Skip to content

fix(deps): update astro monorepo #1233

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kiba-renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update astro monorepo #1233

kiba-renovate wants to merge 1 commit into from

Conversation

@kiba-renovate
Copy link
Contributor

@kiba-renovate kiba-renovate bot commented Dec 26, 2025

This PR contains the following updates:

Package Change Age Confidence
@astrojs/check (source) 0.9.4 -> 0.9.6 age confidence
@astrojs/db (source) 0.15.1 -> 0.18.3 age confidence
@astrojs/mdx (source) 4.3.5 -> 4.3.13 age confidence
@astrojs/react (source) 4.3.1 -> 4.4.2 age confidence
@astrojs/rss (source) 4.0.12 -> 4.0.14 age confidence
astro (source) 5.15.9 -> 5.16.5 age confidence

Release Notes

withastro/astro (@​astrojs/check)

v0.9.6

Patch Changes

v0.9.5

Patch Changes
  • d415d4e: When no errors or warnings are detected, display "0 errors" or "0 warnings" in a dimmed color on the console instead of red or yellow.
withastro/astro (@​astrojs/db)

v0.18.3

Compare Source

Patch Changes

v0.18.2

Compare Source

Patch Changes

v0.18.1

Compare Source

Patch Changes

v0.18.0

Compare Source

Minor Changes

  • #​14204 d71448e Thanks @​Adammatthiesen! - Adds a new libSQL web driver to support environments that require a non-Node.js libSQL client such as Cloudflare or Deno. Also adds a new mode configuration option to allow you to set your client connection type: node (default) or web.

    The default db node driver mode is identical to the previous AstroDB functionality. No changes have been made to how AstroDB works in Node.js environments, and this is still the integration's default behavior. If you are currently using AstroDB, no changes to your project code are required and setting a mode is not required.

    However, if you have previously been unable to use AstroDB because you required a non-Node.js libSQL client, you can now install and configure the libSQL web driver by setting mode: 'web' in your db configuration:

    import db from '@​astrojs/db';
import { defineConfig } from 'astro/config';

// https://astro.build/config
export default defineConfig({
  integrations: [db({ mode: 'web' })],
});

    For more information, see the @astrojs/db documentation.

v0.17.2

Compare Source

Patch Changes

v0.17.1

Compare Source

Patch Changes

v0.17.0

Compare Source

Minor Changes

  • #​14190 438adab Thanks @​Adammatthiesen! - Adds support for enum support for text columns in Astro DB tables.

    import { column, defineTable } from 'astro:db';

// Table definition
const UserTable = defineTable({
  columns: {
    id: column.number({ primaryKey: true }),
    name: column.text(),
    rank: column.text({ enum: ['user', 'mod', 'admin'] }),
  },
});

// Resulting type definition
type UserTableInferInsert = {
  id: string;
  name: string;
  rank: 'user' | 'mod' | 'admin';
};

v0.16.1

Compare Source

Patch Changes

v0.16.0

Compare Source

Minor Changes
withastro/astro (@​astrojs/mdx)

v4.3.13

Compare Source

Patch Changes

v4.3.12

Compare Source

Patch Changes

v4.3.11

Compare Source

Patch Changes

v4.3.10

Compare Source

Patch Changes

  • #​14715 3d55c5d Thanks @​ascorbic! - Adds support for client hydration in getContainerRenderer()

    The getContainerRenderer() function is exported by Astro framework integrations to simplify the process of rendering framework components when using the experimental Container API inside a Vite or Vitest environment. This update adds the client hydration entrypoint to the returned object, enabling client-side interactivity for components rendered using this function. Previously this required users to manually call container.addClientRenderer() with the appropriate client renderer entrypoint.

    See the container-with-vitest demo for a usage example, and the Container API documentation for more information on using framework components with the experimental Container API.

v4.3.9

Patch Changes

v4.3.8

Patch Changes

  • #​14591 3e887ec Thanks @​matthewp! - Adds TypeScript support for the components prop on MDX Content component when using await render(). Developers now get proper IntelliSense and type checking when passing custom components to override default MDX element rendering.

  • #​14598 7b45c65 Thanks @​delucis! - Reduces terminal text styling dependency size by switching from kleur to picocolors

v4.3.7

Compare Source

Patch Changes

v4.3.6

Compare Source

Patch Changes
withastro/astro (@​astrojs/react)

v4.4.2

Compare Source

Patch Changes

  • #​14715 3d55c5d Thanks @​ascorbic! - Adds support for client hydration in getContainerRenderer()

    The getContainerRenderer() function is exported by Astro framework integrations to simplify the process of rendering framework components when using the experimental Container API inside a Vite or Vitest environment. This update adds the client hydration entrypoint to the returned object, enabling client-side interactivity for components rendered using this function. Previously this required users to manually call container.addClientRenderer() with the appropriate client renderer entrypoint.

    See the container-with-vitest demo for a usage example, and the Container API documentation for more information on using framework components with the experimental Container API.

v4.4.1

Compare Source

Patch Changes

v4.4.0

Compare Source

Minor Changes

  • #​14386 f75f446 Thanks @​yanthomasdev! - Stabilizes the formerly experimental getActionState() and withState() functions introduced in @astrojs/react v3.4.0 used to integrate Astro Actions with React 19's useActionState() hook.

    This example calls a like action that accepts a postId and returns the number of likes. Pass this action to the withState() function to apply progressive enhancement info, and apply to useActionState() to track the result:

    import { actions } from 'astro:actions';
import { withState } from '@​astrojs/react/actions';
import { useActionState } from 'react';

export function Like({ postId }: { postId: string }) {
  const [state, action, pending] = useActionState(
    withState(actions.like),
    0, // initial likes
  );

  return (
    <form action={action}>
      <input type="hidden" name="postId" value={postId} />
      <button disabled={pending}>{state} ❤️</button>
    </form>
  );
}

    You can also access the state stored by useActionState() from your action handler. Call getActionState() with the API context, and optionally apply a type to the result:

    import { defineAction } from 'astro:actions';
import { z } from 'astro:schema';
import { getActionState } from '@&#8203;astrojs/react/actions';

export const server = {
  like: defineAction({
    input: z.object({
      postId: z.string(),
    }),
    handler: async ({ postId }, ctx) => {
      const currentLikes = getActionState<number>(ctx);
      // write to database
      return currentLikes + 1;
    },
  }),
};

    If you were previously using this experimental feature, you will need to update your code to use the new stable exports:

    // src/components/Form.jsx
import { actions } from 'astro:actions';
-import { experimental_withState } from '@&#8203;astrojs/react/actions';
+import { withState } from '@&#8203;astrojs/react/actions';
import { useActionState } from "react";
    // src/actions/index.ts
import { defineAction, type SafeResult } from 'astro:actions';
import { z } from 'astro:schema';
-import { experimental_getActionState } from '@&#8203;astrojs/react/actions';
+import { getActionState } from '@&#8203;astrojs/react/actions';
withastro/astro (@​astrojs/rss)

v4.0.14

Compare Source

Patch Changes

v4.0.13

Compare Source

Patch Changes
withastro/astro (astro)

v5.16.5

Compare Source

Patch Changes

  • #​14985 c016f10 Thanks @​florian-lefebvre! - Fixes a case where JSDoc annotations wouldn't show for fonts related APIs in the Astro config

  • #​14973 ed7cc2f Thanks @​amankumarpandeyin! - Fixes performance regression and OOM errors when building medium-sized blogs with many content entries. Replaced O(n²) object spread pattern with direct mutation in generateLookupMap.

  • #​14958 70eb542 Thanks @​ascorbic! - Gives a helpful error message if a user sets output: "hybrid" in their Astro config.

    The option was removed in Astro 5, but lots of content online still references it, and LLMs often suggest it. It's not always clear that the replacement is output: "static", rather than output: "server". This change adds a helpful error message to guide humans and robots.

  • #​14901 ef53716 Thanks @​Darknab! - Updates the glob() loader to log a warning when duplicated IDs are detected

  • Updated dependencies [d8305f8]:

v5.16.4

Compare Source

Patch Changes

  • #​14940 2cf79c2 Thanks @​ematipico! - Fixes a bug where Astro didn't properly combine CSP resources from the csp configuration with those added using the runtime API (Astro.csp.insertDirective()) to form grammatically correct CSP headers

    Now Astro correctly deduplicate CSP resources. For example, if you have a global resource in the configuration file, and then you add a
    a new one using the runtime APIs.

v5.16.3

Compare Source

Patch Changes

  • #​14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

  • #​14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

    Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

v5.16.2

Compare Source

Patch Changes

v5.16.1

Compare Source

Patch Changes

v5.16.0

Compare Source

Minor Changes

  • #​13880 1a2ed01 Thanks @​azat-io! - Adds experimental SVGO optimization support for SVG assets

    Astro now supports automatic SVG optimization using SVGO during build time. This experimental feature helps reduce SVG file sizes while maintaining visual quality, improving your site's performance.

    To enable SVG optimization with default settings, add the following to your astro.config.mjs:

    import { defineConfig } from 'astro/config';

export default defineConfig({
  experimental: {
    svgo: true,
  },
});

    To customize optimization, pass a SVGO configuration object:

    export default defineConfig({
  experimental: {
    svgo: {
      plugins: [
        'preset-default',
        {
          name: 'removeViewBox',
          active: false,
        },
      ],
    },
  },
});

    For more information on enabling and using this feature in your project, see the experimental SVG optimization docs.

  • #​14810 2e845fe Thanks @​ascorbic! - Adds a hint for code agents to use the --yes flag to skip prompts when running astro add

  • #​14698 f42ff9b Thanks @​mauriciabad! - Adds the ActionInputSchema utility type to automatically infer the TypeScript type of an action's input based on its Zod schema

    For example, this type can be used to retrieve the input type of a form action:

    import { type ActionInputSchema, defineAction } from 'astro:actions';
import { z } from 'astro/zod';

const action = defineAction({
  accept: 'form',
  input: z.object({ name: z.string() }),
  handler: ({ name }) => ({ message: `Welcome, ${name}!` }),
});

type Schema = ActionInputSchema<typeof action>;
// typeof z.object({ name: z.string() })

type Input = z.input<Schema>;
// { name: string }

  • #​14574 4356485 Thanks @​jacobdalamb! - Adds new CLI shortcuts available when running astro preview:

    • o + enter: open the site in your browser
    • q + enter: quit the preview
    • h + enter: print all available shortcuts
Patch Changes

  • #​14813 e1dd377 Thanks @​ematipico! - Removes picocolors as dependency in favor of the fork piccolore.

  • #​14609 d774306 Thanks @​florian-lefebvre! - Improves astro info

  • #​14796 c29a785 Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

    Updates the default subsets to ["latin"]

    Subsets have been a common source of confusion: they caused a lot of files to be downloaded by default. You now have to manually pick extra subsets.

    Review your Astro config and update subsets if you need, for example if you need greek characters:

    import { defineConfig, fontProviders } from "astro/config"

export default defineConfig({
    experimental: {
        fonts: [{
            name: "Roboto",
            cssVariable: "--font-roboto",
            provider: fontProviders.google(),
+            subsets: ["latin", "greek"]
        }]
    }
})

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@kiba-renovate kiba-renovate bot temporarily deployed to claude-code-action December 26, 2025 07:46 Inactive
@codecov
Copy link

codecov bot commented Dec 26, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.53%. Comparing base (278f95c) to head (c9165fc).
⚠️ Report is 11 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1233   +/-   ##
=======================================
  Coverage   65.53%   65.53%           
=======================================
  Files          53       53           
  Lines        2498     2498           
  Branches      246      245    -1     
=======================================
  Hits         1637     1637           
  Misses        856      856           
  Partials        5        5
Flag Coverage Δ
storybook 49.21% <ø> (ø)
unittests 24.31% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions github-actions bot added the changes 🚨 Has changes of archive label Dec 26, 2025
@kiba-claude-code
Copy link
Contributor

kiba-claude-code bot commented Dec 26, 2025

📦 依存関係更新レビュー

このPRは複数のAstroパッケージの更新を含んでいます。以下の観点からレビューしました:

✅ 肯定的な点

  1. セキュリティパッチの適用

    • [email protected] で認証バイパスの脆弱性修正(CVE対応)が含まれています
    • 多重URLエンコーディングによる認証回避の問題が修正されています

  2. パフォーマンス改善

    • [email protected] でコンテンツ処理時のO(n²)問題が修正され、OOM(Out Of Memory)エラーが回避されます
    • 中規模のブログサイトにおいてビルドパフォーマンスが改善されます

  3. 重要な機能追加

    • @astrojs/[email protected] でlibSQL webドライバーが追加され、Cloudflare/Deno環境のサポートが向上
    • @astrojs/[email protected] でReact 19のuseActionState()フックのサポートが安定版に

  4. 依存関係の最適化

    • picocolorsからpiccoloreへのフォークへの移行(依存関係サイズの削減)

⚠️ 注意点

  1. Astro Studioのサポート終了

    • @astrojs/[email protected] でAstro Studioのサポートが削除されています
    • 既にTursoへ移行済みの場合は影響なし(このプロジェクトでは問題なし)

  2. 破壊的変更の可能性

    • @astrojs/dbのメジャーバージョンアップ(0.15.1 → 0.18.3)
    • @astrojs/reactのマイナーバージョンアップ(4.3.1 → 4.4.2)
    • テキスト列のenum型サポートなど、型定義に影響がある可能性

🧪 推奨アクション

  1. 必須: ビルドとテストの実行

    npm run build
npm test

  2. 推奨: データベース関連機能の動作確認

    • @astrojs/dbの大幅な更新があるため、データベース操作の確認を推奨
    • GA4データ更新処理の確認

  3. 推奨: ビジュアルリグレッションテスト

    • Reactコンポーネントの更新があるため、VRTの実行を推奨
    npm run vrt:regression

📊 更新サマリー

パッケージ 旧バージョン 新バージョン 変更タイプ
astro 5.15.9 5.16.5 Patch(セキュリティ含む)
@astrojs/db 0.15.1 0.18.3 Minor(破壊的変更含む)
@astrojs/mdx 4.3.5 4.3.13 Patch
@astrojs/react 4.3.1 4.4.2 Minor
@astrojs/rss 4.0.12 4.0.14 Patch
@astrojs/check 0.9.4 0.9.6 Patch

🎯 結論

この更新は承認推奨です。特にセキュリティパッチとパフォーマンス改善が含まれており、早期のマージが望ましいです。ただし、データベース関連の変更が大きいため、CIでのテスト結果の確認後にマージすることを推奨します。

@github-actions
Copy link
Contributor

github-actions bot commented Dec 26, 2025
edited
Loading

🚨 Changes to the artifacts

building commit: a75228ef16df91b1da5de4d61d88ff006d14f29b

SHA256
Recent deployed e64f257c64e487ecddb04930590362a18fde8d153b41512d90fe760832372896
This build 50f861538c4533ed72f78a1a6cdcbb0f98b359f5df12fbfa2d27b0a3678c0afd

kiba-claude-code[bot]
kiba-claude-code bot reviewed Dec 26, 2025
View reviewed changes
package.json
"@tailwindcss/aspect-ratio": "0.4.2",
"@tailwindcss/typography": "0.5.19",
"astro": "5.15.9",
"astro": "5.16.5",
Copy link
Contributor

@kiba-claude-code kiba-claude-code bot Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ 重要なセキュリティ更新

[email protected]には以下のセキュリティパッチが含まれています:

  • 認証バイパスの脆弱性修正(v5.16.3): 多重URLエンコーディング(例: /%2561dmin)による認証回避の問題が修正されました
  • パフォーマンス改善(v5.16.5): コンテンツ処理時のO(n²)問題が解決され、中規模サイトでのOOMエラーが回避されます

この更新はセキュリティ上重要なため、早期のマージを推奨します。

kiba-claude-code[bot]
kiba-claude-code bot reviewed Dec 26, 2025
View reviewed changes
package.json
"@astrojs/db": "0.15.1",
"@astrojs/mdx": "4.3.5",
"@astrojs/check": "0.9.6",
"@astrojs/db": "0.18.3",
Copy link
Contributor

@kiba-claude-code kiba-claude-code bot Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📊 @astrojs/db メジャー更新の影響確認

@astrojs/db0.15.1から0.18.3へ更新されています。主な変更点:

  1. Astro Studioサポート終了(v0.16.0)- 既にTursoへ移行済みなら影響なし
  2. 新機能: libSQL webドライバー追加(v0.18.0)- Cloudflare/Deno環境のサポート
  3. 新機能: テキスト列のenum型サポート(v0.17.0)
  4. 型定義の変更: optional/primary key列の型が修正されています

推奨アクション: データベース関連の機能(特にGA4データ更新処理)の動作確認を推奨します。

npm run db:update

kiba-claude-code[bot]
kiba-claude-code bot reviewed Dec 26, 2025
View reviewed changes
package.json
"@astrojs/partytown": "2.1.4",
"@astrojs/react": "4.3.1",
"@astrojs/rss": "4.0.12",
"@astrojs/react": "4.4.2",
Copy link
Contributor

@kiba-claude-code kiba-claude-code bot Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 React 19統合の安定化

@astrojs/[email protected]で、React 19のuseActionState()フックとAstro Actionsの統合機能が実験的機能から安定版になりました。

  • withState()getActionState()が正式にサポート
  • フォーム送信とプログレッシブエンハンスメントの改善

このプロジェクトでAstro Actionsを使用している場合、より安定した動作が期待できます。

@kiba-renovate kiba-renovate bot force-pushed the renovate/astro-monorepo branch from 7ac7701 to c9165fc Compare December 26, 2025 08:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kiba-claude-code kiba-claude-code[bot] kiba-claude-code[bot] left review comments

Assignees

No one assigned

Labels

changes 🚨 Has changes of archive renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant