kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
https://astro-shield.kindspells.dev
MIT License
58 stars 6 forks source link

chore(deps): bump the prod-deps group across 1 directory with 2 updates #149

Closed dependabot[bot] closed 1 month ago

dependabot[bot] commented 1 month ago

Bumps the prod-deps group with 2 updates in the / directory: sst and astro.

Updates sst from 3.1.67 to 3.2.38

Commits


Updates astro from 4.15.11 to 4.16.6

Release notes

Sourced from astro's releases.

astro@4.16.6

Patch Changes

  • #11823 a3d30a6 Thanks @​DerTimonius! - fix: improve error message when inferSize is used in local images with the Image component

  • #12227 8b1a641 Thanks @​florian-lefebvre! - Fixes a case where environment variables would not be refreshed when using astro:env

  • #12239 2b6daa5 Thanks @​ematipico! - BREAKING CHANGE to the experimental Container API only

    Changes the default page rendering behavior of Astro components in containers, and adds a new option partial: false to render full Astro pages as before.

    Previously, the Container API was rendering all Astro components as if they were full Astro pages containing <!DOCTYPE html> by default. This was not intended, and now by default, all components will render as page partials: only the contents of the components without a page shell.

    To render the component as a full-fledged Astro page, pass a new option called partial: false to renderToString() and renderToResponse():

    import { experimental_AstroContainer as AstroContainer } from 'astro/container';
    import Card from '../src/components/Card.astro';
    

    const container = AstroContainer.create();

    await container.renderToString(Card); // the string will not contain &lt;!DOCTYPE html&gt; await container.renderToString(Card, { partial: false }); // the string will contain &lt;!DOCTYPE html&gt;

astro@4.16.5

Patch Changes

astro@4.16.4

Patch Changes

  • #12223 79ffa5d Thanks @​ArmandPhilippot! - Fixes a false positive reported by the dev toolbar Audit app where a label was considered missing when associated with a button

    The button element can be used with a label (e.g. to create a switch) and should not be reported as an accessibility issue when used as a child of a label.

  • #12199 c351352 Thanks @​ematipico! - Fixes a regression in the computation of Astro.currentLocale

  • #12222 fb55695 Thanks @​ematipico! - Fixes an issue where the edge middleware couldn't correctly compute the client IP address when calling ctx.clientAddress()

astro@4.16.3

Patch Changes

astro@4.16.2

Patch Changes

... (truncated)

Changelog

Sourced from astro's changelog.

4.16.6

Patch Changes

  • #11823 a3d30a6 Thanks @​DerTimonius! - fix: improve error message when inferSize is used in local images with the Image component

  • #12227 8b1a641 Thanks @​florian-lefebvre! - Fixes a case where environment variables would not be refreshed when using astro:env

  • #12239 2b6daa5 Thanks @​ematipico! - BREAKING CHANGE to the experimental Container API only

    Changes the default page rendering behavior of Astro components in containers, and adds a new option partial: false to render full Astro pages as before.

    Previously, the Container API was rendering all Astro components as if they were full Astro pages containing <!DOCTYPE html> by default. This was not intended, and now by default, all components will render as page partials: only the contents of the components without a page shell.

    To render the component as a full-fledged Astro page, pass a new option called partial: false to renderToString() and renderToResponse():

    import { experimental_AstroContainer as AstroContainer } from 'astro/container';
    import Card from '../src/components/Card.astro';
    

    const container = AstroContainer.create();

    await container.renderToString(Card); // the string will not contain &lt;!DOCTYPE html&gt; await container.renderToString(Card, { partial: false }); // the string will contain &lt;!DOCTYPE html&gt;

4.16.5

Patch Changes

4.16.4

Patch Changes

  • #12223 79ffa5d Thanks @​ArmandPhilippot! - Fixes a false positive reported by the dev toolbar Audit app where a label was considered missing when associated with a button

    The button element can be used with a label (e.g. to create a switch) and should not be reported as an accessibility issue when used as a child of a label.

  • #12199 c351352 Thanks @​ematipico! - Fixes a regression in the computation of Astro.currentLocale

  • #12222 fb55695 Thanks @​ematipico! - Fixes an issue where the edge middleware couldn't correctly compute the client IP address when calling ctx.clientAddress()

4.16.3

Patch Changes

  • #12220 b049359 Thanks @​bluwy! - Fixes accidental internal setOnSetGetEnv parameter rename that caused runtime errors

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
socket-security[bot] commented 1 month ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/astro@4.16.6 Transitive: environment, eval, filesystem, network, shell +315 62.3 MB fredkschott
npm/sst@3.2.38 environment, filesystem, network +8 1.42 MB thdxr

🚮 Removed packages: npm/astro@4.15.11, npm/sst@3.1.67

View full report↗︎

dependabot[bot] commented 1 month ago

Superseded by #154.