Skip to content

chore(deps): bump astro from 7.0.3 to 7.0.4#210

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/astro-7.0.4
Open

chore(deps): bump astro from 7.0.3 to 7.0.4#210
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/astro-7.0.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps astro from 7.0.3 to 7.0.4.

Release notes

Sourced from astro's releases.

astro@7.0.4

Patch Changes

  • #17212 7ba0bb1 Thanks @​matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands

  • #17224 dc5e52f Thanks @​astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g., src/pages/api/[name].json.ts) with trailingSlash: "always" incorrectly required a trailing slash in dev mode, returning 404 for /api/bar.json and 200 for /api/bar.json/.

  • #17067 23f9446 Thanks @​fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.

  • #17234 d5fbee8 Thanks @​ocavue! - Adds support for sharp v0.35. pnpm users no longer need to approve sharp's build script (see allowBuilds) when on v0.35.

  • #17223 5970ef4 Thanks @​astrobot-houston! - Fixes getCollection() returning empty in dev mode for large content collections (500k+ entries)

  • #17184 799e5cd Thanks @​Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.

  • #17208 da8b573 Thanks @​matthewp! - Hardens forwarded header handling so the internal request helper validates X-Forwarded-Host against security.allowedDomains before trusting X-Forwarded-For for clientAddress. Previously it only checked that the header was present, which was inconsistent with the public createRequest helper. This aligns both code paths; behavior is unchanged for correctly configured proxies.

Changelog

Sourced from astro's changelog.

7.0.4

Patch Changes

  • #17212 7ba0bb1 Thanks @​matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands

  • #17224 dc5e52f Thanks @​astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g., src/pages/api/[name].json.ts) with trailingSlash: "always" incorrectly required a trailing slash in dev mode, returning 404 for /api/bar.json and 200 for /api/bar.json/.

  • #17067 23f9446 Thanks @​fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.

  • #17234 d5fbee8 Thanks @​ocavue! - Adds support for sharp v0.35. pnpm users no longer need to approve sharp's build script (see allowBuilds) when on v0.35.

  • #17223 5970ef4 Thanks @​astrobot-houston! - Fixes getCollection() returning empty in dev mode for large content collections (500k+ entries)

  • #17184 799e5cd Thanks @​Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.

  • #17208 da8b573 Thanks @​matthewp! - Hardens forwarded header handling so the internal request helper validates X-Forwarded-Host against security.allowedDomains before trusting X-Forwarded-For for clientAddress. Previously it only checked that the header was present, which was inconsistent with the public createRequest helper. This aligns both code paths; behavior is unchanged for correctly configured proxies.

Commits

@dependabot dependabot Bot added the automated pr Pull requests created via automation label Jun 30, 2026
@dependabot dependabot Bot requested a review from bsmth as a code owner June 30, 2026 14:13
@dependabot dependabot Bot added the automated pr Pull requests created via automation label Jun 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/astro-7.0.4 branch from 75738ef to 0187cbb Compare June 30, 2026 14:17
Bumps [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) from 7.0.3 to 7.0.4.
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.4/packages/astro)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/astro-7.0.4 branch from 0187cbb to 2d3c697 Compare June 30, 2026 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

automated pr Pull requests created via automation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants