chore: Bump esbuild, @astrojs/starlight, astro and vite-node

[dependabot]

Bumps esbuild to 0.25.5 and updates ancestor dependencies esbuild, @astrojs/starlight, astro and vite-node. These dependencies need to be updated together.

Updates esbuild from 0.21.5 to 0.25.5

Release notes

Sourced from esbuild's releases.

v0.25.5

• Fix a regression with browser in package.json (#4187)

  The fix to #4144 in version 0.25.3 introduced a regression that caused browser overrides specified in package.json to fail to override relative path names that end in a trailing slash. That behavior change affected the [email protected] package. This regression has been fixed, and now has test coverage.

• Add support for certain keywords as TypeScript tuple labels (#4192)

  Previously esbuild could incorrectly fail to parse certain keywords as TypeScript tuple labels that are parsed by the official TypeScript compiler if they were followed by a ? modifier. These labels included function, import, infer, new, readonly, and typeof. With this release, these keywords will now be parsed correctly. Here's an example of some affected code:

  type Foo = [
    value: any,
    readonly?: boolean, // This is now parsed correctly
  ]

• Add CSS prefixes for the stretch sizing value (#4184)

  This release adds support for prefixing CSS declarations such as div { width: stretch }. That CSS is now transformed into this depending on what the --target= setting includes:

  div {
    width: -webkit-fill-available;
    width: -moz-available;
    width: stretch;
  }

v0.25.4

• Add simple support for CORS to esbuild's development server (#4125)

  Starting with version 0.25.0, esbuild's development server is no longer configured to serve cross-origin requests. This was a deliberate change to prevent any website you visit from accessing your running esbuild development server. However, this change prevented (by design) certain use cases such as "debugging in production" by having your production website load code from localhost where the esbuild development server is running.

  To enable this use case, esbuild is adding a feature to allow Cross-Origin Resource Sharing (a.k.a. CORS) for simple requests. Specifically, passing your origin to the new cors option will now set the Access-Control-Allow-Origin response header when the request has a matching Origin header. Note that this currently only works for requests that don't send a preflight OPTIONS request, as esbuild's development server doesn't currently support OPTIONS requests.

  Some examples:

  • CLI:

    esbuild --servedir=. --cors-origin=https://example.com
    

  • JS:

    const ctx = await esbuild.context({})
    await ctx.serve({
      servedir: '.',
      cors: {

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

• Fix regression with --define and import.meta (#4010, #4012, #4013)

  The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

  This fix was contributed by @​sapphi-red.

0.24.1

• Allow es2024 as a target in tsconfig.json (#4004)

  TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

  {
    "compilerOptions": {
      "target": "ES2024"
    }
  }

  As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

  This fix was contributed by @​billyjanitsch.

• Allow automatic semicolon insertion after get/set

  This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

  class Foo {
    get
    *x() {}
    set
    *y() {}
  }

  The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

• Allow quoted property names in --define and --pure (#4008)

  The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits

• ea453bf publish 0.25.5 to npm
• 223ddc6 fix #4187: browser package.json regression
• b2c8251 fix #4192: typescript tuple label parser edge case
• 28cf2f3 fix #4184: css prefixes for stretch
• bee1b09 fix comment indents
• 9ddfe5f run make update-compat-table
• c339f34 fix a misplaced comment
• 218d29e publish 0.25.4 to npm
• e66cd0b dev server: simple support for CORS requests (#4171)
• 8bf3368 js api: validate some options as arrays of strings
• Additional commits viewable in compare view

Updates @astrojs/starlight from 0.28.3 to 0.34.4

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.34.4

Patch Changes

• #3205 95d124a Thanks @​sgalcheung! - Fixes an issue preventing to use the <StarlightPage> component when the docs content collection that Starlight uses does not exist.

• #3206 e6ea584 Thanks @​HiDeoo! - Fixes a text selection issue for heading with a clickable anchor link when using double click to select text in Chrome and Safari.

• #3233 3064c40 Thanks @​torn4dom4n! - Updates Vietnamese UI translations.

• #3248 16c1239 Thanks @​HiDeoo! - Prevents icons in the <Card> component from being shrunk in some narrow viewports.

• #3225 21b93b8 Thanks @​randomguy-2650! - Updates German UI translations

@​astrojs/starlight@​0.34.3

Patch Changes

• #3058 274cc06 Thanks @​techfg! - Fixes display of focus indicator around site title

• #3181 449c822 Thanks @​HiDeoo! - Fixes an issue where all headings in Markdown and MDX content were rendered with a clickable anchor link, even in non-Starlight pages.

• #3168 ca693fe Thanks @​jsparkdev! - Updates Korean langage support with improvements and missing translations

@​astrojs/starlight@​0.34.2

Patch Changes

• #3153 ea31f46 Thanks @​SuperKXT! - Fixes hover styles for highlighted directory in FileTree component.

• #2905 b5232bc Thanks @​HiDeoo! - Fixes a potential issue for projects with dynamic routes added by an user, an Astro integration, or a Starlight plugin where some styles could end up being missing.

• #3165 80a7871 Thanks @​KianNH! - Increases maxBuffer for an internal spawnSync() call to support larger Git commit histories when using Starlight's lastUpdated feature.

• #3158 d1f3c8b Thanks @​heisenberg0924! - Adds Hungarian language support

@​astrojs/starlight@​0.34.1

Patch Changes

• #3140 f6eb1d5 Thanks @​HiDeoo! - Fixes a text selection issue for heading with a clickable anchor link when using double or triple click to select text.

• #3148 dc8b6d5 Thanks @​HiDeoo! - Fixes a regression of the Starlight icon color when using the credits configuration option.

@​astrojs/starlight@​0.34.0

Minor Changes

• #2322 f14eb0c Thanks @​HiDeoo! - Groups all of Starlight's CSS declarations into a single starlight cascade layer.

  This change allows for easier customization of Starlight's CSS as any custom unlayered CSS will override the default styles. If you are using cascade layers in your custom CSS, you can use the @layer CSS at-rule to define the order of precedence for different layers including the ones used by Starlight.

  We recommend checking your site’s appearance when upgrading to make sure there are no style regressions caused by this change.

• #3122 3a087d8 Thanks @​delucis! - Removes default attrs and content values from head entries parsed using Starlight’s schema.

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.34.4

Patch Changes

• #3205 95d124a Thanks @​sgalcheung! - Fixes an issue preventing to use the <StarlightPage> component when the docs content collection that Starlight uses does not exist.

• #3206 e6ea584 Thanks @​HiDeoo! - Fixes a text selection issue for heading with a clickable anchor link when using double click to select text in Chrome and Safari.

• #3233 3064c40 Thanks @​torn4dom4n! - Updates Vietnamese UI translations.

• #3248 16c1239 Thanks @​HiDeoo! - Prevents icons in the <Card> component from being shrunk in some narrow viewports.

• #3225 21b93b8 Thanks @​randomguy-2650! - Updates German UI translations

0.34.3

Patch Changes

• #3058 274cc06 Thanks @​techfg! - Fixes display of focus indicator around site title

• #3181 449c822 Thanks @​HiDeoo! - Fixes an issue where all headings in Markdown and MDX content were rendered with a clickable anchor link, even in non-Starlight pages.

• #3168 ca693fe Thanks @​jsparkdev! - Updates Korean langage support with improvements and missing translations

0.34.2

Patch Changes

• #3153 ea31f46 Thanks @​SuperKXT! - Fixes hover styles for highlighted directory in FileTree component.

• #2905 b5232bc Thanks @​HiDeoo! - Fixes a potential issue for projects with dynamic routes added by an user, an Astro integration, or a Starlight plugin where some styles could end up being missing.

• #3165 80a7871 Thanks @​KianNH! - Increases maxBuffer for an internal spawnSync() call to support larger Git commit histories when using Starlight's lastUpdated feature.

• #3158 d1f3c8b Thanks @​heisenberg0924! - Adds Hungarian language support

0.34.1

Patch Changes

• #3140 f6eb1d5 Thanks @​HiDeoo! - Fixes a text selection issue for heading with a clickable anchor link when using double or triple click to select text.

• #3148 dc8b6d5 Thanks @​HiDeoo! - Fixes a regression of the Starlight icon color when using the credits configuration option.

0.34.0

Minor Changes

• #2322 f14eb0c Thanks @​HiDeoo! - Groups all of Starlight's CSS declarations into a single starlight cascade layer.

... (truncated)

Commits

• fc6f311 [ci] release (#3249)
• e6ea584 Fix double click selection issues for heading with a clickable anchor link (#...
• 16c1239 Prevent \<Card> icon from being shrunk (#3248)
• 3064c40 i18n(vi): update Vietnamese translations (#3233)
• 21b93b8 i18n(de): Add missing translations for de.json (#3225)
• c4ce908 [ci] format
• 95d124a fix userCollections?.docs (#3205)
• dbe5e37 Fix E2E tests compatibility with Node.js 23+ (#3200)
• 33997c1 [ci] release (#3166)
• 449c822 Prevent heading anchor links on non-Starlight content (#3181)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by matthewp, a new releaser for @​astrojs/starlight since your current version.

Updates astro from 4.16.18 to 5.9.3

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #13923 a9ac5ed Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy (CSP) only

  Changes the behavior of experimental Content Security Policy (CSP) to now serve hashes differently depending on whether or not a page is prerendered:

  • Via the <meta> element for static pages.
  • Via the Response header content-security-policy for on-demand rendered pages.

  This new strategy allows you to add CSP content that is not supported in a <meta> element (e.g. report-uri, frame-ancestors, and sandbox directives) to on-demand rendered pages.

  No change to your project code is required as this is an implementation detail. However, this will result in a different HTML output for pages that are rendered on demand. Please check your production site to verify that CSP is working as intended.

  To keep up to date with this developing feature, or to leave feedback, visit the CSP Roadmap proposal.

• #13926 953a249 Thanks @​ematipico! - Adds a new Astro Adapter Feature called experimentalStaticHeaders to allow your adapter to receive the Headers for rendered static pages.

  Adapters that enable support for this feature can access header values directly, affecting their handling of some Astro features such as Content Security Policy (CSP). For example, Astro will no longer serve the CSP <meta http-equiv="content-security-policy"> element in static pages to adapters with this support.

  Astro will serve the value of the header inside a map that can be retrieved from the hook astro:build:generated. Adapters can read this mapping and use their hosting headers capabilities to create a configuration file.

  A new field called experimentalRouteToHeaders will contain a map of Map<IntegrationResolvedRoute, Headers> where the Headers type contains the headers emitted by the rendered static route.

  To enable support for this experimental Astro Adapter Feature, add it to your adapterFeatures in your adapter config:

  // my-adapter.mjs
  export default function createIntegration() {
    return {
      name: '@example/my-adapter',
      hooks: {
        'astro:config:done': ({ setAdapter }) => {
          setAdapter({
            name: '@example/my-adapter',
            serverEntrypoint: '@example/my-adapter/server.js',
            adapterFeatures: {
              experimentalStaticHeaders: true,
            },
          });
        },
      },
    };
  }

  See the Adapter API docs for more information about providing adapter features.

• #13697 af83b85 Thanks @​benosmac! - Fixes issues with fallback route pattern matching when i18n.routing.fallbackType is rewrite.

... (truncated)

Changelog

Sourced from astro's changelog.

5.9.3

Patch Changes

• #13923 a9ac5ed Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy (CSP) only

  Changes the behavior of experimental Content Security Policy (CSP) to now serve hashes differently depending on whether or not a page is prerendered:

  • Via the <meta> element for static pages.
  • Via the Response header content-security-policy for on-demand rendered pages.

  This new strategy allows you to add CSP content that is not supported in a <meta> element (e.g. report-uri, frame-ancestors, and sandbox directives) to on-demand rendered pages.

  No change to your project code is required as this is an implementation detail. However, this will result in a different HTML output for pages that are rendered on demand. Please check your production site to verify that CSP is working as intended.

  To keep up to date with this developing feature, or to leave feedback, visit the CSP Roadmap proposal.

• #13926 953a249 Thanks @​ematipico! - Adds a new Astro Adapter Feature called experimentalStaticHeaders to allow your adapter to receive the Headers for rendered static pages.

  Adapters that enable support for this feature can access header values directly, affecting their handling of some Astro features such as Content Security Policy (CSP). For example, Astro will no longer serve the CSP <meta http-equiv="content-security-policy"> element in static pages to adapters with this support.

  Astro will serve the value of the header inside a map that can be retrieved from the hook astro:build:generated. Adapters can read this mapping and use their hosting headers capabilities to create a configuration file.

  A new field called experimentalRouteToHeaders will contain a map of Map<IntegrationResolvedRoute, Headers> where the Headers type contains the headers emitted by the rendered static route.

  To enable support for this experimental Astro Adapter Feature, add it to your adapterFeatures in your adapter config:

  // my-adapter.mjs
  export default function createIntegration() {
    return {
      name: '@example/my-adapter',
      hooks: {
        'astro:config:done': ({ setAdapter }) => {
          setAdapter({
            name: '@example/my-adapter',
            serverEntrypoint: '@example/my-adapter/server.js',
            adapterFeatures: {
              experimentalStaticHeaders: true,
            },
          });
        },
      },
    };
  }

  See the Adapter API docs for more information about providing adapter features.

• #13697 af83b85 Thanks @​benosmac! - Fixes issues with fallback route pattern matching when i18n.routing.fallbackType is rewrite.

... (truncated)

Commits

• 0644b40 [ci] release (#13925)
• 337ace6 [ci] format
• 953a249 feat(csp): add static header adapter function (#13926)
• af83b85 fix: fallback and rewrite dynamic route pattern matching (#13697)
• 77ceb42 [ci] format
• a9ac5ed refactor(csp): change CSP behaviour (#13923)
• 1cd8c3b fix: isPrerendered now set correctly in static configured redirects. (#13924)
• 4d96bda [ci] release (#13915)
• d002995 [ci] format
• 423fe60 fix(csp): quotes and resources (#13919)
• Additional commits viewable in compare view

Updates vite-node from 2.1.3 to 3.2.3

Release notes

Sourced from vite-node's releases.

v3.2.3

   🚀 Features

• browser: Use base url instead of vitest  -  by @​sheremet-va in vitest-dev/vitest#8126 (1d8eb)
• ui: Show test annotations and metadata in the test report tab  -  by @​sheremet-va in vitest-dev/vitest#8093 (c69be)

   🐞 Bug Fixes

• Rerun tests when project's setup file is changed  -  by @​sheremet-va in vitest-dev/vitest#8097 (0f335)
• Revert expect.any return type  -  by @​sheremet-va in vitest-dev/vitest#8129 (47514)
• Run only the name plugin last, not all config plugins  -  by @​sheremet-va in vitest-dev/vitest#8130 (83862)
• pool:
  • Throw if user's tests use process.send()  -  by @​AriPerkkio in vitest-dev/vitest#8125 (dfe81)
• runner:
  • Fast sequential task updates missing  -  by @​AriPerkkio in vitest-dev/vitest#8121 (7bd11)
  • Comments between fixture destructures  -  by @​AriPerkkio in vitest-dev/vitest#8127 (dc469)
• vite-node:
  • Unable to handle errors where sourcemap mapping empty  -  by @​blake-newman and @​hi-ogawa in vitest-dev/vitest#8071 (8aa25)

    View changes on GitHub

v3.2.2

   🚀 Features

• Support rolldown-vite  -  by @​sheremet-va and @​hi-ogawa in vitest-dev/vitest#7509 (c8d62)

   🐞 Bug Fixes

• browser:
  • Calculate prepare time from createTesters call on the main thread  -  by @​sheremet-va in vitest-dev/vitest#8101 (142c7)
  • Optimize build output and always prebundle vitest  -  by @​sheremet-va (00a39)
  • Make custom locators available in vitest-browser-* packages  -  by @​sheremet-va in vitest-dev/vitest#8103 (247ef)
• expect:
  • Ensure we can always self toEqual  -  by @​dubzzz in vitest-dev/vitest#8094 (02ec8)
• reporter:
  • Allow dot reporter to work in non interactive terminals  -  by @​bstephen1 and @​AriPerkkio in vitest-dev/vitest#7994 (6db9f)

    View changes on GitHub

v3.2.1

   🐞 Bug Fixes

• Use sha1 instead of md5 for hashing  -  by @​sheremet-va (e4c73)
• expect:
  • Fix chai import in dts  -  by @​hi-ogawa in vitest-dev/vitest#8077 (a7593)
  • Export DeeplyAllowMatchers  -  by @​sheremet-va in vitest-dev/vitest#8078 (30ab4)

    View changes on GitHub

v3.2.0

... (truncated)

Commits

• b87ee3e chore: release v3.2.3
• 8aa2521 fix(vite-node): unable to handle errors where sourcemap mapping empty (#8071)
• 7ddcd33 chore: release v3.2.2
• f858f3b chore: release v3.2.1
• 59200ae chore: release v3.2.0
• e86282e chore(deps): update Vite to 6.3.5 (#8051)
• b03f209 feat: annotation API (#7953)
• 95961e4 feat: track module execution totalTime and selfTime (#8027)
• 910892e chore: simplify working with UI package in dev (#8044)
• ba87a62 chore: release v3.2.0-beta.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying datapackage with    Cloudflare Pages

Latest commit:	7d9c0e0
Status:	🚫  Build failed.

View logs

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.