Skip to content

Bump the javascript-dependencies group with 7 updates#66

Merged
shenanigansd merged 1 commit into
mainfrom
dependabot/npm_and_yarn/javascript-dependencies-c6ec523c66
Jul 1, 2026
Merged

Bump the javascript-dependencies group with 7 updates#66
shenanigansd merged 1 commit into
mainfrom
dependabot/npm_and_yarn/javascript-dependencies-c6ec523c66

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the javascript-dependencies group with 7 updates:

Package From To
@astrojs/cloudflare 13.7.0 14.0.0
@astrojs/react 5.0.7 6.0.0
@auth0/auth0-spa-js 2.21.1 2.21.2
astro 6.4.8 7.0.2
@biomejs/biome 2.4.16 2.5.1
@types/node 25.9.2 26.0.0
wrangler 4.99.0 4.104.0

Updates @astrojs/cloudflare from 13.7.0 to 14.0.0

Release notes

Sourced from @​astrojs/cloudflare's releases.

@​astrojs/cloudflare@​14.0.0

Major Changes

Minor Changes

  • #16335 9a53f77 Thanks @​ascorbic! - Adds an opt-in CDN cache provider for Astro route caching on Cloudflare Workers

    [!WARNING] This provider requires the Cloudflare Workers Cache feature, which is currently in private beta. It is opt-in: nothing changes unless you import cacheCloudflare() and set it as your provider. But without beta access it does not work and should not be used. Cloudflare Workers run in front of the cache, so cached responses are never served, and calling cache.invalidate() throws an error.

    Setup

    Import cacheCloudflare() from @astrojs/cloudflare/cache and set it as your cache provider:

    import { defineConfig } from 'astro/config';
    import cloudflare from '@astrojs/cloudflare';
    import { cacheCloudflare } from '@astrojs/cloudflare/cache';
    export default defineConfig({
    adapter: cloudflare(),
    cache: {
    provider: cacheCloudflare(),
    },
    });

    The adapter automatically enables the Worker caching layer when a Cloudflare cache provider is configured. No manual wrangler.jsonc changes are needed.

    Caching responses

    Use Astro.cache.set() in your pages and API routes to cache responses. The provider sets Cloudflare-CDN-Cache-Control and Cache-Tag headers, which are read by Cloudflare's built-in caching layer. Cache hits bypass Worker execution entirely, meaning your Worker is not invoked for cached responses.

    ---
    Astro.cache.set({ maxAge: 300, tags: ['products'] });
    const data = await fetchProducts();
    ---
    <ProductList items={data} />

    You can also set cache rules for groups of routes in your config:

    cache: { provider: cacheCloudflare() },
    routeRules: {
      '/products/[...slug]': { maxAge: 3600, tags: ['products'] },

... (truncated)

Changelog

Sourced from @​astrojs/cloudflare's changelog.

14.0.0

Major Changes

Minor Changes

  • #16335 9a53f77 Thanks @​ascorbic! - Adds an opt-in CDN cache provider for Astro route caching on Cloudflare Workers

    [!WARNING] This provider requires the Cloudflare Workers Cache feature, which is currently in private beta. It is opt-in: nothing changes unless you import cacheCloudflare() and set it as your provider. But without beta access it does not work and should not be used. Cloudflare Workers run in front of the cache, so cached responses are never served, and calling cache.invalidate() throws an error.

    Setup

    Import cacheCloudflare() from @astrojs/cloudflare/cache and set it as your cache provider:

    import { defineConfig } from 'astro/config';
    import cloudflare from '@astrojs/cloudflare';
    import { cacheCloudflare } from '@astrojs/cloudflare/cache';
    export default defineConfig({
    adapter: cloudflare(),
    cache: {
    provider: cacheCloudflare(),
    },
    });

    The adapter automatically enables the Worker caching layer when a Cloudflare cache provider is configured. No manual wrangler.jsonc changes are needed.

    Caching responses

    Use Astro.cache.set() in your pages and API routes to cache responses. The provider sets Cloudflare-CDN-Cache-Control and Cache-Tag headers, which are read by Cloudflare's built-in caching layer. Cache hits bypass Worker execution entirely, meaning your Worker is not invoked for cached responses.

    ---
    Astro.cache.set({ maxAge: 300, tags: ['products'] });
    const data = await fetchProducts();
    ---
    <ProductList items={data} />

    You can also set cache rules for groups of routes in your config:

    cache: { provider: cacheCloudflare() },
    routeRules: {

... (truncated)

Commits

Updates @astrojs/react from 5.0.7 to 6.0.0

Release notes

Sourced from @​astrojs/react's releases.

@​astrojs/react@​6.0.0

Major Changes

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

@​astrojs/react@​6.0.0-beta.2

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

@​astrojs/react@​6.0.0-beta.1

Patch Changes

Changelog

Sourced from @​astrojs/react's changelog.

6.0.0

Major Changes

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

6.0.0-beta.2

Minor Changes

  • #17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

    A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

    If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

    - import { getContainerRenderer } from '@astrojs/react';
    + import { getContainerRenderer } from '@astrojs/react/container-renderer';

    Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

6.0.0-beta.1

Patch Changes

6.0.0-alpha.0

... (truncated)

Commits
  • f55ba4c [ci] release (#17132)
  • 0da0678 [ci] release (beta) (#17089)
  • 4585fe5 fix(integrations): Export container renderers from a dedicated export path to...
  • 08b84d6 [ci] release (beta) (#17045)
  • 75cfa52 chore: merge main into next
  • 9c2b95b Merge remote-tracking branch 'origin/main' into chore/merge-main-into-next
  • 3652d1c chore: merge main into next
  • 29ec81d chore: merge main into next
  • 8d1af3b Merge remote-tracking branch 'origin/main' into chore/merge-main-into-next
  • ad9abdb Merge branch 'main' into chore/merge-main-into-next
  • Additional commits viewable in compare view

Updates @auth0/auth0-spa-js from 2.21.1 to 2.21.2

Release notes

Sourced from @​auth0/auth0-spa-js's releases.

v2.21.2

Fixed

  • fix: ensure MfaRequiredError is propagated and MFA context is stored for passkey and custom token exchange grant types #1626 (yogeshchoudhary147)
Changelog

Sourced from @​auth0/auth0-spa-js's changelog.

v2.21.2 (2026-06-18)

Full Changelog

Fixed

  • fix: ensure MfaRequiredError is propagated and MFA context is stored for passkey and custom token exchange grant types #1626 (yogeshchoudhary147)
Commits
  • 8d15f2b Release v2.21.2 (#1631)
  • f57048d docs: fix MyAccount enrollmentVerify examples and note (#1630)
  • 91e3705 build(deps): Bump @​auth0/auth0-auth-js from 1.9.0 to 1.9.1 (#1629)
  • 1a9cd37 refactor: centralise MFA context storage across all token grant types (#1626)
  • 4b06b27 build(deps): Bump @​auth0/auth0-auth-js from 1.8.0 to 1.9.0 (#1628)
  • cd6394d chore(security): uses pinned versions of actions (#1625)
  • 97a3fb9 build(deps): Bump codecov/codecov-action from 6.0.1 to 7.0.0 (#1623)
  • d2198fe build(deps): Bump @​auth0/auth0-auth-js from 1.7.0 to 1.8.0 (#1620)
  • See full diff in compare view

Updates astro from 6.4.8 to 7.0.2

Release notes

Sourced from astro's releases.

astro@7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

astro@7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

astro@7.0.0

Major Changes

  • #15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

  • #16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

    Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

    This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

  • #16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

    When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

    A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

    New flag and subcommands

    • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
    • astro dev stop — Stop a running background dev server.
    • astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
    • astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.

    These allow you to start and manage dev servers programmatically and were designed with AI coding agents in mind.

    What should I do?

    No action is required. If you are not using an AI coding agent, astro dev behaves exactly as before. If you are using an agent, background mode is enabled automatically — the agent will receive the server URL and PID, and can use astro dev stop to shut it down.

    To opt out of automatic background mode when an agent is detected, set the environment variable ASTRO_DEV_BACKGROUND=0 before running astro dev.

  • #17010 0606073 Thanks @​ocavue! - Removes the @astrojs/db package as it is no longer maintained.

... (truncated)

Changelog

Sourced from astro's changelog.

7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

7.0.0

Major Changes

  • #15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

  • #16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

    Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

    This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

  • #16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

    When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

    A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

    New flag and subcommands

    • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
    • astro dev stop — Stop a running background dev server.
    • astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
    • astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.

    These allow you to start and manage dev servers programmatically and were designed with AI coding agents in mind.

    What should I do?

    No action is required. If you are not using an AI coding agent, astro dev behaves exactly as before. If you are using an agent, background mode is enabled automatically — the agent will receive the server URL and PID, and can use astro dev stop to shut it down.

    To opt out of automatic background mode when an agent is detected, set the environment variable ASTRO_DEV_BACKGROUND=0 before running astro dev.

... (truncated)

Commits

Updates @biomejs/biome from 2.4.16 to 2.5.1

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.5.1

2.5.1

Patch Changes

  • #10722 f8a303d Thanks @​denbezrukov! - Fixed CSS formatter output for comments between import media queries.

    -@import url("print.css") print,
    -/* comment */
    -screen;
    +@import url("print.css") print, /* comment */ screen;
  • #10738 9fdc560 Thanks @​JamBalaya56562! - Fixed #9899: the json and json-pretty reporters now escape backslashes in a diagnostic's location.path. Previously, paths containing backslashes (such as Windows-style paths) were emitted unescaped, producing invalid JSON.

    -    "path": "src\account\setup-passkey.tsx",
    +    "path": "src\\account\\setup-passkey.tsx",
  • #10626 5f837df Thanks @​tom-groves! - Fixed #10625: biome migrate no longer emits an invalid trailing comma when a renamed rule (such as noConsoleLognoConsole) is the last member of its rule group. Previously this produced malformed output that aborted the migration of a strict-JSON biome.json with a parsing error.

  • #10535 c245f9d Thanks @​Mokto! - Fixed a false positive in noUnusedVariables for Svelte files where variables referenced inside {@html expr} blocks were incorrectly reported as unused.

  • #10668 a0f197e Thanks @​Netail! - The biome init command has been updated to include a more up-to-date URL to the first-party extensions page.

  • #10667 d8c3e87 Thanks @​Netail! - Fixed #10664: useErrorCause now correctly detects a shorthand property.

  • #10696 ef2373f Thanks @​ematipico! - Fixed #9566. Improved how the Biome Language Server loads multiple configuration files inside a workspace.

  • #10705 4ccb410 Thanks @​ematipico! - Fixed #10652. Biome plugins are now properly filtered when using --only and --skip flags.

  • #10669 aa0a6eb Thanks @​Netail! - Fixed #10651: useInlineScriptId now correctly trims trivia to detect if an id attribute has been set.

  • #10689 844b1be Thanks @​ematipico! - Fixed #10658. The issue was caused by the "Go-to definition" editor feature, which was enabled by default. The feature is now disabled by default. To work, the feature triggers the scanner to build the module graph. This caused memory leak issues in cases where Biome starts in the home directory to modify files.

    If you relied on this new feature, you must now turn on using the [editor settings] of the extension e.g. Zed and VSCode.

  • #10695 043fbb5 Thanks @​ematipico! - Fixed #10674. Biome now throws an error when the field level is missing from a rule option.

  • #10712 5941df2 Thanks @​Conaclos! - Improved the diagnostic and the documentation of useFlatMap.

  • #10615 23814f1 Thanks @​qwertycxz! - Improved the DX the JSON schema when it's used by certain code editors like VSCode.

  • #10688 ec69489 Thanks @​ematipico! - Fixed a bug where the Biome Daemon did not correctly shut down when the editor was closed during an in-progress operation, especially while scanning.

  • #10701 6c2e0d7 Thanks @​ematipico! - Fixed #10694. The Biome Language Server no longer prints an error when the user hovers a variable imported from node_modules.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.5.1

Patch Changes

  • #10722 f8a303d Thanks @​denbezrukov! - Fixed CSS formatter output for comments between import media queries.

    -@import url("print.css") print,
    -/* comment */
    -screen;
    +@import url("print.css") print, /* comment */ screen;
  • #10738 9fdc560 Thanks @​JamBalaya56562! - Fixed #9899: the json and json-pretty reporters now escape backslashes in a diagnostic's location.path. Previously, paths containing backslashes (such as Windows-style paths) were emitted unescaped, producing invalid JSON.

    -    "path": "src\account\setup-passkey.tsx",
    +    "path": "src\\account\\setup-passkey.tsx",
  • #10626 5f837df Thanks @​tom-groves! - Fixed #10625: biome migrate no longer emits an invalid trailing comma when a renamed rule (such as noConsoleLognoConsole) is the last member of its rule group. Previously this produced malformed output that aborted the migration of a strict-JSON biome.json with a parsing error.

  • #10535 c245f9d Thanks @​Mokto! - Fixed a false positive in noUnusedVariables for Svelte files where variables referenced inside {@html expr} blocks were incorrectly reported as unused.

  • #10668 a0f197e Thanks @​Netail! - The biome init command has been updated to include a more up-to-date URL to the first-party extensions page.

  • #10667 d8c3e87 Thanks @​Netail! - Fixed #10664: useErrorCause now correctly detects a shorthand property.

  • #10696 ef2373f Thanks @​ematipico! - Fixed #9566. Improved how the Biome Language Server loads multiple configuration files inside a workspace.

  • #10705 4ccb410 Thanks @​ematipico! - Fixed #10652. Biome plugins are now properly filtered when using --only and --skip flags.

  • #10669 aa0a6eb Thanks @​Netail! - Fixed #10651: useInlineScriptId now correctly trims trivia to detect if an id attribute has been set.

  • #10689 844b1be Thanks @​ematipico! - Fixed #10658. The issue was caused by the "Go-to definition" editor feature, which was enabled by default. The feature is now disabled by default. To work, the feature triggers the scanner to build the module graph. This caused memory leak issues in cases where Biome starts in the home directory to modify files.

    If you relied on this new feature, you must now turn on using the [editor settings] of the extension e.g. Zed and VSCode.

  • #10695 043fbb5 Thanks @​ematipico! - Fixed #10674. Biome now throws an error when the field level is missing from a rule option.

  • #10712 5941df2 Thanks @​Conaclos! - Improved the diagnostic and the documentation of useFlatMap.

  • #10615 23814f1 Thanks @​qwertycxz! - Improved the DX the JSON schema when it's used by certain code editors like VSCode.

  • #10688 ec69489 Thanks @​ematipico! - Fixed a bug where the Biome Daemon did not correctly shut down when the editor was closed during an in-progress operation, especially while scanning.

  • #10701 6c2e0d7 Thanks @​ematipico! - Fixed #10694. The Biome Language Server no longer prints an error when the user hovers a variable imported from node_modules.

  • #10681 888515b Thanks @​Conaclos! - Fixed useExportType that reported useless details in some diagnostics.

... (truncated)

Commits

Updates @types/node from 25.9.2 to 26.0.0

Commits

Updates wrangler from 4.99.0 to 4.104.0

Release notes

Sourced from wrangler's releases.

wrangler@4.104.0

Minor Changes

  • #14369 e312dec Thanks @​edmundhung! - Add getEnv() to createTestHarness() Worker handles

    Tests can now access the full env object for a Worker with await server.getWorker<Env>().getEnv(), including vars, secrets, and bindings.

Patch Changes

  • #14364 a085dec Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260617.1 1.20260619.1
  • #14383 9a0de8f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260619.1 1.20260621.1
  • #14397 fab565f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260621.1 1.20260623.1
  • #14388 3f02864 Thanks @​petebacondarwin! - Stop erroring when find_additional_modules discovers a file that only matches a inactive module rule

    Module rules assign module types to imported files — they are not include/exclude filters. Also, setting fallthrough: false in a rule will cause subsequent rules to become inactive. Previously, when find_additional_modules walked the filesystem and discovered a file whose only matching rule is inactive, Wrangler would throw an error and fail the build.

    This meant that adding a user rule like the one below would break the build for any .txt, .html, .sql, .bin or .wasm file that didn't match the user-supplied globs but lived somewhere under the module root:

    // wrangler.json
    {
      "rules": [
        {
          "type": "Text",
          "globs": ["html/includeme.html"],
          "fallthrough": false
        }
      ]
    }

... (truncated)

Commits
  • ec856a1 Version Packages (#14370)
  • fab565f Bump workerd from 1.20260621.1 to 1.20260623.1 in the workerd-and-workers-typ...
  • 07cd86c [wrangler] Consolidate vi.mock calls for @​cloudflare/autoconfig in entry-poin...
  • e312dec feat(wrangler): add getEnv to worker handle (#14369)
  • 2a02858 [wrangler] fix: don't require private credential when reusing an existing Sec...
  • 3f02864 [wrangler] Don't error when find_additional_modules discovers a file matching...
  • 9a0de8f Bump the workerd-and-workers-types group with 2 updates (#14383)
  • a085dec Bump the workerd-and-workers-types group with 2 updates (#14364)
  • 4d8ffcb Version Packages (#14353)
  • 7649895 move auto provisioning to deploy-helpers (#14354)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options <...

Description has been truncated

Bumps the javascript-dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@astrojs/cloudflare](https://github.com/withastro/astro/tree/HEAD/packages/integrations/cloudflare) | `13.7.0` | `14.0.0` |
| [@astrojs/react](https://github.com/withastro/astro/tree/HEAD/packages/integrations/react) | `5.0.7` | `6.0.0` |
| [@auth0/auth0-spa-js](https://github.com/auth0/auth0-spa-js) | `2.21.1` | `2.21.2` |
| [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) | `6.4.8` | `7.0.2` |
| [@biomejs/biome](https://github.com/biomejs/biome/tree/HEAD/packages/@biomejs/biome) | `2.4.16` | `2.5.1` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `25.9.2` | `26.0.0` |
| [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.99.0` | `4.104.0` |


Updates `@astrojs/cloudflare` from 13.7.0 to 14.0.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/cloudflare/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/cloudflare@14.0.0/packages/integrations/cloudflare)

Updates `@astrojs/react` from 5.0.7 to 6.0.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/react/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/react@6.0.0/packages/integrations/react)

Updates `@auth0/auth0-spa-js` from 2.21.1 to 2.21.2
- [Release notes](https://github.com/auth0/auth0-spa-js/releases)
- [Changelog](https://github.com/auth0/auth0-spa-js/blob/main/CHANGELOG.md)
- [Commits](auth0/auth0-spa-js@v2.21.1...v2.21.2)

Updates `astro` from 6.4.8 to 7.0.2
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.2/packages/astro)

Updates `@biomejs/biome` from 2.4.16 to 2.5.1
- [Release notes](https://github.com/biomejs/biome/releases)
- [Changelog](https://github.com/biomejs/biome/blob/main/packages/@biomejs/biome/CHANGELOG.md)
- [Commits](https://github.com/biomejs/biome/commits/@biomejs/biome@2.5.1/packages/@biomejs/biome)

Updates `@types/node` from 25.9.2 to 26.0.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `wrangler` from 4.99.0 to 4.104.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.104.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@astrojs/cloudflare"
  dependency-version: 14.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: javascript-dependencies
- dependency-name: "@astrojs/react"
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: javascript-dependencies
- dependency-name: "@auth0/auth0-spa-js"
  dependency-version: 2.21.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: javascript-dependencies
- dependency-name: astro
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: javascript-dependencies
- dependency-name: "@biomejs/biome"
  dependency-version: 2.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: javascript-dependencies
- dependency-name: "@types/node"
  dependency-version: 26.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: javascript-dependencies
- dependency-name: wrangler
  dependency-version: 4.104.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: javascript-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@dependabot dependabot Bot requested a review from shenanigansd as a code owner July 1, 2026 00:35
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 1, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 1, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
letsbuilda-dev 6cb1354 Commit Preview URL

Branch Preview URL
Jul 01 2026, 12:36 AM

@shenanigansd shenanigansd merged commit 3372389 into main Jul 1, 2026
2 of 3 checks passed
@shenanigansd shenanigansd deleted the dependabot/npm_and_yarn/javascript-dependencies-c6ec523c66 branch July 1, 2026 01:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant