AstroEco is Releasing…

Patch Changes

• #16579 49e10e3 Thanks @igor-koop! - Fixes an issue where the smartypants option was ignored.

Patch Changes

• #16737 bd84f33 Thanks @matthewp! - Fixes a reflected XSS vulnerability where slot names on hydrated components were not HTML-escaped in SSR output

Patch Changes

• Updated dependencies [d365c97]:
  • @astrojs/internal-helpers@0.9.1

Patch Changes

• #16707 2ff3f8f Thanks @helio-cf! - Fixes remoteBindings: false being ignored during astro build. The Cloudflare prerenderer's internal Vite preview server now receives the user's adapter options, so remote-flagged bindings (e.g. a D1 database with remote: true in wrangler.toml) are emulated locally during build, matching the existing astro dev behavior.

• #16652 98c32cc Thanks @greatjourney589! - Fixes user-declared KV namespace bindings being duplicated in the generated dist/server/wrangler.json, which caused wrangler validation to fail with " assigned to multiple KV Namespace bindings." The Astro Cloudflare config customizer now returns only the auto-injected SESSION binding and lets @cloudflare/vite-plugin merge it with the user's wrangler config, instead of pre-merging the user's bindings into the output.

• #16272 4f9521e Thanks @barry3406! - Fixes .astro files failing with No matching export in "html:..." for import "default" when default-imported from a .ts file

• #15723 9256345 Thanks @rururux! - Fixes an issue where the <Prism /> component failed to work in Cloudflare Workers.

• Updated dependencies [d365c97]:

  • @astrojs/internal-helpers@0.9.1
  • @astrojs/underscore-redirects@1.0.3

Patch Changes

• #16642 53059be Thanks @ocavue! - Adds support for TypeScript v6 to peer dependencies range.

Patch Changes

• #16716 04fdbb2 Thanks @delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Patch Changes

• Updated dependencies [d365c97]:
  • @astrojs/internal-helpers@0.9.1

Patch Changes

• #16716 04fdbb2 Thanks @delucis! - Updates internal dependencies

• Updated dependencies [d365c97]:

  • @astrojs/internal-helpers@0.9.1
  • @astrojs/underscore-redirects@1.0.3

Patch Changes

• #15723 9256345 Thanks @rururux! - Updates internal type usage from @astrojs/prism.

• Updated dependencies [d365c97, 9256345, 9256345]:

  • @astrojs/internal-helpers@0.9.1
  • @astrojs/markdown-remark@7.1.2
  • @astrojs/prism@4.0.2

Patch Changes

• Updated dependencies [d365c97]:
  • @astrojs/internal-helpers@0.9.1

Patch Changes

• #16716 04fdbb2 Thanks @delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Patch Changes

• Updated dependencies [9256345]:
  • @astrojs/markdown-remark@7.1.2

Patch Changes

• Updated dependencies [d365c97]:
  • @astrojs/internal-helpers@0.9.1

Patch Changes

• #15723 9256345 Thanks @rururux! - Fixes an issue where the <Prism /> component failed to work in Cloudflare Workers.

Patch Changes

• #15723 9256345 Thanks @rururux! - Updates internal type usage from @astrojs/prism.

• Updated dependencies [d365c97, 9256345]:

  • @astrojs/internal-helpers@0.9.1
  • @astrojs/prism@4.0.2

Patch Changes

• #16544 d365c97 Thanks @matthewp! - Tightens isRemotePath() to reject control characters after a leading slash and fixes the dev image endpoint origin check

Patch Changes

• #16675 11d4592 Thanks @ascorbic! - Fixes a regression where Astro.cache was undefined when experimental.cache was not configured.

  The previous documented behavior is for Astro.cache to always be defined as a no-op shim: cache.set() warns once, cache.invalidate() throws and cache.enabled can be used to gate. This allows library and user code can call cache methods without conditional checks. The cache provider registration was being gated at the call site on experimental.cache being configured, which meant the disabled shim branch inside the provider was unreachable and the Astro.cache getter was never attached to the context.

• #16691 0f0a4ce Thanks @matthewp! - Fixes HTMLElement is not defined error during HMR when using components with client-side scripts (e.g. Starlight <Tabs>) and the Cloudflare adapter

• #16562 07529ec Thanks @matthewp! - Fixes non-prerendered routes failing when a dynamic prerendered route exists in the same project with prerenderEnvironment: 'node'

• #16638 272185b Thanks @ematipico! - Fixes a bug where the Astro compiler wasn't freed at the end of the build. After the fix, the memory used by the compiler is now correctly freed at the end of the build.

• #16544 d365c97 Thanks @matthewp! - Tightens isRemotePath() to reject control characters after a leading slash and fixes the dev image endpoint origin check

• #16685 889e748 Thanks @farrosfr! - Improve validation messages for security.csp.directives when script-src or style-src are incorrectly placed in the directives array.

• #16605 772f13a Thanks @rururux! - Fixes assetsPrefix not being available on build from astro:config/server.

• #16556 f38dec7 Thanks @matthewp! - Rejects double-encoded URL paths with a 400 response instead of silently falling back to partial decoding

• #16659 38bcb25 Thanks @jsparkdev! - Fixes & characters appearing as raw entity strings (e.g. &) in <meta> tags when viewed in link previews or raw HTML.

• Updated dependencies [d365c97, 9256345]:

  • @astrojs/internal-helpers@0.9.1
  • @astrojs/markdown-remark@7.1.2

Patch Changes

• #16603 deaaf3f Thanks @alexanderniebuhr! - Removes the warning that Astro does not support vite v8, since Astro v7 does support vite v8

Patch Changes

• #3890 2d05e18 Thanks @tats-u! - Fixes CSS selector for text-autospace styles in Chromium browsers

Patch Changes

• #16646 15fbc41 Thanks @matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

Patch Changes

• #3885 010eed1 Thanks @ArmandPhilippot! - Fixes the version mentioned in an error message related to autogenerated sidebar groups support.

• #3887 b3c6990 Thanks @delucis! - Adds 13 new icons: clock, desktop, mobile-android, window, database, server, code-branch, notes, question, question-circle, analytics, padlock, and solidjs.

Minor Changes

• #16639 4d72482 Thanks @ematipico! - The adapter now depends on Astro 6.3.0.

Minor Changes

• #16639 4d72482 Thanks @ematipico! - The adapter now depends on Astro 6.3.0.

Patch Changes

• #16627 5778cb7 Thanks @Princesseuh! - Fixes unintended dependency on the typescript package being available to the language server

Patch Changes

• #16260 354e231 Thanks @gameroman! - Refactors internal config logic to remove the dlv dependency in favor of native logic

Minor Changes

• #16366 d69f858 Thanks @matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

  Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

  When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

  Enabling advanced routing

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    experimental: {
      advancedRouting: true,
    },
  });

  Two ways to build your pipeline

  Astro ships two entrypoints for advanced routing: astro/fetch and astro/hono.

  astro/fetch is a low-level, framework-free API built on the Web Fetch standard. You create a FetchState from the incoming request, then call handler functions in sequence. Each handler takes the state, does its work, and returns a Response (or undefined to pass through). This is the core primitive that everything else is built on:

  // src/app.ts
  import {
    FetchState,
    trailingSlash,
    redirects,
    actions,
    middleware,
    pages,
    i18n,
  } from 'astro/fetch';
  
  export default {
    async fetch(request: Request) {
      const state = new FetchState(request);
  
      // Early exits — these return a Response only when they apply.
      const slash = trailingSlash(state);
      if (slash) return slash;
  
      const redirect = redirects(state);
      if (redirect) return redirect;
  
      const action = await actions(state);
      if (action) return action;
  
      // Middleware wraps page rendering; i18n post-processes the response.
      const response = await middleware(state, () => pages(state));
      return i18n(state, response);
    },
  };

  astro/hono wraps the same handlers as Hono middleware, so you can mix Astro's pipeline with Hono's ecosystem of middleware (logger, CORS, JWT, rate limiting, etc.) using the app.use() pattern you already know:

  // src/app.ts
  import { Hono } from 'hono';
  import { getCookie } from 'hono/cookie';
  import { logger } from 'hono/logger';
  import { actions, middleware, pages, i18n } from 'astro/hono';
  
  const app = new Hono();
  
  app.use(logger());
  
  // Auth gate — only runs for /dashboard routes.
  app.use('/dashboard/*', async (c, next) => {
    const session = getCookie(c, 'session');
    if (!session) return c.redirect('/login');
    return next();
  });
  
  app.use(actions());
  app.use(middleware());
  app.use(pages());
  app.use(i18n());
  
  export default app;

  Both approaches give you the same power — pick whichever fits your project. If you don't need a framework, astro/fetch keeps things minimal. If you want a rich middleware ecosystem, astro/hono gets you there with one import.

  For more information on enabling and using this feature in your project, see the experimental advanced routing docs. To give feedback, or to keep up with its development, see the advanced routing RFC for more information and discussion.

• #16366 d69f858 Thanks @matthewp! - Adds a consume() instance method to AstroCookies. This method marks the cookies as consumed and returns the Set-Cookie header values. After consumption, any subsequent set() calls will log a warning, since the headers have already been sent.

  Previously this was only available as a static method AstroCookies.consume(cookies). The static method is now deprecated but kept for backward compatibility with existing adapters.

• #16412 ba2d2e3 Thanks @0xbejaxer! - Add retry and error event handling for astro-island hydration import failures to reduce unrecoverable hydration errors on transient network failures.

• #16582 885cd31 Thanks @Princesseuh! - Adds a new image.dangerouslyProcessSVG flag to optionally enable processing SVG inputs. For security reasons, Astro will no longer rasterizes SVG image sources by default in its default image service and endpoint.

  Set image.dangerouslyProcessSVG: true to opt back into processing SVG inputs.

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    // ...
    image: {
      dangerouslyProcessSVG: true,
    },
  });

  Note that this is a breaking change for users who were previously relying on Astro's default image service to rasterize SVG inputs, but it is a necessary change to improve security and prevent potential vulnerabilities.

• #16519 1b1c218 Thanks @louisescher! - Adds support for redirecting URLs in remote image optimization.

  Previously, when a remote image URL meant to be optimized by Astro led to a redirect, Astro would fail silently and ignore the redirect. Now, Astro tracks up to 10 redirects for these images. If any of the redirects are not covered by a pattern in image.remotePatterns or a domain in image.domains, Astro will fail with a helpful error message.

  In the following example, the first image would be loaded successfully, while the second would lead to Astro throwing an error:

  export default defineConfig({
    image: {
      domains: ['example.com', 'cdn.example.com'],
    },
  });

  {
    /* Redirects to https://cdn.example.com/assets/image.png: */
  }
  <Image
    src="https://example.com/assets/image.png"
    width="1920"
    height="1080"
    alt="An example image."
  />;
  
  {
    /* Redirects to https://malicious.com/image.png: */
  }
  <Image
    src="https://example.com/bad-image.png"
    width="1920"
    height="1080"
    alt="An example image."
  />;

  In cases where all redirects to HTTPS hosts should be trusted, the following configuration for image.remotePatterns can be used:

  export default defineConfig({
    image: {
      remotePatterns: [
        {
          protocol: 'https',
        },
      ],
    },
  });

Patch Changes

• #16592 9c6efc5 Thanks @matthewp! - Escapes interpolated values in the dev server redirect HTML template, consistent with how the 404 template already handles them

• #16585 78f305e Thanks @web-dev0521! - Fixes z.array(z.boolean()) in form actions incorrectly coercing the string "false" to true. Boolean array elements now use the same 'true'/'false' string comparison as single z.boolean() fields, so submitting ["false", "true", "false"] correctly parses as [false, true, false].

• #16567 12a03f2 Thanks @matthewp! - Fixes deleted content collection entries persisting in getCollection() results during dev

• #16595 ce9b25c Thanks @web-dev0521! - Fixes pushDirective in the CSP runtime duplicating the new directive once per existing non-matching directive. Calling insertDirective() (or otherwise pushing a directive whose name is not yet in the list) now appends it exactly once, and a directive that merges with a later existing entry no longer leaves an unmerged copy behind.

• #16600 94e4b7c Thanks @web-dev0521! - Fixes Astro.preferredLocale returning the wrong value when i18n.locales mixes object-form entries ({ path, codes }) with string entries that normalize to the same locale. The first matching code in the configured locales order is now selected, matching the documented behavior.

• #16591 cce20f7 Thanks @matthewp! - Uses a consistent generic error message in the image endpoint across all adapters

• #16629 f54be80 Thanks @g-taki! - Fixes a bug where SSR responses in astro dev could crash with TypeError: this.logger.flush is not a function.

• #16589 3740b24 Thanks @ArmandPhilippot! - Fixes an outdated code snippet in the documentation for session storage configuration.

• Updated dependencies [354e231]:

  • @astrojs/telemetry@3.3.2

Minor Changes

• #16519 1b1c218 Thanks @louisescher! - Adds support for redirecting URLs in remote image optimization.

  Previously, when a remote image URL meant to be optimized by Astro led to a redirect, Astro would fail silently and ignore the redirect. Now, Astro tracks up to 10 redirects for these images. If any of the redirects are not covered by a pattern in image.remotePatterns or a domain in image.domains, Astro will fail with a helpful error message.

  In the following example, the first image would be loaded successfully, while the second would lead to Astro throwing an error:

  export default defineConfig({
    image: {
      domains: ['example.com', 'cdn.example.com'],
    },
  });

  {
    /* Redirects to https://cdn.example.com/assets/image.png: */
  }
  <Image
    src="https://example.com/assets/image.png"
    width="1920"
    height="1080"
    alt="An example image."
  />;
  
  {
    /* Redirects to https://malicious.com/image.png: */
  }
  <Image
    src="https://example.com/bad-image.png"
    width="1920"
    height="1080"
    alt="An example image."
  />;

  In cases where all redirects to HTTPS hosts should be trusted, the following configuration for image.remotePatterns can be used:

  export default defineConfig({
    image: {
      remotePatterns: [
        {
          protocol: 'https',
        },
      ],
    },
  });

Patch Changes

• Updated dependencies []:
  • @astrojs/underscore-redirects@1.0.3

Minor Changes

• #3618 dcf6d09 Thanks @HiDeoo! - ⚠️ BREAKING CHANGE: This release changes how autogenerated links work in Starlight’s sidebar configuration.

  If you have sidebar groups using the autogenerate key, you must now wrap that configuration in an items array:

  {
      label: 'My group',
  -   autogenerate: { directory: 'some-dir' },
  +   items: [{ autogenerate: { directory: 'some-dir' } }],
  }

  This change unlocks the possibility to mix autogenerated links and other links in a single group, for example:

  {
    label: 'Mixed group',
    items: [
      'example-page',
      { autogenerate: { directory: 'examples' } },
      { label: 'More examples', link: 'https://example.com' },
    ],
  }

  This release also updates the shape of autogenerated sidebar entries in route data. Autogenerated links and groups in Astro.locals.starlightRoute.sidebar now include an autogenerate object with the configured directory value:

  {
    type: 'link',
    label: 'Example',
    href: '/examples/example/',
    isCurrent: false,
    autogenerate: { directory: 'examples' }
  }

• #3618 dcf6d09 Thanks @HiDeoo! - ⚠️ BREAKING CHANGE: This release changes the default collapsed state of autogenerated sidebar subgroups.

  Autogenerated subgroups no longer inherit the collapsed value from their parent group. They are now expanded by default unless explicitly configured with autogenerate.collapsed.

  If your sidebar configuration relies on a collapsed parent group to also collapse its autogenerated subgroups, update your configuration to set autogenerate.collapsed to true:

  {
    label: 'Reference',
    collapsed: true,
    items: [
  -   { autogenerate: { directory: 'reference' } },
  +   { autogenerate: { directory: 'reference', collapsed: true } },
    ],
  }

• #3845 4d755f5 Thanks @delucis! - Adds a <link rel="alternate" hreflang="x-default" href="..."> tag pointing to the default locale in multilingual sites. The x-default alternate is used as a signal of which language to fall back to if no other is available. Learn more in Google’s SEO localization docs.

• #3862 ec70630 Thanks @itrew! - Makes spacing of items in nested lists more consistent

• #3872 417a66c Thanks @tats-u! - Enables the CSS property text-autospace in Chinese and Japanese documents.

  If you would prefer to disable autospacing in Chinese and Japanese pages, you can add the following custom CSS to your site:

  [lang]:where(:lang(zh, ja)) {
    text-autospace: initial;
  }

• #3797 9764ebd Thanks @delucis! - Avoids the risk of layout shift when users expand and collapse sidebar groups

  This release can introduce additional padding to the site sidebar on certain devices to reserve space for scrollbars. You may wish to inspect your site sidebar visually when upgrading.

  If you would prefer to keep the previous styling, you can add the following custom CSS to your site:

  .sidebar-pane {
    scrollbar-gutter: auto;
  }

• #3858 6672c35 Thanks @delucis! - Updates i18next, used for Starlight’s localization APIs, from v23 to v26

  There should not be any user-facing changes from this update

Patch Changes

• #3854 ccf6000, #3877 47451bc Thanks @delucis! - Updates internal dependencies

Patch Changes

• #16552 409f6ef Thanks @web-dev0521! - Fixes an issue where existing KV namespace bindings were silently removed when session support was enabled.

• #16277 7666bcd Thanks @Calvin-LL! - Fix static assets and prerendered pages 404ing when base is configured.

• Updated dependencies []:

  • @astrojs/underscore-redirects@1.0.3

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Patch Changes

• Updated dependencies [cafec4e, cafec4e, c30a778, ee079d4]:
  • astro@7.0.0-alpha.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Patch Changes

• Updated dependencies [cafec4e, cafec4e, c30a778, ee079d4]:
  • astro@7.0.0-alpha.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Patch Changes

• Updated dependencies [cafec4e, cafec4e, c30a778, ee079d4]:
  • astro@7.0.0-alpha.0

Patch Changes

• Updated dependencies [cafec4e, cafec4e, c30a778, ee079d4]:
  • astro@7.0.0-alpha.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Patch Changes

• Updated dependencies [cafec4e, cafec4e, c30a778, ee079d4]:
  • astro@7.0.0-alpha.0

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Patch Changes

• Updated dependencies [cafec4e, cafec4e, c30a778, ee079d4]:
  • astro@7.0.0-alpha.0
  • @astrojs/underscore-redirects@1.0.3

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Major Changes

• #15819 cafec4e Thanks @delucis! - Upgrade to Vite v8

Patch Changes

• Updated dependencies [cafec4e, cafec4e, c30a778, ee079d4]:
  • astro@7.0.0-alpha.0

Minor Changes

• #16187 fe58071 Thanks @gllmt! - Adds a waitUntil option to the RenderOptions so that adapters can forward runtime background-task hooks to Astro.

  When provided by an adapter, runtime cache providers receive context.waitUntil in
  CacheProvider.onRequest(), which allows background cache work such as stale-while-revalidate
  without blocking the response. The Cloudflare adapter now forwards
  ExecutionContext.waitUntil to this API.

• #16290 a49637a Thanks @ViVaLaDaniel! - Ensures that server.allowedHosts (and vite.preview.allowedHosts) configuration is respected when using astro preview with the @astrojs/cloudflare adapter. This improves security by preventing DNS rebinding attacks when previewing Cloudflare builds locally.

Patch Changes

• Updated dependencies []:
  • @astrojs/underscore-redirects@1.0.3

Minor Changes

• #16289 5d580c0 Thanks @maxmalkin! - Adds a new getDbError() helper exported from astro:db. It walks the error .cause chain and returns the underlying LibsqlError, or undefined if the error did not originate from libSQL. This is needed because drizzle-orm 0.44+ wraps query errors in a DrizzleQueryError whose .cause is the real LibsqlError.

  Upgrading

  Code that reads .code or .message after catching a database error should migrate from isDbError() to getDbError():

  // Before
  import { isDbError } from 'astro:db';
  try {
    await db.insert(MyTable).values({ ... });
  } catch (e) {
    if (isDbError(e)) {
      console.error(e.code, e.message);
    }
  }
  
  // After
  import { getDbError } from 'astro:db';
  try {
    await db.insert(MyTable).values({ ... });
  } catch (e) {
    const dbError = getDbError(e);
    if (dbError) {
      console.error(dbError.code, dbError.message);
    }
  }

  isDbError() is still exported and still returns true for wrapped errors, but its return type is now boolean instead of the err is LibsqlError type predicate. Code that relied on the narrowing to access .code or .message directly will now produce a TypeScript error pointing you to getDbError().

Patch Changes

• #16289 5d580c0 Thanks @maxmalkin! - Fixes a SQL injection vulnerability by updating drizzle-orm to ^0.45.2, patching GHSA-gpj5-g38j-94v9 (CVE-2026-39356).

Minor Changes

• #16466 31b6198 Thanks @fkatsuhiro! - This change updates the Svelte integration's type shims to treat non-children
  snippet props and any-typed props as optional. Previously, these were
  incorrectly marked as required in Astro files, causing false-positive type
  errors when using Svelte 5 components.
  • Adds HandleSnippetProps to make Snippets optional in Astro.
  • Distinguishes between generic and non-generic components to preserve inference.
  • Updates TSX generation to apply the appropriate directive wrapper.

Patch Changes

• #16471 f56bb3f Thanks @delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @astrojs/language-server@2.16.7

Patch Changes

• #15908 8c62159 Thanks @felmonon! - Keep generated AstroComponent suffixes in language-server output while rewriting .astro auto-import suggestions and edits back to the expected component name.

Patch Changes

• #16486 0bae1a5 Thanks @cyphercodes! - Fix forwarded serverless requests with streamed bodies by preserving the required duplex: 'half' option when rewriting middleware paths.

Patch Changes

• #3828 342038b Thanks @MangelMaxime! - Fixes aside styling when used without any content

• #3853 563e11b Thanks @delucis! - Fixes a type-checking issue for users on newer versions of TypeScript

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @astrojs/internal-helpers@0.9.0
  • @astrojs/underscore-redirects@1.0.3

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @astrojs/internal-helpers@0.9.0

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @astrojs/internal-helpers@0.9.0

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @astrojs/internal-helpers@0.9.0

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @astrojs/internal-helpers@0.9.0

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @astrojs/internal-helpers@0.9.0
  • @astrojs/markdown-remark@7.1.1

Patch Changes

• #16424 3fcdaf1 Thanks @matthewp! - Improves how @astrojs/upgrade spawns package manager commands so it uses the same Windows command resolution as create-astro

Patch Changes

• #16419 f3485c3 Thanks @matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

• Updated dependencies [99464ed, f3485c3]:

  • @astrojs/internal-helpers@0.9.0

Minor Changes

• #16419 f3485c3 Thanks @matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

Patch Changes

• #16448 99464ed Thanks @matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

Patch Changes

• Updated dependencies [f3485c3]:
  • @astrojs/markdown-remark@7.1.1

Patch Changes

• #16419 f3485c3 Thanks @matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

   🚀 Features

• Add loader to /highlights page  -  by @lin-stephanie (2fe1f)
• frontmatter:
  • Support auto-generating minutesRead when true and hiding it when false; allow empty redirect to disable redirection  -  by @lin-stephanie (92dba)
  • Add cover and coverAlt fields to support post cover  -  by @lin-stephanie (71ade)
• tag:
  • Add tag sidebar for ListView and CardView  -  by @lin-stephanie in #68 (57736)

   🐞 Bug Fixes

• Prevent white flash when switching to dark mode on Chrome 140+, keep Safari 18+ unaffected  -  by @lin-stephanie in #45 (c0547)
• astro: Prevent reset styles from overriding custom css after build  -  by @lin-stephanie (665c9)
• 92dba84 & 71ade35  -  by @lin-stephanie (46fbf)
• Prevent right desktop aside shift when search panel toggles  -  by @lin-stephanie (2580b)
• Initialize theme earlier in Head & prevent duplicate system theme listeners  -  by @lin-stephanie (74012)
• Issues from latest dependency update and others  -  by @lin-stephanie (05786)

   🏡 Chore

• eslint: Migrate to defineConfig & remove redundant eslintRecommended  -  by @lin-stephanie (da105)
• Simplify tag ui in ListItem  -  by @lin-stephanie (eb8cd)
• Update docs  -  by @lin-stephanie (51b98)
• Update deps & GitHub actions (exclude ESLint/Astro)  -  by @lin-stephanie (3dcc3)

    View changes on GitHub

Patch Changes

• #16257 e0b240e Thanks @gameroman! - Removed debug dependency

Patch Changes

• #16027 c62516b Thanks @fkatsuhiro! - Fixes a bug where remote image dimensions were not validated during static builds on Netlify.

• Updated dependencies []:

  • @astrojs/underscore-redirects@1.0.3

Patch Changes

• #16319 940afd5 Thanks @matthewp! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. If-Match mismatch) now return the correct status code without far-future cache directives.

Patch Changes

• #16210 e030bd0 Thanks @matthewp! - Fixes .svelte files in node_modules failing with Unknown file extension ".svelte" when using the Cloudflare adapter with prerenderEnvironment: 'node'

Patch Changes

• #16265 7fe40bc Thanks @ChrisLaRocque! - Updates @qwik.dev/partytown to 0.13.2

Patch Changes

• #16224 a2b9eeb Thanks @fkatsuhiro! - Fix React 19 "Float" mechanism injecting into Astro islands instead of the . This PR adds a filter to @astrojs/react to strip these auto-generated resource from the island's HTML output, ensuring valid HTML structure.

Patch Changes

• #16180 1d1448c Thanks @matthewp! - Pre-optimizes @preact/signals and preact/hooks in the Vite dep optimizer to prevent late discovery triggering full page reloads during dev

Patch Changes

• #16034 814406d Thanks @alexanderniebuhr! - Fixes generated redirect files to respect Astro’s trailingSlash configuration, so redirect routes work with the expected URL format in built output instead of returning a 404 when accessed with a trailing slash.

Patch Changes

• Updated dependencies [814406d]:
  • @astrojs/underscore-redirects@1.0.3

Patch Changes

• #16170 d0fe1ec Thanks @bittoby! - Fixes edge middleware next() dropping the HTTP method and body when forwarding requests to the serverless function, which caused non-GET API routes (POST, PUT, PATCH, DELETE) to return 404