Fixes incorrect URL generation for SVGs with imageCDN enabled, for the netlify adapter. Fixes #13796

Changes

• Adds a check for SVG images in astro/packages/integrations/netlify/src/image-service.ts to handle the return of the original src path for them.

Testing

• No specific tests were added since this is a fix between the image service logic of the netlify adapter, and existing tests should be enough.
• It was manually tested on a separate project, similar to how #13679 was handled.

Docs

It's an internal bug fix for the netlify adapter and should not need any documentation.

• check userCollections?.docs
• add starlight-page example for test

Description

• Closes #3192

Capture docs as undefined.

// starlight-page.ts
// before
return userCollections?.docs.schema ?? docsSchema();

// after
const userSchema = userCollections?.docs?.schema;

  if (typeof userSchema === 'function') {
    return userSchema;
  } else if (userSchema) {
    return () => userSchema;
  } else {
    return docsSchema();
  }

Changes

This PR applies two main changes

Directives

I changed the way directives are passed: https://github.com/withastro/roadmap/blob/feat/rfc-csp/proposals/0055-csp.md#provide-additional-directives

Now it's a string, which is validated using a custom zod schema, and provides good safety in the editor.

Runtime APIs

RFC has been updated to match the implementation: https://github.com/withastro/roadmap/blob/feat/rfc-csp/proposals/0055-csp.md#runtime-apis

Here, we are doing something new that our runtime engine didn't support: allow to change SSRResult during the rendering.

To provide such a level of mutation, I had to save the SSRResult inside the RenderContext class. This allows for the manipulation of information that belongs only to the route being rendered. I tried to manipulate manifest.csp, but this has a side-effect of keeping this information when we render the next route.

Testing

Added new tests to cover all the APIs.

Docs

Description

• New FEATURES.giscus option
• New giscus frontmatter to control Giscus per post
• New Giscus comp to integrate Giscus comments
• New public/giscus/ for storing custom Giscus styles
• New vercel.json for configuring CORS headers
• Refer to Configure Giscus Comments for details

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@vitejs/plugin-vue-jsx (source)	^4.1.2 -> ^4.2.0
@vue/compiler-sfc (source)	^3.5.13 -> ^3.5.14
solid-js (source)	^1.9.6 -> ^1.9.7
svelte (source)	^5.28.2 -> ^5.32.1
svelte2tsx (source)	^0.7.37 -> ^0.7.39
vue (source)	^3.5.13 -> ^3.5.14

Release Notes

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

• If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Changes

This PR makes a few changes for logs in the Cloudflare adapter's dev server based on feedback from withastro/adapters#191 and my experience using it.

Here's the log you would get when starting the dev server with the Cloudflare adapter:

12:50:48 [@astrojs/cloudflare] Enabling sessions with filesystem storage. Be sure to define a KV binding named "SESSION".
12:50:48 [@astrojs/cloudflare] If you see the error "Invalid binding `SESSION`" in your build output, you need to add the binding to your wrangler config file.
12:50:48 [WARN] [config] The adapter @astrojs/cloudflare has limited support for "sharp". Certain features may not work as expected.
12:50:48 [WARN] [adapter] Cloudflare does not support sharp. You can use the `compile` image service to compile images at build time. It will not work for any on-demand rendered images.

Respectively, here are my thoughts and solutions:

1. The first log says it's enabling sessions with filesystem storage, but asks you to define a KV binding name, which sounds confusing.
   — Changed it so it clarifies it will enable it for production usage, and the follow-up docs PR will add information about the Sessions behavior during dev.

2. Again, if I am using the filesystem storage, why would that matter?
   — Made so this log is only shown during build. That's when you'd get the mentioned error and the information would be most relevant to be shown to you, plus making the dev startup logs one line shorter.

3. Limited support, ok! How exactly limited, though?
   — Clarified that you can still use sharp during build time, but not runtime, meaning only pre-rendered pages will get optimized.

4. Now its no support at all? Also, this says you can use the compile image service, but using it doesn't make the warning go away, and in a kind of funny way, I was totally unaware it actually uses sharp, which I was just told was not compatible at all, so...? 😆
   — Clarified the compile option means using sharp.

NOTE: Not really sure if this is a patch or a minor change? 😅

Testing

I am not sure how/if I am supposed to test CLI logs automatically, but for manual testing:

• Build packages/integrations/cloudflare with this branch's changes.
• Run the dev server with and without an imageService option set.
• Then, run the build command to see the warning about session storage on build.

The expected behavior is to get the two warnings about sharp with @astrojs/cloudflare while no imageService is set, but when set, it is suppressed. And the tip about the "invalid session storage" to only be shown during the build process.

Docs

Sibling docs PR: withastro/docs#11708

/cc @withastro/maintainers-docs for feedback!

Upgraded drizzle-orm to latest v0.42.0

Changes

Moves defineCollection into astro/config. There is a re-export from astro:content too, but it will throw if used for live collecitons. This is because importing from there will cause a circular dependency.

Testing

Adds a load of tests

Docs

I will update the RFC

Changes

This PR implements the following chapter of the RFC: https://github.com/withastro/roadmap/blob/feat/rfc-csp/proposals/0055-csp.md#customize-the-script-src-and-style-src-directives

Changes:

• The schema and validation of the hashes is now done via z.custom, which provides runtime validation and a better type check
• I did some internal renaming
• I refactored the code in order match the RFC. In the RFC I changed the structure of the configuration. From having styleHashes and styleResources, we now have styleDirective.hash and styleDirective.resources

Testing

I updated the validation test, since now we don't raise a custom message anymore.
Added new integration tests and updated the current ones.

Docs

Changes

This PR adds support for additional directives inside the <meta> tag. As for now, Astro is only responsible for customising the script-src and style-src directives, however other directives aren't provided.

A user can always provide additional directives via the Response header; however, to avoid the use of multiple values (Response headers and meta data), and incurr in situations where the browser picks a different directive, Astro now allows user to add additional directives, which will be eventually rendered in the meta tag.

There's a very tiny level of validation, where if directives start with script-src or style-src, we throw an error.

We will provide additional configurations in case users need to customise script-src and style-src directives.

To note that I updated the RFC to use the term "directive". Initially I chose the term "policy". Directive is the right term.

https://github.com/withastro/roadmap/blob/feat/rfc-csp/proposals/0055-csp.md#configuration-apis

Testing

Added new tests

Docs

Changes

Bumps the required Node version in engines and the CLI

Testing

Tested manually

Docs

Docs will need an update

Description

I noticed when running pnpm format locally that we are formatting some astro build output files used in our E2E SSR tests.

This PR adds the build output directory to the .prettierignore file so that we never format these files.

This should not have any impact on CI as we don't run these tests in the formatting workflow altho locally, it can save a few seconds of formatting time for people running the command if they have also run our E2E tests.

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

astro@5.7.14

Patch Changes

• #13668 866285a Thanks @sapphi-red! - Replaces internal CSS chunking behavior for Astro components' scoped styles to use Vite's cssScopeTo feature. The feature is a port of Astro's implementation so this should not change the behavior.

@astrojs/netlify@6.3.4

Patch Changes

• #13799 7036b05 Thanks @Lofty-Brambles! - Fixes an issue where the adapter didn't take into consideration the outDir configuration.

• Updated dependencies []:

  • @astrojs/underscore-redirects@0.6.1

Changes

This PR implements the csp.algorithm configuration from the RFC: https://github.com/withastro/roadmap/blob/feat/rfc-csp/proposals/0055-csp.md#configuration-apis

The generateDigest function now accepts an algorithm parameter, which is passed down during the rendering phase.

I removed the cspMiddleware. I thought I was going to use it, but it turn out it isn't needed for the time being

Testing

I added two new tests

Docs

Changes

Replaces the set constant ./dist/ with the output directory option from AstroConfig.outdir in the netlify integration.
Closes #13726

Testing

Simple fix to a previously set constant. No additional tests were required.

Docs

Doesn't need documentation, since it is a simple patch.

The automated PR generated to update errors in Astro Docs (withastro/docs#11666) fails because of a broken link in the errors list.

Changes

Replaces a link in FileParserNotFound error: the link doesn't exist and the error is not related to imports but to the file() loader.

I think a link to the guide will be more useful than using the reference.

Testing

N/A, just docs.

Docs

This is docs so
/cc @withastro/maintainers-docs for feedback!

No changeset added because this is part of #13761 which is not yet released.

Changes

• What does this change?
• Be short and concise. Bullet points can help!
• Before/after screenshots can help as well.
• Don't forget a changeset! pnpm exec changeset

Fixes #13793

Adds check for pre tags within a11y-no-noninteractive-tabindex a11y audit check.

tabindex on pre tags is actually good for accessibility as it gives keyboard users the ability to scroll a code block. Shiki adds the tabindex attribute to pre tags by default.

Currently it is only checking for the element being scrollable, which might not always be the case in codeblocks. So we explicitly check for pre tags.

Testing

Docs

Description

Initially spotted by Chris, E2E tests are failing with Node.js 23+. This is due to the new type stripping which is automatically triggered by Playwright when using .ts test files and some TypeScript code in our tests not supported by the new Node.js type stripping.

This is not a Playwright issue and the recommendation would be to either refactor this code, or use a flag like --no-experimental-strip-types. Using the flag approach is not really feasible in our case, as we don't really enforce a specific Node.js version for running E2E tests, e.g. we run them against Node.js 18 on CI but a maintainer could use a more recent version locally and specifying an unknown Node.js flag results in an error. We could use a script which dynamically detects the Node.js version and sets the flag accordingly, but this is getting out of hand for only a few lines of code.

This PR refactors the affected code to be compatible with the new Node.js type stripping. The only affected code is a usage of TypeScript Parameter Properties which is unsupported by Node.js type stripping as it requires a transformation step.

The PR refactors the affected code to remove this syntax.

Here are screenshots of the E2E tests running on Node.js v24.0.1 before and after the fix:

Before	After

Changes

• Uses the isESMImportedImage function from the core package
• Removes inconsistent resolution of imported images
• Fixes #13722

Testing

Existing tests should cover it

Docs

It's a fix

Changes

• In #13674, I updated the vite plugin to return en empty module if the fonts are not enabled. This caused the error in the Font component not to be thrown because the module always exists
• Now, I check if fontsData is properly set

Testing

Manual

Docs

Changeset

Changes

• Test is failing on main on windows 22. This PR fixes the affected test (it's once again caused by paths)

Testing

Docs

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

astro@5.7.13

Patch Changes

• #13761 a2e8463 Thanks @jp-knj! - Adds new content collections errors

• #13788 7d0b7ac Thanks @florian-lefebvre! - Fixes a case where an error would not be thrown when using the <Font /> component from the experimental fonts API without adding fonts in the Astro config

• #13784 d7a1889 Thanks @florian-lefebvre! - Fixes the experimental fonts API to correctly take config.base, config.build.assets and config.build.assetsPrefix into account

• #13777 a56b8ea Thanks @L4Ph! - Fixed an issue where looping GIF animation would stop when converted to WebP

• #13566 0489d8f Thanks @TheOtterlord! - Fix build errors being ignored when build.concurrency > 1

@astrojs/cloudflare@12.5.3

Patch Changes

• #13792 7910fea Thanks @alexeyzimarev! - Unify imported images detection across adapters

• Updated dependencies []:

  • @astrojs/underscore-redirects@0.6.1

@astrojs/netlify@6.3.3

Patch Changes

• #13792 7910fea Thanks @alexeyzimarev! - Unify imported images detection across adapters

• Updated dependencies []:

  • @astrojs/underscore-redirects@0.6.1

Changes

• Closes #13779
• Updates the vite plugin to take config.build.assets and config.build.assetsPrefix into account. This required updating most paths handling as it was not robust enough
• Refactors the fixture test

Testing

• Updates existing unit tests
• Adds unit tests
• Refactors the fixture tests
• Adds fixture tests
• Manually tested

Docs

Changeset

Changes

• What does this change?
• Be short and concise. Bullet points can help!
• Before/after screenshots can help as well.
• Don't forget a changeset! pnpm exec changeset

Now that Astro Studio has sunset, db.transaction() which has been previously un-typed, can now once again be typed. this PR removes the Omit<> that removes the transaction type from the DB client.

Testing

No functional changes have been made, only type changes

Docs

No docs are needed as there is no functional change, but could be included now that transactions are properly typed.

Changes

• This fixes the newlines and unsupported list syntax in the mermaid diagram in the CONTRIBUTING.md file. Seemed like a tiny change, unnecessary to open an issue for.

Before

graph TD;
    start{Followed issue\ntemplate?}
    start --NO--> close1[Close and ask to\nfollow template]
    start --YES--> dupe{Is duplicate?}
    dupe --YES--> close2[Close and point\nto duplicate]
    dupe --NO--> repro{Has proper\nreproduction?}
    repro --NO--> close3[Label: 'needs reproduction'\nbot will auto close if no update\nhas been made in 3 days]
    repro --YES--> real{Is actually a bug?}
    real --NO--> maybefeat{Is it a feature request?}
    maybefeat -- YES --> roadmap[Close the issue.\n Point user to the roadmap.]
    maybefeat -- NO --> intended{Is the intended\nbehaviour?}
    intended --YES--> explain[Explain and close\npoint to docs if needed]
    intended --NO--> open[Add label 'needs discussion'\nRemove 'needs triage' label]
    real --YES--> real2["1. Remove 'needs triage' label\n2. Add related feature label if\napplicable (e.g. 'feat: ssr')\n3. Add priority and meta labels (see below)"]
    real2 --> tolabel[Use the framework below to decide the priority of the issue,\nand choose the correct label]

After

graph TD;
    start{Followed issue <br/> template?}
    start --NO--> close1[Close and ask to <br/> follow template.]
    start --YES--> dupe{Is duplicate?}
    dupe --YES--> close2[Close and point <br/> to duplicate.]
    dupe --NO--> repro{Has proper <br/> reproduction?}
    repro --NO--> close3[Add&nbsp;label:&nbsp;'needs&nbsp;discussion'. <br/> Bot will auto close if no <br/>update was made in 3 days.]
    repro --YES--> real{Is actually a bug?}
    real --NO--> maybefeat{Is it a feature request?}
    maybefeat -- YES --> roadmap[Close the issue. <br/> Point user to the roadmap.]
    maybefeat -- NO --> intended{Is the intended <br/> behaviour?}
    intended --YES--> explain[Explain and close. <br/> Point to docs if needed.]
    intended --NO--> open[Add&nbsp;label:&nbsp;'needs&nbsp;discussion'.<br/>Remove&nbsp;label:&nbsp;'needs&nbsp;triage'.]
    real --YES--> real2["∙&nbsp;Remove&nbsp;label:&nbsp;'needs&nbsp;triage'. <br/> ∙ Add related feature label if <br/> applicable. (e.g. 'feat: ssr') <br/> ∙ Add priority and meta labels. (see below)"]
    style real2 text-wrap:balance
    real2 --> tolabel[Use the framework below <br/> to decide the priority <br/> of the issue and choose <br/> the correct label.]

Testing

Does not need a text - simple syntax fix in the markdown for a mermaid diagram.

Docs

Doesn't affect the user.

Changes

• Fixed an issue where animation would stop when converting from GIF to WebP

fix #13683 #13689 #13741

Testing

I looked at all the previous commits and it seemed like there were no tests, so I didn't write any.
I'll write some if necessary.

Docs

Changes

This adds support for CSP for server islands. To support this feature, we have to apply a refactor to how server islands are rendered inside our engine. The new version of the compiler adds the propagation metadata to a route when one of its modules contains the server:defer attribute.

With that information available, the server island has been refactored into a class that contains two methods: init and render.

The method init is the important one, because that's the method that gets called when executing the head propagation. The init is called inside the following function:

As you might noticed, we also check if the returned value is an actual head. To comply, I created a new ThinHead type that just holds the Symbol that we use to tag head content. I created this type because the server island, as for now, doesn't return any content. I decided not to return any content to keep the rendering as similar as possible the one we have now. Of course, this changed regardless, because now some scripts are rendered in the head, as you might notice in extraHead.push()

The rendering of the server island changed slightly:

• the slots are rendered inside the init method, but not the fallback slot
• the fallback slot is rendered inside the render method
• inside the init, we save hostId and the content of the scripts so we can render them inside the render function

Finally, when we create a ServerIslandComponent, we add it to the list of propagators. These components are called inside the function I showed at the very beginning :)

Testing

The current tests should still pass.
Created new tests: integration and e2e

Docs

N/A

Changes

• Improves error page

Testing

Docs

Changes

ignore lightningcss unsupported pseudo-class warning. fixes #13658

Testing

there's no testing for logger

Docs

no need to updated docs, no affect on user’s behavior

Changes

• What does this change?
• Be short and concise. Bullet points can help!
• Before/after screenshots can help as well.
• Don't forget a changeset! pnpm exec changeset

This PR ensures proper params are being parsed and sent to the libsql Client, due to URLSearchParams being a Record<string, string> this object requires parsing to ensure the values are being parsed to number or boolean.

See https://discord.com/channels/830184174198718474/1370190284855705680 for context.

Testing

Added a new unit test for ensuring the URL parsing is correct in various circumstances.

Docs

This PR corrects internal logic to reflect the information on the docs. No docs changes needed.

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@astrojs/sitemap@3.4.0

Minor Changes

• #13753 90293de Thanks @mattyoho! - Customize the filenames of sitemap XML files generated by the @astro/sitemap integration by setting filenameBase in the integration configuration settings. This may be useful when deploying an Astro site at a path on a domain with preexisting sitemap files.

  Generated sitemap files will appear at /sitemap-0.xml and /sitemap-index.xml by default, which may conflict with preexisting files. Set filenameBase to a custom value to avoid that if so:

  import { defineConfig } from 'astro/config';
  import sitemap from '@astrojs/sitemap';
  
  export default defineConfig({
    site: 'https://example.com',
    integrations: [
      sitemap({
        filenameBase: 'astronomy-sitemap',
      }),
    ],
  });

  This will yield sitemap and index files as https://example.com/astronomy-sitemap-0.xml and https://example.com/astronomy-sitemap-index.xml.

@astrojs/db@0.14.14

Patch Changes

• #13772 83193d4 Thanks @Adammatthiesen! - Fix options parsing for the libsql client connection to ensure that proper values are being set when adding URLSearchParams to the ASTRO_DB_REMOTE_URL

• #13783 1609044 Thanks @Adammatthiesen! - Modify Database type to allow transactions to be properly typed now that Astro Studio has sunset.

Description

• Closes #
• What does this PR change? Give us a brief description.
• Did you change something visual? A before/after screenshot can be helpful.

Changes

Expand ActionError codes to include all IANA-registered HTTP error codes. Related discussion.

Possible issues that can affect existing projects:

• 405 TIMEOUT replaced by 405 METHOD_NOT_ALLOWED, which is the accurate name for the 405 code. REQUEST_TIMEOUT is 408.
• 413 PAYLOAD_TOO_LARGE replaced by 413 CONTENT_TOO_LARGE.
• 499 CLIENT_CLOSED_REQUEST removed as non-standard.

Testing

No tests written. Tested by linking the local astro fork using pnpm link.

Docs

The expanded list of error codes doesn’t affect existing documented behavior.

Changes

Adds support for returning a cacheHint object with entries and collections. This can be used to suggest cache tags or ttl for the data, and in future could be integrated with route caching

Testing

Docs

Added new error for invalid cache hints

Changes

• Closes #13754
• Some remote font providers return protocol relative URLs (starting with //), which are then considered absolute by the font fetcher and fails
• Now when we normalize remote font data, we default this kind of URL to https

Testing

Unit + manual

Docs

Changeset

Changes

Adds schema parsing to live content collections.

• parses the returned data from getCollection and getEntry
• updates types so that if schema is defined, collections will be typed using that rather than the loader type
• refactors error handling and adds more checks for the config and the data

Testing

Still needs tests

Docs

Added a new error

This pull request introduces a new showcase to highlight specific features or use cases of starlight. It aims to improve visibility and demonstrate practical applications for users or contributors.

Let me know if any adjustments are needed!

Changes

• #13759 (comment)
• Introduced two scoped error definitions in packages/astro/src/core/errors/errors-data.ts
  • FileGlobNotSupported – thrown when a glob pattern is passed to file() loader.
  • FileParserNotFound – thrown when no parser can be determined for the file extension.
    Both follow the project’s error‐data convention (name | title | message | hint | docs tags).
• Replaced generic Error throws with AstroError in
  packages/astro/src/content/loader/file.ts.
  • throw new AstroError(FileGlobNotSupported)
  • throw new AstroError({ …FileParserNotFound, message: FileParserNotFound.message(fileName) })
• Added a changeset (pnpm exec changeset) so these improvements surface in release notes.

Testing

• Ran the full test suite: pnpm test – no regressions.
• Manual Smoke Tests
  1. file('data/*.json') → displays File glob pattern not supported banner.
  2. file('data/example.xml') → displays File parser not found banner with doc link.

No new automated tests — behaviour is unchanged; only error wiring differs.

Docs

No public-API changes. Docs remain valid.

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

astro@5.7.12

Patch Changes

• #13752 a079c21 Thanks @florian-lefebvre! - Improves handling of font URLs not ending with a file extension when using the experimental fonts API

• #13750 7d3127d Thanks @martrapp! - Allows the ClientRouter to open new tabs or windows when submitting forms by clicking while holding the Cmd, Ctrl, or Shift key.

• #13765 d874fe0 Thanks @florian-lefebvre! - Fixes a case where font sources with relative protocol URLs would fail when using the experimental fonts API

• #13640 5e582e7 Thanks @florian-lefebvre! - Allows inferring weight and style when using the local provider of the experimental fonts API

  If you want Astro to infer those properties directly from your local font files, leave them undefined:

  {
    // No weight specified: infer
    style: 'normal'; // Do not infer
  }

Description

• Closes #3175

In Starlight 0.34.0, support for generating clickable anchor links for headings was added. For Markdown and MDX content, a rehype plugin is used to generate the links.

When the feature is not disabled, this plugin runs unconditionally, which means that these links are generated for non-Starlight content like individual Markdown page or content not from the Starlight docs content collection.

This PR prevents this behavior by checking if the virtual file path is part of the Starlight docs content collection first, and bails if it is not.

For testing, I relied on E2E tests as it seems that on Windows, file path separators are inconsistent when the rehype plugin is used on Markdown vs MDX files. I'll investigate and open a separate issue/PR for that on the Astro repo.

Here is a preview of the changes before and after the fix for an individual Markdown page:

Before	After

Changes

• remove todo comments
• Replaced generic Error throws with AstroError in packages/astro/src/content/loader/file.ts.
  • Adds contextual error names and messages:
    • Glob Pattern Error for disallowing * in file() loader paths.
    • Parser Not Found when no parser is available for the file extension.
  • Imports AstroError from core/errors so all runtime errors funnel through our unified error-handling layer.
• Changeset included (pnpm exec changeset) to surface in release notes.

Testing

• Ran the full test suite: pnpm test – all existing tests pass.
• Manual sanity check:
  1. Created a sample project with a bad data/*.json glob; verified the new Glob Pattern Error message surfaces in the terminal with the Astro error banner.
  2. Pointed the loader to an .xml file; saw the Parser Not Found message and helpful suggestion.

No additional tests added because logic remains identical; only the error-reporting wrapper changed.

Docs

No user-facing API changes. Docs remain valid.

Changes

• As a user, it can be challenging to understand why fonts may not be working
• To help with that, we now log a warning when a remote provider returns no data for a given family

Testing

Units

Docs

Changeset

Changes

• remove todo comment

• Renamed helper
  get<T> → getJson<T> to clarify that the helper always returns parsed JSON.

• Timeout & abort support
  Adds an AbortController with a 10 s default timeout to prevent hanging requests.

• Richer error messages

  • Distinguishes HTTP errors (GET /api … → 503) from network/abort errors (failed: The user aborted a request).
  • Includes status text for quicker debugging.

• Less boilerplate
  Helper now returns response.json() directly, so the four public API functions no longer need their own inline callbacks.

• No functional change to callers
  Signatures of getProducts(), getProduct(), getUser(), and getCart() remain identical; only internal implementation is updated.

• Changeset included
  pnpm exec changeset this is purely internal refactor. not add.

Testing

• Unit: pnpm test — all existing tests pass.
• Manual:
  1. Started dev server, loaded /products page – data still renders.
  2. Throttled network in DevTools → request now aborts at 10 s with descriptive console error.
  3. Verified addToUserCart() still posts successfully.

No new automated tests added because the helper is already covered by higher-level API tests; timeout behaviour is best validated manually.

Docs

No public-facing API surface changed, so docs update not required.

/cc @withastro/maintainers-docs for visibility, but I believe no docs edits are needed.

Changes

This adds a configuration option for the @astrojs/sitemap integration for setting the base filename for the generated sitemap XML files.

Impact on existing users

The new configuration setting is defaulted to a value that matches current behavior so that existing users won't be impacted.

Use case

Scenario: Astro is chosen for adding informational content pages for an existing product website at a set of top-level content categories, e.g., Docs, Blog, and Changelog. The content verticals need to be hosted on the root domain at /docs, /blog, and /changelog, respectively.

E.g., the Docs URL will be https://example.com/docs.

Problem: Currently, the generated sitemap files want to live at https://example.com/sitemap-index.xml and https://example.com/sitemap-{n}.xml, which will potentially conflict with an existing sitemap.xml for the root domain.

Solution: Add a config setting to change the generated filename so that the files can be integrated into a pre-existing sitemap-index.xml via other external tooling.

// https://astro.build/config
export default defineConfig({
  site: "https://example.com",
  integrations: [
    sitemap({
      filenameBase: "content-sitemap",
    }),
  ],
});

Testing

A test was added to the relevant test file. The change was also tested in a live Astro app using a local build of the integration package.

Docs

Documentation for the setting could / should be added to the related guide. Initial suggested changes PR has been opened here: withastro/docs#11614.

/cc @withastro/maintainers-docs for feedback!

Changes

• Closes #13743
• Until this PR, we assumed the font files urls returned by providers would end with a file extension eg. .woff2
• However this is not always the case (eg. adobe)
• To fix this, I moved the type extraction so that remote providers and local providers handle it differently
  • local provider: keep the previous behavior ie. extract the type from the url
  • remote provider: try use source.format (given by unifont) then fallback to extracting the type from the url

Testing

Tests updated and added. Affected user confirmed it works using the preview release

Docs

Changeset

Changes

• Support google subsetting

Testing

N/A

Docs

Changeset

Changes

When submitting a form, the client router now delegates back to the browser when the user holds hift alt or cmd/ctrl keys while clicking submit. This allows the browser to open a new tab / window or download. These are all cases where you won't get view transitions anyhow.

Closes #13744

Testing

tested manually

Docs

n.a., bug fix

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@astrojs/compiler (source)	^2.11.0 -> ^2.12.0
@playwright/test (source)	^1.51.1 -> ^1.52.0
@preact/signals (source)	2.0.2 -> 2.0.4
@tailwindcss/vite (source)	^4.0.17 -> ^4.1.7
@types/react (source)	^18.3.20 -> ^18.3.21
@types/react-dom (source)	^18.3.5 -> ^18.3.7
debug	^4.4.0 -> ^4.4.1
es-module-lexer	^1.6.0 -> ^1.7.0
expect-type	^1.2.0 -> ^1.2.1
http-cache-semantics	^4.1.1 -> ^4.2.0
linkedom	^0.18.9 -> ^0.18.10
lit (source)	^3.2.1 -> ^3.3.0
node-mocks-http	^1.16.2 -> ^1.17.2
package-manager-detector	^1.1.0 -> ^1.3.0
postcss-preset-env (source)	^10.1.5 -> ^10.1.6
preact (source)	^10.26.4 -> ^10.26.6
react (source)	19.0.0 -> 19.1.0
react-dom (source)	19.0.0 -> 19.1.0
remark-rehype	^11.1.1 -> ^11.1.2
rollup (source)	^4.37.0 -> ^4.41.0
sass	^1.86.0 -> ^1.89.0
semver	^7.7.1 -> ^7.7.2
shiki (source)	^3.2.1 -> ^3.4.2
solid-js (source)	^1.9.5 -> ^1.9.7
svelte (source)	^5.25.3 -> ^5.32.1
tailwindcss (source)	^4.0.17 -> ^4.1.7
tinyglobby	^0.2.12 -> ^0.2.13
tsconfck (source)	^3.1.5 -> ^3.1.6
typescript (source)	^5.8.2 -> ^5.8.3
undici (source)	^7.5.0 -> ^7.10.0
unstorage (source)	^1.15.0 -> ^1.16.0
vite (source)	^6.3.4 -> ^6.3.5
vitest (source)	^3.0.9 -> ^3.1.4
vue (source)	^3.5.13 -> ^3.5.14
yocto-spinner	^0.2.1 -> ^0.2.2
zod (source)	^3.24.2 -> ^3.25.13

Release Notes

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@types/react (source)	^18.3.20 -> ^18.3.21
@types/react-dom (source)	^18.3.6 -> ^18.3.7
linkedom	^0.18.9 -> ^0.18.10
preact (source)	^10.26.5 -> ^10.26.6
solid-js (source)	^1.9.5 -> ^1.9.6
svelte2tsx (source)	^0.7.36 -> ^0.7.37
vite (source)	^6.3.4 -> ^6.3.5
vite-plugin-vue-devtools (source)	^7.7.5 -> ^7.7.6

Release Notes

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

• If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Changes

• Closes #13719
• The properties passed to generateFontFace would override the src with undefined. This PR updates the override to occur before the src

Testing

Added a test case and tested manually

Docs

Changeset

Fix #13723

Changes

• When a middleware called next(url) and subsequent code changed cookies, those cookies would not be saved
• This is because previously, when a rewrite happened, a new AstroCookies instance was setup, but when rendering the response, it used the previous cookies value.

Testing

• I added a testcase

Docs

/cc @withastro/maintainers-docs for feedback!

Description

Updates CSS guide to clarify cascade layer references as discussed on today's call.

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@astrojs/starlight@0.34.3

Patch Changes

• #3058 274cc06 Thanks @techfg! - Fixes display of focus indicator around site title

• #3181 449c822 Thanks @HiDeoo! - Fixes an issue where all headings in Markdown and MDX content were rendered with a clickable anchor link, even in non-Starlight pages.

• #3168 ca693fe Thanks @jsparkdev! - Updates Korean langage support with improvements and missing translations

Description

Closes #3154

This could technically be tested, possibly by mocking execSync to return a >1MB (the default maxBuffer value) output but this shouldn't be a user-visible change unless they were already hitting the limit.

Changes

This PR supports generating hashes for the styles injected by the view transitions.

The styles used by the view transition are generated at build time. However, they are injected into the final document during the rendering phase.

To support this, we:

• made the renderTransition function async because we need to generate the hash with generateDigest, which is itself an async function
• added a new list to the SSRMetadata, which we use to store the hashes of the styles that are injected into the head during the rendering phase

Testing

I added new E2E tests. I copied the test of the view transitions and the client, used the preview server (we don't support the dev server for now) and added the new experimental flag. All tests should pass.

Docs

N/A