chore(deps): bump the prod-deps group across 1 directory with 4 updates

[dependabot]

Bumps the prod-deps group with 4 updates in the / directory: astro-sst, sst, astro and @astrojs/node.

Updates astro-sst from 2.43.5 to 2.45.2

Release notes

Sourced from astro-sst's releases.

[email protected]

Patch Changes

• 263bcb0: Migrating to astro-sst repo

Changelog

Sourced from astro-sst's changelog.

2.45.2

Patch Changes

• 263bcb0: Migrating to astro-sst repo

2.44.0

2.43.8

2.43.7

2.43.6

Patch Changes

• a68ca8416 Thanks @​thdxr! - switch to v2 tag

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by sst-publisher, a new releaser for astro-sst since your current version.

Updates sst from 3.2.73 to 3.4.32

Release notes

Sourced from sst's releases.

v3.4.32

Changelog

• 86d6994d3e582de53876f3ffbf5930887a7adf4d Bump OpenNext to v3.3.0 (#5237)
• 2830933a70b9b6c37dec9e985f946128ef0eedc3 Task: fix directory for sst dev
• 6353b5886e2d25d62a57b10722905e67db48cc16 Task: fix sdk type
• 31cdc3ae35a3d3009a4c9fafa0c35a4b7791d5dc fix typo (#5258)
• c8717d998134895a10f4f7707a4f9572400ff800 upgrade go-retriablehttp to 0.7.7 (#5212)

v3.4.31

Changelog

• 856309f4a3466d653e360b581113c3ba8e9ed791 Task: respect image context in dev mode

v3.4.30

Changelog

• 8933103e2c92cc8d4e394c7f6fed9a84b3519083 Examples: add task example
• f6e8e3412af32c606f0a466c9e0e2e5ba24d8702 Task: add dev command
• 4345057ace99c3b21335ec3683adf2f9b730966e Task: update sdk type

v3.4.28

Changelog

• 98b9292b7a349d5385c9ea86f44a8ec7ed5022d5 Example: sync
• 89d3e34a467369a98d27b313cfa6fc2c488dcea5 Fix aws cluster health @​example (#5216)
• c9c922cece3451ae955a9c13257453e3d3ecde76 Update email.ts (#5222)
• 0557272e6765c693ba4ef718e01b1e55fe0f5a24 [Example]: Go APIGatewayV2 with Standard Library Http server (#5251)
• d54899aad83651247be18a518bb4670280a255e0 [Example]: add go lambda with dynamo usage example. (#5245)
• 258790a470293039bf6000ecfd5f8902156a0d7b fix: typos (#5240)

v3.4.27

Changelog

• 9423d8b78b8b2ea79859fd7182ef4475e30d43f3 dynamo: fix dynamo automatically being made linkable

v3.4.26

Changelog

• 185e04da312084f5bd3393dd78fba3c2b79b3227 Cluster: make task sdk type safe
• 051a3fdfa125567965e7564c650e75b52d20bb37 detect new bun lock file

v3.4.25

Changelog

• 775450f44de4de3a39de704ae2bad4184c1b50cf Cluster task
• 263c90c9118b46e0bb812c5537b6ce63a8b79482 Examples: sync
• 2caabf2b25614ca91c2cb532401d853b51027353 dev: do not run copyFiles in dev
• f9968199b1785ce79081c85a703bca5f4a7521bb pulumi: update pulumi sdk to match binary version

v3.4.24

Changelog

• d6f5cc75231827457b050c4609363b2e2295f139 fix gomod
• 21ce215fa6854bfa15b21838cdb41ff7d3a3eebd sst.aws.Function: experimental golang function support

v3.4.23

Changelog

... (truncated)

Commits

• See full diff in compare view

Updates astro from 4.16.8 to 5.1.1

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #12782 f3d8385 Thanks @​fhiromasa! - update comment in packages/astro/src/types/public/common.ts

• #12789 f632b94 Thanks @​ascorbic! - Pass raw frontmatter to remark plugins in glob loader

• #12799 739dbfb Thanks @​ascorbic! - Upgrades Vite to pin esbuild

[email protected]

Minor Changes

• #12441 b4fec3c Thanks @​ascorbic! - Adds experimental session support

  Sessions are used to store user state between requests for server-rendered pages, such as login status, shopping cart contents, or other user-specific data.

  ---
  export const prerender = false; // Not needed in 'server' mode
  const cart = await Astro.session.get('cart');
  ---
  <a href="/checkout">🛒 {cart?.length ?? 0} items</a>

  Sessions are available in on-demand rendered/SSR pages, API endpoints, actions and middleware. To enable session support, you must configure a storage driver.

  If you are using the Node.js adapter, you can use the fs driver to store session data on the filesystem:

  // astro.config.mjs
  {
    adapter: node({ mode: 'standalone' }),
    experimental: {
      session: {
        // Required: the name of the unstorage driver
        driver: "fs",
      },
    },
  }

  If you are deploying to a serverless environment, you can use drivers such as redis, netlify-blobs, vercel-kv, or cloudflare-kv-binding and optionally pass additional configuration options.

  For more information, including using the session API with other adapters and a full list of supported drivers, see the docs for experimental session support. For even more details, and to leave feedback and participate in the development of this feature, the Sessions RFC.

• #12426 3dc02c5 Thanks @​oliverlynch! - Improves asset caching of remote images

  Astro will now store entity tags and the Last-Modified date for cached remote images and use them to revalidate the cache when it goes stale.

... (truncated)

Changelog

Sourced from astro's changelog.

5.1.1

Patch Changes

• #12782 f3d8385 Thanks @​fhiromasa! - update comment in packages/astro/src/types/public/common.ts

• #12789 f632b94 Thanks @​ascorbic! - Pass raw frontmatter to remark plugins in glob loader

• #12799 739dbfb Thanks @​ascorbic! - Upgrades Vite to pin esbuild

5.1.0

Minor Changes

• #12441 b4fec3c Thanks @​ascorbic! - Adds experimental session support

  Sessions are used to store user state between requests for server-rendered pages, such as login status, shopping cart contents, or other user-specific data.

  ---
  export const prerender = false; // Not needed in 'server' mode
  const cart = await Astro.session.get('cart');
  ---
  <a href="/checkout">🛒 {cart?.length ?? 0} items</a>

  Sessions are available in on-demand rendered/SSR pages, API endpoints, actions and middleware. To enable session support, you must configure a storage driver.

  If you are using the Node.js adapter, you can use the fs driver to store session data on the filesystem:

  // astro.config.mjs
  {
    adapter: node({ mode: 'standalone' }),
    experimental: {
      session: {
        // Required: the name of the unstorage driver
        driver: "fs",
      },
    },
  }

  If you are deploying to a serverless environment, you can use drivers such as redis, netlify-blobs, vercel-kv, or cloudflare-kv-binding and optionally pass additional configuration options.

  For more information, including using the session API with other adapters and a full list of supported drivers, see the docs for experimental session support. For even more details, and to leave feedback and participate in the development of this feature, the Sessions RFC.

• #12426 3dc02c5 Thanks @​oliverlynch! - Improves asset caching of remote images

... (truncated)

Commits

• 5f4c543 [ci] release (#12790)
• 739dbfb fix(deps): upgrade Vite (#12799)
• f3d8385 update comment in packages/astro/src/types/public/common.ts (#12782)
• 49cc5d7 [ci] format
• f632b94 fix: pass raw frontmatter to when parsing markdown in glob loader (#12789)
• 5e9d1bc chore: move files to .mjs (#12765)
• 73b6c8b chore: fix links in session errors (#12787)
• 3f557b2 [ci] release (#12762)
• 4353fc5 fix: correctly return 404.astro in i18n (#12764)
• 45005a5 [ci] format
• Additional commits viewable in compare view

Updates @astrojs/node from 8.3.4 to 9.0.0

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​9.0.0

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

• #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

@​astrojs/node@​9.0.0-beta.3

Major Changes

• 167b369 Thanks @​bluwy! - Updates send dependency to v1.1.0

@​astrojs/node@​9.0.0-beta.2

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

Changelog

Sourced from @​astrojs/node's changelog.

9.0.0

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

• #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

9.0.0-beta.3

Major Changes

• 167b369 Thanks @​bluwy! - Updates send dependency to v1.1.0

9.0.0-beta.2

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

9.0.0-alpha.1

Major Changes

• #11679 ea71b90 Thanks @​florian-lefebvre! - Adds stable support for astro:env

... (truncated)

Commits

• 7057f09 [ci] release (#448)
• 21d79c8 Merge branch 'main' into next
• 0ba7a39 chore: update Astro peer dep for adapters (#449)
• 0d76496 chore(deps): update dependency @​types/node to v22 (#432)
• 9cedc9b fix(deps): update all non-major dependencies (#431)
• ff2e024 [ci] release (beta) (#400)
• 167b369 Update send to v1.1.0
• e30c046 Merge branch 'main' into next
• 5391c02 chore(deps): update all non-major dependencies (#428)
• 0c16fee chore(deps): update all non-major dependencies (#420)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@astrojs/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+20	491 kB	matthewp
npm/[email protected]	Transitive: environment, network, unsafe	+4	1.69 MB	sst-publisher
npm/[email protected]	Transitive: environment, eval, filesystem, network, shell	+280	46.4 MB	fredkschott, matthewp, natemoo-re
npm/[email protected]	environment, filesystem, network	+8	1.44 MB	sst-publisher

🚮 Removed packages: npm/@astrojs/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Possible typosquat attack	npm/[email protected]	Did you mean: emoji-regex~~-xs~~	@kindspells/astro-shield/package.json @kindspells/astro-shield/src/e2e/fixtures/dynamic/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid2/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid3/package.json @kindspells/astro-shield/src/e2e/fixtures/static/package.json docs/package.json pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[dependabot]

Superseded by #184.