Skip to content

chore(deps): bump the astro-cloudflare group across 1 directory with 5 updates#135

Merged
Sallyn0225 merged 2 commits into
mainfrom
dependabot/npm_and_yarn/astro-cloudflare-48ffe8133c
Jun 30, 2026
Merged

chore(deps): bump the astro-cloudflare group across 1 directory with 5 updates#135
Sallyn0225 merged 2 commits into
mainfrom
dependabot/npm_and_yarn/astro-cloudflare-48ffe8133c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the astro-cloudflare group with 5 updates in the / directory:

Package From To
@astrojs/cloudflare 13.7.0 14.0.2
@astrojs/react 5.0.7 6.0.0
astro 6.4.8 7.0.4
@cloudflare/workers-types 4.20260624.1 4.20260630.1
wrangler 4.104.0 4.105.0

Updates @astrojs/cloudflare from 13.7.0 to 14.0.2

Release notes

Sourced from @​astrojs/cloudflare's releases.

@​astrojs/cloudflare@​14.0.2

Patch Changes

  • #17049 ffceaa2 Thanks @​astrobot-houston! - Fixes prerender errors being silently swallowed when pages throw during rendering in workerd, causing astro build to exit 0 and emit truncated HTML. The response body is now fully buffered inside workerd before being sent back to the build process, so streaming errors are caught and surfaced as build failures with clear error messages.

  • Updated dependencies []:

    • @​astrojs/underscore-redirects@​1.0.3

@​astrojs/cloudflare@​14.0.1

Patch Changes

  • #17175 7a7d879 Thanks @​astrobot-houston! - Fixes astro dev OOM crashes for @astrojs/cloudflare users on Vite 8 by migrating the frontmatter scan plugin to Rolldown-compatible options.

  • #17187 0db4b57 Thanks @​matthewp! - Fixes React invalid hook warning during cold SSR optimizer reload when using ClientRouter

  • Updated dependencies []:

    • @​astrojs/underscore-redirects@​1.0.3

@​astrojs/cloudflare@​14.0.0

Major Changes

Minor Changes

  • #16335 9a53f77 Thanks @​ascorbic! - Adds an opt-in CDN cache provider for Astro route caching on Cloudflare Workers

    [!WARNING] This provider requires the Cloudflare Workers Cache feature, which is currently in private beta. It is opt-in: nothing changes unless you import cacheCloudflare() and set it as your provider. But without beta access it does not work and should not be used. Cloudflare Workers run in front of the cache, so cached responses are never served, and calling cache.invalidate() throws an error.

    Setup

    Import cacheCloudflare() from @astrojs/cloudflare/cache and set it as your cache provider:

    import { defineConfig } from 'astro/config';
    import cloudflare from '@astrojs/cloudflare';
    import { cacheCloudflare } from '@astrojs/cloudflare/cache';
    export default defineConfig({
    adapter: cloudflare(),
    cache: {
    provider: cacheCloudflare(),
    },
    });

    The adapter automatically enables the Worker caching layer when a Cloudflare cache provider is configured. No manual wrangler.jsonc changes are needed.

    Caching responses

... (truncated)

Changelog

Sourced from @​astrojs/cloudflare's changelog.

14.0.2

Patch Changes

  • #17049 ffceaa2 Thanks @​astrobot-houston! - Fixes prerender errors being silently swallowed when pages throw during rendering in workerd, causing astro build to exit 0 and emit truncated HTML. The response body is now fully buffered inside workerd before being sent back to the build process, so streaming errors are caught and surfaced as build failures with clear error messages.

  • Updated dependencies []:

    • @​astrojs/underscore-redirects@​1.0.3

14.0.1

Patch Changes

  • #17175 7a7d879 Thanks @​astrobot-houston! - Fixes astro dev OOM crashes for @astrojs/cloudflare users on Vite 8 by migrating the frontmatter scan plugin to Rolldown-compatible options.

  • #17187 0db4b57 Thanks @​matthewp! - Fixes React invalid hook warning during cold SSR optimizer reload when using ClientRouter

  • Updated dependencies []:

    • @​astrojs/underscore-redirects@​1.0.3

14.0.0

Major Changes

Minor Changes

  • #16335 9a53f77 Thanks @​ascorbic! - Adds an opt-in CDN cache provider for Astro route caching on Cloudflare Workers

    [!WARNING] This provider requires the Cloudflare Workers Cache feature, which is currently in private beta. It is opt-in: nothing changes unless you import cacheCloudflare() and set it as your provider. But without beta access it does not work and should not be used. Cloudflare Workers run in front of the cache, so cached responses are never served, and calling cache.invalidate() throws an error.

    Setup

    Import cacheCloudflare() from @astrojs/cloudflare/cache and set it as your cache provider:

    import { defineConfig } from 'astro/config';
    import cloudflare from '@astrojs/cloudflare';
    import { cacheCloudflare } from '@astrojs/cloudflare/cache';
    export default defineConfig({
    adapter: cloudflare(),
    cache: {
    provider: cacheCloudflare(),
    },
    });

... (truncated)

Commits

Updates @astrojs/react from 5.0.7 to 6.0.0

Release notes

Sourced from @​astrojs/react's releases.

@​astrojs/react@​6.0.0

Major Changes

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

@​astrojs/react@​6.0.0-beta.2

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

@​astrojs/react@​6.0.0-beta.1

Patch Changes

Changelog

Sourced from @​astrojs/react's changelog.

6.0.0

Major Changes

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

6.0.0-beta.2

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

6.0.0-beta.1

Patch Changes

6.0.0-alpha.0

... (truncated)

Commits
  • f55ba4c [ci] release (#17132)
  • 0da0678 [ci] release (beta) (#17089)
  • 4585fe5 fix(integrations): Export container renderers from a dedicated export path to...
  • 08b84d6 [ci] release (beta) (#17045)
  • 75cfa52 chore: merge main into next
  • 9c2b95b Merge remote-tracking branch 'origin/main' into chore/merge-main-into-next
  • 3652d1c chore: merge main into next
  • 29ec81d chore: merge main into next
  • 8d1af3b Merge remote-tracking branch 'origin/main' into chore/merge-main-into-next
  • ad9abdb Merge branch 'main' into chore/merge-main-into-next
  • Additional commits viewable in compare view

Updates astro from 6.4.8 to 7.0.4

Release notes

Sourced from astro's releases.

astro@7.0.4

Patch Changes

  • #17212 7ba0bb1 Thanks @​matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands

  • #17224 dc5e52f Thanks @​astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g., src/pages/api/[name].json.ts) with trailingSlash: "always" incorrectly required a trailing slash in dev mode, returning 404 for /api/bar.json and 200 for /api/bar.json/.

  • #17067 23f9446 Thanks @​fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.

  • #17234 d5fbee8 Thanks @​ocavue! - Adds support for sharp v0.35. pnpm users no longer need to approve sharp's build script (see allowBuilds) when on v0.35.

  • #17223 5970ef4 Thanks @​astrobot-houston! - Fixes getCollection() returning empty in dev mode for large content collections (500k+ entries)

  • #17184 799e5cd Thanks @​Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.

  • #17208 da8b573 Thanks @​matthewp! - Hardens forwarded header handling so the internal request helper validates X-Forwarded-Host against security.allowedDomains before trusting X-Forwarded-For for clientAddress. Previously it only checked that the header was present, which was inconsistent with the public createRequest helper. This aligns both code paths; behavior is unchanged for correctly configured proxies.

astro@7.0.3

Patch Changes

  • #17189 24d2c9e Thanks @​astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

  • #16932 8f4a3db Thanks @​fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

  • #17087 fb0ab02 Thanks @​jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

astro@7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

astro@7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

astro@7.0.0

Major Changes

... (truncated)

Changelog

Sourced from astro's changelog.

7.0.4

Patch Changes

  • #17212 7ba0bb1 Thanks @​matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands

  • #17224 dc5e52f Thanks @​astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g., src/pages/api/[name].json.ts) with trailingSlash: "always" incorrectly required a trailing slash in dev mode, returning 404 for /api/bar.json and 200 for /api/bar.json/.

  • #17067 23f9446 Thanks @​fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.

  • #17234 d5fbee8 Thanks @​ocavue! - Adds support for sharp v0.35. pnpm users no longer need to approve sharp's build script (see allowBuilds) when on v0.35.

  • #17223 5970ef4 Thanks @​astrobot-houston! - Fixes getCollection() returning empty in dev mode for large content collections (500k+ entries)

  • #17184 799e5cd Thanks @​Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.

  • #17208 da8b573 Thanks @​matthewp! - Hardens forwarded header handling so the internal request helper validates X-Forwarded-Host against security.allowedDomains before trusting X-Forwarded-For for clientAddress. Previously it only checked that the header was present, which was inconsistent with the public createRequest helper. This aligns both code paths; behavior is unchanged for correctly configured proxies.

7.0.3

Patch Changes

  • #17189 24d2c9e Thanks @​astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

  • #16932 8f4a3db Thanks @​fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

  • #17087 fb0ab02 Thanks @​jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

7.0.0

Major Changes

... (truncated)

Commits

Updates @cloudflare/workers-types from 4.20260624.1 to 4.20260630.1

Commits

Updates wrangler from 4.104.0 to 4.105.0

Release notes

Sourced from wrangler's releases.

wrangler@4.105.0

Minor Changes

  • #14311 34e0cef Thanks @​sherryliu-lsy! - Add Google Artifact Registry support to containers registries configure

    wrangler containers registries configure now recognizes *-docker.pkg.dev (Google Artifact Registry) domains.

    • The Google service account email is the public credential, supplied with --gar-email. It must match the client_email in the service account key.
    • The service account JSON key is the private credential. It is provided via stdin (a file path, raw JSON, or base64) or an interactive prompt (a file path or base64) — never as a CLI flag, so it does not appear in shell history. The key is validated against --gar-email and stored base64-encoded.
    • Secret reuse inherits the existence-first flow: when the target Secrets Store secret already exists, it is reused by reference and the key is not required. In that case the email cannot be verified locally; it is validated against the key when images are pulled.
    <path-to-key>.json | npx wrangler@latest containers registries configure <region>-docker.pkg.dev --gar-email=<service-account-email> --secret-name=Google_Service_Account_JSON_Key

Patch Changes

  • #14424 5f40dd5 Thanks @​MattieTK! - Bump am-i-vibing from 0.4.0 to 0.5.0

    This updates the agentic environment detection library to the latest version, which adds detection for the Pi coding agent (earendil-works/pi).

  • #14406 3b743c1 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260623.1 1.20260625.1
  • #14343 daa5389 Thanks @​th0m! - Use digest-pinned image references for Dockerfile container deploys

    Dockerfile-backed container deploys now use the pushed image digest when deploying the container application. This lets snapshot-enabled container apps pass Cloudchamber validation while keeping local, non-pushed builds and registry image URI deploys unchanged.

  • #14394 8a5cf8c Thanks @​Partha-Shankar! - fix(d1): escape migrationsTableName and filenames in SQLite queries

    D1 migration commands in both wrangler and @cloudflare/vitest-pool-workers interpolated the migrationsTableName config value and migration filenames directly into SQL strings without any escaping. This meant:

    • A table name such as my"table would produce invalid SQL in CREATE TABLE, SELECT, and INSERT statements, and
    • A migration filename containing an apostrophe (e.g. what's-new.sql) would break the INSERT INTO ... VALUES ('...') statement appended after each migration in wrangler.

    Both identifiers are now properly escaped before interpolation: migrationsTableName is wrapped in double-quotes with internal double-quotes doubled (SQL-standard identifier quoting), and migration filenames used as string literals have their single-quotes doubled before insertion.

  • Updated dependencies [3b743c1]:

    • miniflare@4.20260625.0
Commits
  • 70d97d9 Version Packages (#14401)
  • 5f40dd5 [wrangler] Bump am-i-vibing from 0.4.0 to 0.5.0 (#14424)
  • 3b743c1 Bump workerd from 1.20260623.1 to 1.20260625.1 in the workerd-and-workers-typ...
  • 10543c1 [wrangler] interpolate current date to fix brittle test (#14421)
  • 76cc8d6 extremely minor refactor of versions upload/deploy validation (#14400)
  • daa5389 Use digest-pinned images for Dockerfile container deploys (#14343)
  • 34e0cef CC-7948 Update wrangler CLI to support GAR (#14311)
  • 8a5cf8c [wrangler] fix(d1): escape migrationsTableName and filenames in SQLite querie...
  • See full diff in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from Sallyn0225 as a code owner June 29, 2026 01:08
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 29, 2026
…5 updates

Bumps the astro-cloudflare group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/cloudflare](https://github.com/withastro/astro/tree/HEAD/packages/integrations/cloudflare) | `13.7.0` | `14.0.2` |
| [@astrojs/react](https://github.com/withastro/astro/tree/HEAD/packages/integrations/react) | `5.0.7` | `6.0.0` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `6.4.8` | `7.0.4` |
| [@cloudflare/workers-types](https://github.com/cloudflare/workerd) | `4.20260624.1` | `4.20260630.1` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.104.0` | `4.105.0` |



Updates `@astrojs/cloudflare` from 13.7.0 to 14.0.2
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/cloudflare/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/cloudflare@14.0.2/packages/integrations/cloudflare)

Updates `@astrojs/react` from 5.0.7 to 6.0.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/react/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/react@6.0.0/packages/integrations/react)

Updates `astro` from 6.4.8 to 7.0.4
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.4/packages/astro)

Updates `@cloudflare/workers-types` from 4.20260624.1 to 4.20260630.1
- [Release notes](https://github.com/cloudflare/workerd/releases)
- [Changelog](https://github.com/cloudflare/workerd/blob/main/RELEASE.md)
- [Commits](https://github.com/cloudflare/workerd/commits)

Updates `wrangler` from 4.104.0 to 4.105.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.105.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@astrojs/cloudflare"
  dependency-version: 14.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: astro-cloudflare
- dependency-name: "@astrojs/react"
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: astro-cloudflare
- dependency-name: "@cloudflare/workers-types"
  dependency-version: 4.20260628.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: astro-cloudflare
- dependency-name: astro
  dependency-version: 7.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: astro-cloudflare
- dependency-name: wrangler
  dependency-version: 4.105.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: astro-cloudflare
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump the astro-cloudflare group with 5 updates chore(deps): bump the astro-cloudflare group across 1 directory with 5 updates Jun 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/astro-cloudflare-48ffe8133c branch from 3c5542e to ac83234 Compare June 30, 2026 12:49
@Sallyn0225 Sallyn0225 merged commit 0fd55a2 into main Jun 30, 2026
3 checks passed
@Sallyn0225 Sallyn0225 deleted the dependabot/npm_and_yarn/astro-cloudflare-48ffe8133c branch June 30, 2026 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant