Upgrade: Bump the patch-updates group across 1 directory with 9 updates by dependabot[bot] · Pull Request #21 · Allen2030Coder/AllenBlog

dependabot · 2026-05-25T10:43:08Z

Bumps the patch-updates group with 9 updates in the / directory:

Package	From	To
@astrojs/check	`0.9.6`	`0.9.9`
@astrojs/rss	`4.0.15`	`4.0.18`
@astrojs/sitemap	`3.7.0`	`3.7.2`
@fontsource/roboto	`5.2.9`	`5.2.10`
@iconify-json/material-symbols	`1.2.53`	`1.2.74`
sanitize-html	`2.17.0`	`2.17.4`
@types/sanitize-html	`2.16.0`	`2.16.1`
postcss	`8.5.6`	`8.5.15`
@astrojs/ts-plugin	`1.10.6`	`1.10.9`

Updates @astrojs/check from 0.9.6 to 0.9.9

Release notes

Sourced from @astrojs/check's releases.

@astrojs/check@0.9.9

Patch Changes

#16471 f56bb3f Thanks @delucis! - Adds support for TypeScript v6 to peer dependencies range

Updated dependencies [8c62159]:

@astrojs/language-server@2.16.7

Changelog

Sourced from @astrojs/check's changelog.

0.9.9

Patch Changes

#16471 f56bb3f Thanks @delucis! - Adds support for TypeScript v6 to peer dependencies range

Updated dependencies [8c62159]:

@astrojs/language-server@2.16.7

0.9.8

Patch Changes

#15892 a2f597d Thanks @Princesseuh! - Fixes Astro not being able to find astro check sometimes

Updated dependencies [7b4b254]:

@astrojs/language-server@2.16.5

0.9.7

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

#15198 55107a1 Thanks @HiDeoo! - Updates to Astro 6 beta

Updated dependencies [bbb5811, df6d2d7]:

@astrojs/language-server@2.16.1

0.9.7-beta.1

Patch Changes

#15198 55107a1 Thanks @HiDeoo! - Updates to Astro 6 beta

0.9.6-beta.1

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

Updated dependencies [bbb5811]:

@astrojs/language-server@2.16.1-beta.1

0.9.6-alpha.0

Patch Changes

Updated dependencies [df6d2d7]:

@astrojs/language-server@2.16.1-alpha.0

Commits

c1f2e4f [ci] release (#16467)
f56bb3f Widen typescript peer dependency range to allow v6 (#16471)
184700c fix(deps): update language tools (#16230)
88fcc98 fix integrations links across docs (#16098)
b9e96da fix(deps): update dependency vitest to v4 (#15372)
09ecdd7 [ci] release (#15889)
a2f597d fix(check): Revert publint lint fix (#15892)
48e5c4d [ci] release (#15808)
1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
ddeb230 chore: address publint suggestions (#15653)
Additional commits viewable in compare view

Updates @astrojs/rss from 4.0.15 to 4.0.18

Release notes

Sourced from @astrojs/rss's releases.

@astrojs/yaml2ts@0.2.4

Patch Changes

#16661 03b8f7f Thanks @ocavue! - Updates typescript to v6. No changes are needed from users.

Changelog

Sourced from @astrojs/rss's changelog.

4.0.18

Patch Changes

#16037 fdd2c5a Thanks @blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

4.0.17

Patch Changes

#15830 8d3f3aa Thanks @Princesseuh! - Pin fast-xml-parser to 5.4.1 in order to fix an upstream bug

4.0.16

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

#14956 0ff51df Thanks @matthewp! - Updates usage of zod to own dependency rather than relying on astro/zod

#15561 413b0f7 Thanks @renovate! - Updates fast-xml-parser to v5.3.6

#15283 daf41c6 Thanks @eldair! - Updates validation to use Zod v4

#15373 14252b2 Thanks @renovate! - Updates zod to v4

4.0.15-beta.4

Patch Changes

#15561 413b0f7 Thanks @renovate! - Updates fast-xml-parser to v5.3.6

4.0.15-beta.3

Patch Changes

#15373 14252b2 Thanks @renovate! - Updates zod to v4

4.0.15-beta.2

Patch Changes

#15283 daf41c6 Thanks @eldair! - Updates validation to use Zod v4

4.0.15-beta.1

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

... (truncated)

Commits

4a6ff2a [ci] release (#16020)
fdd2c5a fix(rss): unpin fast-xml-parser to resolve entity expansion CVEs (#16037)
a2fff74 [ci] release (#15826)
8d3f3aa fix(rss): Pin fast-xml-parser until upstream fix (#15830)
48e5c4d [ci] release (#15808)
6453380 fix: manually updates packages who had main releases later than betas (#15816)
6414732 Spelling (#15601)
1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
10088fd fix(deps): update all non-major dependencies (#15707)
4d49632 [ci] release (beta) (#15590)
Additional commits viewable in compare view

Updates @astrojs/sitemap from 3.7.0 to 3.7.2

Release notes

Sourced from @astrojs/sitemap's releases.

@astrojs/yaml2ts@0.2.4

Patch Changes

#16661 03b8f7f Thanks @ocavue! - Updates typescript to v6. No changes are needed from users.

Changelog

Sourced from @astrojs/sitemap's changelog.

3.7.2

Patch Changes

#15455 babf57f Thanks @AhmadYasser1! - Fixes i18n fallback pages missing from the generated sitemap when using fallbackType: 'rewrite'.

3.7.1

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

#14956 0ff51df Thanks @matthewp! - Updates usage of zod to own dependency rather than relying on astro/zod

#15036 f125a73 Thanks @florian-lefebvre! - Updates how routes are retrieved to avoid relying on a deprecated API

#15373 14252b2 Thanks @renovate! - Updates zod to v4

3.6.1-beta.3

Patch Changes

#15373 14252b2 Thanks @renovate! - Updates zod to v4

3.6.1-beta.2

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

3.6.1-alpha.1

Patch Changes

#15036 f125a73 Thanks @florian-lefebvre! - Updates how routes are retrieved to avoid relying on a deprecated API

3.6.1-alpha.0

Patch Changes

#14956 0ff51df Thanks @matthewp! - Updates usage of zod to own dependency rather than relying on astro/zod

Commits

4a6ff2a [ci] release (#16020)
28079e9 [ci] format
babf57f feat(astro): Add fallbackRoutes to astro:routes:resolved's return type and ...
48e5c4d [ci] release (#15808)
6453380 fix: manually updates packages who had main releases later than betas (#15816)
6414732 Spelling (#15601)
1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
3758436 [ci] release (beta) (#15354)
14252b2 fix(deps): update dependency zod to v4 (#15373)
14b1d31 chore: do renovate blocked updates (#15307)
Additional commits viewable in compare view

Updates @fontsource/roboto from 5.2.9 to 5.2.10

Commits

See full diff in compare view

Updates @iconify-json/material-symbols from 1.2.53 to 1.2.74

Commits

See full diff in compare view

Updates sanitize-html from 2.17.0 to 2.17.4

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

2.17.3 (2026-04-15)

Security

Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

2.17.2 (2026-03-19)

Changes

Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &[#0000001](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/0000001)) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

2.17.1 (2026-02-18)

Fixes

Fix unclosed tags (e.g., <hello) returning empty string in escape and recursiveEscape modes. Fixes #706. Thanks to Byeong Hyeon for the fix.

Commits

See full diff in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

See full diff in compare view

Updates postcss from 8.5.6 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Changelog

Sourced from postcss's changelog.

8.5.15

Fixed declaration parsing performance (by @homanp).

8.5.14

Fixed custom syntax regression (by @43081j).

8.5.13

Fixed postcss-scss commend regression.

8.5.12

Fixed reading any file via user-generated CSS.

Added opts.unsafeMap to disable checks.

8.5.11

Fixed nested brackets parsing performance (by @offset).

8.5.10

Fixed XSS via unescaped </style> in non-bundler cases (by @TharVid).

8.5.9

Speed up source map encoding paring in case of the error.

8.5.8

Fixed Processor#version.

8.5.7

Improved source map annotation cleaning performance (by CodeAnt AI).

Commits

eae46db Release 8.5.15 version
79508ff Update CI actions
b128e21 Speed up declaration parsing by avoiding creating new array on each token
9825dca Fix code format
55789c8 Update dependencies
84fbbe9 Install older pnpm action for old Node.js
9f860bd Revert pnpm action for old Node.js
0877198 Update CI actions
b2d1a33 Fix linter warnings
0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
Additional commits viewable in compare view

Updates @astrojs/ts-plugin from 1.10.6 to 1.10.9

Release notes

Sourced from @astrojs/ts-plugin's releases.

@astrojs/ts-plugin@1.10.9

Patch Changes

#16661 03b8f7f Thanks @ocavue! - Updates typescript to v6. No changes are needed from users.

Updated dependencies [03b8f7f]:

@astrojs/yaml2ts@0.2.4

@astrojs/ts-plugin@1.10.8

Patch Changes

#16716 04fdbb2 Thanks @delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Changelog

Sourced from @astrojs/ts-plugin's changelog.

1.10.9

Patch Changes

#16661 03b8f7f Thanks @ocavue! - Updates typescript to v6. No changes are needed from users.

Updated dependencies [03b8f7f]:

@astrojs/yaml2ts@0.2.4

1.10.8

Patch Changes

#16716 04fdbb2 Thanks @delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

1.10.7

Patch Changes

#15820 e20474b Thanks @Princesseuh! - Fixes broken publish

Updated dependencies [e20474b]:

@astrojs/yaml2ts@0.2.3

Commits

45b7fa9 [ci] release (#16742)
03b8f7f chore: update typescript to v6 (#16661)
e345bcd [ci] release (#16653)
04fdbb2 Update pnpm to v11 (#16716)
5a8cd09 refactor: update tsconfig to use TypeScript project references (#16505)
0c0ae11 refactor(ts-plugin): migrate tests to typescript (#16417)
5557dca feat: erasableSyntaxOnly (#15719)
b9e96da fix(deps): update dependency vitest to v4 (#15372)
9a8eb99 [ci] release (#15822)
1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
Additional commits viewable in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the patch-updates group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@astrojs/check](https://github.com/withastro/astro/tree/HEAD/packages/language-tools/astro-check) | `0.9.6` | `0.9.9` | | [@astrojs/rss](https://github.com/withastro/astro/tree/HEAD/packages/astro-rss) | `4.0.15` | `4.0.18` | | [@astrojs/sitemap](https://github.com/withastro/astro/tree/HEAD/packages/integrations/sitemap) | `3.7.0` | `3.7.2` | | [@fontsource/roboto](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/roboto) | `5.2.9` | `5.2.10` | | [@iconify-json/material-symbols](https://github.com/iconify/icon-sets) | `1.2.53` | `1.2.74` | | [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `2.17.0` | `2.17.4` | | [@types/sanitize-html](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sanitize-html) | `2.16.0` | `2.16.1` | | [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.15` | | [@astrojs/ts-plugin](https://github.com/withastro/astro/tree/HEAD/packages/language-tools/ts-plugin) | `1.10.6` | `1.10.9` | Updates `@astrojs/check` from 0.9.6 to 0.9.9 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/language-tools/astro-check/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/check@0.9.9/packages/language-tools/astro-check) Updates `@astrojs/rss` from 4.0.15 to 4.0.18 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro-rss/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/rss@4.0.18/packages/astro-rss) Updates `@astrojs/sitemap` from 3.7.0 to 3.7.2 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/sitemap/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/sitemap@3.7.2/packages/integrations/sitemap) Updates `@fontsource/roboto` from 5.2.9 to 5.2.10 - [Changelog](https://github.com/fontsource/font-files/blob/main/CHANGELOG.md) - [Commits](https://github.com/fontsource/font-files/commits/HEAD/fonts/google/roboto) Updates `@iconify-json/material-symbols` from 1.2.53 to 1.2.74 - [Commits](https://github.com/iconify/icon-sets/commits) Updates `sanitize-html` from 2.17.0 to 2.17.4 - [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md) - [Commits](https://github.com/apostrophecms/apostrophe/commits/HEAD/packages/sanitize-html) Updates `@types/sanitize-html` from 2.16.0 to 2.16.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sanitize-html) Updates `postcss` from 8.5.6 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.15) Updates `@astrojs/ts-plugin` from 1.10.6 to 1.10.9 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/language-tools/ts-plugin/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/ts-plugin@1.10.9/packages/language-tools/ts-plugin) Updates `@types/sanitize-html` from 2.16.0 to 2.16.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sanitize-html) --- updated-dependencies: - dependency-name: "@astrojs/check" dependency-version: 0.9.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@astrojs/rss" dependency-version: 4.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@astrojs/sitemap" dependency-version: 3.7.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@fontsource/roboto" dependency-version: 5.2.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@iconify-json/material-symbols" dependency-version: 1.2.74 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: sanitize-html dependency-version: 2.17.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@types/sanitize-html" dependency-version: 2.16.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: postcss dependency-version: 8.5.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@astrojs/ts-plugin" dependency-version: 1.10.9 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@types/sanitize-html" dependency-version: 2.16.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade: Bump the patch-updates group across 1 directory with 9 updates#21

Upgrade: Bump the patch-updates group across 1 directory with 9 updates#21
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-npm_and_yarn-patch-updates-260e9816a6

dependabot Bot commented on behalf of github May 25, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 25, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

@​astrojs/check@​0.9.9

Patch Changes

0.9.9

Patch Changes

0.9.8

Patch Changes

0.9.7

Patch Changes

0.9.7-beta.1

Patch Changes

0.9.6-beta.1

Patch Changes

0.9.6-alpha.0

Patch Changes

@​astrojs/yaml2ts@​0.2.4

Patch Changes

4.0.18

Patch Changes

4.0.17

Patch Changes

4.0.16

Patch Changes

4.0.15-beta.4

Patch Changes

4.0.15-beta.3

Patch Changes

4.0.15-beta.2

Patch Changes

4.0.15-beta.1

Patch Changes

@​astrojs/yaml2ts@​0.2.4

Patch Changes

3.7.2

Patch Changes

3.7.1

Patch Changes

3.6.1-beta.3

Patch Changes

3.6.1-beta.2

Patch Changes

3.6.1-alpha.1

Patch Changes

3.6.1-alpha.0

Patch Changes

2.17.4

Changes

Security

2.17.3 (2026-04-15)

Security

2.17.2 (2026-03-19)

Changes

2.17.1 (2026-02-18)

Fixes

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

8.5.15

8.5.14

8.5.13

8.5.12

8.5.11

8.5.10

8.5.9

8.5.8

8.5.7

@​astrojs/ts-plugin@​1.10.9

Patch Changes

@​astrojs/ts-plugin@​1.10.8

Patch Changes

1.10.9

Patch Changes

dependabot Bot commented on behalf of github May 25, 2026 •

edited

Loading

`@astrojs/check@0`.9.9

`@astrojs/yaml2ts@0`.2.4

`@astrojs/yaml2ts@0`.2.4

`@astrojs/ts-plugin@1`.10.9

`@astrojs/ts-plugin@1`.10.8