Skip to content

Bump the npm group across 1 directory with 10 updates#106

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-41bfa9c212
Closed

Bump the npm group across 1 directory with 10 updates#106
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-41bfa9c212

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 21, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm group with 8 updates in the / directory:

Package From To
@astrojs/markdown-remark 7.1.2 7.2.0
@astrojs/sitemap 3.7.2 3.7.3
@astrojs/starlight 0.39.2 0.40.0
@tailwindcss/vite 4.3.0 4.3.1
sanitize-html 2.17.4 2.17.5
sharp 0.34.5 0.35.2
temporal-polyfill 0.3.2 1.0.1
@tailwindcss/typography 0.5.19 0.5.20

Updates @astrojs/markdown-remark from 7.1.2 to 7.2.0

Release notes

Sourced from @​astrojs/markdown-remark's releases.

@​astrojs/markdown-remark@​7.2.0

7.2.0

Minor Changes

  • #16848 f732f3c Thanks @​Princesseuh! - Adds a new markdown.processor configuration option, allowing you to choose an alternative Markdown processor.

    Websites with many Markdown/MDX files tend to be slow to build because the unified ecosystem (e.g., remark, rehype) is slow to process. This feature introduces the ability to replace this part of the build pipeline with another processor.

    The default processor is unified(). This means that existing configurations remain unchanged and your remark/rehype plugins continue to work.

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import { unified } from '@astrojs/markdown-remark';
    import remarkToc from 'remark-toc';
    export default defineConfig({
    markdown: {
    processor: unified({
    remarkPlugins: [remarkToc],
    }),
    },
    });

    In addition to this new configuration option, Astro provides a new alternative processor based on Rust: Sätteri. You can choose to use it now by installing @astrojs/markdown-satteri, importing the satteri() processor, and adapting your existing configuration:

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import { satteri } from '@astrojs/markdown-satteri';
    export default defineConfig({
    markdown: {
    processor: satteri({
    features: { directive: true },
    }),
    },
    });

    This processor does not support the remark and rehype plugins. This means you may need to convert them to MDAST or HAST plugins to retain your current functionality.

    The existing top-level markdown.remarkPlugins, markdown.rehypePlugins, markdown.remarkRehype, markdown.gfm, and markdown.smartypants options still work, but are now deprecated and will be removed in a future major update. The matching remarkPlugins, rehypePlugins, and remarkRehype options on the MDX integration are also deprecated for the same reason. To anticipate their removal, move them onto unified({...}) (or your preferred plugin processor) :

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import remarkToc from 'remark-toc';

... (truncated)

Changelog

Sourced from @​astrojs/markdown-remark's changelog.

7.2.0

Minor Changes

  • #16848 f732f3c Thanks @​Princesseuh! - Adds a new markdown.processor configuration option, allowing you to choose an alternative Markdown processor.

    Websites with many Markdown/MDX files tend to be slow to build because the unified ecosystem (e.g., remark, rehype) is slow to process. This feature introduces the ability to replace this part of the build pipeline with another processor.

    The default processor is unified(). This means that existing configurations remain unchanged and your remark/rehype plugins continue to work.

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import { unified } from '@astrojs/markdown-remark';
    import remarkToc from 'remark-toc';
    export default defineConfig({
    markdown: {
    processor: unified({
    remarkPlugins: [remarkToc],
    }),
    },
    });

    In addition to this new configuration option, Astro provides a new alternative processor based on Rust: Sätteri. You can choose to use it now by installing @astrojs/markdown-satteri, importing the satteri() processor, and adapting your existing configuration:

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import { satteri } from '@astrojs/markdown-satteri';
    export default defineConfig({
    markdown: {
    processor: satteri({
    features: { directive: true },
    }),
    },
    });

    This processor does not support the remark and rehype plugins. This means you may need to convert them to MDAST or HAST plugins to retain your current functionality.

    The existing top-level markdown.remarkPlugins, markdown.rehypePlugins, markdown.remarkRehype, markdown.gfm, and markdown.smartypants options still work, but are now deprecated and will be removed in a future major update. The matching remarkPlugins, rehypePlugins, and remarkRehype options on the MDX integration are also deprecated for the same reason. To anticipate their removal, move them onto unified({...}) (or your preferred plugin processor) :

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import remarkToc from 'remark-toc';
    import rehypeSlug from 'rehype-slug';

... (truncated)

Commits

Updates @astrojs/sitemap from 3.7.2 to 3.7.3

Release notes

Sourced from @​astrojs/sitemap's releases.

@​astrojs/sitemap@​3.7.3

Patch Changes

  • #16837 783c4a6 Thanks @​jdevalk! - Improves <lastmod> accuracy in the sitemap index. Each <sitemap> entry in sitemap-index.xml is now stamped with the most recent lastmod of the URLs in the child sitemap it points to, instead of repeating a single global date on every entry. When a child sitemap has no per-URL lastmod, the entry falls back to the lastmod option as before. This gives search engines a per-file freshness signal, so they can tell which child sitemaps actually changed without refetching all of them.
Changelog

Sourced from @​astrojs/sitemap's changelog.

3.7.3

Patch Changes

  • #16837 783c4a6 Thanks @​jdevalk! - Improves <lastmod> accuracy in the sitemap index. Each <sitemap> entry in sitemap-index.xml is now stamped with the most recent lastmod of the URLs in the child sitemap it points to, instead of repeating a single global date on every entry. When a child sitemap has no per-URL lastmod, the entry falls back to the lastmod option as before. This gives search engines a per-file freshness signal, so they can tell which child sitemaps actually changed without refetching all of them.
Commits

Updates @astrojs/starlight from 0.39.2 to 0.40.0

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.40.0

Minor Changes

  • #3923 edf2e6b Thanks @​Princesseuh! - Adds support for Astro 6.4 and the new Sätteri Markdown processor.

    It is now possible to opt into using Astro's 6.4 Sätteri Markdown processor by installing the @astrojs/markdown-satteri package and configuring it in your astro.config.mjs file:

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import { satteri } from '@​astrojs/markdown-satteri';
    export default defineConfig({
    markdown: {
    processor: satteri(),
    },
    });

    ⚠️ BREAKING CHANGE: The minimum supported version of Astro is now v6.4.5.

    Please update Starlight and Astro together:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Sätteri. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

Patch Changes

@​astrojs/starlight@​0.39.3

Patch Changes

Changelog

Sourced from @​astrojs/starlight's changelog.

0.40.0

Minor Changes

  • #3923 edf2e6b Thanks @​Princesseuh! - Adds support for Astro 6.4 and the new Sätteri Markdown processor.

    It is now possible to opt into using Astro's 6.4 Sätteri Markdown processor by installing the @astrojs/markdown-satteri package and configuring it in your astro.config.mjs file:

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import { satteri } from '@​astrojs/markdown-satteri';
    export default defineConfig({
    markdown: {
    processor: satteri(),
    },
    });

    ⚠️ BREAKING CHANGE: The minimum supported version of Astro is now v6.4.5.

    Please update Starlight and Astro together:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Sätteri. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

Patch Changes

0.39.3

Patch Changes

Commits

Updates @tailwindcss/vite from 4.3.0 to 4.3.1

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.3.1

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
  • Allow @variant to be used inside addBase (#19480)
  • Ensure @source globs with symlinks are preserved (#20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
  • Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
  • Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
  • Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)]w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
  • Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

  • Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
  • Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)
Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.3.1] - 2026-06-12

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
  • Allow @variant to be used inside addBase (#19480)
  • Ensure @source globs with symlinks are preserved (#20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
  • Ensure explicitly referenced @source directories are scanned even when ignored by git (#20214)
  • Ensure @source globs ending in **/* preserve dynamic path segments to avoid scanning too many files (#20217)
  • Canonicalization: don't fold calc(…) divisions when the result would require high precision (e.g. w-[calc(100%/3.5)]w-[calc(100%/3.5)], not w-[28.571428571428573%]) (#20221)
  • Serve ESM type declarations to ESM importers of @tailwindcss/postcss (#20228)

Changed

  • Generate 0 instead of calc(var(--spacing) * 0) for spacing utilities like m-0 and left-0 (#20196)
  • Generate var(--spacing) instead of calc(var(--spacing) * 1) for spacing utilities like m-1 and left-1 (#20196)
Commits

Updates astro from 6.3.7 to 6.4.8

Release notes

Sourced from astro's releases.

astro@6.4.8

Patch Changes

astro@6.4.7

Patch Changes

  • #17035 197e50e Thanks @​astrobot-houston! - Fixes getRelativeLocaleUrl, getAbsoluteLocaleUrl, and getAbsoluteLocaleUrlList to strip trailing slashes when trailingSlash: 'never' is configured

  • #16967 3719765 Thanks @​astrobot-houston! - Fixes double URL-encoded paths returning 400 Bad Request on on-demand routes

    Previously, any URL containing a double-encoded character (like %255B, which is [ encoded twice) was unconditionally rejected with a 400 Bad Request before middleware or route handlers could run. This broke embedded tools like Sanity Studio whose client-side router legitimately produces double-encoded URLs.

    The fix replaces the rejection approach with iterative decoding — multi-level percent-encoding is now fully resolved to its canonical form before being passed to middleware and route matching. This preserves the security fix for CVE-2025-66202 (middleware authorization bypass via double encoding) because middleware now always sees the fully decoded path, making bypass impossible. For example, /api/%2561dmin is decoded to /api/admin, which middleware can correctly block.

  • #17066 2f4d92a Thanks @​matthewp! - Fixes prerendered redirect targets being incorrectly bundled into the SSR function in hybrid mode, causing massive bundle size inflation

  • #16882 621beb7 Thanks @​jettwayio! - fix(render): honour compressHTML when joining head elements

  • #16892 8d753b0 Thanks @​astrobot-houston! - Fixes custom elements in MDX having their children's slot attribute stripped by the JSX runtime

    When custom elements (tags with hyphens like <my-element>) are used in MDX files, the slot HTML attribute on their children is now correctly preserved. Previously, the shared JSX runtime would treat slot as an Astro slot assignment and remove it from the output, breaking Shadow DOM named slot distribution for web components.

  • #16957 544ee76 Thanks @​thelazylamaGit! - Fixes stale inline CSS in server-rendered HTML after CSS file edits during dev

    When editing a CSS file (.css, .scss, etc.) during development, the inline <style> tags in server-rendered HTML would retain old CSS content instead of updating. This caused a brief flash of old CSS (FOUC) on fresh page loads before Vite's client-side HMR corrected the styles.

    The fix ensures that Astro's per-route dev CSS virtual modules are invalidated in both the SSR module graph and the module runner's evaluation cache when a style file changes, so the next page render picks up the fresh CSS.

  • #17044 2220d22 Thanks @​astrobot-houston! - Fixes CSS from client:only islands leaking to unrelated pages when Rollup bundles non-CSS-importing modules into the same chunk as CSS-importing modules

  • #17040 7c4763d Thanks @​astrobot-houston! - Fixes HMR not triggering for files inside the src/middleware/ directory during dev

  • #16672 52fc862 Thanks @​martinheidegger! - Fixes support for numeric IDs in YAML frontmatter when using content collection references

  • #16762 9de80ae Thanks @​alexanderdombroski! - Adds a JSON schema to the Wrangler configuration file generated when running astro add cloudflare

  • #17046 ef771ec Thanks @​ematipico! - Improves the diagnostics emitted when Astro parses incorrect .astro files.

astro@6.4.6

Patch Changes

  • #16765 b10e86e Thanks @​fkatsuhiro! - Fixes an issue where renaming an image file while the dev server is running triggers a build error. Now Astro correctly hot-reloads the image without crashing.

  • #17026 add3df1 Thanks @​matthewp! - Hardens addAttribute to drop attribute names containing characters that are invalid per the HTML spec (", ', >, /, =, whitespace)

  • #17033 ffda27b Thanks @​matthewp! - Validates the request origin against allowedDomains before fetching prerendered error pages. When allowedDomains is configured and the Host header matches, the original origin is used. Otherwise, the fetch falls back to localhost.

astro@6.4.5

... (truncated)

Changelog

Sourced from astro's changelog.

6.4.8

Patch Changes

6.4.7

Patch Changes

  • #17035 197e50e Thanks @​astrobot-houston! - Fixes getRelativeLocaleUrl, getAbsoluteLocaleUrl, and getAbsoluteLocaleUrlList to strip trailing slashes when trailingSlash: 'never' is configured

  • #16967 3719765 Thanks @​astrobot-houston! - Fixes double URL-encoded paths returning 400 Bad Request on on-demand routes

    Previously, any URL containing a double-encoded character (like %255B, which is [ encoded twice) was unconditionally rejected with a 400 Bad Request before middleware or route handlers could run. This broke embedded tools like Sanity Studio whose client-side router legitimately produces double-encoded URLs.

    The fix replaces the rejection approach with iterative decoding — multi-level percent-encoding is now fully resolved to its canonical form before being passed to middleware and route matching. This preserves the security fix for CVE-2025-66202 (middleware authorization bypass via double encoding) because middleware now always sees the fully decoded path, making bypass impossible. For example, /api/%2561dmin is decoded to /api/admin, which middleware can correctly block.

  • #17066 2f4d92a Thanks @​matthewp! - Fixes prerendered redirect targets being incorrectly bundled into the SSR function in hybrid mode, causing massive bundle size inflation

  • #16882 621beb7 Thanks @​jettwayio! - fix(render): honour compressHTML when joining head elements

  • #16892 8d753b0 Thanks @​astrobot-houston! - Fixes custom elements in MDX having their children's slot attribute stripped by the JSX runtime

    When custom elements (tags with hyphens like <my-element>) are used in MDX files, the slot HTML attribute on their children is now correctly preserved. Previously, the shared JSX runtime would treat slot as an Astro slot assignment and remove it from the output, breaking Shadow DOM named slot distribution for web components.

  • #16957 544ee76 Thanks @​thelazylamaGit! - Fixes stale inline CSS in server-rendered HTML after CSS file edits during dev

    When editing a CSS file (.css, .scss, etc.) during development, the inline <style> tags in server-rendered HTML would retain old CSS content instead of updating. This caused a brief flash of old CSS (FOUC) on fresh page loads before Vite's client-side HMR corrected the styles.

    The fix ensures that Astro's per-route dev CSS virtual modules are invalidated in both the SSR module graph and the module runner's evaluation cache when a style file changes, so the next page render picks up the fresh CSS.

  • #17044 2220d22 Thanks @​astrobot-houston! - Fixes CSS from client:only islands leaking to unrelated pages when Rollup bundles non-CSS-importing modules into the same chunk as CSS-importing modules

  • #17040 7c4763d Thanks @​astrobot-houston! - Fixes HMR not triggering for files inside the src/middleware/ directory during dev

  • #16672 52fc862 Thanks @​martinheidegger! - Fixes support for numeric IDs in YAML frontmatter when using content collection references

  • #16762 9de80ae Thanks @​alexanderdombroski! - Adds a JSON schema to the Wrangler configuration file generated when running astro add cloudflare

  • #17046 ef771ec Thanks @​ematipico! - Improves the diagnostics emitted when Astro parses incorrect .astro files.

6.4.6

Patch Changes

  • #16765 b10e86e Thanks @​fkatsuhiro! - Fixes an issue where renaming an image file while the dev server is running triggers a build error. Now Astro correctly hot-reloads the image without crashing.

  • #17026 add3df1 Thanks @​matthewp! - Hardens addAttribute to drop attribute names containing characters that are invalid per the HTML spec (", ', >, /, =, whitespace)

... (truncated)

Commits

Updates sanitize-html from 2.17.4 to 2.17.5

Changelog

Sourced from sanitize-html's changelog.

2.17.5 (2026-06-10)

Security

  • Added a number of new attributes to be protected against unsafe URLs, e.g. javascript: and similar. None of these are used in the default configuration of sanitize-html or apostrophe or likely to be used there, and some attributes, like an action for a form, are inherently unsafe to allow if XSS protection is your goal. Nevertheless it makes sense to block certain URL types where they are not appropriate. Some attributes are not supported at all by modern browsers but are included for completeness. Thanks to crattack for reporting the vulnerability.
  • Address a potential vulnerability when nonTextTags is configured in a nonstandard way. While it is never a good idea to remove known non-text tags from the standard list e.g. script, styles, etc., this change ensures that doing so does not result in nested tags being passed through without sanitization when they are not expressly allowed. (ApostropheCMS would never trigger this situation.) Thanks to Dipanshu singh for pointing out the issue and contributing the fix.
Commits

Updates sharp from 0.34.5 to 0.35.2

Release notes

Sourced from sharp's releases.

v0.35.2

v0.35.2-rc.2

  • TypeScript: Add mediaType to metadata response. #4492

  • Improve WebAssembly fallback detection. #4513

  • Improve code bundler support with stub binaries. #4543

  • Verify GIF effort option is an integer. #4544 @​metsw24-max

  • Verify recomb matrix entries are numbers. #4545 @​metsw24-max

  • TypeScript: Replace namespace with named exports for ESM. #4546

... (truncated)

Commits
  • c9622a3 Release v0.35.2
  • cd4568f Upgrade to sharp-libvips v1.3.1
  • 78390cf Tests: Add font file to prevent font discovery flakiness (#4550)
  • 61210b4 Verify convolve kernel values are numbers (#4549)
  • 1cb27dc Prerelease v0.35.2-rc.2
  • c7606c3 Upgrade to sharp-libvips v1.3.1-rc.0
  • 29d1e9e Prerelease v0.35.2-rc.1
  • bbba0a1 Improve code bundler support with stub binaries
  • ab52866 Bound dilate and erode width to avoid mask-size overflow (#4548)
  • 0f594dd Prerelease v0.35.2-rc.0
  • Additional commits viewable in compare view

Updates tailwindcss from 4.3.0 to 4.3.1

Release notes

Sourced from tailwindcss's releases.

v4.3.1

Added

  • Add --silent option to suppress output in @tailwindcss/cli (#20100)

Fixed

  • Remove deprecation warnings by using Module#registerHooks instead of Module#register on Node 26+ (#20028)
  • Canonicalization: don't crash when plugin utilities throw for unsupported values (#20052)
  • Allow @apply to be used with CSS mixins (#19427)
  • Ensure not-* correctly negates @container queries, including style(…) queries (#20059)
  • Ensure drop-shadow-* color utilities work with custom shadow values containing calc(…) (#20080)
  • Fix 'Sourcemap is likely to be incorrect' warnings when using @tailwindcss/vite (#20103)
  • Ensure @tailwindcss/webpack can be installed in Rspack projects without requiring webpack as a peer dependency (#20027)
  • Canonicalization: don't suggest invalid calc(…) expressions (e.g. px-[calc(1rem+0px)]px-[calc(1rem+0)]) (#20127)
  • Canonicalization: avoid suggesting large spacing-scale values for arbitrary lengths (e.g. left-[99999px]left-[99999px], not left-24999.75) (#20130)
  • Ensure @tailwindcss/cli in --watch mode recovers when a tracked dependency is deleted and restored (#20137)
  • Ensure standalone @tailwindcss/cli binaries are ignored when scanning for class candidates (#20139)
  • Ensure class candidates are extracted from Twig addClass(…) and removeClass(…) calls (#20198)
  • Don't crash in the Ruby or Vue preprocessors when scanning files containing invalid UTF-8 bytes (#19588)
  • Allow @variant to be used inside addBase (#19480)
  • Ensure @source globs with symlinks are preserved (#20203)
  • Ensure later @source rules can re-include files excluded by earlier @source not rules (#20203)
  • Upgrade: don't migrate empty class rules to invalid @utility rules (#20205)
  • Ensure transitions between inset-shadow-none and other inset shadows work correctly (#20208)
  • Ensure explic...

    Description has been truncated

Bumps the npm group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/markdown-remark](https://github.com/withastro/astro/tree/HEAD/packages/markdown/remark) | `7.1.2` | `7.2.0` |
| [@astrojs/sitemap](https://github.com/withastro/astro/tree/HEAD/packages/integrations/sitemap) | `3.7.2` | `3.7.3` |
| [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) | `0.39.2` | `0.40.0` |
| [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.3.0` | `4.3.1` |
| [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `2.17.4` | `2.17.5` |
| [sharp](https://github.com/lovell/sharp) | `0.34.5` | `0.35.2` |
| [temporal-polyfill](https://github.com/fullcalendar/temporal-polyfill/tree/HEAD/polyfill) | `0.3.2` | `1.0.1` |
| [@tailwindcss/typography](https://github.com/tailwindlabs/tailwindcss-typography) | `0.5.19` | `0.5.20` |



Updates `@astrojs/markdown-remark` from 7.1.2 to 7.2.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/markdown/remark/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/markdown-remark@7.2.0/packages/markdown/remark)

Updates `@astrojs/sitemap` from 3.7.2 to 3.7.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/sitemap/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/sitemap@3.7.3/packages/integrations/sitemap)

Updates `@astrojs/starlight` from 0.39.2 to 0.40.0
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.40.0/packages/starlight)

Updates `@tailwindcss/vite` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/@tailwindcss-vite)

Updates `astro` from 6.3.7 to 6.4.8
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/astro@6.4.8/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.4.8/packages/astro)

Updates `sanitize-html` from 2.17.4 to 2.17.5
- [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/apostrophe/commits/sanitize-html@2.17.5/packages/sanitize-html)

Updates `sharp` from 0.34.5 to 0.35.2
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.2)

Updates `tailwindcss` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.1/packages/tailwindcss)

Updates `temporal-polyfill` from 0.3.2 to 1.0.1
- [Release notes](https://github.com/fullcalendar/temporal-polyfill/releases)
- [Changelog](https://github.com/fullcalendar/temporal-polyfill/blob/main/polyfill/CHANGELOG.md)
- [Commits](https://github.com/fullcalendar/temporal-polyfill/commits/temporal-polyfill@1.0.1/polyfill)

Updates `@tailwindcss/typography` from 0.5.19 to 0.5.20
- [Release notes](https://github.com/tailwindlabs/tailwindcss-typography/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss-typography/blob/main/CHANGELOG.md)
- [Commits](tailwindlabs/tailwindcss-typography@v0.5.19...v0.5.20)

---
updated-dependencies:
- dependency-name: "@astrojs/markdown-remark"
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@astrojs/sitemap"
  dependency-version: 3.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@astrojs/starlight"
  dependency-version: 0.40.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: astro
  dependency-version: 6.4.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: sanitize-html
  dependency-version: 2.17.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: tailwindcss
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: temporal-polyfill
  dependency-version: 1.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: "@tailwindcss/typography"
  dependency-version: 0.5.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 21, 2026
@kylewlacy kylewlacy mentioned this pull request Jun 28, 2026
@kylewlacy

Copy link
Copy Markdown
Member

Closing in favor of #107

@kylewlacy kylewlacy closed this Jun 28, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 28, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-41bfa9c212 branch June 28, 2026 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant