Skip to content

Comments

Bump devalue, @astrojs/mdx and astro#13

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-8096e99fc7
Open

Bump devalue, @astrojs/mdx and astro#13
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-8096e99fc7

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 20, 2026

Bumps devalue to 5.6.3 and updates ancestor dependencies devalue, @astrojs/mdx and astro. These dependencies need to be updated together.

Updates devalue from 4.3.3 to 5.6.3

Release notes

Sourced from devalue's releases.

v5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

v5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

v5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

v5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

v5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

v5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

v5.4.1

Patch Changes

  • ca3c7b6: chore: Remove impossible void type from replacer's uneval

v5.4.0

Minor Changes

  • 9306d09: feat: pass uneval to replacer, for handling nested custom types

Patch Changes

  • b617c7c: perf: shrink uneval output with null-proto objects

v5.3.2

Patch Changes

... (truncated)

Changelog

Sourced from devalue's changelog.

5.6.3

Patch Changes

  • 0f04d4d: fix: Properly handle __proto__
  • 819f1ac: fix: better encoding for sparse arrays

5.6.2

Patch Changes

  • 1175584: fix: validate input for ArrayBuffer parsing
  • e46afa6: fix: validate input for typed arrays
  • 1175584: fix: more helpful errors for inputs causing stack overflows

5.6.1

Patch Changes

  • 2161d44: fix: add hasOwn check before calling reviver

5.6.0

Minor Changes

  • a3d09d4: feat: expose DevalueError for instanceof checks in catch clauses
  • a3d09d4: feat: add value and root properties in DevalueError instances

5.5.0

Minor Changes

  • 828fa1c: Enable support for custom reducer/reviver for "function" values

5.4.2

Patch Changes

  • 5c26c0d: fix: allow custom revivers to revive things serialized by builtin reducers

5.4.1

Patch Changes

  • ca3c7b6: chore: Remove impossible void type from replacer's uneval

5.4.0

Minor Changes

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for devalue since your current version.


Updates @astrojs/mdx from 1.1.5 to 4.3.13

Changelog

Sourced from @​astrojs/mdx's changelog.

4.3.13

Patch Changes

  • Updated dependencies [d8305f8]:
    • @​astrojs/markdown-remark@​6.3.10

4.3.12

Patch Changes

4.3.11

Patch Changes

  • Updated dependencies []:
    • @​astrojs/markdown-remark@​6.3.9

4.3.10

Patch Changes

  • #14715 3d55c5d Thanks @​ascorbic! - Adds support for client hydration in getContainerRenderer()

    The getContainerRenderer() function is exported by Astro framework integrations to simplify the process of rendering framework components when using the experimental Container API inside a Vite or Vitest environment. This update adds the client hydration entrypoint to the returned object, enabling client-side interactivity for components rendered using this function. Previously this required users to manually call container.addClientRenderer() with the appropriate client renderer entrypoint.

    See the container-with-vitest demo for a usage example, and the Container API documentation for more information on using framework components with the experimental Container API.

4.3.9

Patch Changes

4.3.8

Patch Changes

  • #14591 3e887ec Thanks @​matthewp! - Adds TypeScript support for the components prop on MDX Content component when using await render(). Developers now get proper IntelliSense and type checking when passing custom components to override default MDX element rendering.

  • #14598 7b45c65 Thanks @​delucis! - Reduces terminal text styling dependency size by switching from kleur to picocolors

4.3.7

Patch Changes

  • Updated dependencies []:
    • @​astrojs/markdown-remark@​6.3.8

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​astrojs/mdx since your current version.


Updates astro from 3.6.5 to 5.17.3

Release notes

Sourced from astro's releases.

astro@5.17.3

Patch Changes

  • #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

  • #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

astro@5.17.2

Patch Changes

  • c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies

astro@5.17.1

Patch Changes

  • #15334 d715f1f Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

    Removes the getFontBuffer() helper function exported from astro:assets when using the experimental Fonts API

    This experimental feature introduced in v15.6.13 ended up causing significant memory usage during build. This feature has been removed and will be reintroduced after further exploration and testing.

    If you were relying on this function, you can replicate the previous behavior manually:

    • On prerendered routes, read the file using node:fs
    • On server rendered routes, fetch files using URLs from fontData and context.url

astro@5.17.0

Minor Changes

  • #14932 b19d816 Thanks @​patrickarlt! - Adds support for returning a Promise from the parser() option of the file() loader

    This enables you to run asynchronous code such as fetching remote data or using async parsers when loading files with the Content Layer API.

    For example:

    import { defineCollection } from 'astro:content';
import { file } from 'astro/loaders';
const blog = defineCollection({
loader: file('src/data/blog.json', {
parser: async (text) => {
const data = JSON.parse(text);
  // Perform async operations like fetching additional data
  const enrichedData = await fetch(`https://api.example.com/enrich`, {
    method: 'POST',
    body: JSON.stringify(data),
  }).then((res) => res.json());

... (truncated)

Changelog

Sourced from astro's changelog.

5.17.3

Patch Changes

  • #15564 522f880 Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

  • #15569 e01e98b Thanks @​matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

5.17.2

Patch Changes

  • c13b536 Thanks @​matthewp! - Improves Host header handling for SSR deployments behind proxies

5.17.1

Patch Changes

  • #15334 d715f1f Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

    Removes the getFontBuffer() helper function exported from astro:assets when using the experimental Fonts API

    This experimental feature introduced in v15.6.13 ended up causing significant memory usage during build. This feature has been removed and will be reintroduced after further exploration and testing.

    If you were relying on this function, you can replicate the previous behavior manually:

    • On prerendered routes, read the file using node:fs
    • On server rendered routes, fetch files using URLs from fontData and context.url

5.17.0

Minor Changes

  • #14932 b19d816 Thanks @​patrickarlt! - Adds support for returning a Promise from the parser() option of the file() loader

    This enables you to run asynchronous code such as fetching remote data or using async parsers when loading files with the Content Layer API.

    For example:

    import { defineCollection } from 'astro:content';
import { file } from 'astro/loaders';
const blog = defineCollection({
loader: file('src/data/blog.json', {
parser: async (text) => {
const data = JSON.parse(text);
  // Perform async operations like fetching additional data
  const enrichedData = await fetch(`https://api.example.com/enrich`, {
    method: 'POST',

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for astro since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump devalue, @astrojs/mdx and astro
ff05379 
Bumps [devalue](https://github.com/sveltejs/devalue) to 5.6.3 and updates ancestor dependencies [devalue](https://github.com/sveltejs/devalue), [@astrojs/mdx](https://github.com/withastro/astro/tree/HEAD/packages/integrations/mdx) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). These dependencies need to be updated together.


Updates `devalue` from 4.3.3 to 5.6.3
- [Release notes](https://github.com/sveltejs/devalue/releases)
- [Changelog](https://github.com/sveltejs/devalue/blob/main/CHANGELOG.md)
- [Commits](sveltejs/devalue@v4.3.3...v5.6.3)

Updates `@astrojs/mdx` from 1.1.5 to 4.3.13
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/mdx/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/mdx@4.3.13/packages/integrations/mdx)

Updates `astro` from 3.6.5 to 5.17.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/astro@5.17.3/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@5.17.3/packages/astro)

---
updated-dependencies:
- dependency-name: devalue
  dependency-version: 5.6.3
  dependency-type: indirect
- dependency-name: "@astrojs/mdx"
  dependency-version: 4.3.13
  dependency-type: direct:production
- dependency-name: astro
  dependency-version: 5.17.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants