Bump astro from 4.4.0 to 4.8.2

[dependabot]

Bumps astro from 4.4.0 to 4.8.2.

Release notes

Sourced from astro's releases.

astro@4.8.2

Patch Changes

• #10990 4161a2a Thanks @​liruifengv! - fix incorrect actions path on windows

• #10979 6fa89e8 Thanks @​BryceRussell! - Fix loading of non-index routes that end with index.html

astro@4.8.1

Patch Changes

• #10987 05db5f7 Thanks @​ematipico! - Fix a regression where the flag experimental.rewriting was marked mandatory. Is is now optional.

• #10975 6b640b3 Thanks @​bluwy! - Passes the scoped style attribute or class to the <picture> element in the <Picture /> component so scoped styling can be applied to the <picture> element

create-astro@4.8.0

Minor Changes

• #10689 683d51a5eecafbbfbfed3910a3f1fbf0b3531b99 Thanks @​ematipico! - Deprecate support for versions of Node.js older than v18.17.1 for Node.js 18, older than v20.0.3 for Node.js 20, and the complete Node.js v19 release line.

  This change is in line with Astro's Node.js support policy.

astro@4.8.0

Minor Changes

• #10935 ddd8e49 Thanks @​bluwy! - Exports astro/jsx/rehype.js with utilities to generate an Astro metadata object

• #10625 698c2d9 Thanks @​goulvenclech! - Adds the ability for multiple pages to use the same component as an entrypoint when building an Astro integration. This change is purely internal, and aligns the build process with the behaviour in the development server.

• #10906 7bbd664 Thanks @​Princesseuh! - Adds a new radio checkbox component to the dev toolbar UI library (astro-dev-toolbar-radio-checkbox)

• #10963 61f47a6 Thanks @​delucis! - Adds support for passing an inline Astro configuration object to getViteConfig()

  If you are using getViteConfig() to configure the Vitest test runner, you can now pass a second argument to control how Astro is configured. This makes it possible to configure unit tests with different Astro options when using Vitest’s workspaces feature.

  // vitest.config.ts
  import { getViteConfig } from 'astro/config';
  export default getViteConfig(
  /* Vite configuration /
  { test: {} },
  / Astro configuration */
  {
  site: 'https://example.com',
  trailingSlash: 'never',
  }
  );

• #10867 47877a7 Thanks @​ematipico! - Adds experimental rewriting in Astro with a new rewrite() function and the middleware next() function.

... (truncated)

Changelog

Sourced from astro's changelog.

4.8.2

Patch Changes

• #10990 4161a2a Thanks @​liruifengv! - fix incorrect actions path on windows

• #10979 6fa89e8 Thanks @​BryceRussell! - Fix loading of non-index routes that end with index.html

4.8.1

Patch Changes

• #10987 05db5f7 Thanks @​ematipico! - Fix a regression where the flag experimental.rewriting was marked mandatory. Is is now optional.

• #10975 6b640b3 Thanks @​bluwy! - Passes the scoped style attribute or class to the <picture> element in the <Picture /> component so scoped styling can be applied to the <picture> element

4.8.0

Minor Changes

• #10935 ddd8e49 Thanks @​bluwy! - Exports astro/jsx/rehype.js with utilities to generate an Astro metadata object

• #10625 698c2d9 Thanks @​goulvenclech! - Adds the ability for multiple pages to use the same component as an entrypoint when building an Astro integration. This change is purely internal, and aligns the build process with the behaviour in the development server.

• #10906 7bbd664 Thanks @​Princesseuh! - Adds a new radio checkbox component to the dev toolbar UI library (astro-dev-toolbar-radio-checkbox)

• #10963 61f47a6 Thanks @​delucis! - Adds support for passing an inline Astro configuration object to getViteConfig()

  If you are using getViteConfig() to configure the Vitest test runner, you can now pass a second argument to control how Astro is configured. This makes it possible to configure unit tests with different Astro options when using Vitest’s workspaces feature.

  // vitest.config.ts
  import { getViteConfig } from 'astro/config';
  export default getViteConfig(
  /* Vite configuration /
  { test: {} },
  / Astro configuration */
  {
  site: 'https://example.com',
  trailingSlash: 'never',
  }
  );

• #10867 47877a7 Thanks @​ematipico! - Adds experimental rewriting in Astro with a new rewrite() function and the middleware next() function.

  The feature is available via an experimental flag in astro.config.mjs:

... (truncated)

Commits

• 0b8b6f9 [ci] release (#10993)
• d8fe43f [ci] format
• 4161a2a fix: fix incorrect actions path on windows (#10990)
• 6fa89e8 Fix loading of non-index routes that end with index.html (#10979)
• 370b9f1 fix: exec command on Astro new version message (#10991)
• e2cdd3c [ci] release (#10985)
• 05db5f7 fix: incorrect type for experimental option (#10987)
• 3e16858 [ci] format
• 6b640b3 Support scope styles for picture element in Picture component (#10975)
• 25caca0 [ci] format
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/astro@4.8.2	Transitive: environment, eval, filesystem, network, shell, unsafe	+360	61.9 MB	fredkschott

🚮 Removed packages: npm/astro@4.4.0

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/sharp@0.33.3	Install script: install Source: node install/check	orphan: npm/sharp@0.33.3

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/sharp@0.33.3

[dependabot]

Superseded by #63.