chore(deps): bump the prod-deps group across 1 directory with 4 updates

[dependabot]

Bumps the prod-deps group with 4 updates in the / directory: astro-sst, sst, astro and @astrojs/node.

Updates astro-sst from 2.43.5 to 2.45.2

Release notes

Sourced from astro-sst's releases.

astro-sst@2.45.2

Patch Changes

• 263bcb0: Migrating to astro-sst repo

Changelog

Sourced from astro-sst's changelog.

2.45.2

Patch Changes

• 263bcb0: Migrating to astro-sst repo

2.44.0

2.43.8

2.43.7

2.43.6

Patch Changes

• a68ca8416 Thanks @​thdxr! - switch to v2 tag

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by sst-publisher, a new releaser for astro-sst since your current version.

Updates sst from 3.2.73 to 3.4.27

Release notes

Sourced from sst's releases.

v3.4.27

Changelog

• 9423d8b78b8b2ea79859fd7182ef4475e30d43f3 dynamo: fix dynamo automatically being made linkable

v3.4.26

Changelog

• 185e04da312084f5bd3393dd78fba3c2b79b3227 Cluster: make task sdk type safe
• 051a3fdfa125567965e7564c650e75b52d20bb37 detect new bun lock file

v3.4.25

Changelog

• 775450f44de4de3a39de704ae2bad4184c1b50cf Cluster task
• 263c90c9118b46e0bb812c5537b6ce63a8b79482 Examples: sync
• 2caabf2b25614ca91c2cb532401d853b51027353 dev: do not run copyFiles in dev
• f9968199b1785ce79081c85a703bca5f4a7521bb pulumi: update pulumi sdk to match binary version

v3.4.24

Changelog

• d6f5cc75231827457b050c4609363b2e2295f139 fix gomod
• 21ce215fa6854bfa15b21838cdb41ff7d3a3eebd sst.aws.Function: experimental golang function support

v3.4.23

Changelog

v3.4.22

Changelog

• 34cd9f248fbbfefe082893e75d470a82006f79db dev: do not fail when symlinking existing file

v3.4.21

Changelog

• 0ea6367bfc20509d9ceecbcff89417d5b3595c5a dev: fix workers being killed at beginning of every deploy
• 848d15ae319c3a44ea686cd648b4a5c5eddba706 dev: restarted workers after killing them from a deploy

v3.4.20

Changelog

• 638135dde898cbe42cabaa03bc3ece1b4b374009 dev: experimental --mode=mono for single monoplexed output

v3.4.19

Changelog

• c29e56b4952d1a58347003ac1a8c816782ba8cd3 dev: improve 'sst dev not connected' scenarios

v3.4.18

Changelog

• fd4467412567a6fe5641e71b0682db80e7c8557c fix: Nitro AppConfig AWS Lambda streaming (#5226)
• c2657a114ad3498721bea7f8c9d9761c0966ddd6 sst.aws.Tanstack/SolidStart: update nitro based presets to use new config system

v3.4.17

Changelog

• 3c5f34552ecadb04b83dc7cb6fc7c291f59da816 add neovim
• ab2c709543982938fb37ffea05d95e56f0506ed4 ensure exit code returns 1 when deploy, remove, or refresh has errors

... (truncated)

Commits

• See full diff in compare view

Updates astro from 4.16.8 to 5.1.1

Release notes

Sourced from astro's releases.

astro@5.1.1

Patch Changes

• #12782 f3d8385 Thanks @​fhiromasa! - update comment in packages/astro/src/types/public/common.ts

• #12789 f632b94 Thanks @​ascorbic! - Pass raw frontmatter to remark plugins in glob loader

• #12799 739dbfb Thanks @​ascorbic! - Upgrades Vite to pin esbuild

astro@5.1.0

Minor Changes

• #12441 b4fec3c Thanks @​ascorbic! - Adds experimental session support

  Sessions are used to store user state between requests for server-rendered pages, such as login status, shopping cart contents, or other user-specific data.

  ---
  export const prerender = false; // Not needed in 'server' mode
  const cart = await Astro.session.get('cart');
  ---
  <a href="/checkout">🛒 {cart?.length ?? 0} items</a>

  Sessions are available in on-demand rendered/SSR pages, API endpoints, actions and middleware. To enable session support, you must configure a storage driver.

  If you are using the Node.js adapter, you can use the fs driver to store session data on the filesystem:

  // astro.config.mjs
  {
    adapter: node({ mode: 'standalone' }),
    experimental: {
      session: {
        // Required: the name of the unstorage driver
        driver: "fs",
      },
    },
  }

  If you are deploying to a serverless environment, you can use drivers such as redis, netlify-blobs, vercel-kv, or cloudflare-kv-binding and optionally pass additional configuration options.

  For more information, including using the session API with other adapters and a full list of supported drivers, see the docs for experimental session support. For even more details, and to leave feedback and participate in the development of this feature, the Sessions RFC.

• #12426 3dc02c5 Thanks @​oliverlynch! - Improves asset caching of remote images

  Astro will now store entity tags and the Last-Modified date for cached remote images and use them to revalidate the cache when it goes stale.

... (truncated)

Changelog

Sourced from astro's changelog.

5.1.1

Patch Changes

• #12782 f3d8385 Thanks @​fhiromasa! - update comment in packages/astro/src/types/public/common.ts

• #12789 f632b94 Thanks @​ascorbic! - Pass raw frontmatter to remark plugins in glob loader

• #12799 739dbfb Thanks @​ascorbic! - Upgrades Vite to pin esbuild

5.1.0

Minor Changes

• #12441 b4fec3c Thanks @​ascorbic! - Adds experimental session support

  Sessions are used to store user state between requests for server-rendered pages, such as login status, shopping cart contents, or other user-specific data.

  ---
  export const prerender = false; // Not needed in 'server' mode
  const cart = await Astro.session.get('cart');
  ---
  <a href="/checkout">🛒 {cart?.length ?? 0} items</a>

  Sessions are available in on-demand rendered/SSR pages, API endpoints, actions and middleware. To enable session support, you must configure a storage driver.

  If you are using the Node.js adapter, you can use the fs driver to store session data on the filesystem:

  // astro.config.mjs
  {
    adapter: node({ mode: 'standalone' }),
    experimental: {
      session: {
        // Required: the name of the unstorage driver
        driver: "fs",
      },
    },
  }

  If you are deploying to a serverless environment, you can use drivers such as redis, netlify-blobs, vercel-kv, or cloudflare-kv-binding and optionally pass additional configuration options.

  For more information, including using the session API with other adapters and a full list of supported drivers, see the docs for experimental session support. For even more details, and to leave feedback and participate in the development of this feature, the Sessions RFC.

• #12426 3dc02c5 Thanks @​oliverlynch! - Improves asset caching of remote images

... (truncated)

Commits

• 5f4c543 [ci] release (#12790)
• 739dbfb fix(deps): upgrade Vite (#12799)
• f3d8385 update comment in packages/astro/src/types/public/common.ts (#12782)
• 49cc5d7 [ci] format
• f632b94 fix: pass raw frontmatter to when parsing markdown in glob loader (#12789)
• 5e9d1bc chore: move files to .mjs (#12765)
• 73b6c8b chore: fix links in session errors (#12787)
• 3f557b2 [ci] release (#12762)
• 4353fc5 fix: correctly return 404.astro in i18n (#12764)
• 45005a5 [ci] format
• Additional commits viewable in compare view

Updates @astrojs/node from 8.3.4 to 9.0.0

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​9.0.0

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

• #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

@​astrojs/node@​9.0.0-beta.3

Major Changes

• 167b369 Thanks @​bluwy! - Updates send dependency to v1.1.0

@​astrojs/node@​9.0.0-beta.2

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

Changelog

Sourced from @​astrojs/node's changelog.

9.0.0

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

• #451 167b369 Thanks @​ematipico! - Updates send dependency to v1.1.0

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

9.0.0-beta.3

Major Changes

• 167b369 Thanks @​bluwy! - Updates send dependency to v1.1.0

9.0.0-beta.2

Major Changes

• #375 e7881f7 Thanks @​Princesseuh! - Updates internal code to works with Astro 5 changes to hybrid rendering. No changes are necessary to your project, apart from using Astro 5

• #397 776a266 Thanks @​Princesseuh! - Welcome to the Astro 5 beta! This release has no changes from the latest alpha of this package, but it does bring us one step closer to the final, stable release.

  Starting from this release, no breaking changes will be introduced unless absolutely necessary.

  To learn how to upgrade, check out the Astro v5.0 upgrade guide in our beta docs site.

• #392 3a49eb7 Thanks @​Princesseuh! - Updates internal code for Astro 5 changes. No changes is required to your project, apart from using Astro 5

Minor Changes

• #385 bb725b7 Thanks @​florian-lefebvre! - Cleans up astro:env support

9.0.0-alpha.1

Major Changes

• #11679 ea71b90 Thanks @​florian-lefebvre! - Adds stable support for astro:env

... (truncated)

Commits

• 7057f09 [ci] release (#448)
• 21d79c8 Merge branch 'main' into next
• 0ba7a39 chore: update Astro peer dep for adapters (#449)
• 0d76496 chore(deps): update dependency @​types/node to v22 (#432)
• 9cedc9b fix(deps): update all non-major dependencies (#431)
• ff2e024 [ci] release (beta) (#400)
• 167b369 Update send to v1.1.0
• e30c046 Merge branch 'main' into next
• 5391c02 chore(deps): update all non-major dependencies (#428)
• 0c16fee chore(deps): update all non-major dependencies (#420)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@astrojs/node@9.0.0	Transitive: environment, eval, filesystem, network, unsafe	+20	491 kB	matthewp
npm/astro-sst@2.45.2	Transitive: environment, network, unsafe	+4	1.69 MB	sst-publisher
npm/astro@5.1.1	Transitive: environment, eval, filesystem, network, shell	+316	51 MB	fredkschott, matthewp, natemoo-re
npm/sst@3.4.27	environment, filesystem, network	+8	1.43 MB	sst-publisher

🚮 Removed packages: npm/@astrojs/node@8.3.4, npm/astro-sst@2.43.5, npm/astro@4.16.8, npm/sst@3.2.73

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
Possible typosquat attack	npm/emoji-regex-xs@1.0.0	Did you mean: emoji-regex~~-xs~~	@kindspells/astro-shield/package.json @kindspells/astro-shield/src/e2e/fixtures/dynamic/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid2/package.json @kindspells/astro-shield/src/e2e/fixtures/hybrid3/package.json @kindspells/astro-shield/src/e2e/fixtures/static/package.json docs/package.json pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a typosquat?

Package name is similar to other popular packages and may not be the package you want.

Use care when consuming similarly named packages and ensure that you did not intend to consume a different package. Malicious packages often publish using similar names as existing popular packages.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/emoji-regex-xs@1.0.0