Skip to content

build(deps): bump astro from 4.16.19 to 7.0.4 in /site#14

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/site/astro-7.0.4
Open

build(deps): bump astro from 4.16.19 to 7.0.4 in /site#14
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/site/astro-7.0.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown

Bumps astro from 4.16.19 to 7.0.4.

Release notes

Sourced from astro's releases.

astro@7.0.4

Patch Changes

  • #17212 7ba0bb1 Thanks @​matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands

  • #17224 dc5e52f Thanks @​astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g., src/pages/api/[name].json.ts) with trailingSlash: "always" incorrectly required a trailing slash in dev mode, returning 404 for /api/bar.json and 200 for /api/bar.json/.

  • #17067 23f9446 Thanks @​fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.

  • #17234 d5fbee8 Thanks @​ocavue! - Adds support for sharp v0.35. pnpm users no longer need to approve sharp's build script (see allowBuilds) when on v0.35.

  • #17223 5970ef4 Thanks @​astrobot-houston! - Fixes getCollection() returning empty in dev mode for large content collections (500k+ entries)

  • #17184 799e5cd Thanks @​Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.

  • #17208 da8b573 Thanks @​matthewp! - Hardens forwarded header handling so the internal request helper validates X-Forwarded-Host against security.allowedDomains before trusting X-Forwarded-For for clientAddress. Previously it only checked that the header was present, which was inconsistent with the public createRequest helper. This aligns both code paths; behavior is unchanged for correctly configured proxies.

astro@7.0.3

Patch Changes

  • #17189 24d2c9e Thanks @​astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

  • #16932 8f4a3db Thanks @​fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

  • #17087 fb0ab02 Thanks @​jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

astro@7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

astro@7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

astro@7.0.0

Major Changes

... (truncated)

Changelog

Sourced from astro's changelog.

7.0.4

Patch Changes

  • #17212 7ba0bb1 Thanks @​matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands

  • #17224 dc5e52f Thanks @​astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g., src/pages/api/[name].json.ts) with trailingSlash: "always" incorrectly required a trailing slash in dev mode, returning 404 for /api/bar.json and 200 for /api/bar.json/.

  • #17067 23f9446 Thanks @​fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.

  • #17234 d5fbee8 Thanks @​ocavue! - Adds support for sharp v0.35. pnpm users no longer need to approve sharp's build script (see allowBuilds) when on v0.35.

  • #17223 5970ef4 Thanks @​astrobot-houston! - Fixes getCollection() returning empty in dev mode for large content collections (500k+ entries)

  • #17184 799e5cd Thanks @​Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.

  • #17208 da8b573 Thanks @​matthewp! - Hardens forwarded header handling so the internal request helper validates X-Forwarded-Host against security.allowedDomains before trusting X-Forwarded-For for clientAddress. Previously it only checked that the header was present, which was inconsistent with the public createRequest helper. This aligns both code paths; behavior is unchanged for correctly configured proxies.

7.0.3

Patch Changes

  • #17189 24d2c9e Thanks @​astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

  • #16932 8f4a3db Thanks @​fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

  • #17087 fb0ab02 Thanks @​jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

7.0.0

Major Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for astro since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) from 4.16.19 to 7.0.4.
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.4/packages/astro)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, site. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@kilo-code-bot

kilo-code-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown

Code Review Summary

Status: No Issues Found | Recommendation: Merge

This is a single-line Dependabot version bump (astro from ^4.16.18 to ^7.0.4 in site/package.json:16). The only changed line is a dependency version string; no runtime code, config, or lockfile changes are present in this PR. No bugs, security issues, typos, or logic errors were detected on the changed lines. Maintainers should still verify the Astro 7.x major upgrade is compatible with the site's @astrojs/react, @astrojs/tailwind, and astro-icon dependencies (per the upstream Astro 7 migration guide) and confirm bun.lock is regenerated on merge.

Files Reviewed (1 file)
  • site/package.json

Reviewed by minimax-m3 · Input: 34.6K · Output: 2K · Cached: 155.2K

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 454ea83bf3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread site/package.json
"@iconify-json/simple-icons": "^1.2.30",
"@lobehub/icons": "^1.49.0",
"astro": "^4.16.18",
"astro": "^7.0.4",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Update the site lockfile with the Astro bump

The Pages workflow's Build landing site step runs cd site && bun install --frozen-lockfile && bun run build (.github/workflows/pages.yml line 198), and bun install --help says --frozen-lockfile disallows lockfile changes. This manifest now asks for astro@^7.0.4, but site/bun.lock still records astro: ^4.16.18 and resolves astro@4.16.19, so every landing-site deploy/install with the committed lockfile has to rewrite the lockfile before it can install the new Astro version and will fail under the frozen install. Please regenerate and commit site/bun.lock with this dependency bump.

Useful? React with 👍 / 👎.

Comment thread site/package.json
"@iconify-json/simple-icons": "^1.2.30",
"@lobehub/icons": "^1.49.0",
"astro": "^4.16.18",
"astro": "^7.0.4",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Upgrade the Astro integrations with the major bump

Even after the lockfile is regenerated, this Astro 7 upgrade leaves the required Tailwind integration on @astrojs/tailwind@^5.1.5; the committed package metadata for that version declares a peer range of astro@^3.0.0 || ^4.0.0 || ^5.0.0 (site/bun.lock line 58), and site/astro.config.mjs still loads tailwind() during every site build. Installs/builds that enforce peer compatibility or exercise that integration will be running an unsupported Astro/Tailwind combination, so the migration should update or replace the integration along with the Astro major.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants