chore(deps): bump the prod-deps group across 1 directory with 4 updates

[dependabot]

Bumps the prod-deps group with 4 updates in the / directory: astro-sst, sst, astro and @astrojs/node.

Updates astro-sst from 2.43.5 to 2.45.2

Release notes

Sourced from astro-sst's releases.

[email protected]

Patch Changes

• 263bcb0: Migrating to astro-sst repo

Changelog

Sourced from astro-sst's changelog.

2.45.2

Patch Changes

• 263bcb0: Migrating to astro-sst repo

2.44.0

2.43.8

2.43.7

2.43.6

Patch Changes

• a68ca8416 Thanks @​thdxr! - switch to v2 tag

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by sst-publisher, a new releaser for astro-sst since your current version.

Updates sst from 3.2.73 to 3.4.54

Release notes

Sourced from sst's releases.

v3.4.54

Changelog

• 7c0ddea2b3504ad3491ab363521b3a776884dade Added index.handler path (#5273)
• 86cd3e972d5518b67d1e649e6677707bb0797d53 Aurora: RDS Proxy pricing (#5284)
• 149589b3e7f2a9079bd3017afb4241675c2397db cli: fixed error wrapping
• 8dcc9ac117c188c6287900a1b82f75f4a3b52e7c fix: aurora vpc arg type (#5293)

v3.4.53

Changelog

• e1cdb20d244396ebb72a270de5067d8451ab7e99 Aurora: Enable Data API via arg & expose arns for cluster and secret (#5274)
• 9d7374144514b5249c465bc77391ab709954040a Aurora: add dev command (#5283)
• b93fab5d2a30104b8dded150879f9fcea6b0c94e Aurora: use cluster endpoint instead of instance endpoint
• 21eaf7099f14207fc38e5bbda2fd9bfe9fe62a2a Example: aws-aurora-local
• b57b230084fe29f7c3fb7cbb1bc9b734edd5d54d examples: add aurora to playground

v3.4.52

Changelog

• c9c60ff8d93afe2d208a1bd9ff5045a4fa6d5f9a Service: support scaling by request count

v3.4.51

Changelog

• 7f18a174aef2e7e9255969c1f624880c95d131f9 Vpc: transform nat instance
• 90ab79367dcedf57f707a25f10210a5152a782ad sync

v3.4.50

Changelog

• 4b8cd26e2bfb4de2a2ccdb184a0f56d1566d51f6 cli: improve colors espeically for light themes

v3.4.49

Changelog

• ac07c6b1af6a99396159c0a7026444db82c1c3a6 Vpc: fix bastion ami lookup

v3.4.48

Changelog

• 476df291a6373df0bf199e0a1a69c362197b1f92 Aurora: enable storage encryption
• 06afc1ec43e5f9242eaddac09a57df9ef5ceb92c fix: ensure pause after is only set with min ACU 0 (#5276)

v3.4.47

Changelog

• 476df291a6373df0bf199e0a1a69c362197b1f92 Aurora: enable storage encryption
• 10c447be154cb79577842349082cce836410d6b6 Merge branch 'dev' into pr/5276
• 5f17b32d36c77dc02efea51288aa7d05a9e675cf b: update
• 54d8d64c74ffffeef7790cef5619d405ce34e32a b: update
• 2934d2fd8d4099be113a572cb3b0106c3f6a88ac b: update
• 95883b6c1e4f9adcfef6cbde412c7b0aa03e7e2f fix: ensure pause after is only set with min ACU 0
• fb9f016359af538b4074940b59dd01887151d321 sync

v3.4.46

Changelog

• 5fcebcba6787b454aa6236619efd3e1a162c97ed Aurora: update default parameter group

... (truncated)

Commits

• See full diff in compare view

Updates astro from 4.16.8 to 5.1.2

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #12798 7b0cb85 Thanks @​ascorbic! - Improves warning logs for invalid content collection configuration

• #12781 96c4b92 Thanks @​ascorbic! - Fixes a regression that caused default() to not work with reference()

• #12820 892dd9f Thanks @​ascorbic! - Fixes a bug that caused cookies to not be deleted when destroying a session

• #12864 440d8a5 Thanks @​kaytwo! - Fixes a bug where the session ID wasn't correctly regenerated

• #12768 524c855 Thanks @​ematipico! - Fixes an issue where Astro didn't print error logs when Astro Islands were used in incorrect cases.

• #12814 f12f111 Thanks @​ematipico! - Fixes an issue where Astro didn't log anything in case a file isn't created during the build.

• #12875 e109002 Thanks @​ascorbic! - Fixes a bug in emulated legacy collections where the entry passed to the getCollection filter function did not include the legacy entry fields.

• #12768 524c855 Thanks @​ematipico! - Fixes an issue where Astro was printing the incorrect output format when running the astro build command

• #12810 70a9f0b Thanks @​louisescher! - Fixes server islands failing to check content-type header under certain circumstances

  Sometimes a reverse proxy or similar service might modify the content-type header to include the charset or other parameters in the media type of the response. This previously wasn't handled by the client-side server island script and thus removed the script without actually placing the requested content in the DOM. This fix makes it so the script checks if the header starts with the proper content type instead of exactly matching text/html, so the following will still be considered a valid header: text/html; charset=utf-8

• #12816 7fb2184 Thanks @​ematipico! - Fixes an issue where an injected route entrypoint wasn't correctly marked because the resolved file path contained a query parameter.

  This fixes some edge case where some injected entrypoint were not resolved when using an adapter.

[email protected]

Patch Changes

• #12782 f3d8385 Thanks @​fhiromasa! - update comment in packages/astro/src/types/public/common.ts

• #12789 f632b94 Thanks @​ascorbic! - Pass raw frontmatter to remark plugins in glob loader

• #12799 739dbfb Thanks @​ascorbic! - Upgrades Vite to pin esbuild

[email protected]

Minor Changes

• #12441 b4fec3c Thanks @​ascorbic! - Adds experimental session support

  Sessions are used to store user state between requests for server-rendered pages, such as login status, shopping cart contents, or other user-specific data.

  ---
  export const prerender = false; // Not needed in 'server' mode
  const cart = await Astro.session.get('cart');
  ---
  <a href="/checkout">🛒 {cart?.length ?? 0} items</a>

... (truncated)

Changelog

Sourced from astro's changelog.

5.1.2

Patch Changes

• #12798 7b0cb85 Thanks @​ascorbic! - Improves warning logs for invalid content collection configuration

• #12781 96c4b92 Thanks @​ascorbic! - Fixes a regression that caused default() to not work with reference()

• #12820 892dd9f Thanks @​ascorbic! - Fixes a bug that caused cookies to not be deleted when destroying a session

• #12864 440d8a5 Thanks @​kaytwo! - Fixes a bug where the session ID wasn't correctly regenerated

• #12768 524c855 Thanks @​ematipico! - Fixes an issue where Astro didn't print error logs when Astro Islands were used in incorrect cases.

• #12814 f12f111 Thanks @​ematipico! - Fixes an issue where Astro didn't log anything in case a file isn't created during the build.

• #12875 e109002 Thanks @​ascorbic! - Fixes a bug in emulated legacy collections where the entry passed to the getCollection filter function did not include the legacy entry fields.

• #12768 524c855 Thanks @​ematipico! - Fixes an issue where Astro was printing the incorrect output format when running the astro build command

• #12810 70a9f0b Thanks @​louisescher! - Fixes server islands failing to check content-type header under certain circumstances

  Sometimes a reverse proxy or similar service might modify the content-type header to include the charset or other parameters in the media type of the response. This previously wasn't handled by the client-side server island script and thus removed the script without actually placing the requested content in the DOM. This fix makes it so the script checks if the header starts with the proper content type instead of exactly matching text/html, so the following will still be considered a valid header: text/html; charset=utf-8

• #12816 7fb2184 Thanks @​ematipico! - Fixes an issue where an injected route entrypoint wasn't correctly marked because the resolved file path contained a query parameter.

  This fixes some edge case where some injected entrypoint were not resolved when using an adapter.

5.1.1

Patch Changes

• #12782 f3d8385 Thanks @​fhiromasa! - update comment in packages/astro/src/types/public/common.ts

• #12789 f632b94 Thanks @​ascorbic! - Pass raw frontmatter to remark plugins in glob loader

• #12799 739dbfb Thanks @​ascorbic! - Upgrades Vite to pin esbuild

5.1.0

Minor Changes

• #12441 b4fec3c Thanks @​ascorbic! - Adds experimental session support

  Sessions are used to store user state between requests for server-rendered pages, such as login status, shopping cart contents, or other user-specific data.

  ---
  export const prerender = false; // Not needed in 'server' mode
  const cart = await Astro.session.get('cart');

... (truncated)

Commits

• 161df28 [ci] release (#12801)
• 7fb2184 fix: injected route entrypoint (#12816)
• f12f111 fix: missing log (#12814)
• e109002 fix: pass emulated entry to getCollection filter function (#12875)
• ac00c64 [ci] format
• 524c855 fix(core): add error log for server islands (#12768)
• 892dd9f fix: pass cookie options to delete (#12820)
• 440d8a5 fix: session regeneration (#12864)
• 96c4b92 fix: make reference() a sync transform (#12781)
• 5ab724c [ci] format
• Additional commits viewable in compare view

Updates @astrojs/node from 8.3.4 to 9.0.0

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​9.0.0

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

• #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

@​astrojs/node@​9.0.0-beta.3

Major Changes

• 167b369 Thanks @​bluwy! - Updates send dependency to v1.1.0

@​astrojs/node@​9.0.0-beta.2

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

Changelog

Sourced from @​astrojs/node's changelog.

9.0.0

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

• #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

9.0.0-beta.3

Major Changes

• 167b369 Thanks @​bluwy! - Updates send dependency to v1.1.0

9.0.0-beta.2

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

9.0.0-alpha.1

Major Changes

• #11679 ea71b90 Thanks @​florian-lefebvre! - Adds stable support for astro:env

... (truncated)

Commits

• 7057f09 [ci] release (#448)
• 21d79c8 Merge branch 'main' into next
• 0ba7a39 chore: update Astro peer dep for adapters (#449)
• 0d76496 chore(deps): update dependency @​types/node to v22 (#432)
• 9cedc9b fix(deps): update all non-major dependencies (#431)
• ff2e024 [ci] release (beta) (#400)
• 167b369 Update send to v1.1.0
• e30c046 Merge branch 'main' into next
• 5391c02 chore(deps): update all non-major dependencies (#428)
• 0c16fee chore(deps): update all non-major dependencies (#420)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@astrojs/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+20	491 kB	matthewp
npm/[email protected]	Transitive: environment, network, unsafe	+4	1.69 MB	sst-publisher
npm/[email protected]	Transitive: environment, eval, filesystem, network, shell	+282	45.8 MB	fredkschott, matthewp, natemoo-re
npm/[email protected]	environment, filesystem, network	+8	1.44 MB	sst-publisher

🚮 Removed packages: npm/@astrojs/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Possible typosquat attack	npm/[email protected]	Did you mean: emoji-regex~~-xs~~	@kindspells/astro-shield/package.json @kindspells/astro-shield/src/e2e/fixtures/dynamic/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid2/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid3/package.json @kindspells/astro-shield/src/e2e/fixtures/static/package.json docs/package.json pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]