chore(deps-dev): bump the dev-deps group with 9 updates

[dependabot]

Bumps the dev-deps group with 9 updates:

Package	From	To
@astrojs/netlify	7.0.6	7.0.7
@axe-core/playwright	4.11.1	4.11.2
@typescript-eslint/parser	8.58.1	8.58.2
astro	6.1.5	6.1.8
eslint	10.2.0	10.2.1
happy-dom	20.8.9	20.9.0
prettier	3.8.2	3.8.3
typescript	6.0.2	6.0.3
typescript-eslint	8.58.1	8.58.2

Updates @astrojs/netlify from 7.0.6 to 7.0.7

Release notes

Sourced from @​astrojs/netlify's releases.

@​astrojs/netlify@​7.0.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.3

Changelog

Sourced from @​astrojs/netlify's changelog.

7.0.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.3

Commits

• eca29c1 [ci] release (#16314)
• 8abc6ec [ci] format
• c62516b fix: netrify image validation (#16027)
• See full diff in compare view

Updates @axe-core/playwright from 4.11.1 to 4.11.2

Release notes

Sourced from @​axe-core/playwright's releases.

Release 4.11.2

Bug Fixes

• Update axe-core to v4.11.3 (#1306) (71c4179)
• wdio: support v9 wdio switchFrame and switchWindow (#1302) (4689273), closes #1164

Changelog

Sourced from @​axe-core/playwright's changelog.

4.11.2 (2026-04-14)

Bug Fixes

• Update axe-core to v4.11.3 (#1306) (71c4179)
• wdio: support v9 wdio switchFrame and switchWindow (#1302) (4689273), closes #1164

Commits

• 310de0a chore: Release 4.11.2 (#1323)
• 39d9967 chore: RC v4.11.2 (#1317)
• 7eb0bf2 chore: RC v4.11.2
• 71c4179 fix: Update axe-core to v4.11.3 (#1306)
• 4689273 fix(wdio): support v9 wdio switchFrame and switchWindow (#1302)
• 6d6dd29 chore: update dependabot config to ignore @​types/node major versions (#1295)
• 49dd6ce chore: bump the npm-low-risk group across 1 directory with 21 updates (#1296)
• 6d41ff4 refactor: move tyepscript, @​types/node, and ts-node to root (#1299)
• 22ddeaf refactor: have all packages extend tsconfig from root (#1297)
• e1dd13a chore: bump basic-ftp from 5.0.4 to 5.2.0 (#1282)
• Additional commits viewable in compare view

Updates @typescript-eslint/parser from 8.58.1 to 8.58.2

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.58.2

8.58.2 (2026-04-13)

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#12187)
• eslint-plugin: [no-unnecessary-condition] use assignability checks in checkTypePredicates (#12147)

❤️ Thank You

• Abhijeet Singh @​cseas
• 송재욱

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.58.2 (2026-04-13)

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#12187)

❤️ Thank You

• Abhijeet Singh @​cseas

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 90c2803 chore(release): publish 8.58.2
• be6b49a fix: remove tsbuildinfo cache file from published packages (#12187)
• See full diff in compare view

Updates astro from 6.1.5 to 6.1.8

Release notes

Sourced from astro's releases.

astro@6.1.8

Patch Changes

• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

astro@6.1.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

astro@6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

Changelog

Sourced from astro's changelog.

6.1.8

Patch Changes

• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify.

• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project.

• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable.

• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server.

• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation.

• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server.

• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports

• Updated dependencies [e0b240e]:

  • @​astrojs/telemetry@​3.3.1

6.1.7

Patch Changes

• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component path.

6.1.6

Patch Changes

• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

Commits

• 63c5c85 [ci] release (#16356)
• 71c93ca [ci] format
• 5a84551 Improves Vue scoped style handling in DEV mode during client router navigatio...
• ba2dbf1 refactor(astro): correct Fixture type signatures in test-utils (#16380)
• 217c5b3 perf(core): cache crawl result (#16381)
• 6e5bc17 chore: absorb tests into others (#16365)
• dc8a01d chore: reduce fixtures by merging them (#16364)
• bb0ff91 refactor(astro): migrate error tests to typescript (#16377)
• a6866a7 fix(core): clean chunk name (#16367)
• 811015d chore: remove lone fixtures (#16363)
• Additional commits viewable in compare view

Updates eslint from 10.2.0 to 10.2.1

Release notes

Sourced from eslint's releases.

v10.2.1

Bug Fixes

• 14be92b fix: model generator yield resumption paths in code path analysis (#20665) (sethamus)
• 84a19d2 fix: no-async-promise-executor false positives for shadowed Promise (#20740) (xbinaryx)
• af764af fix: clarify language and processor validation errors (#20729) (Pixel998)
• e251b89 fix: update eslint (#20715) (renovate[bot])

Documentation

• ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768) (Amaresh S M)
• 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767) (Amaresh S M)
• c1621b9 docs: fix typos in code-path-analyzer.js (#20700) (Ayush Shukla)
• 1418d52 docs: Update README (GitHub Actions Bot)
• 39771e6 docs: Update README (GitHub Actions Bot)
• 71e0469 docs: fix incomplete JSDoc param description in no-shadow rule (#20728) (kuldeep kumar)
• 22119ce docs: clarify scope of for-direction rule with dead code examples (#20723) (Amaresh S M)
• 8f3fb77 docs: document meta.docs.dialects (#20718) (Pixel998)

Chores

• 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770) (renovate[bot])
• fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763) (dependabot[bot])
• 7246f92 test: add tests for SuppressionsService.load() error handling (#20734) (kuldeep kumar)
• 4f34b1e chore: update pnpm/action-setup action to v5 (#20762) (renovate[bot])
• 51080eb test: processor service (#20731) (kuldeep kumar)
• e7e1889 chore: remove stale babel-eslint10 fixture and test (#20727) (kuldeep kumar)
• 4e1a87c test: remove redundant async/await in flat config array tests (#20722) (Pixel998)
• 066eabb test: add rule metadata coverage for languages and docs.dialects (#20717) (Pixel998)

Commits

• 4d1d8f9 10.2.1
• 3e33105 Build: changelog update for 10.2.1
• ca92ca0 docs: reuse markdown-it instance for markdown filter (#20768)
• 7ddfea9 chore: update dependency prettier to v3.8.2 (#20770)
• 57d2ee2 docs: Enable Eleventy incremental mode for watch (#20767)
• c1621b9 docs: fix typos in code-path-analyzer.js (#20700)
• fac40e1 ci: bump pnpm/action-setup from 5.0.0 to 6.0.0 (#20763)
• 7246f92 test: add tests for SuppressionsService.load() error handling (#20734)
• 4f34b1e chore: update pnpm/action-setup action to v5 (#20762)
• 1418d52 docs: Update README
• Additional commits viewable in compare view

Updates happy-dom from 20.8.9 to 20.9.0

Release notes

Sourced from happy-dom's releases.

v20.9.0

🎨 Features

• Adds support for event listener properties on Window (e.g. Window.onkeydown) - By @​capricorn86 in task #2131

Commits

• 4090ade fix: #0 Fix github release workflow (#2140)
• c7c2bb5 fix: #0 Fix github release workflow (#2139)
• d541143 fix: #0 Fix github release workflow (#2138)
• a78d89e feat: #2131 Adds support for event listener properties on Window (#2132)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for happy-dom since your current version.

Updates prettier from 3.8.2 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• See full diff in compare view

Updates typescript from 6.0.2 to 6.0.3

Release notes

Sourced from typescript's releases.

TypeScript 6.0.3

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).
• fixed issues query for TypeScript 6.0.3 (Stable).

Downloads are available on:

• npm

Commits

• 050880c Bump version to 6.0.3 and LKG
• eeae9dd 🤖 Pick PR #63401 (Also check package name validity in...) into release-6.0 (#...
• ad1c695 🤖 Pick PR #63368 (Harden ATA package name filtering) into release-6.0 (#63372)
• 0725fb4 🤖 Pick PR #63310 (Mark class property initializers as...) into release-6.0 (#...
• See full diff in compare view

Updates typescript-eslint from 8.58.1 to 8.58.2

Release notes

Sourced from typescript-eslint's releases.

v8.58.2

8.58.2 (2026-04-13)

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#12187)
• eslint-plugin: [no-unnecessary-condition] use assignability checks in checkTypePredicates (#12147)

❤️ Thank You

• Abhijeet Singh @​cseas
• 송재욱

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.58.2 (2026-04-13)

🩹 Fixes

• remove tsbuildinfo cache file from published packages (#12187)

❤️ Thank You

• Abhijeet Singh @​cseas

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• 90c2803 chore(release): publish 8.58.2
• b3315fd chore: convert import eslint to import js - followup (#12100)
• be6b49a fix: remove tsbuildinfo cache file from published packages (#12187)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for mvlanga-v2 ready!

Name	Link
🔨 Latest commit	286582a
🔍 Latest deploy log	https://app.netlify.com/projects/mvlanga-v2/deploys/69e49188cda168000889d6c6
😎 Deploy Preview	https://deploy-preview-196--mvlanga-v2.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 99 Accessibility: 100 Best Practices: 83 SEO: 100 PWA: 80 View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[fossabot]

[fossabot]

✓ Safe to upgrade

I recommend merging this upgrade because all nine upgraded packages are devDependencies with zero production runtime impact, and the changes are well-aligned with how this codebase uses them. The large volume of breaking changes attributed to eslint are cumulative historical changes (many from the v8→v9 flat config migration); this project already uses the modern flat config format (eslint.config.mjs with defineConfig and globalIgnores from eslint/config), making those breaking changes irrelevant. No deprecated APIs such as SourceCode.getComments() or legacy context methods are used anywhere in the codebase, and the project defines no custom ESLint rules, so plugin-author-oriented breaking changes do not apply. All security advisories listed for eslint represent vulnerabilities fixed by this upgrade (patching minimatch, ajv, and js-yaml), which is a strong positive signal. The @​axe-core/playwright internal bump from axe-core ~4.11.1 to ~4.11.3 brings only bug fixes and is consumed exclusively through the stable new AxeBuilder({ page }).analyze() pattern. All remaining packages (prettier, typescript, @​typescript-eslint/parser, typescript-eslint, astro, @​astrojs/netlify, happy-dom) are patch or minor releases with only internal optimizations, cache file cleanup, and backwards-compatible improvements.

What we checked

• Project already uses the modern ESLint flat config API (defineConfig, globalIgnores imported from eslint/config), meaning all breaking changes related to dropping legacy eslintrc support and package.json config are not applicable. ^[1]
• ESLint config imports from @​eslint/js, eslint-config-prettier/flat, eslint-plugin-astro, eslint-plugin-vue, and typescript-eslint — all modern flat-config-compatible packages. No legacy plugin patterns that would be broken. ^[2]
• eslint is declared as ^10.2.1 in devDependencies, confirming it is a tooling-only dependency with no production runtime exposure. ^[3]
• @​axe-core/playwright is declared as ^4.11.2 in devDependencies — used exclusively in the test suite, no production impact. ^[4]
• The only usage of @​axe-core/playwright is the stable new AxeBuilder({ page }).analyze() constructor pattern, which is unaffected by the internal axe-core ~4.11.1 → ~4.11.3 bump. ^[5]
• AxeBuilder is imported as the default export from @​axe-core/playwright — exactly the API the package exposes; no deprecated or removed imports detected. ^[6]
• typescript is declared as ^6.0.3 in devDependencies. The patch release (6.0.2 → 6.0.3) contains only bug fixes with no API surface changes affecting this project. ^[7]
• @​typescript-eslint/parser is declared as ^8.58.2 in devDependencies. The change is purely a packaging fix (removing tsbuildinfo cache files from the published tarball) with no behavioral impact. ^[8]
• typescript-eslint is declared as ^8.58.2 in devDependencies. Changes include the same tsbuildinfo packaging fix and a correctness improvement to the [no-unnecessary-condition] rule — no breaking changes. ^[9]
• prettier is declared as ^3.8.3 in devDependencies. The patch release is an internal PostCSS and standalone optimization with no configuration API changes — the existing prettier.config.mjs requires no modifications. ^[10]
• @​astrojs/netlify is declared as ^7.0.7 in devDependencies. The only detected change is an internal astro dev-dependency bump, with no public API impact. ^[11]
• happy-dom is declared as ^20.9.0 in devDependencies for unit testing. Internal event listener refactoring uses getter/setter pairs backed by a Map but maintains full backward compatibility. ^[12]
• astro is declared as 6.1.8 in devDependencies. Internal changes are limited to a telemetry version bump and TypeScript build script improvements (tsc --build instead of tsc --project), no runtime impact. ^[13]
• Accessibility tests tagged @​a11n run only on chromium, matching @​axe-core/playwright's primary supported browser environment — upgrade has no cross-browser risk. ^[14]

Dependency Usage

This is a personal or professional portfolio/blog site built on astro as the core framework, powering content collections with Zod schema validation, server-side actions for page view tracking, dynamic Open Graph image generation, and an RSS feed — all deployed to Netlify via @​astrojs/netlify as a serverless adapter. Tooling dependencies (eslint, typescript-eslint, prettier, typescript) operate exclusively at development time through configuration files rather than application code, while @​axe-core/playwright enforces automated accessibility compliance in the test suite via a shared AxeBuilder utility consumed across Playwright test cases. The architecture follows a content-driven, server-rendered pattern with a clear separation between Astro's framework core, deployment infrastructure, and quality-assurance tooling.

• Project already uses the modern ESLint flat config API (defineConfig, globalIgnores imported from eslint/config), meaning all breaking changes related to dropping legacy eslintrc support and package.json config are not applicable.
  eslint.config.mjs:5
• ESLint config imports from @​eslint/js, eslint-config-prettier/flat, eslint-plugin-astro, eslint-plugin-vue, and typescript-eslint — all modern flat-config-compatible packages. No legacy plugin patterns that would be broken.
  eslint.config.mjs:1

View 3 more usages

• The only usage of @​axe-core/playwright is the stable new AxeBuilder({ page }).analyze() constructor pattern, which is unaffected by the internal axe-core ~4.11.1 → ~4.11.3 bump.
  tests/utils.ts:11
• AxeBuilder is imported as the default export from @​axe-core/playwright — exactly the API the package exposes; no deprecated or removed imports detected.
  tests/utils.ts:1
• Accessibility tests tagged @​a11n run only on chromium, matching @​axe-core/playwright's primary supported browser environment — upgrade has no cross-browser risk.
  playwright.config.ts:21

Less Important Usages (9)

These usages were analyzed but no breaking changes were detected:

@​astrojs/netlify

• astro.config.ts:3

astro

• astro.config.ts:7
• src/content.config.ts:1
• src/content.config.ts:2
• src/actions/pageViews.ts:1
• src/pages/blog/rss.xml.ts:3
• ...and 1 more

prettier

• prettier.config.mjs:1

typescript-eslint

• eslint.config.mjs:7

Changes

eslint was updated with 14 security fixes, patching vulnerabilities in its bundled dependencies minimatch, ajv, js-yaml, lodash, and @​eslint/plugin-kit. This update spans multiple major versions of eslint and includes 197 breaking changes affecting rule configurations, removed legacy APIs (CLIEngine, SourceCode#getComments(), context._linter), dropped package.json config support, removed the codeframe and table formatters, and updated eslint:recommended rule sets — review the migration guides before upgrading.

• 2b44966 docs: add Major Releases section to Manage Releases (#20269) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 53e9522 fix: strict removed formatters check (#20241) (ntnyq) (v10.2.0-10.2.1, changelog)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer) (v10.2.0-10.2.1, changelog)

View 7410 more changes

• Updated dev dependency: astro from 6.1.3 to 6.1.7 (v7.0.7, package source)
• Update axe-core to v4.11.3 (#1306) (71c4179) (v4.11.1-4.11.2, changelog)
• wdio: support v9 wdio switchFrame and switchWindow (#1302) (4689273), closes #1164 (v4.11.1-4.11.2, changelog)
• Updated axe-core dependency from ~4.11.1 to ~4.11.3 to include bug fixes and improvements (v4.11.2, package source)
• Removed @​types/node and ts-node from devDependencies (v4.11.2, package source)
• Removed typescript from devDependencies (v4.11.2, package source)
• remove tsbuildinfo cache file from published packages (#12187) (v8.58.1-8.58.2, changelog)
• eslint-plugin: [no-unnecessary-condition] use assignability checks in checkTypePredicates (#12147) (v8.58.1-8.58.2, changelog)
• Abhijeet Singh @​cseas (v8.58.1-8.58.2, changelog)
• 송재욱 (v8.58.1-8.58.2, changelog)
• Removed tsbuildinfo cache files from published packages by updating glob pattern from !.tsbuildinfo to !**/.tsbuildinfo in package.json files field (v8.58.2, package source)
• #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter (v6.1.5-6.1.6, changelog)
• #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development (v6.1.5-6.1.6, changelog)
• #16027 c62516b Thanks @​fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify. (v6.1.6-6.1.7, changelog)
• #16311 94048f2 Thanks @​Arecsu! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes) (v6.1.6-6.1.7, changelog)
• #16316 0fcd04c Thanks @​ematipico! - Fixes the /_image endpoint accepting an arbitrary f=svg query parameter and serving non-SVG content as image/svg+xml. The endpoint now validates that the source is actually SVG before honoring f=svg, matching the same guard already enforced on the <Image> component... (v6.1.6-6.1.7, changelog)
• #16367 a6866a7 Thanks @​ematipico! - Fixes an issue where build output files could contain special characters (!, ~, {, }) in their names, causing deploy failures on platforms like Netlify. (v6.1.7-6.1.8, changelog)
• #16348 7d26cd7 Thanks @​ocavue! - Fixes a bug where emitted assets during a client build would contain always fresh, new hashes in their name. Now the build should be more stable. (v6.1.7-6.1.8, changelog)
• #16317 d012bfe Thanks @​das-peter! - Fixes a bug where allowedDomains weren't correctly propagated when using the development server. (v6.1.7-6.1.8, changelog)
• #16282 5b0fdaa Thanks @​jmurty! - Fixes build errors on platforms with skew protection enabled (e.g. Vercel, Netlify) for inter-chunk Javascript using dynamic imports (v6.1.7-6.1.8, changelog)
• #16317 d012bfe Thanks @​das-peter! - Adds tests to verify settings are properly propagated when using the development server. (v6.1.7-6.1.8, changelog)
• #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content (v6.1.5-6.1.6, changelog)
• #16381 217c5b3 Thanks @​ematipico! - Slightly improved the performance of the dev server by caching the internal crawling of the dependencies of a project. (v6.1.7-6.1.8, changelog)
• #16379 5a84551 Thanks @​martrapp! - Improves Vue scoped style handling in DEV mode during client router navigation. (v6.1.7-6.1.8, changelog)
• Updated dependencies [e0b240e]: (v6.1.7-6.1.8, changelog)
• @​astrojs/telemetry@​3.3.1 (v6.1.7-6.1.8, changelog)
• Updated @​astrojs/telemetry dependency from 3.3.0 to 3.3.1 (v6.1.8, package source)
• Updated TypeScript build scripts to use tsc --build instead of tsc --project for improved incremental build support (v6.1.8, package source)
• 234d005 fix: minimatch security vulnerability patch for v9.x (#20549) (Andrej Beles) (v10.2.0-10.2.1, changelog)
• b1b37ee fix: update ajv to 6.14.0 to address security vulnerabilities (#20538) (루밀LuMir) (v10.2.0-10.2.1, changelog)
• d841001 fix: update minimatch to 10.2.1 to address security vulnerabilities (#20519) (루밀LuMir) (v10.2.0-10.2.1, changelog)
• a463e7b chore: update dependency js-yaml to v4 [security] (#20319) (renovate[bot]) (v10.2.0-10.2.1, changelog)
• d498887 fix: bump @​eslint/plugin-kit to 0.3.4 to resolve vulnerability (#19965) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 50a8efd docs: report a sec vulnerability page (#16808) (Ben Perlmutter) (v10.2.0-10.2.1, changelog)
• 8167aa7 chore: bump version of minimatch due to security issue PRISMA-2022-0039 (#15774) (Jan Opravil) (v10.2.0-10.2.1, changelog)
• 9250d16 Upgrade: Bump lodash to fix security issue (#13993) (Frederik Prijck) (v10.2.0-10.2.1, changelog)
• 0f1f5ed Docs: Add security policy link to README (#13403) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• 3396c3e Upgrade: karma@^4.0.1, drops Node 6 support, fixes vulnerability (#11570) (Kevin Partington) (v10.2.0-10.2.1, changelog)
• afe3d25 Upgrade: Bump js-yaml dependency to fix Denial of Service vulnerability (#11550) (Vernon de Goede) (v10.2.0-10.2.1, changelog)
• d3f3994 Docs: add information about reporting security issues (#10889) (Teddy Katz) (v10.2.0-10.2.1, changelog)
• f6901d0 Fix: remove catastrophic backtracking vulnerability (fixes #10002) (#10019) (Jamie Davis) (v10.2.0-10.2.1, changelog)
• Upgrade: Handlebars to >= 4.0.5 for security reasons (fixes #4642) (Jacques Favreau) (v10.2.0-10.2.1, changelog)
• 5687ce7 fix: correct mismatched removed rules (#19734) (루밀LuMir) (v10.2.0-10.2.1, changelog)
• 959d360 build: Support updates to previous major versions (#18871) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 113f51e docs: Mention package.json config support dropped (#18305) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• 7c78576 docs: Add more removed context methods to migrate to v9 guide (#17951) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 3a877d6 docs: Update removed CLI flags migration (#17939) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• 74794f5 chore: removed unused eslintrc modules (#17938) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• fffca5c docs: remove "Open in Playground" buttons for removed rules (#17791) (Francesco Trotta) (v10.2.0-10.2.1, changelog)
• becfdd3 docs: Make clear when rules are removed (#17728) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• ce4f5ff docs: Replace removed related rules with a valid rule (#16800) (Ville Saalo) (v10.2.0-10.2.1, changelog)
• c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 7cf96cf Breaking: Disallow reserved words in ES3 (fixes #15017) (#15046) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 305e14a Breaking: remove meta.docs.category in core rules (fixes #13398) (#14594) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 24c9f2a Breaking: Strict package exports (refs #13654) (#14706) (Nicholas C. Zakas) (v10.2.0-10.2.1, changelog)
• 86d31a4 Breaking: disallow SourceCode#getComments() in RuleTester (refs #14744) (#14769) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 1d2213d Breaking: Fixable disable directives (fixes #11815) (#14617) (Josh Goldberg) (v10.2.0-10.2.1, changelog)
• 4a7aab7 Breaking: require meta for fixable rules (fixes #13349) (#14634) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• d6a761f Breaking: Require meta.hasSuggestions for rules with suggestions (#14573) (Bryan Mishkin) (v10.2.0-10.2.1, changelog)
• 6bd747b Breaking: support new regex d flag (fixes #14640) (#14653) (Yosuke Ota) (v10.2.0-10.2.1, changelog)
• 8b4f3ab Breaking: fix comma-dangle schema (fixes #13739) (#14030) (Joakim Nilsson) (v10.2.0-10.2.1, changelog)
• b953a4e Breaking: upgrade espree and support new class features (refs #14343) (#14591) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 8cce06c Breaking: add some rules to eslint:recommended (refs #14673) (#14691) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 86bb63b Breaking: Drop codeframe and table formatters (#14316) (Federico Brigante) (v10.2.0-10.2.1, changelog)
• f3cb320 Breaking: drop node v10/v13/v15 (fixes #14023) (#14592) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 4c841b8 Breaking: allow all directives in line comments (fixes #14575) (#14656) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• c29bd9f Chore: Add breaking/core change link to issue templates (#13344) (Kai Cataldo) (v10.2.0-10.2.1, changelog)
• 4ef6158 Breaking: espree@​7.0.0 (#13270) (Kai Cataldo) (v10.2.0-10.2.1, changelog)
• 78c8cda Breaking: RuleTester Improvements (refs Update: RuleTester Improvements eslint/rfcs#25) (#12955) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 185982d Breaking: improve plugin resolving (refs New: Plugin Loading Improvement eslint/rfcs#47) (#12922) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 48b122f Breaking: change relative paths with --config (refs New: Changing Base Path of overrides and ignorePatterns eslint/rfcs#37) (#12887) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 0de91f3 Docs: removed correct code from incorrect eg (#13060) (Anix) (v10.2.0-10.2.1, changelog)
• 4af06fc Breaking: Test with an unknown error property should fail in RuleTester (#12096) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• afa9aac Breaking: class default true computed-property-spacing (fixes #12812) (#12915) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 7d52151 Breaking: classes default true in accessor-pairs (fixes #12811) (#12919) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 78182e4 Breaking: Add new rules to eslint:recommended (fixes #12911) (#12920) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 6423e11 Breaking: check unnamed default export in func-names (fixes #12194) (#12195) (Chiawen Chen) (v10.2.0-10.2.1, changelog)
• 4293229 Breaking: use-isnan enforceForSwitchCase default true (fixes #12810) (#12913) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• cf38d0d Breaking: change default ignore pattern (refs New: Update Default Ignore Patterns eslint/rfcs#51) (#12888) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• bfe1dc4 Breaking: no-dupe-class-members checks some computed keys (fixes #12808) (#12837) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• 95e0586 Fix: id-blacklist false positives on renamed imports (#12831) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• c2217c0 Breaking: make radix rule stricter (#12608) (fisker Cheung) (v10.2.0-10.2.1, changelog)
• 1aa021d Breaking: lint overrides files (fixes #10828, refs New: Configuring Additional Lint Targets with .eslintrc eslint/rfcs#20) (#12677) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• b50179d Breaking: Check assignment targets in no-extra-parens (#12490) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• d86a5bb Breaking: Check flatMap in array-callback-return (fixes #12235) (#12765) (Milos Djermanovic) (v10.2.0-10.2.1, changelog)
• cf46df7 Breaking: description in directive comments (refs New: Description in directive comments eslint/rfcs#33) (#12699) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 7350589 Breaking: some rules recognize bigint literals (fixes #11803) (#12701) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 1118fce Breaking: runtime-deprecation on '~/.eslintrc' (refs Update: Deprecating Personal Config eslint/rfcs#32) (#12678) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 2c28fbb Breaking: drop Node.js 8 support (refs New: Drop supports for Node.js 8.x and 11.x eslint/rfcs#44) (#12700) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 20908a3 Docs: removed '>' prefix from docs/working-with-rules (#11818) (Alok Takshak) (v10.2.0-10.2.1, changelog)
• 2d32a9e Breaking: stricter rule config validating (fixes #9505) (#11742) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 6ae21a4 Breaking: fix config loading (fixes #11510, fixes #11559, fixes #11586) (#11546) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• adc6585 Docs: update status of breaking changes in migration guide (#11652) (Teddy Katz) (v10.2.0-10.2.1, changelog)
• 0fc8e62 Breaking: eslint:recommended changes (fixes #10768) (#11518) (薛定谔的猫) (v10.2.0-10.2.1, changelog)
• 20364cc Breaking: make no-redeclare stricter (fixes #11370, fixes #11405) (#11509) (Toru Nagashima) (v10.2.0-10.2.1, changelog)
• 9e49b56 Breaking: upgrade espree to 6.0.0-alpha.0 (fixes #9687) (#11610) (Teddy Katz) (v10.2.0-10.2.1, changelog)
• ef7801e Breaking: disallow invalid rule defaults in RuleTester (fixes #11473) (#11599) (Teddy Katz) (v10.2.0-10.2.1, changelog)

View 7313 more changes in the full analysis

References (14)

[1]: Project already uses the modern ESLint flat config API (defineConfig, globalIgnores imported from eslint/config), meaning all breaking changes related to dropping legacy eslintrc support and package.json config are not applicable.

mvlanga-com-astro/eslint.config.mjs

Line 5 in 286582a

import { defineConfig, globalIgnores } from "eslint/config";

[2]: ESLint config imports from @​eslint/js, eslint-config-prettier/flat, eslint-plugin-astro, eslint-plugin-vue, and typescript-eslint — all modern flat-config-compatible packages. No legacy plugin patterns that would be broken.

mvlanga-com-astro/eslint.config.mjs

Line 1 in 286582a

import eslint from "@eslint/js";

[3]: eslint is declared as ^10.2.1 in devDependencies, confirming it is a tooling-only dependency with no production runtime exposure.

mvlanga-com-astro/package.json

Line 46 in 286582a

"eslint": "^10.2.1",

[4]: @​axe-core/playwright is declared as ^4.11.2 in devDependencies — used exclusively in the test suite, no production impact.

mvlanga-com-astro/package.json

Line 35 in 286582a

"@axe-core/playwright": "^4.11.2",

[5]: The only usage of @​axe-core/playwright is the stable new AxeBuilder({ page }).analyze() constructor pattern, which is unaffected by the internal axe-core ~4.11.1 → ~4.11.3 bump.

mvlanga-com-astro/tests/utils.ts

Line 11 in 286582a

const accessibilityScanResults = await new AxeBuilder({

[6]: AxeBuilder is imported as the default export from @​axe-core/playwright — exactly the API the package exposes; no deprecated or removed imports detected.

mvlanga-com-astro/tests/utils.ts

Line 1 in 286582a

import AxeBuilder from "@axe-core/playwright";

[7]: typescript is declared as ^6.0.3 in devDependencies. The patch release (6.0.2 → 6.0.3) contains only bug fixes with no API surface changes affecting this project.

mvlanga-com-astro/package.json

Line 62 in 286582a

"typescript": "^6.0.3",

[8]: @​typescript-eslint/parser is declared as ^8.58.2 in devDependencies. The change is purely a packaging fix (removing tsbuildinfo cache files from the published tarball) with no behavioral impact.

mvlanga-com-astro/package.json

Line 41 in 286582a

"@typescript-eslint/parser": "^8.58.2",

[9]: typescript-eslint is declared as ^8.58.2 in devDependencies. Changes include the same tsbuildinfo packaging fix and a correctness improvement to the [no-unnecessary-condition] rule — no breaking changes.

mvlanga-com-astro/package.json

Line 63 in 286582a

"typescript-eslint": "^8.58.2",

[10]: prettier is declared as ^3.8.3 in devDependencies. The patch release is an internal PostCSS and standalone optimization with no configuration API changes — the existing prettier.config.mjs requires no modifications.

mvlanga-com-astro/package.json

Line 54 in 286582a

"prettier": "^3.8.3",

[11]: @​astrojs/netlify is declared as ^7.0.7 in devDependencies. The only detected change is an internal astro dev-dependency bump, with no public API impact.

mvlanga-com-astro/package.json

Line 31 in 286582a

"@astrojs/netlify": "^7.0.7",

[12]: happy-dom is declared as ^20.9.0 in devDependencies for unit testing. Internal event listener refactoring uses getter/setter pairs backed by a Map but maintains full backward compatibility.

mvlanga-com-astro/package.json

Line 51 in 286582a

"happy-dom": "^20.9.0",

[13]: astro is declared as 6.1.8 in devDependencies. Internal changes are limited to a telemetry version bump and TypeScript build script improvements (tsc --build instead of tsc --project), no runtime impact.

mvlanga-com-astro/package.json

Line 43 in 286582a

"astro": "6.1.8",

[14]: Accessibility tests tagged @​a11n run only on chromium, matching @​axe-core/playwright's primary supported browser environment — upgrade has no cross-browser risk.

mvlanga-com-astro/playwright.config.ts

Line 21 in 286582a

grepInvert: /@a11n/,

---

fossabot analyzed this PR using static analysis and dependency research. View this analysis on the web