Skip to content

build(deps): bump astro from 6.4.4 to 6.4.6#210

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/astro-6.4.5
Open

build(deps): bump astro from 6.4.4 to 6.4.6#210
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/astro-6.4.5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps astro from 6.4.4 to 6.4.6.

Release notes

Sourced from astro's releases.

astro@6.4.6

Patch Changes

  • #16765 b10e86e Thanks @​fkatsuhiro! - Fixes an issue where renaming an image file while the dev server is running triggers a build error. Now Astro correctly hot-reloads the image without crashing.

  • #17026 add3df1 Thanks @​matthewp! - Hardens addAttribute to drop attribute names containing characters that are invalid per the HTML spec (", ', >, /, =, whitespace)

  • #17033 ffda27b Thanks @​matthewp! - Validates the request origin against allowedDomains before fetching prerendered error pages. When allowedDomains is configured and the Host header matches, the original origin is used. Otherwise, the fetch falls back to localhost.

astro@6.4.5

Patch Changes

  • #16985 4ecff32 Thanks @​maximslo! - Fixes the experimental.logger destination not being used for the "Server listening on..." startup message. The logger is now resolved before the server starts listening, and adapterLogger re-creates itself when the underlying logger changes so the startup message uses the correct destination.

  • #16947 e0703a6 Thanks @​ematipico! - Fixes Astro.request.url not reflecting validated X-Forwarded-Proto/X-Forwarded-Host headers when security.allowedDomains is configured. Previously, only Astro.url was updated with the forwarded origin while Astro.request.url retained the socket-derived URL, causing the two to diverge behind TLS-terminating proxies.

  • #16997 dc45246 Thanks @​matthewp! - Reverts a change to isNode runtime detection that caused a significant build time regression for Cloudflare adapter users with large prerendered sites

Changelog

Sourced from astro's changelog.

6.4.6

Patch Changes

  • #16765 b10e86e Thanks @​fkatsuhiro! - Fixes an issue where renaming an image file while the dev server is running triggers a build error. Now Astro correctly hot-reloads the image without crashing.

  • #17026 add3df1 Thanks @​matthewp! - Hardens addAttribute to drop attribute names containing characters that are invalid per the HTML spec (", ', >, /, =, whitespace)

  • #17033 ffda27b Thanks @​matthewp! - Validates the request origin against allowedDomains before fetching prerendered error pages. When allowedDomains is configured and the Host header matches, the original origin is used. Otherwise, the fetch falls back to localhost.

6.4.5

Patch Changes

  • #16985 4ecff32 Thanks @​maximslo! - Fixes the experimental.logger destination not being used for the "Server listening on..." startup message. The logger is now resolved before the server starts listening, and adapterLogger re-creates itself when the underlying logger changes so the startup message uses the correct destination.

  • #16947 e0703a6 Thanks @​ematipico! - Fixes Astro.request.url not reflecting validated X-Forwarded-Proto/X-Forwarded-Host headers when security.allowedDomains is configured. Previously, only Astro.url was updated with the forwarded origin while Astro.request.url retained the socket-derived URL, causing the two to diverge behind TLS-terminating proxies.

  • #16997 dc45246 Thanks @​matthewp! - Reverts a change to isNode runtime detection that caused a significant build time regression for Cloudflare adapter users with large prerendered sites

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 10, 2026
@dependabot dependabot Bot requested a review from theagenticguy as a code owner June 10, 2026 08:15
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/astro-6.4.5 branch from 975c233 to 713ca57 Compare June 10, 2026 16:06
@dependabot dependabot Bot changed the title build(deps): bump astro from 6.4.4 to 6.4.5 build(deps): bump astro from 6.4.4 to 6.4.6 Jun 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/astro-6.4.5 branch 5 times, most recently from 01fb126 to 91e1c76 Compare June 11, 2026 17:24
@dependabot
build(deps): bump astro from 6.4.4 to 6.4.6
49c5337 
Bumps [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) from 6.4.4 to 6.4.6.
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.4.6/packages/astro)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 6.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/astro-6.4.5 branch from 91e1c76 to 49c5337 Compare June 11, 2026 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@theagenticguy theagenticguy Awaiting requested review from theagenticguy theagenticguy is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants