build(deps): bump the npm_and_yarn group across 9 directories with 4 updates by dependabot[bot] · Pull Request #314 · codecov/codecov-javascript-bundler-plugins

Bumps the npm_and_yarn group with 1 update in the /examples/astro directory: @astrojs/node.
Bumps the npm_and_yarn group with 2 updates in the /examples/astro-5 directory: @astrojs/node and astro.
Bumps the npm_and_yarn group with 1 update in the /examples/next-js directory: next.
Bumps the npm_and_yarn group with 1 update in the /examples/next-js-15 directory: next.
Bumps the npm_and_yarn group with 1 update in the /integration-tests/test-apps/astro-4 directory: @astrojs/node.
Bumps the npm_and_yarn group with 2 updates in the /integration-tests/test-apps/astro-5 directory: @astrojs/node and astro.
Bumps the npm_and_yarn group with 1 update in the /integration-tests/test-apps/nextjs directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/nextjs-webpack-plugin directory: next.
Bumps the npm_and_yarn group with 1 update in the /packages/rollup-plugin directory: rollup.

Updates @astrojs/node from 8.3.4 to 10.0.0

Release notes

Sourced from @astrojs/node's releases.

@astrojs/node@10.0.0

Major Changes
#15654 a32aee6 Thanks @florian-lefebvre! - Removes the experimentalErrorPageHost option

This option allowed fetching a prerendered error page from a different host than the server is currently running on.

However, there can be security implications with prefetching from other hosts, and often more customization was required to do this safely. This has now been removed as a built-in option so that you can implement your own secure solution as needed and appropriate for your project via middleware.

What should I do?

If you were previously using this feature, you must remove the option from your adapter configuration as it no longer exists:
// astro.config.mjs
import { defineConfig } from 'astro/config'
import node from '@astrojs/node'
export default defineConfig({
adapter: node({
mode: 'standalone',

experimentalErrorPageHost: 'http://localhost:4321'
})
})
You can replicate the previous behavior by checking the response status in a middleware and fetching the prerendered page yourself:
// src/middleware.ts
import { defineMiddleware } from 'astro:middleware';
export const onRequest = defineMiddleware(async (ctx, next) => {
const response = await next();
if (response.status === 404 || response.status === 500) {
return fetch(http://localhost:4321/${response.status}.html);
}
return response;
});
Minor Changes
#15258 d339a18 Thanks @ematipico! - Stabilizes the adapter feature experimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:
export default defineConfig({
  adapter: netlify({
-    experimentalStaticHeaders: true
+    staticHeaders: true

... (truncated)

Changelog

Sourced from @astrojs/node's changelog.

10.0.0

Major Changes
#15654 a32aee6 Thanks @florian-lefebvre! - Removes the experimentalErrorPageHost option

This option allowed fetching a prerendered error page from a different host than the server is currently running on.

However, there can be security implications with prefetching from other hosts, and often more customization was required to do this safely. This has now been removed as a built-in option so that you can implement your own secure solution as needed and appropriate for your project via middleware.

What should I do?

If you were previously using this feature, you must remove the option from your adapter configuration as it no longer exists:
// astro.config.mjs
import { defineConfig } from 'astro/config'
import node from '@astrojs/node'
export default defineConfig({
adapter: node({
mode: 'standalone',

experimentalErrorPageHost: 'http://localhost:4321'
})
})
You can replicate the previous behavior by checking the response status in a middleware and fetching the prerendered page yourself:
// src/middleware.ts
import { defineMiddleware } from 'astro:middleware';
export const onRequest = defineMiddleware(async (ctx, next) => {
const response = await next();
if (response.status === 404 || response.status === 500) {
return fetch(http://localhost:4321/${response.status}.html);
}
return response;
});
Minor Changes
#15258 d339a18 Thanks @ematipico! - Stabilizes the adapter feature experimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:
export default defineConfig({
  adapter: netlify({
-    experimentalStaticHeaders: true

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @astrojs/node since your current version.

Updates @astrojs/node from 8.3.4 to 10.0.0

Release notes

Sourced from @astrojs/node's releases.

@astrojs/node@10.0.0

Major Changes
#15654 a32aee6 Thanks @florian-lefebvre! - Removes the experimentalErrorPageHost option

This option allowed fetching a prerendered error page from a different host than the server is currently running on.

However, there can be security implications with prefetching from other hosts, and often more customization was required to do this safely. This has now been removed as a built-in option so that you can implement your own secure solution as needed and appropriate for your project via middleware.

What should I do?

If you were previously using this feature, you must remove the option from your adapter configuration as it no longer exists:
// astro.config.mjs
import { defineConfig } from 'astro/config'
import node from '@astrojs/node'
export default defineConfig({
adapter: node({
mode: 'standalone',

experimentalErrorPageHost: 'http://localhost:4321'
})
})
You can replicate the previous behavior by checking the response status in a middleware and fetching the prerendered page yourself:
// src/middleware.ts
import { defineMiddleware } from 'astro:middleware';
export const onRequest = defineMiddleware(async (ctx, next) => {
const response = await next();
if (response.status === 404 || response.status === 500) {
return fetch(http://localhost:4321/${response.status}.html);
}
return response;
});
Minor Changes
#15258 d339a18 Thanks @ematipico! - Stabilizes the adapter feature experimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:
export default defineConfig({
  adapter: netlify({
-    experimentalStaticHeaders: true
+    staticHeaders: true

... (truncated)

Changelog

Sourced from @astrojs/node's changelog.

10.0.0

Major Changes
#15654 a32aee6 Thanks @florian-lefebvre! - Removes the experimentalErrorPageHost option

This option allowed fetching a prerendered error page from a different host than the server is currently running on.

However, there can be security implications with prefetching from other hosts, and often more customization was required to do this safely. This has now been removed as a built-in option so that you can implement your own secure solution as needed and appropriate for your project via middleware.

What should I do?

If you were previously using this feature, you must remove the option from your adapter configuration as it no longer exists:
// astro.config.mjs
import { defineConfig } from 'astro/config'
import node from '@astrojs/node'
export default defineConfig({
adapter: node({
mode: 'standalone',

experimentalErrorPageHost: 'http://localhost:4321'
})
})
You can replicate the previous behavior by checking the response status in a middleware and fetching the prerendered page yourself:
// src/middleware.ts
import { defineMiddleware } from 'astro:middleware';
export const onRequest = defineMiddleware(async (ctx, next) => {
const response = await next();
if (response.status === 404 || response.status === 500) {
return fetch(http://localhost:4321/${response.status}.html);
}
return response;
});
Minor Changes
#15258 d339a18 Thanks @ematipico! - Stabilizes the adapter feature experimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:
export default defineConfig({
  adapter: netlify({
-    experimentalStaticHeaders: true

... (truncated)

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @astrojs/node since your current version.

Updates astro from 4.16.18 to 5.18.1

Release notes

Sourced from astro's releases.

astro@5.18.1

Patch Changes

Updated dependencies [c2cd371]:

@astrojs/internal-helpers@0.7.6

@astrojs/markdown-remark@6.3.11

Changelog

Sourced from astro's changelog.

5.18.1

Patch Changes

Updated dependencies [c2cd371]:

@astrojs/internal-helpers@0.7.6

@astrojs/markdown-remark@6.3.11

5.18.0

Minor Changes
#15589 b7dd447 Thanks @qzio! - Adds a new security.actionBodySizeLimit option to configure the maximum size of Astro Actions request bodies.

This lets you increase the default 1 MB limit when your actions need to accept larger payloads. For example, actions that handle file uploads or large JSON payloads can now opt in to a higher limit.

If you do not set this option, Astro continues to enforce the 1 MB default to help prevent abuse.
// astro.config.mjs
export default defineConfig({
  security: {
    actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
  },
});
Patch Changes

#15594 efae11c Thanks @qzio! - Fix X-Forwarded-Proto validation when allowedDomains includes both protocol and hostname fields. The protocol check no longer fails due to hostname mismatch against the hardcoded test URL.

5.17.3

Patch Changes

#15564 522f880 Thanks @matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

#15569 e01e98b Thanks @matthewp! - Respect image allowlists when inferring remote image sizes and reject remote redirects.

5.17.2

Patch Changes

c13b536 Thanks @matthewp! - Improves Host header handling for SSR deployments behind proxies

5.17.1

Patch Changes

#15334 d715f1f Thanks @florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

... (truncated)

Commits

434d9cc [ci] release (#15829)
c2cd371 fix(helpers): Backport remote patterns segments fix (#15828)
011f061 [ci] release (#15597)
efae11c fix: X-Forwarded-Proto rejected when allowedDomains includes protocol… (#15594)
751ccf0 Update actionBodySizeLimit changeset and make minor (#15600)
b7dd447 make actionBodySizeLimit configurable (#15589)
e0f1a2b [ci] release (#15571)
522f880 Limit action request body size (#15564)
436962a chore: Upgrade Vite and esbuild (#15554)
e01e98b Respect remote image allowlists (#15569)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for astro since your current version.