code>@​astrojs/markdown-remark</code><a href="https://github.com/7"><code>@​7</code></a>.1.1</li> </ul> </li> </ul> <h2>astro@6.1.8</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16367">#16367</a> <a href="https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121"><code>a6866a7</code></a> Thanks <a href="https://github.com/ematipico"><code>@​ematipico</code></a>! - Fixes an issue where build output files could contain special characters (<code>!</code>, <code>~</code>, <code>{</code>, <code>}</code>) in their names, causing deploy failures on platforms like Netlify.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16381">#16381</a> <a href="https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605"><code>217c5b3</code></a> Thanks <a href="https://github.com/ematipico"><code>@​ematipico</code></a>! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16348">#16348</a> <a href="https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd"><code>7d26cd7</code></a> Thanks <a href="https://github.com/ocavue"><code>@​ocavue</code></a>! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16317">#16317</a> <a href="https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e"><code>d012bfe</code></a> Thanks <a href="https://github.com/das-peter"><code>@​das-peter</code></a>! - Fixes a bug where <code>allowedDomains</code> weren't correctly propagated when using the development server.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16379">#16379</a> <a href="https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b"><code>5a84551</code></a> Thanks <a href="https://github.com/martrapp"><code>@​martrapp</code></a>! - Improves Vue scoped style handling in DEV mode during client router navigation.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16317">#16317</a> <a href="https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e"><code>d012bfe</code></a> Thanks <a href="https://github.com/das-peter"><code>@​das-peter</code></a>! - Adds tests to verify settings are properly propagated when using the development server.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16282">#16282</a> <a href="https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2"><code>5b0fdaa</code></a> Thanks <a href="https://github.com/jmurty"><code>@​jmurty</code></a>! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765"><code>e0b240e</code></a>]:</p> <ul> <li><code>@​astrojs/telemetry</code><a href="https://github.com/3"><code>@​3</code></a>.3.1</li> </ul> </li> </ul> <h2>astro@6.1.7</h2> <h3>Patch Changes</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md">astro's changelog</a>.</em></p> <blockquote> <h2>6.1.10</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16479">#16479</a> <a href="https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934"><code>1058428</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes a spurious <code>[WARN] [content] Content config not loaded</code> warning during <code>astro dev</code> for projects that don't use content collections</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16457">#16457</a> <a href="https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd"><code>3d82220</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16481">#16481</a> <a href="https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f"><code>152700e</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes a spurious 404 request for a dev toolbar sourcemap during <code>astro dev</code> caused by the browser mis-resolving a relative <code>sourceMappingURL</code> from the <code>/@id/</code> URL prefix</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16480">#16480</a> <a href="https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a"><code>1bcb43b</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes an unnecessary full page reload on first navigation during dev</p> </li> </ul> <h2>6.1.9</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16448">#16448</a> <a href="https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd"><code>99464ed</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Updates vite, picomatch, and unstorage to latest patch versions</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16422">#16422</a> <a href="https://github.com/withastro/astro/commit/a3951d7873c7c210fedbaa77702bc33db6410715"><code>a3951d7</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Hardens <code>astro-island</code> export resolution and hydration error handling for malformed component metadata</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16420">#16420</a> <a href="https://github.com/withastro/astro/commit/e21de1d03b318d5045dba718291c04fe05c01490"><code>e21de1d</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16419">#16419</a> <a href="https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d"><code>f3485c3</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16022">#16022</a> <a href="https://github.com/withastro/astro/commit/a002540d60d4a840db9971e73c820a8015658ffe"><code>a002540</code></a> Thanks <a href="https://github.com/mathieumaf"><code>@​mathieumaf</code></a>! - Fixes an issue where i18n domains would return 404 when <code>trailingSlash</code> is set to <code>never</code>.</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/withastro/astro/commit/99464edb5fc0968f6497328e106f26ab393668bd"><code>99464ed</code></a>, <a href="https://github.com/withastro/astro/commit/f3485c3458bc8bf70c152126e418c24f489ded9d"><code>f3485c3</code></a>]:</p> <ul> <li><code>@​astrojs/internal-helpers</code><a href="https://github.com/0"><code>@​0</code></a>.9.0</li> <li><code>@​astrojs/markdown-remark</code><a href="https://github.com/7"><code>@​7</code></a>.1.1</li> </ul> </li> </ul> <h2>6.1.8</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16367">#16367</a> <a href="https://github.com/withastro/astro/commit/a6866a7ef086627f8f8237274361d8acc2f85121"><code>a6866a7</code></a> Thanks <a href="https://github.com/ematipico"><code>@​ematipico</code></a>! - Fixes an issue where build output files could contain special characters (<code>!</code>, <code>~</code>, <code>{</code>, <code>}</code>) in their names, causing deploy failures on platforms like Netlify.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16381">#16381</a> <a href="https://github.com/withastro/astro/commit/217c5b3b937f0aee7e59280e8a10cf2bd4237605"><code>217c5b3</code></a> Thanks <a href="https://github.com/ematipico"><code>@​ematipico</code></a>! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16348">#16348</a> <a href="https://github.com/withastro/astro/commit/7d26cd77bc1b33cee81f0e7b408dc2d170be1bdd"><code>7d26cd7</code></a> Thanks <a href="https://github.com/ocavue"><code>@​ocavue</code></a>! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16317">#16317</a> <a href="https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e"><code>d012bfe</code></a> Thanks <a href="https://github.com/das-peter"><code>@​das-peter</code></a>! - Fixes a bug where <code>allowedDomains</code> weren't correctly propagated when using the development server.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16379">#16379</a> <a href="https://github.com/withastro/astro/commit/5a845514114ae21ca9820e98b56cce33c0cf579b"><code>5a84551</code></a> Thanks <a href="https://github.com/martrapp"><code>@​martrapp</code></a>! - Improves Vue scoped style handling in DEV mode during client router navigation.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16317">#16317</a> <a href="https://github.com/withastro/astro/commit/d012bfeadb5b33f9ab1175191d59357d629c327e"><code>d012bfe</code></a> Thanks <a href="https://github.com/das-peter"><code>@​das-peter</code></a>! - Adds tests to verify settings are properly propagated when using the development server.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/16282">#16282</a> <a href="https://github.com/withastro/astro/commit/5b0fdaa8ba3dc17f4b93d9847c3255150b0aeab2"><code>5b0fdaa</code></a> Thanks <a href="https://github.com/jmurty"><code>@​jmurty</code></a>! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports</p> </li> <li> <p>Updated dependencies [<a href="https://github.com/withastro/astro/commit/e0b240edea4db632138def3a9003b4b12e12f765"><code>e0b240e</code></a>]:</p> <ul> <li><code>@​astrojs/telemetry</code><a href="https://github.com/3"><code>@​3</code></a>.3.1</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/withastro/astro/commit/c1f2e4f62adc1f2ba7b36f400f38fbab8862bc74"><code>c1f2e4f</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16467">#16467</a>)</li> <li><a href="https://github.com/withastro/astro/commit/345fb9e370ddcd633c1043326e723ee43c89a3e4"><code>345fb9e</code></a> chore: fix flaky dev toolbar render time test (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16500">#16500</a>)</li> <li><a href="https://github.com/withastro/astro/commit/5120ecd4c337a7c59c4956ff8fd6bf327b4abce9"><code>5120ecd</code></a> [ci] format</li> <li><a href="https://github.com/withastro/astro/commit/3d82220a1549e699e34ed433f3846a919f4c02bd"><code>3d82220</code></a> Add AEAD context binding to server island encryption (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16457">#16457</a>)</li> <li><a href="https://github.com/withastro/astro/commit/1bcb43bf04f3fa8f4623897ae2a937250f35216a"><code>1bcb43b</code></a> Prebundle dev toolbar entrypoint in client environment (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16480">#16480</a>)</li> <li><a href="https://github.com/withastro/astro/commit/93101cce781585574d6b528bae05d5b6a02e63bd"><code>93101cc</code></a> [ci] format</li> <li><a href="https://github.com/withastro/astro/commit/152700e08178285b240d8ef947cccd47b870ee5f"><code>152700e</code></a> fix: strip sourceMappingURL from dev toolbar entrypoint during dep optimizati...</li> <li><a href="https://github.com/withastro/astro/commit/bc8304121b79f5fdcfb400d6baea977840391134"><code>bc83041</code></a> refactor(astro): migrate test utils to typescript (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16492">#16492</a>)</li> <li><a href="https://github.com/withastro/astro/commit/5c543c595def9826acdd71c1cb88f08f8d63f1a5"><code>5c543c5</code></a> refactor(astro): add internal entry points for test (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16473">#16473</a>)</li> <li><a href="https://github.com/withastro/astro/commit/1058428df2d13878c6130787636dd1778273a934"><code>1058428</code></a> Suppress content config warning for projects without content collections (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16">#16</a>...</li> <li>Additional commits viewable in <a href="https://github.com/withastro/astro/commits/astro@6.1.10/packages/astro">compare view</a></li> </ul> </details> <br /> Updates `devalue` from 5.6.4 to 5.8.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/devalue/releases">devalue's releases</a>.</em></p> <blockquote> <h2>v5.8.1</h2> <h3>Patch Changes</h3> <ul> <li>206ca67: fix: force sparse arrays to allocate sparsely</li> </ul> <h2>v5.8.0</h2> <h3>Minor Changes</h3> <ul> <li>c5115b0: feat: add <code>stringifyAsync</code> for async serialization</li> </ul> <h2>v5.7.1</h2> <h3>Patch Changes</h3> <ul> <li>8becc7c: fix: handle regexes consistently in uneval's value and reference formats</li> </ul> <h2>v5.7.0</h2> <h3>Minor Changes</h3> <ul> <li>df2e284: feat: use native alternatives to encode/decode base64</li> <li>498656e: feat: add <code>DataView</code> support</li> <li>a210130: feat: whitelist <code>Float16Array</code></li> <li>df2e284: feat: simplify TypedArray slices</li> </ul> <h3>Patch Changes</h3> <ul> <li>5590634: fix: get <code>uneval</code> type handling up to parity with <code>stringify</code></li> <li>57f73fc: fix: correctly support boxed bigints and sentinel values</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md">devalue's changelog</a>.</em></p> <blockquote> <h2>5.8.1</h2> <h3>Patch Changes</h3> <ul> <li>206ca67: fix: force sparse arrays to allocate sparsely</li> </ul> <h2>5.8.0</h2> <h3>Minor Changes</h3> <ul> <li>c5115b0: feat: add <code>stringifyAsync</code> for async serialization</li> </ul> <h2>5.7.1</h2> <h3>Patch Changes</h3> <ul> <li>8becc7c: fix: handle regexes consistently in uneval's value and reference formats</li> </ul> <h2>5.7.0</h2> <h3>Minor Changes</h3> <ul> <li>df2e284: feat: use native alternatives to encode/decode base64</li> <li>498656e: feat: add <code>DataView</code> support</li> <li>a210130: feat: whitelist <code>Float16Array</code></li> <li>df2e284: feat: simplify TypedArray slices</li> </ul> <h3>Patch Changes</h3> <ul> <li>5590634: fix: get <code>uneval</code> type handling up to parity with <code>stringify</code></li> <li>57f73fc: fix: correctly support boxed bigints and sentinel values</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/sveltejs/devalue/commit/796ea83a76eb7e0f2af376f9c2c875f1d057f50f"><code>796ea83</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/152">#152</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d"><code>206ca67</code></a> Merge commit from fork</li> <li><a href="https://github.com/sveltejs/devalue/commit/14933f78ff6b712829162628682b0a1993e75d19"><code>14933f7</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/151">#151</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/c5115b0074ec298fb4077f6cee5616cefbd13902"><code>c5115b0</code></a> feat: <code>stringifyAsync</code> (<a href="https://redirect.github.com/sveltejs/devalue/issues/150">#150</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/67dad450b5db18ea9aa3059d334d8b0ee6704d9e"><code>67dad45</code></a> docs: update README to reflect serialization stability non-goal (<a href="https://redirect.github.com/sveltejs/devalue/issues/147">#147</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/6eb920a7db6fe388f24f640d0e4e874a57f148fb"><code>6eb920a</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/146">#146</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/8becc7c436f0d4f85e2e5b32cb49dcfdf4fdec42"><code>8becc7c</code></a> fix: handle regexes consistently in uneval's value and reference formats (<a href="https://redirect.github.com/sveltejs/devalue/issues/145">#145</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/2eee2e435ea0ea3d495dc7a266486df95a4eb6ed"><code>2eee2e4</code></a> Version Packages (<a href="https://redirect.github.com/sveltejs/devalue/issues/144">#144</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/498656e75d36dfc63a386240722bdeac63337b25"><code>498656e</code></a> DataView support (<a href="https://redirect.github.com/sveltejs/devalue/issues/143">#143</a>)</li> <li><a href="https://github.com/sveltejs/devalue/commit/5590634db53ed555d3ce2e2024924b30352a6afc"><code>5590634</code></a> Improve platform types support (<a href="https://redirect.github.com/sveltejs/devalue/issues/142">#142</a>)</li> <li>Additional commits viewable in <a href="https://github.com/sveltejs/devalue/compare/v5.6.4...v5.8.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RayLabsHQ/gitea-mirror/network/alerts). </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-17 19:23:33 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
documentation
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea-mirror#2920
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?