chore(deps): bump the github-actions group with 2 updates

[dependabot]

Bumps the github-actions group with 2 updates: astro and vercel.

Updates astro from 6.1.10 to 6.2.1

Release notes

Sourced from astro's releases.

astro@6.2.1

Patch Changes

• #16531 76db01d Thanks @​rodrigosdev! - Fixes config validation for omitted integrations fields with newer Zod versions.

• #16535 7df0fe4 Thanks @​rururux! - Fixed an issue where a warning was displayed when the server property was missing during config validation, even though it is not required.

• #16534 5cf6c51 Thanks @​matthewp! - Fixes compatibility with Zod 4.4.0 for the server config property and error formatting

astro@6.2.0

Minor Changes

• #16187 fe58071 Thanks @​gllmt! - Adds a waitUntil option to the RenderOptions so that adapters can forward runtime background-task hooks to Astro.

  When provided by an adapter, runtime cache providers receive context.waitUntil in CacheProvider.onRequest(), which allows background cache work such as stale-while-revalidate without blocking the response. The Cloudflare adapter now forwards ExecutionContext.waitUntil to this API.

• #16290 a49637a Thanks @​ViVaLaDaniel! - Ensures that server.allowedHosts (and vite.preview.allowedHosts) configuration is respected when using astro preview with the @astrojs/cloudflare adapter. This improves security by preventing DNS rebinding attacks when previewing Cloudflare builds locally.

• #15725 4108ec1 Thanks @​meyer! - Adds support for a new 'jsx' value for the compressHTML option. When set, whitespace is stripped using JSX whitespace rules instead of the default HTML compression strategy.

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  export default defineConfig({
  compressHTML: 'jsx',
  });

  In JSX, whitespaces never matter, as such, no amount of indentation, or newlines will not affect the rendered output. For instance, the following code:

  <div>
    <span>foo</span>
    <span>bar</span>
  </div>

  will be rendered as foobar, whereas with HTML whitespace rules, a space would be present between the words due to the newline and indentation between the tags.

• #16477 28fb3e1 Thanks @​ematipico! - Adds experimental support for configurable log handlers.

  This experimental feature provides better control over Astro's logging infrastructure by allowing users to replace the default console output with custom logging implementations (e.g., structured JSON). This is particularly useful for users using on-demand rendering and wishing to connect their log aggregation services, such as Kibana, Logstash, CloudWatch, Grafana, or Loki.

  By default, Astro provides three built-in log handlers (json, node, and console), but you can also create your own.

  JSON logging

... (truncated)

Changelog

Sourced from astro's changelog.

6.2.1

Patch Changes

• #16531 76db01d Thanks @​rodrigosdev! - Fixes config validation for omitted integrations fields with newer Zod versions.

• #16535 7df0fe4 Thanks @​rururux! - Fixed an issue where a warning was displayed when the server property was missing during config validation, even though it is not required.

• #16534 5cf6c51 Thanks @​matthewp! - Fixes compatibility with Zod 4.4.0 for the server config property and error formatting

6.2.0

Minor Changes

• #16187 fe58071 Thanks @​gllmt! - Adds a waitUntil option to the RenderOptions so that adapters can forward runtime background-task hooks to Astro.

  When provided by an adapter, runtime cache providers receive context.waitUntil in CacheProvider.onRequest(), which allows background cache work such as stale-while-revalidate without blocking the response. The Cloudflare adapter now forwards ExecutionContext.waitUntil to this API.

• #16290 a49637a Thanks @​ViVaLaDaniel! - Ensures that server.allowedHosts (and vite.preview.allowedHosts) configuration is respected when using astro preview with the @astrojs/cloudflare adapter. This improves security by preventing DNS rebinding attacks when previewing Cloudflare builds locally.

• #15725 4108ec1 Thanks @​meyer! - Adds support for a new 'jsx' value for the compressHTML option. When set, whitespace is stripped using JSX whitespace rules instead of the default HTML compression strategy.

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  export default defineConfig({
  compressHTML: 'jsx',
  });

  In JSX, whitespaces never matter, as such, no amount of indentation, or newlines will not affect the rendered output. For instance, the following code:

  <div>
    <span>foo</span>
    <span>bar</span>
  </div>

  will be rendered as foobar, whereas with HTML whitespace rules, a space would be present between the words due to the newline and indentation between the tags.

• #16477 28fb3e1 Thanks @​ematipico! - Adds experimental support for configurable log handlers.

  This experimental feature provides better control over Astro's logging infrastructure by allowing users to replace the default console output with custom logging implementations (e.g., structured JSON). This is particularly useful for users using on-demand rendering and wishing to connect their log aggregation services, such as Kibana, Logstash, CloudWatch, Grafana, or Loki.

  By default, Astro provides three built-in log handlers (json, node, and console), but you can also create your own.

... (truncated)

Commits

• cc02799 [ci] release (#16533)
• 5cf6c51 fix: Zod 4.4.0 compat for server config and error map (#16534)
• 7df0fe4 fix(astro): make server property correctly optional in config validation (#...
• 76db01d fix(config): update validation for omitted integrations fields with newer Z...
• 3af3543 [ci] release (#16512)
• b7916ef docs: improve readability of remotePattern section (#16508)
• 449b51d fix(test): type html minification properties (#16514)
• f832c3b fix: cloudflare allowed hosts test (#16513)
• b9a5b58 [ci] format
• 0f7c3c8 feat: svg optimizer (#16333)
• Additional commits viewable in compare view

Updates vercel from 52.2.1 to 53.0.1

Release notes

Sourced from vercel's releases.

vercel@53.0.1

Patch Changes

• Updated dependencies [f7b5377]
  • @​vercel/node@​5.7.15
  • @​vercel/elysia@​0.1.73
  • @​vercel/express@​0.1.83
  • @​vercel/fastify@​0.1.76
  • @​vercel/h3@​0.1.82
  • @​vercel/hono@​0.2.76
  • @​vercel/koa@​0.1.56
  • @​vercel/nestjs@​0.2.77

Changelog

Sourced from vercel's changelog.

53.0.1

Patch Changes

• Updated dependencies [f7b5377]
  • @​vercel/node@​5.7.15
  • @​vercel/elysia@​0.1.73
  • @​vercel/express@​0.1.83
  • @​vercel/fastify@​0.1.76
  • @​vercel/h3@​0.1.82
  • @​vercel/hono@​0.2.76
  • @​vercel/koa@​0.1.56
  • @​vercel/nestjs@​0.2.77

53.0.0

Major Changes

• 56880dd: vercel edge-config tokens <id-or-slug> --format json no longer includes plaintext token values. Each row now contains id, label, partialToken, and createdAt.

  If your scripts read the token field to identify or remove a token, switch to id instead. For example, vercel edge-config tokens <id-or-slug> --remove <id> --yes.

  Plaintext tokens are still printed once at creation via --add <label>.

Minor Changes

• 4ae5eca: Adds vercel connex open <clientIdOrUid> — opens a Connex client's detail page in the Vercel dashboard. Gated behind FF_CONNEX_ENABLED.

  • Accepts either an scl_ client ID or a UID (e.g. slack/my-bot); resolves UIDs to the canonical scl_ ID via GET /v1/connex/clients/:id before building the dashboard URL (the dashboard route is a single [clientId] segment).
  • Honors --format=json (emits { "url": "..." }) and stdout.isTTY (non-TTY writes the URL to stdout so it can be piped).
  • Mirrors vercel integration open: presence-checks the client first so a bad id/uid fails fast with a CLI error instead of a 404 in the browser.

• d071a00: Add vercel connex remove command to delete a Connex client by id or uid. Refuses when projects are connected unless --disconnect-all is passed (mirrors vercel integration-resource remove); supports --yes and --format=json.

• f0c17c0: Add masked token value column to vercel edge-config tokens table output.

• bc302e4: vercel flags sdk-keys ls now surfaces the server-masked partialKeyValue preview (e.g. vf_server_abc********) in a new column of the default table output, between Label and Created. The --json output also includes partialKeyValue on each row.

• c56f851: Upgrade to TypeScript 5.9

Patch Changes

• 93a0a1a: Persist the team selection in vercel connex commands so users are not re-prompted on every invocation. Personal-scope selections are rejected since connex clients are team-owned.
• 9cd5297: Scope vercel edge-config subcommands to the locally linked project's team by default, matching vercel env, vercel crons, etc. Falls back to the globally configured team when no project is linked.
• 46a2646: Limit vc link --scope project lookup to the requested scope.
• dc02702: Track resolved deploy target environment in CLI telemetry.
• Updated dependencies [25e84c6]
• Updated dependencies [c56f851]
  • @​vercel/python@​6.37.0
  • @​vercel/build-utils@​13.21.0
  • @​vercel/backends@​0.3.0
  • @​vercel/remix-builder@​5.8.0
  • @​vercel/next@​4.17.0

... (truncated)

Commits

• 72b8be1 Version Packages (#16178)
• 58ce911 Version Packages (#16161)
• d071a00 feat(cli): vercel connex remove command (#16094)
• dc02702 [CLI] Adding target environment for Vercel CLI Telemetry (#16133)
• 4ae5eca feat(cli): add vercel connex open command (#16087)
• 93a0a1a [CLI] Persist team selection in connex commands (#16035)
• c56f851 Upgrade repo-wide TypeScript to 5.9 (#16169)
• 9cd5297 Use linked project for edge-config command in cli (#16162)
• 56880dd feat(cli)!: drop plaintext token from edge-config tokens JSON list output...
• f0c17c0 feat(cli): add masked token value column to edge-config tokens table (#16064)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
openresource-dev	Ready	Preview, Comment	May 1, 2026 8:18am