chore(deps): bump the all-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the all-dependencies group with 7 updates in the / directory:

Package	From	To
@astrojs/sitemap	3.7.1	3.7.2
astro	6.0.5	6.1.5
prettier	3.8.1	3.8.2
typescript	5.9.3	6.0.2
@cloudflare/workers-types	4.20260316.1	4.20260413.1
vitest	4.1.0	4.1.4
wrangler	4.74.0	4.82.1

Updates @astrojs/sitemap from 3.7.1 to 3.7.2

Release notes

Sourced from @​astrojs/sitemap's releases.

@​astrojs/sitemap@​3.7.2

Patch Changes

• #15455 babf57f Thanks @​AhmadYasser1! - Fixes i18n fallback pages missing from the generated sitemap when using fallbackType: 'rewrite'.

Changelog

Sourced from @​astrojs/sitemap's changelog.

3.7.2

Patch Changes

• #15455 babf57f Thanks @​AhmadYasser1! - Fixes i18n fallback pages missing from the generated sitemap when using fallbackType: 'rewrite'.

Commits

• 4a6ff2a [ci] release (#16020)
• 28079e9 [ci] format
• babf57f feat(astro): Add fallbackRoutes to astro:routes:resolved's return type and ...
• See full diff in compare view

Updates astro from 6.0.5 to 6.1.5

Release notes

Sourced from astro's releases.

astro@6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

  This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

• #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

  When creating new projects, astro add cloudflare now sets compatibility_date to the current date. Previously, this date was resolved from locally installed packages, which could be unreliable in some package manager environments. Using today’s date is simpler and more reliable across environments, and is supported by workerd.

• #16259 34df955 Thanks @​gameroman! - Removed dlv dependency

astro@6.1.4

Patch Changes

• #16197 21f9fe2 Thanks @​SchahinRohani! - Remove unused re-exports from assets/utils barrel file to fix Vite build warning

• #16059 6d5469e Thanks @​matthewp! - Fixes Expected 'miniflare' to be defined errors and 404 responses in dev mode when using the Cloudflare adapter and the config file changes. Instead of creating a brand new Vite server on config changes, Astro now performs a Vite in-place restart, allowing the Cloudflare adapter to reuse its existing miniflare instance across restarts.

• #16154 7610ba4 Thanks @​Desel72! - Fixes pages with dots in their filenames (e.g. hello.world.astro) returning 404 when accessed with a trailing slash in the dev server. The trailingSlashForPath function now only forces trailingSlash: 'never' for endpoints with file extensions, allowing pages to correctly respect the user's trailingSlash config.

• #16193 23425e2 Thanks @​matthewp! - Fixes trailingSlash: "always" producing redirect HTML instead of the actual response for extensionless endpoints during static builds

astro@6.1.3

Patch Changes

• #16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

• #16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

• #16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

• #16142 7454854 Thanks @​rururux! - Fixes HTML content being incorrectly escaped as plain text when rendering a MDX component using the AstroContainer APIs.

• #16116 12602a9 Thanks @​riderx! - Fixes a bug where page-level CSS could leak between unrelated pages when traversing style parents across top-level route boundaries

• #16178 a7e7567 Thanks @​matthewp! - Fixes SSR builds failing with "No matching renderer found" when a project only has injected routes and no src/pages/ directory

astro@6.1.2

Patch Changes

• #16104 47a394d Thanks @​matthewp! - Fixes astro preview ignoring vite.preview.allowedHosts set in astro.config.mjs

• #16047 711f837 Thanks @​matthewp! - Fixes catch-all routes incorrectly intercepting requests for static assets when using the @astrojs/node adapter in middleware mode.

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.5

Patch Changes

• #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

• #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

• #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

  This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

• #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

  When creating new projects, astro add cloudflare now sets compatibility_date to the current date. Previously, this date was resolved from locally installed packages, which could be unreliable in some package manager environments. Using today’s date is simpler and more reliable across environments, and is supported by workerd.

• #16259 34df955 Thanks @​gameroman! - Removed dlv dependency

6.1.4

Patch Changes

• #16197 21f9fe2 Thanks @​SchahinRohani! - Remove unused re-exports from assets/utils barrel file to fix Vite build warning

• #16059 6d5469e Thanks @​matthewp! - Fixes Expected 'miniflare' to be defined errors and 404 responses in dev mode when using the Cloudflare adapter and the config file changes. Instead of creating a brand new Vite server on config changes, Astro now performs a Vite in-place restart, allowing the Cloudflare adapter to reuse its existing miniflare instance across restarts.

• #16154 7610ba4 Thanks @​Desel72! - Fixes pages with dots in their filenames (e.g. hello.world.astro) returning 404 when accessed with a trailing slash in the dev server. The trailingSlashForPath function now only forces trailingSlash: 'never' for endpoints with file extensions, allowing pages to correctly respect the user's trailingSlash config.

• #16193 23425e2 Thanks @​matthewp! - Fixes trailingSlash: "always" producing redirect HTML instead of the actual response for extensionless endpoints during static builds

6.1.3

Patch Changes

• #16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

• #16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

• #16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

• #16142 7454854 Thanks @​rururux! - Fixes HTML content being incorrectly escaped as plain text when rendering a MDX component using the AstroContainer APIs.

• #16116 12602a9 Thanks @​riderx! - Fixes a bug where page-level CSS could leak between unrelated pages when traversing style parents across top-level route boundaries

• #16178 a7e7567 Thanks @​matthewp! - Fixes SSR builds failing with "No matching renderer found" when a project only has injected routes and no src/pages/ directory

6.1.2

Patch Changes

... (truncated)

Commits

• 673a871 [ci] release (#16244)
• fab9c00 chore: upgrade biome (#16246)
• 337d3aa [ci] format
• 34df955 chore: inline dlv dependency (#16259)
• 0d278ac [ci] format
• 686c312 Revives UnoCSS in dev mode when used with the client router (#16242)
• 5bcd03c fix(assets): resolve Picture TDZ error when combined with content render() (#...
• 79d86b8 chore: adapt code to upstream deprecation (#16192)
• 44fd3b8 Port 8 unit test files from JavaScript to TypeScript (#16249)
• c2a52d6 [ci] format
• Additional commits viewable in compare view

Updates prettier from 3.8.1 to 3.8.2

Release notes

Sourced from prettier's releases.

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

<!-- Input -->
@let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.1 -->
@​let fn = (a) =>        a?    1:2;
{{ fn ( a         instanceof b)}}
<!-- Prettier 3.8.2 -->
@​let fn = (a) => (a ? 1 : 2);
{{ fn(a instanceof b) }}

Commits

• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• 881360b Support default never in Angular v21.2 (#19034)
• 07d6724 Bump Prettier dependency to 3.8.1
• 8b4a53a Clean changelog_unreleased
• See full diff in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Updates @cloudflare/workers-types from 4.20260316.1 to 4.20260413.1

Commits

• See full diff in compare view

Updates vitest from 4.1.0 to 4.1.4

Release notes

Sourced from vitest's releases.

v4.1.4

   🚀 Experimental Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in vitest-dev/vitest#10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in vitest-dev/vitest#10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in vitest-dev/vitest#9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in vitest-dev/vitest#10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in vitest-dev/vitest#10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10068 (a1b5f)
• Do not hoist imports whose names match class properties .  -  by @​SunsetFi in vitest-dev/vitest#10093 and vitest-dev/vitest#10094 (0fc4b)
• browser: Spread user server options into browser Vite server in project  -  by @​GoldStrikeArch in vitest-dev/vitest#10049 (65c9d)

    View changes on GitHub

v4.1.3

   🚀 Experimental Features

• Add experimental.preParse flag  -  by @​sheremet-va in vitest-dev/vitest#10070 (78273)
• Support browser.locators.exact option  -  by @​sheremet-va in vitest-dev/vitest#10013 (48799)
• Add TestAttachment.bodyEncoding  -  by @​hi-ogawa in vitest-dev/vitest#9969 (89ca0)
• Support custom snapshot matcher  -  by @​hi-ogawa, Claude Sonnet 4.6 and Codex in vitest-dev/vitest#9973 (59b0e)

   🐞 Bug Fixes

• Advance fake timers with expect.poll interval  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10022 (3f5bf)
• Add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional dependency  -  by @​alan-agius4 in vitest-dev/vitest#10025 (146d4)
• Fix defineHelper for webkit async stack trace + update playwright 1.59.0  -  by @​hi-ogawa in vitest-dev/vitest#10036 (5a5fa)
• Fix suite hook throwing errors for unused auto test-scoped fixture  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10035 (39865)
• expect:
  • Remove JestExtendError.context from verbose error reporting  -  by @​hi-ogawa in vitest-dev/vitest#9983 (66751)
  • Don't leak "runner" types  -  by @​sheremet-va in vitest-dev/vitest#10004 (ec204)
• snapshot:
  • Fix flagging obsolete snapshots for snapshot properties mismatch  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#9986 (6b869)
  • Export custom snapshot matcher helper from vitest  -  by @​hi-ogawa and Codex in vitest-dev/vitest#10042 (691d3)
• ui:
  • Don't leak vite types  -  by @​sheremet-va in vitest-dev/vitest#10005 (fdff1)
• vm:
  • Fix external module resolve error with deps optimizer query  -  by @​hi-ogawa and Claude Sonnet 4.6 in vitest-dev/vitest#10024 (9dbf4)

    View changes on GitHub

v4.1.2

This release bumps Vitest's flatted version and removes version pinning to resolve flatted's CVE related issues (vitest-dev/vitest#9975).

... (truncated)

Commits

• ac04bac chore: release v4.1.4
• 82c858d chore: Remove no-op function in plugin config logic (#8501)
• d4fbb5c feat(experimental): support aria snapshot (#9668)
• b77de96 feat(reporter): add filterMeta option to json reporter (#10078)
• a120e3a feat(experimental): expose assertion as a public field (#10095)
• 5375780 feat(coverage): default to text reporter skipFull if agent detected (#10018)
• a1b5f0f fix: make expect(..., message) consistent as error message prefix (#10068)
• 203f07a fix: use "black" foreground for labeled terminal message to ensure contrast (...
• 2dc0d62 chore: release v4.1.3
• 7827363 feat: add experimental.preParse flag (#10070)
• Additional commits viewable in compare view

Updates wrangler from 4.74.0 to 4.82.1

Release notes

Sourced from wrangler's releases.

wrangler@4.82.1

Patch Changes

• #13453 6b11b07 Thanks @​petebacondarwin! - Disable flagship OAuth scopes that are not yet valid in the Cloudflare backend

  The flagship:read and flagship:write OAuth scopes have been temporarily commented out from the default scopes requested during login, as they are not yet recognized by the Cloudflare backend.

• #13438 dd4e888 Thanks @​dependabot! - fix: handle Vike config files that use a variable-referenced default export

  Newer versions of create-vike (0.0.616+) generate pages/+config.ts files using const config: Config = { ... }; export default config; instead of the previous export default { ... } satisfies Config;. The Wrangler autoconfig AST transformation now resolves Identifier exports to their variable declarations, supporting both old and new Vike config file formats.

wrangler@4.82.0

Minor Changes

• #13353 5338bb6 Thanks @​mattzcarey! - Add artifacts:write to Wrangler's default OAuth scopes, enabling wrangler login to request access to Cloudflare Artifacts (registries and artifacts).

• #13139 79fd529 Thanks @​roerohan! - feat: add Flagship feature flag binding support

  Adds end-to-end support for the Flagship feature flag binding, which allows Workers to evaluate feature flags from Cloudflare's Flagship service. Configure it in wrangler.json with a flagship array containing binding and app_id entries. In local dev, the binding returns default values for all flag evaluations; use "remote": true in the binding to evaluate flags against the live Flagship service.

• #12983 28bc2be Thanks @​1000hz! - Added the wrangler preview command family for creating Preview deployments (currently in private beta).

• #13197 4fd138b Thanks @​shahsimpson! - Add preview output-file entries for wrangler preview deployments

  wrangler preview now writes a preview entry to the Wrangler output file when WRANGLER_OUTPUT_FILE_PATH or WRANGLER_OUTPUT_FILE_DIRECTORY is configured. The entry includes the Worker name, preview metadata (preview_id, preview_name, preview_slug, preview_urls) and deployment metadata (deployment_id, deployment_urls).

  This makes preview command runs machine-readable in the same output stream as other Wrangler commands, which helps CI integrations consume preview URLs and IDs directly.

• #13159 bafb96b Thanks @​ruifigueira! - Add wrangler browser commands for managing Browser Rendering sessions

  New commands for Browser Rendering DevTools:

  • wrangler browser create [--lab] [--keepAlive <seconds>] [--open] - Create a new session
  • wrangler browser close <sessionId> - Close a session
  • wrangler browser list - List active sessions
  • wrangler browser view [sessionId] [--target <selector>] [--open] - View a live browser session

  The view command auto-selects when only one session exists, or prompts for selection when multiple are available.

  The --open flag controls whether to open DevTools in browser (default: true in interactive mode, false in CI/scripts). Use --no-open to just print the DevTools URL.

  All commands support --json for programmatic output. Also adds browser:write OAuth scope to wrangler login.

• #13392 2589395 Thanks @​emily-shen! - Add telemetry to local REST API

  The local REST API (used by the local explorer) now collects anonymous usage telemetry. This respects any existing telemetry preferences, which can be disabled by running the command wrangler telemetry disable.

  This only applies when the dev session is started via Wrangler, and not via the Vite plugin or standalone Miniflare.

  No actual data values, keys, query contents, or resource IDs are collected.

... (truncated)

Commits

• 04a2d9c Version Packages (#13452)
• 6b11b07 [wrangler] Disable flagship OAuth scopes not yet valid in backend (#13453)
• dd4e888 [C3] Bump create-vike from 0.0.599 to 0.0.616 in /packages/create-cloudflare/...
• 4e4d146 Version Packages (#13375)
• 2589395 local explorer: add telemetry (#13392)
• 525a46b [wrangler] Fix proxy startup notice polluting stdout for --json commands (#13...
• 1313275 [explorer] add local explorer hotkey to the vite plugin (#13137)
• bafb96b BRAPI-1041: Add browser rendering commands to wrangler (#13159)
• 5338bb6 feat(wrangler): add artifacts:write to default OAuth scopes (#13353)
• 4fd138b Add-preview-version-output (#13197)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions