Skip to content

chore(landing)(deps): Bump the astro group across 1 directory with 3 updates#181

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/landing/astro-29251957f4
Open

chore(landing)(deps): Bump the astro group across 1 directory with 3 updates#181
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/landing/astro-29251957f4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the astro group with 3 updates in the /landing directory: @astrojs/rss, @astrojs/sitemap and astro.

Updates @astrojs/rss from 4.0.18 to 4.0.19

Release notes

Sourced from @​astrojs/rss's releases.

@​astrojs/rss@​4.0.19

Patch Changes

  • #17209 fbcfa03 Thanks @​matthewp! - Hardens RSS feed generation by escaping the source and enclosure item fields. These fields are now serialized as structured XML values, ensuring that special characters in values like source.title and enclosure.type are always treated as text rather than markup, consistent with how other feed fields are handled.
Changelog

Sourced from @​astrojs/rss's changelog.

4.0.19

Patch Changes

  • #17209 fbcfa03 Thanks @​matthewp! - Hardens RSS feed generation by escaping the source and enclosure item fields. These fields are now serialized as structured XML values, ensuring that special characters in values like source.title and enclosure.type are always treated as text rather than markup, consistent with how other feed fields are handled.
Commits

Updates @astrojs/sitemap from 3.7.2 to 3.7.3

Changelog

Sourced from @​astrojs/sitemap's changelog.

3.7.3

Patch Changes

  • #16837 783c4a6 Thanks @​jdevalk! - Improves <lastmod> accuracy in the sitemap index. Each <sitemap> entry in sitemap-index.xml is now stamped with the most recent lastmod of the URLs in the child sitemap it points to, instead of repeating a single global date on every entry. When a child sitemap has no per-URL lastmod, the entry falls back to the lastmod option as before. This gives search engines a per-file freshness signal, so they can tell which child sitemaps actually changed without refetching all of them.
Commits

Updates astro from 5.18.1 to 5.18.2

Changelog

Sourced from astro's changelog.

5.18.2

Patch Changes

  • #16813 8f7d8c4 Thanks @​matthewp! - Populates styles in the SSR manifest for prerendered routes. Previously, prerendered routes had styles: [] in the manifest, making it impossible for workers or middleware to discover which CSS files a prerendered page uses.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…updates

Bumps the astro group with 3 updates in the /landing directory: [@astrojs/rss](https://github.com/withastro/astro/tree/HEAD/packages/astro-rss), [@astrojs/sitemap](https://github.com/withastro/astro/tree/HEAD/packages/integrations/sitemap) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).


Updates `@astrojs/rss` from 4.0.18 to 4.0.19
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro-rss/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/rss@4.0.19/packages/astro-rss)

Updates `@astrojs/sitemap` from 3.7.2 to 3.7.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/sitemap/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/sitemap@3.7.3/packages/integrations/sitemap)

Updates `astro` from 5.18.1 to 5.18.2
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/astro@5.18.2/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@5.18.2/packages/astro)

---
updated-dependencies:
- dependency-name: "@astrojs/rss"
  dependency-version: 4.0.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: astro
- dependency-name: "@astrojs/sitemap"
  dependency-version: 3.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: astro
- dependency-name: astro
  dependency-version: 5.18.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: astro
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, landing. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@strix-security

strix-security Bot commented Jul 6, 2026

Copy link
Copy Markdown

Strix is installed on this repository, but we couldn't run this PR security review because this workspace's trial has ended. Add a card to resume code reviews here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants