Skip to content

chore(deps): bump astro from 6.4.4 to 6.4.6 in /website#963

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/website/astro-6.4.6
Open

chore(deps): bump astro from 6.4.4 to 6.4.6 in /website#963
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/website/astro-6.4.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 12, 2026

Copy link
Copy Markdown
Contributor

Bumps astro from 6.4.4 to 6.4.6.

Release notes

Sourced from astro's releases.

astro@6.4.6

Patch Changes

  • #16765 b10e86e Thanks @​fkatsuhiro! - Fixes an issue where renaming an image file while the dev server is running triggers a build error. Now Astro correctly hot-reloads the image without crashing.

  • #17026 add3df1 Thanks @​matthewp! - Hardens addAttribute to drop attribute names containing characters that are invalid per the HTML spec (", ', >, /, =, whitespace)

  • #17033 ffda27b Thanks @​matthewp! - Validates the request origin against allowedDomains before fetching prerendered error pages. When allowedDomains is configured and the Host header matches, the original origin is used. Otherwise, the fetch falls back to localhost.

astro@6.4.5

Patch Changes

  • #16985 4ecff32 Thanks @​maximslo! - Fixes the experimental.logger destination not being used for the "Server listening on..." startup message. The logger is now resolved before the server starts listening, and adapterLogger re-creates itself when the underlying logger changes so the startup message uses the correct destination.

  • #16947 e0703a6 Thanks @​ematipico! - Fixes Astro.request.url not reflecting validated X-Forwarded-Proto/X-Forwarded-Host headers when security.allowedDomains is configured. Previously, only Astro.url was updated with the forwarded origin while Astro.request.url retained the socket-derived URL, causing the two to diverge behind TLS-terminating proxies.

  • #16997 dc45246 Thanks @​matthewp! - Reverts a change to isNode runtime detection that caused a significant build time regression for Cloudflare adapter users with large prerendered sites

Changelog

Sourced from astro's changelog.

6.4.6

Patch Changes

  • #16765 b10e86e Thanks @​fkatsuhiro! - Fixes an issue where renaming an image file while the dev server is running triggers a build error. Now Astro correctly hot-reloads the image without crashing.

  • #17026 add3df1 Thanks @​matthewp! - Hardens addAttribute to drop attribute names containing characters that are invalid per the HTML spec (", ', >, /, =, whitespace)

  • #17033 ffda27b Thanks @​matthewp! - Validates the request origin against allowedDomains before fetching prerendered error pages. When allowedDomains is configured and the Host header matches, the original origin is used. Otherwise, the fetch falls back to localhost.

6.4.5

Patch Changes

  • #16985 4ecff32 Thanks @​maximslo! - Fixes the experimental.logger destination not being used for the "Server listening on..." startup message. The logger is now resolved before the server starts listening, and adapterLogger re-creates itself when the underlying logger changes so the startup message uses the correct destination.

  • #16947 e0703a6 Thanks @​ematipico! - Fixes Astro.request.url not reflecting validated X-Forwarded-Proto/X-Forwarded-Host headers when security.allowedDomains is configured. Previously, only Astro.url was updated with the forwarded origin while Astro.request.url retained the socket-derived URL, causing the two to diverge behind TLS-terminating proxies.

  • #16997 dc45246 Thanks @​matthewp! - Reverts a change to isNode runtime detection that caused a significant build time regression for Cloudflare adapter users with large prerendered sites

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump astro from 6.4.4 to 6.4.6 in /website
67131a6 
Bumps [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) from 6.4.4 to 6.4.6.
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.4.6/packages/astro)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 6.4.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the area:dependencies Composer/npm dependency work label Jun 12, 2026
@dependabot dependabot Bot requested a review from ashleyshaw as a code owner June 12, 2026 08:24
@chatgpt-codex-connector

chatgpt-codex-connector Bot commented Jun 12, 2026

Copy link
Copy Markdown

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

@github-actions github-actions Bot added lang:json JSON config/content status:needs-review Awaiting code review priority:normal Default priority type:chore Chore / small hygiene change meta:needs-changelog Requires a changelog entry before merge meta:dependabot-security Dependabot update appears security-related and eligible for guarded automation labels Jun 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashleyshaw ashleyshaw Awaiting requested review from ashleyshaw ashleyshaw is a code owner

Assignees

No one assigned

Labels

area:dependencies Composer/npm dependency work lang:json JSON config/content meta:dependabot-security Dependabot update appears security-related and eligible for guarded automation meta:needs-changelog Requires a changelog entry before merge priority:normal Default priority status:needs-review Awaiting code review type:chore Chore / small hygiene change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants