Skip to content

chore: bump the minor-and-patch group across 2 directories with 2 updates#733

Merged
Aureliolo merged 2 commits intomainfrom
dependabot/npm_and_yarn/site/minor-and-patch-c915a146b7
Mar 22, 2026
Merged

chore: bump the minor-and-patch group across 2 directories with 2 updates#733
Aureliolo merged 2 commits intomainfrom
dependabot/npm_and_yarn/site/minor-and-patch-c915a146b7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 22, 2026

Bumps the minor-and-patch group with 1 update in the /site directory: astro.
Bumps the minor-and-patch group with 1 update in the /web directory: eslint.

Updates astro from 6.0.7 to 6.0.8

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

  • #15978 6d182fe Thanks @​seroperson! - Fixes a bug where Astro Actions didn't properly support nested object properties, causing problems when users used zod functions such as superRefine or discriminatedUnion.

  • #16011 e752170 Thanks @​matthewp! - Fixes a dev server hang on the first request when using the Cloudflare adapter

  • #15997 1fddff7 Thanks @​ematipico! - Fixes Astro.rewrite() failing when the target path contains duplicate slashes (e.g. //about). The duplicate slashes are now collapsed before URL parsing, preventing them from being interpreted as a protocol-relative URL.

Changelog

Sourced from astro's changelog.

6.0.8

Patch Changes

  • #15978 6d182fe Thanks @​seroperson! - Fixes a bug where Astro Actions didn't properly support nested object properties, causing problems when users used zod functions such as superRefine or discriminatedUnion.

  • #16011 e752170 Thanks @​matthewp! - Fixes a dev server hang on the first request when using the Cloudflare adapter

  • #15997 1fddff7 Thanks @​ematipico! - Fixes Astro.rewrite() failing when the target path contains duplicate slashes (e.g. //about). The duplicate slashes are now collapsed before URL parsing, preventing them from being interpreted as a protocol-relative URL.

Commits
  • b47897c [ci] release (#15998)
  • e752170 fix(css): skip dev-css virtual modules in ensureModulesLoaded to prevent Clou...
  • 6d182fe fix(actions): support for nested objects in form (#15978)
  • 1fddff7 fix(rewrite): collapse leading slashes when doing a redirect (#15997)
  • See full diff in compare view

Updates eslint from 10.0.3 to 10.1.0

Release notes

Sourced from eslint's releases.

v10.1.0

Features

  • ff4382b feat: apply fix for no-var in TSModuleBlock (#20638) (Tanuj Kanti)
  • 0916995 feat: Implement api support for bulk-suppressions (#20565) (Blake Sager)

Bug Fixes

  • 2b8824e fix: Prevent no-var autofix when a variable is used before declaration (#20464) (Amaresh S M)
  • e58b4bf fix: update eslint (#20597) (renovate[bot])

Documentation

  • b7b57fe docs: use correct JSDoc link in require-jsdoc.md (#20641) (mkemna-clb)
  • 58e4cfc docs: add deprecation notice partial (#20639) (Milos Djermanovic)
  • 7143dbf docs: update v9 migration guide for @eslint/js usage (#20540) (fnx)
  • 035fc4f docs: note that globalReturn applies only with sourceType: "script" (#20630) (Milos Djermanovic)
  • e972c88 docs: merge ESLint option descriptions into type definitions (#20608) (Francesco Trotta)
  • 7f10d84 docs: Update README (GitHub Actions Bot)
  • aeed007 docs: open playground link in new tab (#20602) (Tanuj Kanti)
  • a0d1a37 docs: Add AI Usage Policy (#20510) (Nicholas C. Zakas)

Chores

  • a9f9cce chore: update dependency eslint-plugin-unicorn to ^63.0.0 (#20584) (Milos Djermanovic)
  • 1f42bd7 chore: update prettier to 3.8.1 (#20651) (루밀LuMir)
  • c0a6f4a chore: update dependency @​eslint/json to ^1.2.0 (#20652) (renovate[bot])
  • cc43f79 chore: update dependency c8 to v11 (#20650) (renovate[bot])
  • 2ce4635 chore: update dependency @​eslint/json to v1 (#20649) (renovate[bot])
  • f0406ee chore: update dependency markdownlint-cli2 to ^0.21.0 (#20646) (renovate[bot])
  • dbb4c95 chore: remove trunk (#20478) (sethamus)
  • c672a2a test: fix CLI test for empty output file (#20640) (kuldeep kumar)
  • c7ada24 ci: bump pnpm/action-setup from 4.3.0 to 4.4.0 (#20636) (dependabot[bot])
  • 07c4b8b test: fix RuleTester test without test runners (#20631) (Francesco Trotta)
  • 079bba7 test: Add tests for isValidWithUnicodeFlag (#20601) (Manish chaudhary)
  • 5885ae6 ci: unpin Node.js 25.x in CI (#20615) (Copilot)
  • f65e5d3 chore: update pnpm/action-setup digest to b906aff (#20610) (renovate[bot])
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the minor-and-patch group across 2 directories with 2 upd…
5e3cbf6 
…ates

Bumps the minor-and-patch group with 1 update in the /site directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).
Bumps the minor-and-patch group with 1 update in the /web directory: [eslint](https://github.com/eslint/eslint).


Updates `astro` from 6.0.7 to 6.0.8
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/[email protected]/packages/astro)

Updates `eslint` from 10.0.3 to 10.1.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](eslint/eslint@v10.0.3...v10.1.0)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 6.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: eslint
  dependency-version: 10.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the type:chore Maintenance, cleanup, dependency updates label Mar 22, 2026
@dependabot dependabot bot requested a review from Aureliolo as a code owner March 22, 2026 14:39
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 22, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/astro 6.0.8 UnknownUnknown
npm/eslint 10.1.0 🟢 6.5
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 7Found 18/24 approved changesets -- score normalized to 7
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • site/package-lock.json
  • web/package-lock.json

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 22, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​astro@​6.0.7 ⏵ 6.0.898 +110088 +198100
Updatednpm/​eslint@​10.0.3 ⏵ 10.1.089 +110010097 +2100

View full report

@dependabot dependabot bot had a problem deploying to cloudflare-preview March 22, 2026 14:40 Failure
Aureliolo
Aureliolo approved these changes Mar 22, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@Aureliolo Aureliolo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changelog reviewed (astro 6.0.7->6.0.8, eslint 10.0.3->10.1.0). Astro fixes are for Actions/Cloudflare adapter/rewrite -- none of which we use in site/. ESLint minor adds bulk suppressions API and TSModuleBlock no-var fix. No actionable items.

@Aureliolo Aureliolo temporarily deployed to cloudflare-preview March 22, 2026 14:58 — with GitHub Actions Inactive
@Aureliolo Aureliolo merged commit 2b60069 into main Mar 22, 2026
29 checks passed
@Aureliolo Aureliolo deleted the dependabot/npm_and_yarn/site/minor-and-patch-c915a146b7 branch March 22, 2026 14:59
@Aureliolo Aureliolo temporarily deployed to cloudflare-preview March 22, 2026 14:59 — with GitHub Actions Inactive
@Aureliolo Aureliolo mentioned this pull request Mar 22, 2026
Merged
Aureliolo added a commit that referenced this pull request Mar 22, 2026
@Aureliolo
chore(main): release 0.4.7 (#711)
3045df8 
🤖 I have created a release *beep* *boop*
---


##
[0.4.7](v0.4.6...v0.4.7)
(2026-03-22)


### Features

* add system user for CLI-to-backend authentication
([#710](#710))
([dc6bd3f](dc6bd3f))
* dev channel builds with incremental pre-releases between stable
releases ([#715](#715))
([0e8a714](0e8a714))
* replace hardcoded name pools with Faker multi-locale name generation
([#714](#714))
([5edc6ec](5edc6ec))


### Bug Fixes

* dev-release tag creation, dependabot coverage, go -C cli convention
([#730](#730))
([7634843](7634843))
* improve name generation step UX and fix sentinel expansion bug
([#739](#739))
([f03fd05](f03fd05))
* settings page UX polish -- toggle bug, source badges, form
improvements ([#712](#712))
([d16a0ac](d16a0ac))
* switch dev tags to semver and use same release pipeline as stable
([#729](#729))
([4df6b9b](4df6b9b)),
closes [#713](#713)
* unify CLI image discovery and standardize Go tooling
([#738](#738))
([712a785](712a785))
* use PAT in dev-release workflow to trigger downstream pipelines
([#716](#716))
([d767aa3](d767aa3))


### CI/CD

* bump astral-sh/setup-uv from 7.4.0 to 7.6.0 in
/.github/actions/setup-python-uv in the minor-and-patch group
([#731](#731))
([7887257](7887257))
* bump the minor-and-patch group with 3 updates
([#735](#735))
([7cd253a](7cd253a))
* bump wrangler from 4.75.0 to 4.76.0 in /.github in the minor-and-patch
group ([#732](#732))
([a6cafc7](a6cafc7))
* clean up all dev releases and tags on stable release
([#737](#737))
([8d90f5c](8d90f5c))


### Maintenance

* bump the minor-and-patch group across 2 directories with 2 updates
([#733](#733))
([2b60069](2b60069))
* bump the minor-and-patch group with 3 updates
([#734](#734))
([859bc25](859bc25))
* fix dependabot labels and add scope tags
([#736](#736))
([677eb15](677eb15))
* remove redundant pytest.mark.timeout(30) markers
([#740](#740))
([9ec2163](9ec2163))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aureliolo Aureliolo Aureliolo approved these changes

Assignees

No one assigned

Labels

type:chore Maintenance, cleanup, dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aureliolo