chore(deps): bump the patch-updates group across 1 directory with 10 updates by dependabot[bot] · Pull Request #1 · ishxw/corvusx

dependabot · 2026-05-05T22:57:46Z

Bumps the patch-updates group with 10 updates in the / directory:

Package	From	To
@astrojs/check	`0.9.6`	`0.9.9`
@astrojs/rss	`4.0.14`	`4.0.18`
@astrojs/svelte	`7.2.3`	`7.2.5`
@fontsource/roboto	`5.2.9`	`5.2.10`
@iconify-json/material-symbols	`1.2.50`	`1.2.72`
katex	`0.16.27`	`0.16.46`
markdown-it	`14.1.0`	`14.1.1`
sanitize-html	`2.17.0`	`2.17.4`
@types/sanitize-html	`2.16.0`	`2.16.1`
@astrojs/ts-plugin	`1.10.6`	`1.10.8`

Updates @astrojs/check from 0.9.6 to 0.9.9

Release notes

Sourced from @astrojs/check's releases.

@astrojs/check@0.9.9

Patch Changes

#16471 f56bb3f Thanks @delucis! - Adds support for TypeScript v6 to peer dependencies range

Updated dependencies [8c62159]:

@astrojs/language-server@2.16.7

Changelog

Sourced from @astrojs/check's changelog.

0.9.9

Patch Changes

#16471 f56bb3f Thanks @delucis! - Adds support for TypeScript v6 to peer dependencies range

Updated dependencies [8c62159]:

@astrojs/language-server@2.16.7

0.9.8

Patch Changes

#15892 a2f597d Thanks @Princesseuh! - Fixes Astro not being able to find astro check sometimes

Updated dependencies [7b4b254]:

@astrojs/language-server@2.16.5

0.9.7

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

#15198 55107a1 Thanks @HiDeoo! - Updates to Astro 6 beta

Updated dependencies [bbb5811, df6d2d7]:

@astrojs/language-server@2.16.1

0.9.7-beta.1

Patch Changes

#15198 55107a1 Thanks @HiDeoo! - Updates to Astro 6 beta

0.9.6-beta.1

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

Updated dependencies [bbb5811]:

@astrojs/language-server@2.16.1-beta.1

0.9.6-alpha.0

Patch Changes

Updated dependencies [df6d2d7]:

@astrojs/language-server@2.16.1-alpha.0

Commits

c1f2e4f [ci] release (#16467)
f56bb3f Widen typescript peer dependency range to allow v6 (#16471)
184700c fix(deps): update language tools (#16230)
88fcc98 fix integrations links across docs (#16098)
b9e96da fix(deps): update dependency vitest to v4 (#15372)
09ecdd7 [ci] release (#15889)
a2f597d fix(check): Revert publint lint fix (#15892)
48e5c4d [ci] release (#15808)
1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
ddeb230 chore: address publint suggestions (#15653)
Additional commits viewable in compare view

Updates @astrojs/rss from 4.0.14 to 4.0.18

Release notes

Sourced from @astrojs/rss's releases.

@astrojs/rss@4.0.18

Patch Changes

#16037 fdd2c5a Thanks @blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

Changelog

Sourced from @astrojs/rss's changelog.

4.0.18

Patch Changes

#16037 fdd2c5a Thanks @blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

4.0.17

Patch Changes

#15830 8d3f3aa Thanks @Princesseuh! - Pin fast-xml-parser to 5.4.1 in order to fix an upstream bug

4.0.16

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

#14956 0ff51df Thanks @matthewp! - Updates usage of zod to own dependency rather than relying on astro/zod

#15561 413b0f7 Thanks @renovate! - Updates fast-xml-parser to v5.3.6

#15283 daf41c6 Thanks @eldair! - Updates validation to use Zod v4

#15373 14252b2 Thanks @renovate! - Updates zod to v4

4.0.15-beta.4

Patch Changes

#15561 413b0f7 Thanks @renovate! - Updates fast-xml-parser to v5.3.6

4.0.15-beta.3

Patch Changes

#15373 14252b2 Thanks @renovate! - Updates zod to v4

4.0.15-beta.2

Patch Changes

#15283 daf41c6 Thanks @eldair! - Updates validation to use Zod v4

4.0.15-beta.1

Patch Changes

#15187 bbb5811 Thanks @matthewp! - Update to Astro 6 beta

... (truncated)

Commits

4a6ff2a [ci] release (#16020)
fdd2c5a fix(rss): unpin fast-xml-parser to resolve entity expansion CVEs (#16037)
a2fff74 [ci] release (#15826)
8d3f3aa fix(rss): Pin fast-xml-parser until upstream fix (#15830)
48e5c4d [ci] release (#15808)
6453380 fix: manually updates packages who had main releases later than betas (#15816)
6414732 Spelling (#15601)
1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
10088fd fix(deps): update all non-major dependencies (#15707)
4d49632 [ci] release (beta) (#15590)
Additional commits viewable in compare view

Updates @astrojs/svelte from 7.2.3 to 7.2.5

Changelog

Sourced from @astrojs/svelte's changelog.

7.2.5

Patch Changes

#15070 fa9c464 Thanks @antonyfaris! - Improve Svelte children prop type checking

7.2.4

Patch Changes

#15004 16f3994 Thanks @antonyfaris! - Fixes an issue where Svelte components used in Astro files would incorrectly report type errors when using client:* directives.

Commits

e73deb8 [ci] release (#15031)
fa9c464 fix(svelte): improve Svelte children prop type checking (#15070)
1847601 fix(deps): update astro client runtimes (#15085)
0343993 [ci] release (#14997)
16f3994 fix(svelte): allow client directives (#15004)
See full diff in compare view

Updates @fontsource/roboto from 5.2.9 to 5.2.10

Commits

See full diff in compare view

Updates @iconify-json/material-symbols from 1.2.50 to 1.2.72

Commits

See full diff in compare view

Updates katex from 0.16.27 to 0.16.46

Release notes

Sourced from katex's releases.

v0.16.46

0.16.46 (2026-05-13)

Bug Fixes

preserve math font in some styling commands (#4214) (e9ee046), closes #4213

v0.16.45

0.16.45 (2026-04-05)

Bug Fixes

wrap vcenter mpadded in mrow for valid MathML (#4193) (ee66b78), closes #4078

v0.16.44

0.16.44 (2026-03-27)

Bug Fixes

remove extra \jot space at bottom of align/gather/etc. (#4184) (3870ee9)

v0.16.43

0.16.43 (2026-03-26)

Bug Fixes

use makeEm() consistently to truncate long CSS decimals (#4181) (0967dcc)

v0.16.42

0.16.42 (2026-03-24)

Features

\underbracket and \overbracket (#4147) (5be9abb)

v0.16.41

0.16.41 (2026-03-24)

Bug Fixes

\sout in text mode (#4173) (e748578)

v0.16.40

0.16.40 (2026-03-20)

... (truncated)

Changelog

Sourced from katex's changelog.

0.16.46 (2026-05-13)

Bug Fixes

preserve math font in some styling commands (#4214) (e9ee046), closes #4213

0.16.45 (2026-04-05)

Bug Fixes

wrap vcenter mpadded in mrow for valid MathML (#4193) (ee66b78), closes #4078

0.16.44 (2026-03-27)

Bug Fixes

remove extra \jot space at bottom of align/gather/etc. (#4184) (3870ee9)

0.16.43 (2026-03-26)

Bug Fixes

use makeEm() consistently to truncate long CSS decimals (#4181) (0967dcc)

0.16.42 (2026-03-24)

Features

\underbracket and \overbracket (#4147) (5be9abb)

0.16.41 (2026-03-24)

Bug Fixes

\sout in text mode (#4173) (e748578)

0.16.40 (2026-03-20)

Bug Fixes

css: specify position: relative for .katex (#4170) (020f0d8)

0.16.39 (2026-03-19)

... (truncated)

Commits

2c25b47 chore(release): 0.16.46 [ci skip]
e9ee046 fix: preserve math font in some styling commands (#4214)
88256c0 ci(screenshotter): require safe to test label for PRs (#4211)
a3fce45 ci(screenshotter): disable cache (#4209)
9de4b3d chore: update linters (#4205)
c224153 refactor: improve typing for fonts (#4200)
89a3d67 chore(deps): update dependency postcss to v8.5.10 [security] (#4202)
441e6ca chore: update stylelint and adjust styles for updated set of rules (#4201)
bdec9b0 docs: support for persian/arabic numerals (#4190)
efedddd refactor(types): resolve most as any casts and TODO(ts) comments (#4171)
Additional commits viewable in compare view

Updates markdown-it from 14.1.0 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @ltduc147 for report.

Commits

b4a9b65 14.1.1 released
4b4bbca Fixed perf regression in linkify-it wrapper
d2782d8 Add supplementary example-driven documentation (#1092)
See full diff in compare view

Updates sanitize-html from 2.17.0 to 2.17.4

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

2.17.3 (2026-04-15)

Security

Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

2.17.2 (2026-03-19)

Changes

Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &[#0000001](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/0000001)) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

2.17.1 (2026-02-18)

Fixes

Fix unclosed tags (e.g., <hello) returning empty string in escape and recursiveEscape modes. Fixes #706. Thanks to Byeong Hyeon for the fix.

Commits

See full diff in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

See full diff in compare view

Updates @astrojs/ts-plugin from 1.10.6 to 1.10.8

Release notes

Sourced from @astrojs/ts-plugin's releases.

@astrojs/ts-plugin@1.10.8

Patch Changes

#16716 04fdbb2 Thanks @delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Changelog

Sourced from @astrojs/ts-plugin's changelog.

1.10.8

Patch Changes

#16716 04fdbb2 Thanks @delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

1.10.7

Patch Changes

#15820 e20474b Thanks @Princesseuh! - Fixes broken publish

Updated dependencies [e20474b]:

@astrojs/yaml2ts@0.2.3

Commits

e345bcd [ci] release (#16653)
04fdbb2 Update pnpm to v11 (#16716)
5a8cd09 refactor: update tsconfig to use TypeScript project references (#16505)
0c0ae11 refactor(ts-plugin): migrate tests to typescript (#16417)
5557dca feat: erasableSyntaxOnly (#15719)
b9e96da fix(deps): update dependency vitest to v4 (#15372)
9a8eb99 [ci] release (#15822)
1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
ddeb230 chore: address publint suggestions (#15653)
da5f464 fix(deps): update language tools (#15536)
Additional commits viewable in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

See full diff in compare view

…updates Bumps the patch-updates group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@astrojs/check](https://github.com/withastro/astro/tree/HEAD/packages/language-tools/astro-check) | `0.9.6` | `0.9.9` | | [@astrojs/rss](https://github.com/withastro/astro/tree/HEAD/packages/astro-rss) | `4.0.14` | `4.0.18` | | [@astrojs/svelte](https://github.com/withastro/astro/tree/HEAD/packages/integrations/svelte) | `7.2.3` | `7.2.5` | | [@fontsource/roboto](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/roboto) | `5.2.9` | `5.2.10` | | [@iconify-json/material-symbols](https://github.com/iconify/icon-sets) | `1.2.50` | `1.2.72` | | [katex](https://github.com/KaTeX/KaTeX) | `0.16.27` | `0.16.46` | | [markdown-it](https://github.com/markdown-it/markdown-it) | `14.1.0` | `14.1.1` | | [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) | `2.17.0` | `2.17.4` | | [@types/sanitize-html](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sanitize-html) | `2.16.0` | `2.16.1` | | [@astrojs/ts-plugin](https://github.com/withastro/astro/tree/HEAD/packages/language-tools/ts-plugin) | `1.10.6` | `1.10.8` | Updates `@astrojs/check` from 0.9.6 to 0.9.9 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/language-tools/astro-check/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/check@0.9.9/packages/language-tools/astro-check) Updates `@astrojs/rss` from 4.0.14 to 4.0.18 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro-rss/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/rss@4.0.18/packages/astro-rss) Updates `@astrojs/svelte` from 7.2.3 to 7.2.5 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/svelte/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/svelte@7.2.5/packages/integrations/svelte) Updates `@fontsource/roboto` from 5.2.9 to 5.2.10 - [Changelog](https://github.com/fontsource/font-files/blob/main/CHANGELOG.md) - [Commits](https://github.com/fontsource/font-files/commits/HEAD/fonts/google/roboto) Updates `@iconify-json/material-symbols` from 1.2.50 to 1.2.72 - [Commits](https://github.com/iconify/icon-sets/commits) Updates `katex` from 0.16.27 to 0.16.46 - [Release notes](https://github.com/KaTeX/KaTeX/releases) - [Changelog](https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md) - [Commits](KaTeX/KaTeX@v0.16.27...v0.16.46) Updates `markdown-it` from 14.1.0 to 14.1.1 - [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md) - [Commits](markdown-it/markdown-it@14.1.0...14.1.1) Updates `sanitize-html` from 2.17.0 to 2.17.4 - [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md) - [Commits](https://github.com/apostrophecms/apostrophe/commits/HEAD/packages/sanitize-html) Updates `@types/sanitize-html` from 2.16.0 to 2.16.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sanitize-html) Updates `@astrojs/ts-plugin` from 1.10.6 to 1.10.8 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/language-tools/ts-plugin/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/@astrojs/ts-plugin@1.10.8/packages/language-tools/ts-plugin) Updates `@types/sanitize-html` from 2.16.0 to 2.16.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sanitize-html) --- updated-dependencies: - dependency-name: "@astrojs/check" dependency-version: 0.9.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@astrojs/rss" dependency-version: 4.0.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@astrojs/svelte" dependency-version: 7.2.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@astrojs/ts-plugin" dependency-version: 1.10.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@fontsource/roboto" dependency-version: 5.2.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@iconify-json/material-symbols" dependency-version: 1.2.69 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@types/sanitize-html" dependency-version: 2.16.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: "@types/sanitize-html" dependency-version: 2.16.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: katex dependency-version: 0.16.45 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: markdown-it dependency-version: 14.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: sanitize-html dependency-version: 2.17.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-22T19:42:07Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 5, 2026

dependabot Bot changed the title ~~Bump the patch-updates group with 10 updates~~ chore(deps): bump the patch-updates group across 1 directory with 10 updates May 6, 2026

dependabot Bot force-pushed the dependabot-npm_and_yarn-patch-updates-9804d4daf9 branch 4 times, most recently from dd77bdb to e708fa0 Compare May 8, 2026 19:22

dependabot Bot force-pushed the dependabot-npm_and_yarn-patch-updates-9804d4daf9 branch from e708fa0 to 7ac5505 Compare May 15, 2026 19:23

dependabot Bot closed this May 22, 2026

dependabot Bot deleted the dependabot-npm_and_yarn-patch-updates-9804d4daf9 branch May 22, 2026 19:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the patch-updates group across 1 directory with 10 updates#1

chore(deps): bump the patch-updates group across 1 directory with 10 updates#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot-npm_and_yarn-patch-updates-9804d4daf9

dependabot Bot commented on behalf of github May 5, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

@​astrojs/check@​0.9.9

Patch Changes

0.9.9

Patch Changes

0.9.8

Patch Changes

0.9.7

Patch Changes

0.9.7-beta.1

Patch Changes

0.9.6-beta.1

Patch Changes

0.9.6-alpha.0

Patch Changes

@​astrojs/rss@​4.0.18

Patch Changes

4.0.18

Patch Changes

4.0.17

Patch Changes

4.0.16

Patch Changes

4.0.15-beta.4

Patch Changes

4.0.15-beta.3

Patch Changes

4.0.15-beta.2

Patch Changes

4.0.15-beta.1

Patch Changes

7.2.5

Patch Changes

7.2.4

Patch Changes

v0.16.46

0.16.46 (2026-05-13)

Bug Fixes

v0.16.45

0.16.45 (2026-04-05)

Bug Fixes

v0.16.44

0.16.44 (2026-03-27)

Bug Fixes

v0.16.43

0.16.43 (2026-03-26)

Bug Fixes

v0.16.42

0.16.42 (2026-03-24)

Features

v0.16.41

0.16.41 (2026-03-24)

Bug Fixes

v0.16.40

0.16.40 (2026-03-20)

0.16.46 (2026-05-13)

Bug Fixes

0.16.45 (2026-04-05)

Bug Fixes

0.16.44 (2026-03-27)

Bug Fixes

0.16.43 (2026-03-26)

Bug Fixes

0.16.42 (2026-03-24)

Features

0.16.41 (2026-03-24)

Bug Fixes

0.16.40 (2026-03-20)

Bug Fixes

0.16.39 (2026-03-19)

[14.1.1] - 2026-01-11

Security

2.17.4

Changes

Security

2.17.3 (2026-04-15)

Security

2.17.2 (2026-03-19)

dependabot Bot commented on behalf of github May 5, 2026 •

edited

Loading

`@astrojs/check@0`.9.9

`@astrojs/rss@4`.0.18

`@astrojs/ts-plugin@1`.10.8