Bump cookie, @astrojs/mdx, @astrojs/node, @astrojs/svelte, astro and express

[dependabot]

Bumps cookie to 0.7.2 and updates ancestor dependencies cookie, @astrojs/mdx, @astrojs/node, @astrojs/svelte, astro and express. These dependencies need to be updated together.

Updates cookie from 0.5.0 to 0.7.2

Release notes

Sourced from cookie's releases.

v0.7.2

Fixed

• Fix object assignment of hasOwnProperty (#177) bc38ffd

jshttp/cookie@v0.7.1...v0.7.2

0.7.1

Fixed

• Allow leading dot for domain (#174)
  • Although not permitted in the spec, some users expect this to work and user agents ignore the leading dot according to spec
• Add fast path for serialize without options, use obj.hasOwnProperty when parsing (#172)

jshttp/cookie@v0.7.0...v0.7.1

0.7.0

• perf: parse cookies ~10% faster (#144 by @​kurtextrem and #170)
• fix: narrow the validation of cookies to match RFC6265 (#167 by @​bewinsnw)
• fix: add main to package.json for rspack (#166 by @​proudparrot2)

jshttp/cookie@v0.6.0...v0.7.0

0.6.0

• Add partitioned option

Commits

• d19eaa1 0.7.2
• bc38ffd Fix object assignment of hasOwnProperty (#177)
• cf4658f 0.7.1
• 6a8b8f5 Allow leading dot for domain (#174)
• 58015c0 Remove more code and perf wins (#172)
• ab057d6 0.7.0
• 5f02ca8 Migrate history to GitHub releases
• a5d591c Migrate history to GitHub releases
• 51968f9 Skip isNaN
• 9e7ca51 perf(parse): cache length, return early (#144)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by blakeembrey, a new releaser for cookie since your current version.

Updates @astrojs/mdx from 1.1.3 to 3.1.8

Release notes

Sourced from @​astrojs/mdx's releases.

@​astrojs/mdx@​3.1.8

Patch Changes

• Updated dependencies [710a1a1]:
  • @​astrojs/markdown-remark@​5.3.0

@​astrojs/mdx@​3.1.7

Patch Changes

• #12026 40e7a1b Thanks @​bluwy! - Initializes the MDX processor only when there's .mdx files

@​astrojs/mdx@​3.1.6

Patch Changes

• #11975 c9ae7b1 Thanks @​bluwy! - Handles nested root hast node when optimizing MDX

@​astrojs/mdx@​3.1.5

Patch Changes

• #11818 88ef1d0 Thanks @​bluwy! - Fixes CSS in the layout component to be ordered first before any other components in the MDX file

@​astrojs/mdx@​3.1.4

Patch Changes

• #11717 423614e Thanks @​bluwy! - Fixes stack trace location when failed to parse an MDX file with frontmatter

Changelog

Sourced from @​astrojs/mdx's changelog.

3.1.8

Patch Changes

• Updated dependencies [710a1a1]:
  • @​astrojs/markdown-remark@​5.3.0

3.1.7

Patch Changes

• #12026 40e7a1b Thanks @​bluwy! - Initializes the MDX processor only when there's .mdx files

3.1.6

Patch Changes

• #11975 c9ae7b1 Thanks @​bluwy! - Handles nested root hast node when optimizing MDX

3.1.5

Patch Changes

• #11818 88ef1d0 Thanks @​bluwy! - Fixes CSS in the layout component to be ordered first before any other components in the MDX file

3.1.4

Patch Changes

• #11717 423614e Thanks @​bluwy! - Fixes stack trace location when failed to parse an MDX file with frontmatter

3.1.3

Patch Changes

• Updated dependencies [49b5145]:
  • @​astrojs/markdown-remark@​5.2.0

3.1.2

Patch Changes

• Updated dependencies [b6afe6a]:
  • @​astrojs/markdown-remark@​5.1.1

3.1.1

Patch Changes

• #11263 7d59750 Thanks @​wackbyte! - Refactor to use Astro's integration logger for logging

... (truncated)

Commits

• 582f12e [ci] release (#12148)
• fef0b8c fix(deps): update all non-major dependencies (#12140)
• 928dc31 fix(deps): update all non-major dependencies (#12092)
• 2594eb0 fix(deps): update all non-major dependencies (#12003)
• b4563f8 [ci] release (#12021)
• 40e7a1b Lazily initialize the md and mdx processor (#12026)
• 8d4eb95 [ci] format
• 53cb41e fix: correctly handle head propagation in content layer deferred rendering (#...
• 490eed1 [ci] release (#11940)
• c9ae7b1 Handle MDX optimize for root hast node (#11975)
• Additional commits viewable in compare view

Updates @astrojs/node from 6.0.3 to 8.3.4

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​8.3.4

Patch Changes

• #398 0cf7e91 Thanks @​bluwy! - Updates send dependency to 0.19.0

Changelog

Sourced from @​astrojs/node's changelog.

8.3.4

Patch Changes

• #398 0cf7e91 Thanks @​bluwy! - Updates send dependency to 0.19.0

8.3.3

Patch Changes

• #11535 932bd2e Thanks @​matthewp! - Move polyfills up before awaiting the env module in the Node.js adapter.

  Previously the env setting was happening before the polyfills were applied. This means that if the Astro env code (or any dependencies) depended on crypto, it would not be polyfilled in time.

  Polyfills should be applied ASAP to prevent races. This moves it to the top of the Node adapter.

8.3.2

Patch Changes

• #11296 5848d97 Thanks @​florian-lefebvre! - Fixes astro:env getSecret compatibility

8.3.1

Patch Changes

• #11261 f5f8ed2 Thanks @​matthewp! - Fix backwards compat with Astro <= 4.9

• #11263 7d59750 Thanks @​wackbyte! - Refactor to use Astro's integration logger for logging

8.3.0

Minor Changes

• #11199 2bdca27 Thanks @​florian-lefebvre! - Adds support for experimental astro:env released in Astro 4.10

8.2.6

Patch Changes

• #11202 d0248bc Thanks @​dkobierski! - Fixes suppressed logs when error occurs

8.2.5

Patch Changes

• #10491 28e33a2f9c04373eae5da2e6edb0dc2981bce790 Thanks @​castarco! - Fixes a bug where the preview server wrongly appends trailing slashes to subresource URLs.

8.2.4

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by matthewp, a new releaser for @​astrojs/node since your current version.

Updates @astrojs/svelte from 4.0.3 to 5.7.2

Release notes

Sourced from @​astrojs/svelte's releases.

@​astrojs/svelte@​5.7.2

Patch Changes

• #12129 5bc6223 Thanks @​martrapp! - Fixes an Reference Error that occurred during client transitions

@​astrojs/svelte@​5.7.1

Patch Changes

• #12006 a582cb6 Thanks @​johannesspohr! - Fix Svelte component view transition state persistence

Changelog

Sourced from @​astrojs/svelte's changelog.

5.7.2

Patch Changes

• #12129 5bc6223 Thanks @​martrapp! - Fixes an Reference Error that occurred during client transitions

5.7.1

Patch Changes

• #12006 a582cb6 Thanks @​johannesspohr! - Fix Svelte component view transition state persistence

5.7.0

Minor Changes

• #11490 6ad02b5 Thanks @​bluwy! - Bumps Svelte 5 peer dependency to ^5.0.0-next.190 and support the latest slots/snippets API

5.6.0

Minor Changes

• #11234 4385bf7 Thanks @​ematipico! - Adds a new function called addServerRenderer to the Container API. Use this function to manually store renderers inside the instance of your container.

  This new function should be preferred when using the Container API in environments like on-demand pages:

  import type { APIRoute } from 'astro';
  import { experimental_AstroContainer } from 'astro/container';
  import reactRenderer from '@astrojs/react/server.js';
  import vueRenderer from '@astrojs/vue/server.js';
  import ReactComponent from '../components/button.jsx';
  import VueComponent from '../components/button.vue';
  // MDX runtime is contained inside the Astro core
  import mdxRenderer from 'astro/jsx/server.js';
  // In case you need to import a custom renderer
  import customRenderer from '../renderers/customRenderer.js';
  export const GET: APIRoute = async (ctx) => {
  const container = await experimental_AstroContainer.create();
  container.addServerRenderer({ renderer: reactRenderer });
  container.addServerRenderer({ renderer: vueRenderer });
  container.addServerRenderer({ renderer: customRenderer });
  // You can pass a custom name too
  container.addServerRenderer({
  name: 'customRenderer',
  renderer: customRenderer,
  });

... (truncated)

Commits

• 46cbf10 [ci] release (#12115)
• 5bc6223 Fix-component-undefined-svelte-v5 (#12102) (#12129)
• a46839a docs: update Vite links to use their new domain (#12117)
• 928dc31 fix(deps): update all non-major dependencies (#12092)
• 2594eb0 fix(deps): update all non-major dependencies (#12003)
• 8214114 [ci] release (#12002)
• a582cb6 Fix Svelte view transition state persistence (#12006)
• b9394fa chore(deps): update all non-major dependencies (#11948)
• 26c63a2 fix(deps): update all non-major dependencies (#11837)
• 48b85c1 fix(deps): update all non-major dependencies (#11765)
• Additional commits viewable in compare view

Updates astro from 3.4.3 to 4.16.2

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #12206 12b0022 Thanks @​bluwy! - Reverts withastro/astro#12173 which caused Can't modify immutable headers warnings and 500 errors on Cloudflare Pages

[email protected]

Patch Changes

• #12177 a4ffbfa Thanks @​matthewp! - Ensure we target scripts for execution in the router

  Using document.scripts is unsafe because if the application has a name="scripts" this will shadow the built-in document.scripts. Fix is to use getElementsByTagName to ensure we're only grabbing real scripts.

• #12173 2d10de5 Thanks @​ematipico! - Fixes a bug where Astro Actions couldn't redirect to the correct pathname when there was a rewrite involved.

[email protected]

Minor Changes

• #12039 710a1a1 Thanks @​ematipico! - Adds a markdown.shikiConfig.langAlias option that allows aliasing a non-supported code language to a known language. This is useful when the language of your code samples is not a built-in Shiki language, but you want your Markdown source to contain an accurate language while also displaying syntax highlighting.

  The following example configures Shiki to highlight cjs code blocks using the javascript syntax highlighter:

  import { defineConfig } from 'astro/config';
  export default defineConfig({
  markdown: {
  shikiConfig: {
  langAlias: {
  cjs: 'javascript',
  },
  },
  },
  });

  Then in your Markdown, you can use the alias as the language for a code block for syntax highlighting:

  ```cjs
  'use strict';
  function commonJs() {
  return 'I am a commonjs file';
  }
  </code></pre>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/11984">#11984</a> <a href="https://github.com/withastro/astro/commit/3ac2263ff6070136bec9cffb863c38bcc31ccdfe"><code>3ac2263</code></a> Thanks <a href="https://github.com/chaegumi"><code>@​chaegumi</code></a>! - Adds a new <code>build.concurreny</code> configuration option to specify the number of pages to build in parallel</p>
  <p><strong>In most cases, you should not change the default value of <code>1</code>.</strong></p>
  </li>
  </ul>
  <!-- raw HTML omitted -->
  </blockquote>
  <p>... (truncated)</p>
  </details>
  <details>
  <summary>Changelog</summary>
  <p><em>Sourced from <a href="https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md&quot;&gt;astro's changelog</a>.</em></p>
  <blockquote>
  <h2>4.16.2</h2>
  <h3>Patch Changes</h3>
  <ul>
  <li><a href="https://redirect.github.com/withastro/astro/pull/12206&quot;&gt;#12206&lt;/a> <a href="https://github.com/withastro/astro/commit/12b00225067445629e5ae451d763d03f70065f88&quot;&gt;&lt;code&gt;12b0022&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/bluwy&quot;&gt;&lt;code&gt;@​bluwy&lt;/code&gt;&lt;/a>! - Reverts <a href="https://redirect.github.com/withastro/astro/pull/12173&quot;&gt;withastro/astro#12173&lt;/a> which caused <code>Can't modify immutable headers</code> warnings and 500 errors on Cloudflare Pages</li>
  </ul>
  <h2>4.16.1</h2>
  <h3>Patch Changes</h3>
  <ul>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12177&quot;&gt;#12177&lt;/a> <a href="https://github.com/withastro/astro/commit/a4ffbfaa5cb460c12bd486fd75e36147f51d3e5e&quot;&gt;&lt;code&gt;a4ffbfa&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/matthewp&quot;&gt;&lt;code&gt;@​matthewp&lt;/code&gt;&lt;/a>! - Ensure we target scripts for execution in the router</p>
  <p>Using <code>document.scripts</code> is unsafe because if the application has a <code>name=&quot;scripts&quot;</code> this will shadow the built-in <code>document.scripts</code>. Fix is to use <code>getElementsByTagName</code> to ensure we're only grabbing real scripts.</p>
  </li>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12173&quot;&gt;#12173&lt;/a> <a href="https://github.com/withastro/astro/commit/2d10de5f212323e6e19c7ea379826dcc18fe739c&quot;&gt;&lt;code&gt;2d10de5&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/ematipico&quot;&gt;&lt;code&gt;@​ematipico&lt;/code&gt;&lt;/a>! - Fixes a bug where Astro Actions couldn't redirect to the correct pathname when there was a rewrite involved.</p>
  </li>
  </ul>
  <h2>4.16.0</h2>
  <h3>Minor Changes</h3>
  <ul>
  <li>
  <p><a href="https://redirect.github.com/withastro/astro/pull/12039&quot;&gt;#12039&lt;/a> <a href="https://github.com/withastro/astro/commit/710a1a11f488ff6ed3da6d3e0723b2322ccfe27b&quot;&gt;&lt;code&gt;710a1a1&lt;/code&gt;&lt;/a> Thanks <a href="https://github.com/ematipico&quot;&gt;&lt;code&gt;@​ematipico&lt;/code&gt;&lt;/a>! - Adds a <code>markdown.shikiConfig.langAlias</code> option that allows <a href="https://shiki.style/guide/load-lang#custom-language-aliases&quot;&gt;aliasing a non-supported code language to a known language</a>. This is useful when the language of your code samples is not <a href="https://shiki.style/languages&quot;&gt;a built-in Shiki language</a>, but you want your Markdown source to contain an accurate language while also displaying syntax highlighting.</p>
  <p>The following example configures Shiki to highlight <code>cjs</code> code blocks using the <code>javascript</code> syntax highlighter:</p>
  <pre lang="js"><code>import { defineConfig } from 'astro/config';
  export default defineConfig({
  markdown: {
  shikiConfig: {
  langAlias: {
  cjs: 'javascript',
  },
  },
  },
  });
  </code></pre>
  <p>Then in your Markdown, you can use the alias as the language for a code block for syntax highlighting:</p>
  <pre lang="md"><code>```cjs
  'use strict';
  function commonJs() {
  return 'I am a commonjs file';
  }
  

... (truncated)

Commits

• bbc72a1 [ci] release (#12207)
• 12b0022 Revert #12173 (#12206)
• c73d65d [ci] release (#12178)
• 650dd22 Fix VT video test fail in firefox (#12188)
• 58e22bd [ci] format
• 2d10de5 fix(routing): actions should redirect the original pathname (#12173)
• a4ffbfa Ensure router only targets scripts for execution (#12177)
• 2f5b28e Use p-queue instead of fastq (#12189)
• 1f93fca Fix biome lint warning (#12187)
• 582f12e [ci] release (#12148)
• Additional commits viewable in compare view

Updates express from 4.18.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• [email protected] by @​wesleytodd in expressjs/express#5954
• fix(deps): [email protected] by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: [email protected]
  • includes [email protected]
• deps: [email protected]
• deps: [email protected]

4.20.0 / 2024-09-10

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

4.19.2 / 2024-03-25

• Improved fix for open redirect allow list bypass

4.19.1 / 2024-03-20

• Allow passing non-strings to res.location with new encoding handling checks

4.19.0 / 2024-03-20

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

4.18.3 / 2024-02-29

... (truncated)

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): [email protected]
• 7e562c6 4.21.0
• 1bcde96 fix(deps): [email protected] (#5946)
• 7d36477 fix(deps): [email protected] (#5951)
• 40d2d8f fix(deps): [email protected]
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to [email protected]
• 9ebe5d5 feat: upgrade to [email protected] (#5928)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for express since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.