[PR #153] [CLOSED] chore(deps): bump astro from 5.15.4 to 5.15.6 in /www in the npm_and_yarn group across 1 directory #158

New issue

Closed

opened 2026-02-27 15:55:21 +03:00 by kerem · 0 comments

kerem commented 2026-02-27 15:55:21 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/RayLabsHQ/gitea-mirror/pull/153
Author: @dependabot[bot]
Created: 11/13/2025
Status: ❌ Closed

Base: main ← Head: dependabot/npm_and_yarn/www/npm_and_yarn-0084abb8db

---

📝 Commits (1)

• 9cec4a9 chore(deps): bump astro

📊 Changes

2 files changed (+494 additions, -472 deletions)

View changed files

📝 www/package.json (+1 -1)
📝 www/pnpm-lock.yaml (+493 -471)

📄 Description

Bumps the npm_and_yarn group with 1 update in the /www directory: astro.

Updates astro from 5.15.4 to 5.15.6

Release notes

Sourced from astro's releases.

astro@5.15.6

Patch Changes

• #14751 18c55e1 Thanks @​delucis! - Fixes hydration of client components when running the dev server and using a barrel file that re-exports both Astro and UI framework components.

• #14750 35122c2 Thanks @​florian-lefebvre! - Updates the experimental Fonts API to log a warning if families with a conflicting cssVariable are provided

• #14737 74c8852 Thanks @​Arecsu! - Fixes an error when using transition:persist with components that use declarative Shadow DOM. Astro now avoids re-attaching a shadow root if one already exists, preventing "Unable to re-attach to existing ShadowDOM" navigation errors.

• #14750 35122c2 Thanks @​florian-lefebvre! - Updates the experimental Fonts API to allow for more granular configuration of remote font families

  A font family is defined by a combination of properties such as weights and styles (e.g. weights: [500, 600] and styles: ["normal", "bold"]), but you may want to download only certain combinations of these.

  For greater control over which font files are downloaded, you can specify the same font (ie. with the same cssVariable, name, and provider properties) multiple times with different combinations. Astro will merge the results and download only the required files. For example, it is possible to download normal 500 and 600 while downloading only italic 500:

  // astro.config.mjs
  import { defineConfig, fontProviders } from 'astro/config';
  export default defineConfig({
  experimental: {
  fonts: [
  {
  name: 'Roboto',
  cssVariable: '--roboto',
  provider: fontProviders.google(),
  weights: [500, 600],
  styles: ['normal'],
  },
  {
  name: 'Roboto',
  cssVariable: '--roboto',
  provider: fontProviders.google(),
  weights: [500],
  styles: ['italic'],
  },
  ],
  },
  });
  

astro@5.15.5

Patch Changes

• #14712 91780cf Thanks @​florian-lefebvre! - Fixes a case where build's process.env would be inlined in the server output

• #14713 666d5a7 Thanks @​florian-lefebvre! - Improves fallbacks generation when using the experimental Fonts API

• #14743 dafbb1b Thanks @​matthewp! - Improves X-Forwarded header validation to prevent cache poisoning and header injection attacks. Now properly validates X-Forwarded-Proto, X-Forwarded-Host, and X-Forwarded-Port headers against configured allowedDomains patterns, rejecting malformed or suspicious values. This is especially important when running behind a reverse proxy or load balancer.

Changelog

Sourced from astro's changelog.

5.15.6

Patch Changes

• #14751 18c55e1 Thanks @​delucis! - Fixes hydration of client components when running the dev server and using a barrel file that re-exports both Astro and UI framework components.

• #14750 35122c2 Thanks @​florian-lefebvre! - Updates the experimental Fonts API to log a warning if families with a conflicting cssVariable are provided

• #14737 74c8852 Thanks @​Arecsu! - Fixes an error when using transition:persist with components that use declarative Shadow DOM. Astro now avoids re-attaching a shadow root if one already exists, preventing "Unable to re-attach to existing ShadowDOM" navigation errors.

• #14750 35122c2 Thanks @​florian-lefebvre! - Updates the experimental Fonts API to allow for more granular configuration of remote font families

  A font family is defined by a combination of properties such as weights and styles (e.g. weights: [500, 600] and styles: ["normal", "bold"]), but you may want to download only certain combinations of these.

  For greater control over which font files are downloaded, you can specify the same font (ie. with the same cssVariable, name, and provider properties) multiple times with different combinations. Astro will merge the results and download only the required files. For example, it is possible to download normal 500 and 600 while downloading only italic 500:

  // astro.config.mjs
  import { defineConfig, fontProviders } from 'astro/config';
  export default defineConfig({
  experimental: {
  fonts: [
  {
  name: 'Roboto',
  cssVariable: '--roboto',
  provider: fontProviders.google(),
  weights: [500, 600],
  styles: ['normal'],
  },
  {
  name: 'Roboto',
  cssVariable: '--roboto',
  provider: fontProviders.google(),
  weights: [500],
  styles: ['italic'],
  },
  ],
  },
  });
  

5.15.5

Patch Changes

• #14712 91780cf Thanks @​florian-lefebvre! - Fixes a case where build's process.env would be inlined in the server output

• #14713 666d5a7 Thanks @​florian-lefebvre! - Improves fallbacks generation when using the experimental Fonts API

... (truncated)

Commits

• 1901061 [ci] release (#14745)
• 790d942 Merge commit from fork
• 35122c2 feat(fonts): merge families (#14750)
• 72381ef chore: upgrade @​playwright/test (#14749)
• 18c55e1 Stub out .astro imports in client modules (#14751)
• 5bc37fd fix(deps): update astro dependencies (#14739)
• 74c8852 fix: skip re-attaching shadow roots during view transitions (#14737)
• ab34340 [ci] release (#14732)
• 535fa36 [ci] format
• dafbb1b Prevent cache poisoning in x-forwarded headers (#14743)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/RayLabsHQ/gitea-mirror/pull/153 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 11/13/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `dependabot/npm_and_yarn/www/npm_and_yarn-0084abb8db` --- ### 📝 Commits (1) - [`9cec4a9`](https://github.com/RayLabsHQ/gitea-mirror/commit/9cec4a944aa515cabe2f99196aff7fca099a5bb7) chore(deps): bump astro ### 📊 Changes **2 files changed** (+494 additions, -472 deletions) <details> <summary>View changed files</summary> 📝 `www/package.json` (+1 -1) 📝 `www/pnpm-lock.yaml` (+493 -471) </details> ### 📄 Description Bumps the npm_and_yarn group with 1 update in the /www directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). Updates `astro` from 5.15.4 to 5.15.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/withastro/astro/releases">astro's releases</a>.</em></p> <blockquote> <h2>astro@5.15.6</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14751">#14751</a> <a href="https://github.com/withastro/astro/commit/18c55e15eaef56cbe06626b6bdb43ab250ab6f49"><code>18c55e1</code></a> Thanks <a href="https://github.com/delucis"><code>@​delucis</code></a>! - Fixes hydration of client components when running the dev server and using a barrel file that re-exports both Astro and UI framework components.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14750">#14750</a> <a href="https://github.com/withastro/astro/commit/35122c278f987f9213b8e1094382398a16090aff"><code>35122c2</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Updates the experimental Fonts API to log a warning if families with a conflicting <code>cssVariable</code> are provided</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14737">#14737</a> <a href="https://github.com/withastro/astro/commit/74c8852c534cc23217a78979e10885429b290e0b"><code>74c8852</code></a> Thanks <a href="https://github.com/Arecsu"><code>@​Arecsu</code></a>! - Fixes an error when using <code>transition:persist</code> with components that use declarative Shadow DOM. Astro now avoids re-attaching a shadow root if one already exists, preventing <code>&quot;Unable to re-attach to existing ShadowDOM&quot;</code> navigation errors.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14750">#14750</a> <a href="https://github.com/withastro/astro/commit/35122c278f987f9213b8e1094382398a16090aff"><code>35122c2</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Updates the experimental Fonts API to allow for more granular configuration of remote font families</p> <p>A font family is defined by a combination of properties such as weights and styles (e.g. <code>weights: [500, 600]</code> and <code>styles: [&quot;normal&quot;, &quot;bold&quot;]</code>), but you may want to download only certain combinations of these.</p> <p>For greater control over which font files are downloaded, you can specify the same font (ie. with the same <code>cssVariable</code>, <code>name</code>, and <code>provider</code> properties) multiple times with different combinations. Astro will merge the results and download only the required files. For example, it is possible to download normal <code>500</code> and <code>600</code> while downloading only italic <code>500</code>:</p> <pre lang="js"><code>// astro.config.mjs import { defineConfig, fontProviders } from 'astro/config'; <p>export default defineConfig({ experimental: { fonts: [ { name: 'Roboto', cssVariable: '--roboto', provider: fontProviders.google(), weights: [500, 600], styles: ['normal'], }, { name: 'Roboto', cssVariable: '--roboto', provider: fontProviders.google(), weights: [500], styles: ['italic'], }, ], }, }); </code></pre></p> </li> </ul> <h2>astro@5.15.5</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14712">#14712</a> <a href="https://github.com/withastro/astro/commit/91780cffa7cf97cc22694d55962710609a5475b0"><code>91780cf</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Fixes a case where build's <code>process.env</code> would be inlined in the server output</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14713">#14713</a> <a href="https://github.com/withastro/astro/commit/666d5a7ef486aa57f20f87b6cb210619dabd9c4c"><code>666d5a7</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Improves fallbacks generation when using the experimental Fonts API</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14743">#14743</a> <a href="https://github.com/withastro/astro/commit/dafbb1ba29912099c4faff1440033edc768af8b4"><code>dafbb1b</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Improves <code>X-Forwarded</code> header validation to prevent cache poisoning and header injection attacks. Now properly validates <code>X-Forwarded-Proto</code>, <code>X-Forwarded-Host</code>, and <code>X-Forwarded-Port</code> headers against configured <code>allowedDomains</code> patterns, rejecting malformed or suspicious values. This is especially important when running behind a reverse proxy or load balancer.</p> </li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md">astro's changelog</a>.</em></p> <blockquote> <h2>5.15.6</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14751">#14751</a> <a href="https://github.com/withastro/astro/commit/18c55e15eaef56cbe06626b6bdb43ab250ab6f49"><code>18c55e1</code></a> Thanks <a href="https://github.com/delucis"><code>@​delucis</code></a>! - Fixes hydration of client components when running the dev server and using a barrel file that re-exports both Astro and UI framework components.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14750">#14750</a> <a href="https://github.com/withastro/astro/commit/35122c278f987f9213b8e1094382398a16090aff"><code>35122c2</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Updates the experimental Fonts API to log a warning if families with a conflicting <code>cssVariable</code> are provided</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14737">#14737</a> <a href="https://github.com/withastro/astro/commit/74c8852c534cc23217a78979e10885429b290e0b"><code>74c8852</code></a> Thanks <a href="https://github.com/Arecsu"><code>@​Arecsu</code></a>! - Fixes an error when using <code>transition:persist</code> with components that use declarative Shadow DOM. Astro now avoids re-attaching a shadow root if one already exists, preventing <code>&quot;Unable to re-attach to existing ShadowDOM&quot;</code> navigation errors.</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14750">#14750</a> <a href="https://github.com/withastro/astro/commit/35122c278f987f9213b8e1094382398a16090aff"><code>35122c2</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Updates the experimental Fonts API to allow for more granular configuration of remote font families</p> <p>A font family is defined by a combination of properties such as weights and styles (e.g. <code>weights: [500, 600]</code> and <code>styles: [&quot;normal&quot;, &quot;bold&quot;]</code>), but you may want to download only certain combinations of these.</p> <p>For greater control over which font files are downloaded, you can specify the same font (ie. with the same <code>cssVariable</code>, <code>name</code>, and <code>provider</code> properties) multiple times with different combinations. Astro will merge the results and download only the required files. For example, it is possible to download normal <code>500</code> and <code>600</code> while downloading only italic <code>500</code>:</p> <pre lang="js"><code>// astro.config.mjs import { defineConfig, fontProviders } from 'astro/config'; <p>export default defineConfig({ experimental: { fonts: [ { name: 'Roboto', cssVariable: '--roboto', provider: fontProviders.google(), weights: [500, 600], styles: ['normal'], }, { name: 'Roboto', cssVariable: '--roboto', provider: fontProviders.google(), weights: [500], styles: ['italic'], }, ], }, }); </code></pre></p> </li> </ul> <h2>5.15.5</h2> <h3>Patch Changes</h3> <ul> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14712">#14712</a> <a href="https://github.com/withastro/astro/commit/91780cffa7cf97cc22694d55962710609a5475b0"><code>91780cf</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Fixes a case where build's <code>process.env</code> would be inlined in the server output</p> </li> <li> <p><a href="https://redirect.github.com/withastro/astro/pull/14713">#14713</a> <a href="https://github.com/withastro/astro/commit/666d5a7ef486aa57f20f87b6cb210619dabd9c4c"><code>666d5a7</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Improves fallbacks generation when using the experimental Fonts API</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/withastro/astro/commit/190106149908ef6826899459146ef9f0ead602ab"><code>1901061</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14745">#14745</a>)</li> <li><a href="https://github.com/withastro/astro/commit/790d9425f39bbbb462f1c27615781cd965009f91"><code>790d942</code></a> Merge commit from fork</li> <li><a href="https://github.com/withastro/astro/commit/35122c278f987f9213b8e1094382398a16090aff"><code>35122c2</code></a> feat(fonts): merge families (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14750">#14750</a>)</li> <li><a href="https://github.com/withastro/astro/commit/72381ef77434aca5f9f83e37b3b75067af7a45d0"><code>72381ef</code></a> chore: upgrade <code>@​playwright/test</code> (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14749">#14749</a>)</li> <li><a href="https://github.com/withastro/astro/commit/18c55e15eaef56cbe06626b6bdb43ab250ab6f49"><code>18c55e1</code></a> Stub out <code>.astro</code> imports in client modules (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14751">#14751</a>)</li> <li><a href="https://github.com/withastro/astro/commit/5bc37fd5cade62f753aef66efdf40f982379029a"><code>5bc37fd</code></a> fix(deps): update astro dependencies (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14739">#14739</a>)</li> <li><a href="https://github.com/withastro/astro/commit/74c8852c534cc23217a78979e10885429b290e0b"><code>74c8852</code></a> fix: skip re-attaching shadow roots during view transitions (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14737">#14737</a>)</li> <li><a href="https://github.com/withastro/astro/commit/ab34340fc7bea4153018bb8b25b5f521cb08566c"><code>ab34340</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14732">#14732</a>)</li> <li><a href="https://github.com/withastro/astro/commit/535fa3658edbc3cc81b5f9f981af9935b154ccc0"><code>535fa36</code></a> [ci] format</li> <li><a href="https://github.com/withastro/astro/commit/dafbb1ba29912099c4faff1440033edc768af8b4"><code>dafbb1b</code></a> Prevent cache poisoning in x-forwarded headers (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14743">#14743</a>)</li> <li>Additional commits viewable in <a href="https://github.com/withastro/astro/commits/astro@5.15.6/packages/astro">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/RayLabsHQ/gitea-mirror/network/alerts). </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-27 15:55:21 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix/mirror-sync-bugs-262-263-264

v3.15.5

v3.15.4

v3.15.3

v3.15.2

v3.15.1

v3.15.0

v3.14.2

v3.14.1

v3.14.0

v3.13.4

v3.13.3

v3.13.2

v3.13.1

v3.13.0

v3.12.5

v3.12.4

v3.12.3

v3.12.2

v3.12.1

v3.12.0

v3.11.0

v3.10.1

v3.10.0

v3.9.6

v3.9.5

v3.9.4

v3.9.3

v3.9.2

v3.9.0

v3.8.11

v3.8.10

v3.8.9

v3.8.8

v3.8.7

v3.8.6

v3.8.5

v3.8.4

v3.8.3

v3.8.2

v3.8.1

v3.8.0

v3-sso

v3.7.2

v3.7.1

v3.7.0

v3.6.0

v3.5.4

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.6

v3.2.5

v3.2.4

v3.2.3

v3.2.2

v3.2.1

v3.2.0

v3.1.1

v3.1.0

v3.0.1

v3.0.0

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.18.0

v2.17.0

v2.16.3

v2.16.2

v2.16.1

v2.16.0

v2.15.0

v2.14.0

v2.13.2

v2.13.1

v2.13.0

v2.12.0

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.1.0

v2.0.0

v1.0.0

Labels

Clear labels   

bug

  

documentation

  

enhancement

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

bug

documentation

enhancement

help wanted

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/gitea-mirror#158

No description provided.