fix(deps): update astro monorepo (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@astrojs/node (source)	^9.5.4 → ^10.0.0
@astrojs/vercel (source)	^9.0.4 → ^10.0.0
astro (source)	^5.18.0 → ^6.0.0

---

Release Notes

withastro/astro (@​astrojs/node)

v10.1.2

Compare Source

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

v10.1.1

Compare Source

Patch Changes

• Updated dependencies [d365c97]:
  • @​astrojs/internal-helpers@​0.9.1

v10.1.0

Compare Source

Minor Changes

• #​16639 4d72482 Thanks @​ematipico! - The adapter now depends on Astro 6.3.0.

v10.0.6

Compare Source

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

v10.0.5

Compare Source

Patch Changes

• #​16319 940afd5 Thanks @​matthewp! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. If-Match mismatch) now return the correct status code without far-future cache directives.

v10.0.4

Compare Source

Patch Changes

• #​16002 846f27f Thanks @​buley! - Fixes file descriptor leaks from read streams that were not destroyed on client disconnect or read errors

• #​15941 f41584a Thanks @​ematipico! - Fixes an infinite loop in resolveClientDir() when the server entry point is bundled with esbuild or similar tools. The function now throws a descriptive error instead of hanging indefinitely when the expected server directory segment is not found in the file path.

v10.0.3

Compare Source

Patch Changes

• #​15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

  When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

v10.0.2

Compare Source

Patch Changes

• #​15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

v10.0.1

Compare Source

Patch Changes

• #​15868 bb2b8f5 Thanks @​ematipico! - Fixes an issue where the adapter would cause a series of warnings during the build.

v10.0.0

Compare Source

Major Changes

• #​15654 a32aee6 Thanks @​florian-lefebvre! - Removes the experimentalErrorPageHost option

  This option allowed fetching a prerendered error page from a different host than the server is currently running on.

  However, there can be security implications with prefetching from other hosts, and often more customization was required to do this safely. This has now been removed as a built-in option so that you can implement your own secure solution as needed and appropriate for your project via middleware.

What should I do?

If you were previously using this feature, you must remove the option from your adapter configuration as it no longer exists:

// astro.config.mjs
import { defineConfig } from 'astro/config'
import node from '@​astrojs/node'

export default defineConfig({
  adapter: node({
    mode: 'standalone',
-    experimentalErrorPageHost: 'http://localhost:4321'
  })
})

You can replicate the previous behavior by checking the response status in a middleware and fetching the prerendered page yourself:

// src/middleware.ts
import { defineMiddleware } from 'astro:middleware';

export const onRequest = defineMiddleware(async (ctx, next) => {
  const response = await next();
  if (response.status === 404 || response.status === 500) {
    return fetch(`http://localhost:4321/${response.status}.html`);
  }
  return response;
});

Minor Changes

• #​15258 d339a18 Thanks @​ematipico! - Stabilizes the adapter feature experimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:

  export default defineConfig({
    adapter: netlify({
  -    experimentalStaticHeaders: true
  +    staticHeaders: true
    })
  })

• #​15759 39ff2a5 Thanks @​matthewp! - Adds a new bodySizeLimit option to the @astrojs/node adapter

  You can now configure a maximum allowed request body size for your Node.js standalone server. The default limit is 1 GB. Set the value in bytes, or pass 0 to disable the limit entirely:

  import node from '@​astrojs/node';
  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    adapter: node({
      mode: 'standalone',
      bodySizeLimit: 1024 * 1024 * 100, // 100 MB
    }),
  });

• #​15006 f361730 Thanks @​florian-lefebvre! - Adds new session driver object shape

  For greater flexibility and improved consistency with other Astro code, session drivers are now specified as an object:

  -import { defineConfig } from 'astro/config'
  +import { defineConfig, sessionDrivers } from 'astro/config'
  
  export default defineConfig({
    session: {
  -    driver: 'redis',
  -    options: {
  -      url: process.env.REDIS_URL
  -    },
  +    driver: sessionDrivers.redis({
  +      url: process.env.REDIS_URL
  +    }),
    }
  })

  Specifying the session driver as a string has been deprecated, but will continue to work until this feature is removed completely in a future major version. The object shape is the current recommended and documented way to configure a session driver.

• #​14946 95c40f7 Thanks @​ematipico! - Removes the experimental.csp flag and replaces it with a new configuration option security.csp - (v6 upgrade guidance)

Patch Changes

• #​15473 d653b86 Thanks @​matthewp! - Improves error page loading to read from disk first before falling back to configured host

• #​15562 e14a51d Thanks @​florian-lefebvre! - Updates to new Adapter API introduced in v6

• #​15585 98ea30c Thanks @​matthewp! - Add a default body size limit for server actions to prevent oversized requests from exhausting memory.

• #​15777 02e24d9 Thanks @​matthewp! - Fixes CSRF origin check mismatch by passing the actual server listening port to createRequest, ensuring the constructed URL origin includes the correct port (e.g., http://localhost:4321 instead of http://localhost). Also restricts X-Forwarded-Proto to only be trusted when allowedDomains is configured.

• #​15714 9a2c949 Thanks @​ematipico! - Fixes an issue where static headers weren't correctly applied when the website uses base.

• #​15763 1567e8c Thanks @​matthewp! - Normalizes static file paths before evaluating dotfile access rules for improved consistency

• #​15164 54dc11d Thanks @​HiDeoo! - Fixes an issue where the Node.js adapter could fail to serve a 404 page matching a pre-rendered dynamic route pattern.

• #​15745 20b05c0 Thanks @​matthewp! - Hardens static file handler path resolution to ensure resolved paths stay within the client directory

• #​15495 5b99e90 Thanks @​leekeh! - Refactors to use middlewareMode adapter feature (set to classic)

• #​15657 cb625b6 Thanks @​qzio! - Adds a new security.actionBodySizeLimit option to configure the maximum size of Astro Actions request bodies.

  This lets you increase the default 1 MB limit when your actions need to accept larger payloads. For example, actions that handle file uploads or large JSON payloads can now opt in to a higher limit.

  If you do not set this option, Astro continues to enforce the 1 MB default to help prevent abuse.

  // astro.config.mjs
  export default defineConfig({
    security: {
      actionBodySizeLimit: 10 * 1024 * 1024, // set to 10 MB
    },
  });

• Updated dependencies [4ebc1e3, 4e7f3e8, a164c77, cf6ea6b, a18d727, 240c317, 745e632]:

  • @​astrojs/internal-helpers@​0.8.0

withastro/astro (@​astrojs/vercel)

v10.0.8

Compare Source

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

v10.0.7

Compare Source

Patch Changes

• Updated dependencies [d365c97]:
  • @​astrojs/internal-helpers@​0.9.1

v10.0.6

Compare Source

Patch Changes

• #​16486 0bae1a5 Thanks @​cyphercodes! - Fix forwarded serverless requests with streamed bodies by preserving the required duplex: 'half' option when rewriting middleware paths.

v10.0.5

Compare Source

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

v10.0.4

Compare Source

Patch Changes

• #​16170 d0fe1ec Thanks @​bittoby! - Fixes edge middleware next() dropping the HTTP method and body when forwarding requests to the serverless function, which caused non-GET API routes (POST, PUT, PATCH, DELETE) to return 404

v10.0.3

Compare Source

Patch Changes

• #​16079 aa26636 Thanks @​empoulter-uclan! - Fix vercel ISR path rewrite

v10.0.2

Compare Source

Patch Changes

• #​15959 335a204 Thanks @​matthewp! - Fix Vercel serverless path override handling so override values are only applied when the trusted middleware secret is present.

v10.0.1

Compare Source

Patch Changes

• #​15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

v10.0.0

Compare Source

Major Changes

• #​15413 736216b Thanks @​florian-lefebvre! - Removes the deprecated @astrojs/vercel/serverless and @astrojs/vercel/static exports. Use the @astrojs/vercel export instead

Minor Changes

• #​15258 d339a18 Thanks @​ematipico! - Stabilizes the adapter feature experimentalStatiHeaders. If you were using this feature in any of the supported adapters, you'll need to change the name of the flag:

  export default defineConfig({
    adapter: netlify({
  -    experimentalStaticHeaders: true
  +    staticHeaders: true
    })
  })

• #​15413 736216b Thanks @​florian-lefebvre! - Updates the implementation to use the new Adapter API

• #​15495 5b99e90 Thanks @​leekeh! - Adds new middlewareMode adapter feature and deprecates edgeMiddleware option

  The edgeMiddleware option is now deprecated and will be removed in a future release, so users should transition to using the new middlewareMode feature as soon as possible.

  export default defineConfig({
    adapter: vercel({
  -    edgeMiddleware: true
  +    middlewareMode: 'edge'
    })
  })

• #​14946 95c40f7 Thanks @​ematipico! - Removes the experimental.csp flag and replaces it with a new configuration option security.csp - (v6 upgrade guidance)

Patch Changes

• #​15781 2de969d Thanks @​ematipico! - Adds a new clientAddress option to the createContext() function

  Providing this value gives adapter and middleware authors explicit control over the client IP address. When not provided, accessing clientAddress throws an error consistent with other contexts where it is not set by the adapter.

  Additionally, both of the official Netlify and Vercel adapters have been updated to provide this information in their edge middleware.

  import { createContext } from 'astro/middleware';
  
  createContext({
    clientAddress: context.headers.get('x-real-ip'),
  });

• #​15778 4ebc1e3 Thanks @​ematipico! - Fixes an issue where the computed clientAddress was incorrect in cases of a Request header with multiple values. The clientAddress is now also validated to contain only characters valid in IP addresses, rejecting injection payloads.

• #​15460 ee7e53f Thanks @​florian-lefebvre! - Updates to use the new Adapter API

• #​15450 50c9129 Thanks @​florian-lefebvre! - Fixes a case where build.serverEntry would not be respected when using the new Adapter API

• #​15461 9f21b24 Thanks @​florian-lefebvre! - Updates to new Adapter API introduced in v6

• #​15125 6feb0d7 Thanks @​florian-lefebvre! - Updates Node versions data to account for v24 as the default

• Updated dependencies [4ebc1e3, 4e7f3e8, a164c77, cf6ea6b, a18d727, 240c317, 745e632]:

  • @​astrojs/internal-helpers@​0.8.0

withastro/astro (astro)

v6.4.2

Patch Changes

• #​16889 b94bcfd Thanks @​Princesseuh! - Fixes a plugins is not iterable crash when using a pre-6.0 @astrojs/mdx alongside integrations (e.g. Starlight) that set markdown.remarkPlugins, markdown.rehypePlugins, or markdown.remarkRehype.

• #​16878 b9f6bb9 Thanks @​fkatsuhiro! - Fixes an issue where on-demand (SSR) dynamic routes would return 404 when a prerendered dynamic route with the same URL pattern was sorted first alphabetically. In production builds with @astrojs/node adapter, if [a_prebuild].astro (prerender=true) came before [b_ssr].astro alphabetically, requests to URLs not in the prerendered route's static paths would 404 instead of falling through to the SSR route. The fix adds fallthrough logic so that when a prerendered dynamic route matches but can't serve the request, Astro tries subsequent matching routes.

v6.4.1

Patch Changes

• #​16883 eeb064c Thanks @​Princesseuh! - Restores the astro/jsx/rehype.js entry point so that older versions of @astrojs/mdx continue to work when used with Astro 6.x. This entry point will be removed in Astro 7.0.

v6.4.0

Compare Source

Minor Changes

• #​16468 4cff3a1 Thanks @​matthewp! - Adds a new preserveBuildServerDir adapter feature

  Adapters can now set preserveBuildServerDir: true in their adapter features to keep the dist/server/ directory structure for static builds, mirroring the existing preserveBuildClientDir option. This is useful for adapters that require a consistent dist/client/ and dist/server/ layout regardless of build output type.

  setAdapter({
    name: 'my-adapter',
    adapterFeatures: {
      buildOutput,
      preserveBuildClientDir: true,
      preserveBuildServerDir: true,
    },
  });

• #​16848 f732f3c Thanks @​Princesseuh! - Adds a new markdown.processor configuration option, allowing you to choose an alternative Markdown processor.

  Websites with many Markdown/MDX files tend to be slow to build because the unified ecosystem (e.g., remark, rehype) is slow to process. This feature introduces the ability to replace this part of the build pipeline with another processor.

  The default processor is unified(). This means that existing configurations remain unchanged and your remark/rehype plugins continue to work.

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { unified } from '@​astrojs/markdown-remark';
  import remarkToc from 'remark-toc';
  
  export default defineConfig({
    markdown: {
      processor: unified({
        remarkPlugins: [remarkToc],
      }),
    },
  });

  In addition to this new configuration option, Astro provides a new alternative processor based on Rust: Sätteri. You can choose to use it now by installing @astrojs/markdown-satteri, importing the satteri() processor, and adapting your existing configuration:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { satteri } from '@​astrojs/markdown-satteri';
  
  export default defineConfig({
    markdown: {
      processor: satteri({
        features: { directive: true },
      }),
    },
  });

  This processor does not support the remark and rehype plugins. This means you may need to convert them to MDAST or HAST plugins to retain your current functionality.

  The existing top-level markdown.remarkPlugins, markdown.rehypePlugins, markdown.remarkRehype, markdown.gfm, and markdown.smartypants options still work, but are now deprecated and will be removed in a future major update. The matching remarkPlugins, rehypePlugins, and remarkRehype options on the MDX integration are also deprecated for the same reason. To anticipate their removal, move them onto unified({...}) (or your preferred plugin processor) :

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import remarkToc from 'remark-toc';
  import rehypeSlug from 'rehype-slug';
  + import { unified } from '@​astrojs/markdown-remark';
  
  export default defineConfig({
    markdown: {
  +    processor: unified({
  +      remarkPlugins: [remarkToc],
  +      rehypePlugins: [rehypeSlug],
  +      remarkRehype: true,
  +      gfm: true,
  +      smartypants: true,
  +    }),
  -    remarkPlugins: [remarkToc],
  -    rehypePlugins: [rehypeSlug],
  -    remarkRehype: true,
  -    gfm: true,
  -    smartypants: true,
    },
  });

  For more information on enabling and using this feature in your project, see our Markdown guide. To give feedback on this new Rust processor, see the Native Markdown / MDX parsing and processing RFC.

Patch Changes

• #​16468 4cff3a1 Thanks @​matthewp! - Skips the static preview server when an adapter provides its own previewEntrypoint, allowing the adapter to handle both static and dynamic routes

• #​16811 e0e26db Thanks @​matthewp! - Fixes X-Forwarded-Host and X-Forwarded-Proto headers being ignored when set in a custom src/app.ts fetch handler before creating FetchState

• #​16468 4cff3a1 Thanks @​matthewp! - Fixes the static preview server to respect preserveBuildClientDir, serving files from build.client instead of outDir when the adapter requires it

• #​16770 1e2aa11 Thanks @​matthewp! - Fixes a race condition where the Vite dep optimizer could lose React dependencies in dev mode when using Astro Actions

• #​16468 4cff3a1 Thanks @​matthewp! - Exempts internal routes (e.g. server islands) from getStaticPaths() validation, fixing server island rendering on static sites

• #​16468 4cff3a1 Thanks @​matthewp! - Fixes preview for static sites that contain non-prerendered routes. Previously, the preview command ignored SSR routes discovered during route scanning and always used the static preview server.

• Updated dependencies [f732f3c, f732f3c]:

  • @​astrojs/internal-helpers@​0.10.0
  • @​astrojs/markdown-remark@​7.2.0

v6.3.8

Compare Source

Patch Changes

• #​16830 f2bf3cb Thanks @​matthewp! - Fixes 404s for dynamically imported JS chunks when using an adapter with assetQueryParams (e.g. Vercel skew protection)

• #​16831 ace96ba Thanks @​astrobot-houston! - Fixes a misleading GetStaticPathsRequired error when a redirect is configured from a dynamic route to a static (or less-dynamic) destination. For example, '/project/[slug]': '/' previously produced a confusing error pointing at index.astro. Astro now detects the parameter mismatch at config validation time and throws a clear InvalidRedirectDestination error naming the missing parameters.

• #​16702 b7d1758 Thanks @​matthewp! - Fixes scoped styles from .astro components being dropped when rendered inside MDX content (<Content /> from render(entry)) passed through a named slot using <Fragment slot="X">. The Fragment component now eagerly evaluates its slot contents to ensure propagating components register their styles before head content is flushed.

• #​16823 3df6a45 Thanks @​astrobot-houston! - Fixes missing CSS for conditionally rendered Svelte components in production builds

• #​16836 3d7adfa Thanks @​LongYC! - Document compressHTML: "jsx" config is only available since Astro v6.2.0

• #​16864 334ce13 Thanks @​cheets! - Fixes a false-positive Internal Warning: route cache overwritten logged on every SSR request for dynamic routes

v6.3.7

Compare Source

Patch Changes

• #​16821 9c76b12 Thanks @​astrobot-houston! - Fixes request body handling in the Node adapter when req.body is a Buffer, Uint8Array, or ArrayBuffer. Previously, binary body data was incorrectly JSON-stringified (producing {"type":"Buffer","data":[...]}) instead of being passed through directly. This affected libraries like serverless-http that set req.body to a Buffer.

• #​16785 de96360 Thanks @​astrobot-houston! - Fixes vite.build.minify, vite.build.sourcemap, and vite.build.rollupOptions.output (e.g. compact) being ignored for client-side builds. These top-level Vite build options are now properly forwarded to the client environment, with environment-specific overrides (vite.environments.client.build.*) taking priority when set.

• #​16819 b5dd8f1 Thanks @​astrobot-houston! - Fixes custom elements in MDX files bypassing the renderer pipeline. Custom elements (tags containing hyphens like <my-element>) in .mdx files are now routed through registered renderers for SSR, matching the behavior of .astro files. If no renderer claims the element, it falls back to rendering as raw HTML.

• #​16808 765896c Thanks @​ematipico! - Fixes dynamic routes returning 400 Bad Request when the URL contains a literal % character, such as paths built with encodeURIComponent('%?.pdf')

• #​16804 90d2aca Thanks @​jp-knj! - Fixes a v6 regression where astro:i18n could not be imported from client <script> blocks.

v6.3.6

Compare Source

Patch Changes

• #​16774 8f77583 Thanks @​astrobot-houston! - Fixes markdown images with empty alt text (![](image.jpg)) in content collections dropping the alt attribute entirely. The alt="" attribute is now correctly preserved in the rendered HTML output, which is important for accessibility (indicating decorative images).

• #​16776 3d10b5e Thanks @​matthewp! - Fixes HMR serving stale content when components are passed as props via getStaticPaths()

• #​16784 7453860 Thanks @​ematipico! - Improved the printing of the build time if it goes over the 60 seconds.

• #​16665 3dbbcee Thanks @​Princesseuh! - Fixes remote SVG sources erroring with dangerouslyProcessSVG after the v6.3 SVG-processing gate. The default Sharp service now resolves the output format from the source up-front when it can (URL extension, data: MIME, ESM metadata), and from the actual buffer at request time when it can't, so SVG sources pass through untouched without needing to set image.dangerouslyProcessSVG: true or an explicit format="svg".

  The error message has also been updated to point at format="svg" as the simpler workaround when an SVG source is encountered without dangerouslyProcessSVG enabled.

• #​16777 1754b91 Thanks @​matthewp! - Fixes HMR serving stale content for dynamically imported components through barrel files

• #​16730 068d924 Thanks @​harshagarwalnyu! - Fixes an issue where the file() content loader did not generate a valid JSON Schema for collections whose JSON or YAML data is a top-level array instead of an object.

v6.3.5

Compare Source

Patch Changes

• #​16771 07c8805 Thanks @​ematipico! - Fixes position prop on <Image> and <Picture> components breaking Content Security Policy (CSP).

• #​16593 50924ce Thanks @​yanthomasdev! - Improves error messages with more consistent and correct writing.

• #​16757 5d661cd Thanks @​astrobot-houston! - Fixes dev server serving stale content when SSR-only modules change (e.g. .astro files outside the project root in a monorepo, or dynamically imported components).

  Previously, the astro:hmr-reload plugin returned an empty array after detecting SSR-only module changes, which prevented Vite's updateModules from propagating the invalidation to the SSR module runner. The runner's evaluated module cache stayed stale, so subsequent requests continued returning old content.

  Now the plugin returns the SSR-only modules so Vite can process them through updateModules, which properly invalidates the module runner's cache and ensures fresh content on the next request.

v6.3.4

Compare Source

Patch Changes

• #​16723 0f10bfe Thanks @​matthewp! - Adds fetchFile option to experimental.advancedRouting to customize or disable the entrypoint file

  export default defineConfig({
    experimental: {
      advancedRouting: {
        fetchFile: 'fetch.ts',
      },
    },
  });

• #​16723 0f10bfe Thanks @​matthewp! - Fixes Hono cache() middleware to follow the standard wrapper pattern

• #​16723 0f10bfe Thanks @​matthewp! - Adds App.Providers interface for typing custom context providers on Astro and ctx

  declare namespace App {
    interface Providers {
      oauth: import('./lib/oauth').OAuthSession;
    }
  }

• #​16723 0f10bfe Thanks @​matthewp! - Adds FetchState.response property, set automatically after pages() or middleware() completes

  const response = await middleware(state, (s) => pages(s));
  console.log(state.response === response); // true

• #​16723 0f10bfe Thanks @​matthewp! - Adds Fetchable type export for typing the advanced routing entrypoint

  import type { Fetchable } from 'astro';
  
  export default {
    async fetch(request) {
      return new Response('ok');
    },
  } satisfies Fetchable;

• #​16572 4a5a077 Thanks @​DORI2001! - Suppresses [WARN] Vite warning: unused imports from "@​astrojs/internal-helpers/remote" during prerender builds. The package is now bundled alongside astro in the prerender environment, matching how it is handled in the SSR environment.

• #​16756 b6ee23d Thanks @​astrobot-houston! - Fixes styles from Markdoc/MDX custom components not being extracted to <head> in the dev server when using the Cloudflare adapter with prerenderEnvironment: 'node' and rendering content through a wrapper component.

• #​16747 904d19a Thanks @​astrobot-houston! - Fixes Astro action requests failing in astro dev when using the Cloudflare adapter with prerenderEnvironment: 'node' alongside a prerendered catch-all route such as [...page].astro.

  Actions and other SSR POST endpoints now continue to work in dev instead of returning an HTTP 500 error.

• #​16701 3495ce4 Thanks @​demaisj! - Fix Map and Set instances saved in a content collection being broken when retrieving entries.

• #​16614 fca1c32 Thanks @​Eptagone! - Fixes entry.data type inference when a live collection is configured without a schema.

• #​16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

• #​16681 c22770a Thanks @​dotnetCarpenter! - Fixes an issue where SVG images with width="0" or height="0" incorrectly threw a NoImageMetadata error instead of being treated as valid dimensions.

v6.3.3

Compare Source

Patch Changes

• #​16737 bd84f33 Thanks @​matthewp! - Fixes a reflected XSS vulnerability where slot names on hydrated components were not HTML-escaped in SSR output

v6.3.2

Compare Source

Patch Changes

• #​16675 11d4592 Thanks @​ascorbic! - Fixes a regression where Astro.cache was undefined when experimental.cache was not configured.

  The previous documented behavior is for Astro.cache to always be defined as a no-op shim: cache.set() warns once, cache.invalidate() throws and cache.enabled can be used to gate. This allows library and user code can call cache methods without conditional checks. The cache provider registration was being gated at the call site on experimental.cache being configured, which meant the disabled shim branch inside the provider was unreachable and the Astro.cache getter was never attached to the context.

• #​16691 0f0a4ce Thanks @​matthewp! - Fixes HTMLElement is not defined error during HMR when using components with client-side scripts (e.g. Starlight <Tabs>) and the Cloudflare adapter

• #​16562 07529ec Thanks @​matthewp! - Fixes non-prerendered routes failing when a dynamic prerendered route exists in the same project with prerenderEnvironment: 'node'

• #​16638 272185b Thanks @​ematipico! - Fixes a bug where the Astro compiler wasn't freed at the end of the build. After the fix, the memory used by the compiler is now correctly freed at the end of the build.

• #​16544 d365c97 Thanks @​matthewp! - Tightens isRemotePath() to reject control characters after a leading slash and fixes the dev image endpoint origin check

• #​16685 889e748 Thanks @​farrosfr! - Improve validation messages for security.csp.directives when script-src or style-src are incorrectly placed in the directives array.

• #​16605 772f13a Thanks

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
patchwork	Ready	Preview, Comment	May 28, 2026 11:06am