Bump the npm group with 7 updates

[dependabot]

Bumps the npm group with 7 updates:

Package	From	To
@astrojs/tailwind	6.0.0	6.0.2
astro	5.2.3	5.14.4
sharp	0.33.5	0.34.4
tailwindcss	3.4.17	3.4.18
@biomejs/biome	1.9.4	2.2.6
@tailwindcss/typography	0.5.16	0.5.19
daisyui	4.12.23	5.2.3

Updates @astrojs/tailwind from 6.0.0 to 6.0.2

Changelog

Sourced from @​astrojs/tailwind's changelog.

6.0.2

Patch Changes

• #13505 a98ae5b Thanks @​ematipico! - Updates the dependency vite to the latest.

6.0.1

Patch Changes

• #13471 020c542 Thanks @​delucis! - Updates the README to indicate that the Tailwind integration is deprecated

Commits

• b33cc17 [ci] release (#13504)
• a98ae5b fix: update vite (#13505)
• 6b90200 [ci] release (#13460)
• 9a0808c fix(deps): update all non-major dependencies (#13440)
• f49155f Small change to linking style (#13472)
• 020c542 Add deprecation notice to Tailwind integration README (#13471)
• 2f039b9 Revert "Replace internal cssScopeTo implementation to vite.cssScopeTo" (#13420)
• 725bc0d fix(deps): update all non-major dependencies (#13387)
• d83f92a Replace internal cssScopeTo implementation to vite.cssScopeTo (#13347)
• 16d6d41 fix(deps): update all non-major dependencies (#13346)
• Additional commits viewable in compare view

Updates astro from 5.2.3 to 5.14.4

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #14509 7e04caf Thanks @​ArmandPhilippot! - Fixes an error in the docs that specified an incorrect version for the security.allowedDomains release.

[email protected]

Patch Changes

• #14505 28b2a1d Thanks @​matthewp! - Fixes Cannot set property manifest error in test utilities by adding a protected setter for the manifest property

• #14235 c4d84bb Thanks @​toxeeec! - Fixes a bug where the "tap" prefetch strategy worked only on the first clicked link with view transitions enabled

[email protected]

Patch Changes

• #14440 a3e16ab Thanks @​florian-lefebvre! - Fixes a case where the URLs generated by the experimental Fonts API would be incorrect in dev

[email protected]

Minor Changes

• #13520 a31edb8 Thanks @​openscript! - Adds a new property routePattern available to GetStaticPathsOptions

  This provides the original, dynamic segment definition in a routing file path (e.g. /[...locale]/[files]/[slug]) from the Astro render context that would not otherwise be available within the scope of getStaticPaths(). This can be useful to calculate the params and props for each page route.

  For example, you can now localize your route segments and return an array of static paths by passing routePattern to a custom getLocalizedData() helper function. The params object will be set with explicit values for each route segment (e.g. locale, files, and slug). Then, these values will be used to generate the routes and can be used in your page template via Astro.params.

  // src/pages/[...locale]/[files]/[slug].astro
  import { getLocalizedData } from "../../../utils/i18n"; export async function getStaticPaths({ routePattern
  }) { const response = await fetch('...'); const data = await response.json(); console.log(routePattern);
  // [...locale]/[files]/[slug] // Call your custom helper with routePattern to generate the static
  paths return data.flatMap((file) => getLocalizedData(file, routePattern)); } const { locale, files,
  slug } = Astro.params;

  For more information about this advanced routing pattern, see Astro's routing reference.

• #13651 dcfbd8c Thanks @​ADTC! - Adds a new SvgComponent type

  You can now more easily enforce type safety for your .svg assets by directly importing SVGComponent from astro/types:

  ---
  // src/components/Logo.astro
  import type { SvgComponent } from 'astro/types';
  import HomeIcon from './Home.svg';
  interface Link {
    url: string;
    text: string;

... (truncated)

Changelog

Sourced from astro's changelog.

5.14.4

Patch Changes

• #14509 7e04caf Thanks @​ArmandPhilippot! - Fixes an error in the docs that specified an incorrect version for the security.allowedDomains release.

5.14.3

Patch Changes

• #14505 28b2a1d Thanks @​matthewp! - Fixes Cannot set property manifest error in test utilities by adding a protected setter for the manifest property

• #14235 c4d84bb Thanks @​toxeeec! - Fixes a bug where the "tap" prefetch strategy worked only on the first clicked link with view transitions enabled

5.14.2

Patch Changes

• #14459 916f9c2 Thanks @​florian-lefebvre! - Improves font files URLs in development when using the experimental fonts API by showing the subset if present

• b8ca69b Thanks @​ascorbic! - Aligns dev image server file base with Vite rules

• #14469 1c090b0 Thanks @​delucis! - Updates tinyexec dependency

• #14460 008dc75 Thanks @​florian-lefebvre! - Fixes a case where astro:config/server values typed as URLs would be serialized as strings

• #13730 7260367 Thanks @​razonyang! - Fixes a bug in i18n, where Astro caused an infinite loop when a locale that doesn't have an index, and Astro falls back to the index of the default locale.

• 6ee63bf Thanks @​matthewp! - Adds security.allowedDomains configuration to validate X-Forwarded-Host headers in SSR

  The X-Forwarded-Host header will now only be trusted if it matches one of the configured allowed host patterns. This prevents host header injection attacks that can lead to cache poisoning and other security vulnerabilities.

  Configure allowed host patterns to enable X-Forwarded-Host support:

  // astro.config.mjs
  export default defineConfig({
    output: 'server',
    adapter: node(),
    security: {
      allowedDomains: [
        { hostname: 'example.com' },
        { hostname: '*.example.com' },
        { hostname: 'cdn.example.com', port: '443' },
      ],
    },
  });

  The patterns support wildcards (* and **) for flexible hostname matching and can optionally specify protocol and port.

... (truncated)

Commits

• 3412859 [ci] release (#14510)
• 7e04caf docs: fix security.allowedDomains version (#14509)
• fe1d35c [ci] release (#14507)
• 7926882 [ci] format
• c4d84bb fix(prefetch): Fix "tap" prefetch strategy when view transitions are enabled ...
• 3bb14b7 [ci] release (#14466)
• 7a5aaff [ci] format
• 28b2a1d Fix failing x-forwarded-host tests (#14505)
• ec307b0 [ci] format
• 6ee63bf Merge commit from fork
• Additional commits viewable in compare view

Updates sharp from 0.33.5 to 0.34.4

Release notes

Sourced from sharp's releases.

v0.34.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation. #4425

• Ensure autoOrient removes existing metadata after shrink-on-load. #4431

• TypeScript: Ensure KernelEnum includes linear. #4441 @​BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images. #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3). #4451

• Add sharp-libvips rpath for yarn v5 support. #4452 @​arcanis

v0.34.4-rc.4

• Upgrade to libvips v8.17.2 for upstream bug fixes.

• Ensure TIFF subifd and OpenSlide level input options are respected (regression in 0.34.3).

• Ensure autoOrient occurs before non-90 angle rotation. #4425

• Ensure autoOrient removes existing metadata after shrink-on-load. #4431

• TypeScript: Ensure KernelEnum includes linear. #4441 @​BayanBennett

• Ensure unlimited flag is passed upstream when reading TIFF images. #4446

• Support Electron memory cage when reading XMP metadata (regression in 0.34.3). #4451

• Add sharp-libvips rpath for yarn v5 support. #4452 @​arcanis

... (truncated)

Commits

• ee43783 Release v0.34.4
• 5299011 CI/Docs: Deno v2 support
• 4710092 Prerelease v0.34.4-rc.4
• ed1ac43 CI: Upgrade packaging test dependencies
• dfcbcee Upgrade sharp-libvips to v1.2.3
• 35d3f56 Ensure TIFF subifd and OpenSlide level are respected
• 9f4bace Prerelease v0.34.4-rc.3
• b507831 CI: Remove dry-run flag
• 905f698 Prerelease v0.34.4-rc.2
• b0154ed Upgrade sharp-libvips to v1.2.2
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for sharp since your current version.

Updates tailwindcss from 3.4.17 to 3.4.18

Release notes

Sourced from tailwindcss's releases.

v3.4.18

Fixed

• Improve support for raw supports-[…] queries in arbitrary values (#13605)
• Fix require.cache error when loaded through a TypeScript file in Node 22.18+ (#18665)
• Support import.meta.resolve(…) in configs for new enough Node.js versions (#18938)
• Allow using newer versions of postcss-load-config for better ESM and TypeScript PostCSS config support with the CLI (#18938)
• Remove irrelevant utility rules when matching important classes (#19030)

Changelog

Sourced from tailwindcss's changelog.

[3.4.18] - 2024-10-01

Fixed

• Improve support for raw supports-[…] queries in arbitrary values (#13605)
• Fix require.cache error when loaded through a TypeScript file in Node 22.18+ (#18665)
• Support import.meta.resolve(…) in configs for new enough Node.js versions (#18938)
• Allow using newer versions of postcss-load-config for better ESM and TypeScript PostCSS config support with the CLI (#18938)
• Remove irrelevant utility rules when matching important classes (#19030)

Commits

• See full diff in compare view

Updates @biomejs/biome from 1.9.4 to 2.2.6

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.2.6

2.2.6

Patch Changes

• #7071 a8e7301 Thanks @​ptkagori! - Added the useQwikMethodUsage lint rule for the Qwik domain.

  This rule validates Qwik hook usage. Identifiers matching useXxx must be called only within serialisable reactive contexts (for example, inside component$, route loaders/actions, or within other Qwik hooks), preventing common Qwik antipatterns.

  Invalid:

  // Top-level hook call is invalid.
  const state = useStore({ count: 0 });
  function helper() {
  // Calling a hook in a non-reactive function is invalid.
  const loc = useLocation();
  }

  Valid:

  component$(() => {
    const state = useStore({ count: 0 }); // OK inside component$.
    return <div>{state.count}</div>;
  });
  const handler = $(() => {
  const loc = useLocation(); // OK inside a $-wrapped closure.
  console.log(loc.params);
  });

• #7685 52071f5 Thanks @​denbezrukov! - Fixed #6981: The NoUnknownPseudoClass rule no longer reports local pseudo-classes when CSS Modules are used.

• #7640 899f7b2 Thanks @​arendjr! - Fixed #7638: useImportExtensions no longer emits diagnostics on valid import paths that end with a query or hash.

  Example

  // This no longer warns if `index.css` exists:
  import style from "../theme/index.css?inline";

• #7071 a8e7301 Thanks @​ptkagori! - Added the useQwikValidLexicalScope rule to the Qwik domain.

  This rule helps you avoid common bugs in Qwik components by checking that your variables and functions are declared in the correct place.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.2.6

Patch Changes

• #7071 a8e7301 Thanks @​ptkagori! - Added the useQwikMethodUsage lint rule for the Qwik domain.

  This rule validates Qwik hook usage. Identifiers matching useXxx must be called only within serialisable reactive contexts (for example, inside component$, route loaders/actions, or within other Qwik hooks), preventing common Qwik antipatterns.

  Invalid:

  // Top-level hook call is invalid.
  const state = useStore({ count: 0 });
  function helper() {
  // Calling a hook in a non-reactive function is invalid.
  const loc = useLocation();
  }

  Valid:

  component$(() => {
    const state = useStore({ count: 0 }); // OK inside component$.
    return <div>{state.count}</div>;
  });
  const handler = $(() => {
  const loc = useLocation(); // OK inside a $-wrapped closure.
  console.log(loc.params);
  });

• #7685 52071f5 Thanks @​denbezrukov! - Fixed #6981: The NoUnknownPseudoClass rule no longer reports local pseudo-classes when CSS Modules are used.

• #7640 899f7b2 Thanks @​arendjr! - Fixed #7638: useImportExtensions no longer emits diagnostics on valid import paths that end with a query or hash.

  Example

  // This no longer warns if `index.css` exists:
  import style from "../theme/index.css?inline";

• #7071 a8e7301 Thanks @​ptkagori! - Added the useQwikValidLexicalScope rule to the Qwik domain.

  This rule helps you avoid common bugs in Qwik components by checking that your variables and functions are declared in the correct place.

  Invalid:

... (truncated)

Commits

• e5b8058 ci: release (#7637)
• 5beb1ee feat(biome_graphql_analyze): implement useDeprecatedDate (#7620)
• a8e7301 feat(qwik): add useQwikMethodUsage & useQwikValidLexicalScope (#7071)
• d025e53 docs: add Polish translation of Biome README (#7630)
• 521d149 ci: release (#7478)
• cadad2c feat(lint): implement noVueDuplicateKeys rule (#7542)
• 9637f93 feat: add useConsistentArrowReturn options (#7457)
• 1b61631 feat(lint): add noReactForwardRef rule (#7509)
• 74d3c56 chore: add convex to bronze sponsors (#7566)
• 3f06e19 feat(linter): implement noDeprecatedImports (#7520)
• Additional commits viewable in compare view

Updates @tailwindcss/typography from 0.5.16 to 0.5.19

Release notes

Sourced from @​tailwindcss/typography's releases.

v0.5.19

Fixed

• Fixed broken color styles (#405)

v0.5.18

Fixed

• Fixed undefined variable error (#403)

v0.5.17

Added

• Add modifiers for description list elements (#357)
• Add prose-picture modifier (#367)

Fixed

• Include unit in hr border-width value (#379)
• Ensure <kbd> styles work with Tailwind CSS v4 (#387)

Changed

• Remove lodash dependencies (#402)

Changelog

Sourced from @​tailwindcss/typography's changelog.

[0.5.19] - 2025-09-24

Fixed

• Fixed broken color styles (#405)

[0.5.18] - 2025-09-19

Fixed

• Fixed undefined variable error (#403)

[0.5.17] - 2025-09-19

Added

• Add modifiers for description list elements (#357)
• Add prose-picture modifier (#367)

Fixed

• Include unit in hr border-width value (#379)
• Ensure <kbd> styles work with Tailwind CSS v4 (#387)

Changed

• Remove lodash dependencies (#402)

Commits

• e002ab8 0.5.19
• bbb1c21 Fix bad RGB syntax (#405)
• b316f95 0.5.18
• ed95206 Fix variable declaration in opacity function (#403)
• 7efcb4a 0.5.17
• e0ec248 chore(ci): update actions for release insiders
• 511afcb Add modifiers for description list elements (#357)
• 042a531 Add prose-picture modifiers (#367)
• f822222 Fix kbd shadow colors not being calculated on oklch colors (#387)
• ecb7e87 Add Tailwind v4 custom color theme example to README (#396)
• Additional commits viewable in compare view

Updates daisyui from 4.12.23 to 5.2.3

Release notes

Sourced from daisyui's releases.

v5.2.3

🌼 Read changelog: https://daisyui.com/docs/changelog/

📦 Install this update:

npm i -D [email protected]

💚 Thank you for using daisyUI!

v5.2.2

🌼 Read changelog: https://daisyui.com/docs/changelog/

📦 Install this update:

npm i -D [email protected]

💚 Thank you for using daisyUI!

v5.2.1

🌼 Read changelog: https://daisyui.com/docs/changelog/

📦 Install this update:

npm i -D [email protected]

💚 Thank you for using daisyUI!

v5.2.0

🌼 Read changelog: https://daisyui.com/docs/changelog/

📦 Install this update:

npm i -D [email protected]

💚 Thank you for using daisyUI!

v5.1.32

🌼 Read changelog: https://daisyui.com/docs/changelog/

📦 Install this update:

npm i -D [email protected]

💚 Thank you for using daisyUI!

... (truncated)

Changelog

Sourced from daisyui's changelog.

5.2.3 (2025-10-11)

Bug Fixes

• fix: style for nested validator with aria-invalid attribute. closes: #4176

5.2.2 (2025-10-11)

Bug Fixes

• countdown RTL bug and allow defining number of digits (426de84)

5.2.1 (2025-10-11)

Bug Fixes

• countdown alignment problems (#4166) (83198ca), closes #3872

5.2.0 (2025-10-10)

Features

• new variants for drawer: is-drawer-open and is-drawer-close to style elements based on drawer state. Allowing us to create icon-only drawer sidebar.
• countdown now supports 0 to 999 with dynamic width (6b63563)
• countdown: animate independently the 2 digits of the number (d3a32e2), closes #4143
• detect if page has vertical scrollbar visible and set scrollbar-gutter (abf02cc)
• icon-only drawer sidebar, new variants is-drawer-open and is-drawer-close (32e919e)

Bug Fixes

• dropdown: do not open dropdown on click (but open it on kbd focus) (39e4cb5), closes #3880
• enable tailwind conditional classes on menu-active (4a8d227)
• Tailwind CSS collapse utility class conflict (c39d839)
• fix scrollbar gutter layout shift on Windows when modal or drawer has a different scrollbar visibility than the body

5.1.32 (2025-10-10)

5.1.31 (2025-10-10)

Bug Fixes

• modal: make sure elements inside modal are hidden when not open (#4161) (5ddae21), closes #3440 #3835 #2223

5.1.30 (2025-10-09)

... (truncated)

Commits

• ee5a14b chore(release): 5.2.3
• 6ec6570 fix style for nested validator with aria-invalid attribute. closes: #4176
• 9c6f369 chore(release): 5.2.2
• 426de84 fix: countdown RTL bug and allow defining number of digits
• d209bbd chore(release): 5.2.1
• 83198ca fix: countdown alignment problems (#4166)
• 7021bac chore(release): 5.2.0
• 2758665 chore(release): 5.1.32
• 32e919e feat: icon-only drawer sidebar, new variants is-drawer-open and `is-drawer-...
• 6b63563 feat: countdown now supports 0 to 999 with dynamic width
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
tailwindcss	[>= 4.a, < 5]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions